Iexplore does not terminate, hijackthis attached

By tintin232
Feb 4, 2007
Topic Status:
Not open for further replies.
  1. Friends,

    I m having problems with my iexplore. I m using windows 2000 professional. There are 2 threads of iexplore that does not terminate even when 'end task' is done in the task manager. I ran the spybot. I then deleted swissor and other sypwares. I then ran hijackthis. Attached is the log file.

    can someone please help me? This iexplore is consuming my CPU time a lot!!

    Thanks a lot!!
    Nithin
  2. tomrca

    tomrca Newcomer, in training Posts: 1,051

    hello and welcome tintin.

    there are some issues that need fixing in your hjt log, but first go HERE
    then go to hjt and change it's name, to hjt analyser1991. the reason for this is there are bugs that can hide from it, under its original name. then post a fresh hjt please. go HERE TOO you will need to download this tool for rootkit
  3. tintin232

    tintin232 Newcomer, in training Topic Starter

    New Hijackthis file

    Hi,

    I changed the name to analyze.exe and stored it in C: program files. Ran ss & D again. ran Adware personal, ran the applications mentioned in the previous thread in the safe mode. Now i m attaching the log file again.

    Thanks a lot!

    Nithin
  4. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Hello and welcome to Techspot.

    I have moved your thread to the proper forum.

    Your system has some nasty infections.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of tintin232 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. tintin232

    tintin232 Newcomer, in training Topic Starter

    Hi!!

    Sorry, i did not run the avg antispyware. I ran that and i could terminate the iexplore that was running in the background. I restarted the computer and i m not getting it anymore. Between, i ran hijackthis once again and this is the output. Pls do let me know if there are anything suspecious.

    Thanks and best regards,
    Nithin
  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    I need to see an AVG Antispyware log. Please attach one to your next reply.

    I can find no useful info on this file: PTRSRVC.EXE. Therefore, unless you know for a fact that it`s absolutely safe, please do the following.

    Please visit this link http://virusscan.jotti.org/
    * Click the Browse... button
    * Navigate to the following file C:\WINNT\System32\PTRSRVC.EXE
    * Click Open
    * Please let me know the results in your next reply.

    In the meantime, do the following.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    windshi.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.254.253.227:8080Fix this if you didn`t set this proxy yourself or don`t know what it is.

    O4 - HKLM\..\Run: [Windows Explorer] C:\WINNT\System32\explorer.exe

    O4 - HKLM\..\Run: [Services] C:\WINNT\System32\windshi.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{5F2BB97F-FD67-4A68-9F41-5CF1D8584B5E}: NameServer = 57.20.120.33,57.20.120.60

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = cns.lcag.fra.dlh.de,sap.fra.dlh.de,fra.dlh.de

    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = cns.lcag.fra.dlh.de,sap.fra.dlh.de,fra.dlh.de

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = cns.lcag.fra.dlh.de,sap.fra.dlh.de,fra.dlh.de

    Only fix the above 017 entries if they don`t belong to your ISP, or you don`t recognise the domain.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINNT\System32\windshi.exe
    C:\WINNT\System32\explorer.exe

    Reboot into normal mode and rehide your protected OS files.

    Post fresh HJT and AVG Antispyware logs and let me know the result of the Jotti scan.

    Regards Howard :)

    This thread is for the use of tintin232 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.