Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 6 of 6 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
I am running out of memory and when I do a Ctrl+Alt+Del, I notice that there are 10+ incidents of iexplore.exe still running, although Internet Explorer is closed. I had recently been hijacked by several spywares/adwares and deleted most incidents based on your message board here. Why are these iexplore.exe's still running?

Here is my hijack this log:

Logfile of HijackThis v1.97.7
Scan saved at 9:28:05 PM, on 3/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\BestBuy\HelpExpress\HXDL.EXE
C:\Program Files\BestBuy\HelpExpress\Client\HELPEXP.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Gator.com\Gator\Gator.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony Handheld\USBSwt.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.bestbuy.msn.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [HXDL.EXE] C:\Program Files\BestBuy\HelpExpress\HXDL.EXE -from="CLIENT.CAB" -to="Download\CLIENT.CAB"
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\BestBuy\HelpExpress\Client\HELPEXP.EXE
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Gator eWallet.lnk = C:\Program Files\Gator.com\Gator\Gator.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: HPAiODevice(hp officejet v series) - 12.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O4 - Global Startup: Sony PDA USB Switcher.lnk = C:\Program Files\Sony Handheld\USBSwt.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37864.2258449074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Thanks!
 

·
Registered
Joined
·
46,353 Posts
Hi ljprn

Welcome to TSG! :)

Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"

O4 - HKCU\..\Run: [HXDL.EXE] C:\Program Files\BestBuy\HelpExpress\HXDL.EXE -from="CLIENT.CAB" -to="Download\CLIENT.CAB"

O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\BestBuy\HelpExpress\Client\HELPEXP.EXE

O4 - Global Startup: Gator eWallet.lnk = C:\Program Files\Gator.com\Gator\Gator.exe

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe


Restart to safe mode and delete:

The C:\Program Files\Gator.com folder
The C:\Program Files\Common Files\GMT folder
The C:\Program Files\Common Files\CMEII folder

How to start your computer in safe mode.

Go here and download Adaware 6 Build 181

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now and download the latest referencefiles.

Make sure the following settings are made and on -------ON=GREEN

From main window :Click Start then Activate in-depth scan (recommended)

Click Use custom scanning options then click Customize and have these options selected: Under Drives and Folders put a check by Scan within archives and below that under Memory and Registry put a check by all the options there.

Now click on the Tweak button in that same window. Under Scanning engine select Unload recognized processes during scanning and under Cleaning Engine select Let windows remove files in use at next reboot

Click proceed to save your settings.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.

Then go here and download Spybot Search & Destroy.

Install the program and launch it.

Before scanning press Online and Search for Updates .

Put a check mark at and install all updates.

Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED.

Restart your computer.
 

·
Registered
Joined
·
3 Posts
Discussion Starter · #3 ·
Hello flrman1,

Thanks so much for your prompt reply and your warm welcome!

The only problem is, I use GATOR for everything! I've been a GATOR user for 5 years. I don't even know my userid's and password's anymore. If I disable it, are there any programs to which I can export my GATOR user data?

Thanks, again!

Lisa
 

·
Registered
Joined
·
46,353 Posts
Thanks for reminding me of that ljprn! :up:

Here's a quote from the link I posted in my last reply:
If you actually use(d) Gator for its purpose of remembering passwords, there are safe alternatives. The major browsers (IE, Netscape, Mozilla) and some non-major ones now include an autocomplete and password-remember feature. Gator users can also easily switch to RoboForm, a free program that does the same thing without spamming your system with ads and selling your privacy short. It can even import all your Gator data. Also, check out this page for retrieving passwords from the Gator software's database.
 
1 - 6 of 6 Posts
Status
Not open for further replies.
Top