Iexplore does not terminate, hijackthis attached

[tintin232]

Friends,

I m having problems with my iexplore. I m using windows 2000 professional. There are 2 threads of iexplore that does not terminate even when 'end task' is done in the task manager. I ran the spybot. I then deleted swissor and other sypwares. I then ran hijackthis. Attached is the log file.

can someone please help me? This iexplore is consuming my CPU time a lot!!

Thanks a lot!!
Nithin

 

[tomrca]

hello and welcome tintin.

there are some issues that need fixing in your hjt log, but first go HERE
then go to hjt and change it's name, to hjt analyser1991. the reason for this is there are bugs that can hide from it, under its original name. then post a fresh hjt please. go HERE TOO you will need to download this tool for rootkit

 

[tintin232]

New Hijackthis file

Hi,

I changed the name to analyze.exe and stored it in C: program files. Ran ss & D again. ran Adware personal, ran the applications mentioned in the previous thread in the safe mode. Now i m attaching the log file again.

Thanks a lot!

Nithin

 

[howard_hopkinso]

Hello and welcome to Techspot.

I have moved your thread to the proper forum.

Your system has some nasty infections.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of tintin232 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[tintin232]

Hi!!

Sorry, i did not run the avg antispyware. I ran that and i could terminate the iexplore that was running in the background. I restarted the computer and i m not getting it anymore. Between, i ran hijackthis once again and this is the output. Pls do let me know if there are anything suspecious.

Thanks and best regards,
Nithin

 

[howard_hopkinso]

I need to see an AVG Antispyware log. Please attach one to your next reply.

I can find no useful info on this file: PTRSRVC.EXE. Therefore, unless you know for a fact that it`s absolutely safe, please do the following.

Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file C:\WINNT\System32\PTRSRVC.EXE
* Click Open
* Please let me know the results in your next reply.

In the meantime, do the following.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

windshi.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.254.253.227:8080Fix this if you didn`t set this proxy yourself or don`t know what it is.

O4 - HKLM\..\Run: [Windows Explorer] C:\WINNT\System32\explorer.exe

O4 - HKLM\..\Run: [Services] C:\WINNT\System32\windshi.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{5F2BB97F-FD67-4A68-9F41-5CF1D8584B5E}: NameServer = 57.20.120.33,57.20.120.60

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = cns.lcag.fra.dlh.de,sap.fra.dlh.de,fra.dlh.de

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = cns.lcag.fra.dlh.de,sap.fra.dlh.de,fra.dlh.de

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = cns.lcag.fra.dlh.de,sap.fra.dlh.de,fra.dlh.de

Only fix the above 017 entries if they don`t belong to your ISP, or you don`t recognise the domain.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINNT\System32\windshi.exe
C:\WINNT\System32\explorer.exe

Reboot into normal mode and rehide your protected OS files.

Post fresh HJT and AVG Antispyware logs and let me know the result of the Jotti scan.

Regards Howard

This thread is for the use of tintin232 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.