Got a problem Last night i kept getting message up debug on pages quite often,Today i left comp on while i went to post office,when i came back a message on desktop says run avg as there a trogen on my system,So I ran AVg found nothing all clean,
So went on line to do online scan clicked on accept active x then
INTERNET EXPLORER ,pops up sorry we have to close there is a problem
APPName iexplore.exeAppVer.6.0.2800.1106 MOdname:Shdocvw.dll Modver:6.02800.1400 offset 00002d19

Now i cant go on line and scan with some virus companys and it keeps closing my I EXPLORER down?
Confused as my browser been hi-jacked H please help or anyone else We've been trying 2 hours to sort and getting not very far,did run hi-jack this and delete a couple of files that was hiding under different names,with the help of ice whos been a real pal all afternoon trying to help but i think this is beyond both of us.

Hi Millie,

Run HijackThis and copy and paste the log file it creates on here. I'll go through it and tell you what can be deleted.

Certain virii will disable anti-virus programs, therefore you could try uninstalling any anti-virus programs and then reinstalling it. Then update the definition files, and then scan your drive.

HijackThis will only find BHO's (Browser Helper Object) not virii, normally.

L8rs.

__________________
Hybrid

linkShareLive <-- Free and Paid Directory Listing (get your website listed now)
'Forever busy.... is there more to life?'
Microsoft TechNet Member
My Space Profile: http://www.myspace.com/syrusxl

Logfile of HijackThis v1.97.6
Scan saved at 18:36:08, on 21/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Whalley\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: C:\WINDOWS\lbbho.dll - {6B3153A5-47C3-4571-980A-1F302EF89156} - C:\WINDOWS\lbbho.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {AC764799-21E0-43FE-9404-6DA55E309696} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: &amp;Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: E&amp;xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: First Class Solitaire by pogo - http://solitaire.pogo.com/applet-5.9...-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8....-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8....-ob-assets.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.2...-ob-assets.cab
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.8...-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.9....-ob-assets.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...727.5529976852
O16 - DPF: {9F637568-E5F7-4CB2-BD01-818CF6C561F9} (PhotosCtrlUK Class) - http://uk.photos.groups.yahoo.com/oc...lorer1_9uk.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...trol_v1-32.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...87/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab




See all the running process they dont show up like that on mine were i get rid by putting a tic i to FIX ,ice could see 2 today but they had changed names to something else talk to ice she will explain

Hybrid I scaned with AVG it found nothing,so then i turned ststem restore of and booted in safe mode and ran the vcleaner.exe it finished but I dont know if it cleaned anything? so I booted up in normal mode then turned my system restore back on.
Thenun-installed my ant-virus AVG and re-installed updated my files then scanned again it 's found nothing says all clean,
But earlier I had this come up
VIRUS TROGEN HORSE DOWNLOADER KEENAL.C
FOUND in C:\STSTEM VOLUME INFORMATION\-RESTORE{1253E782-D7A7-45AC-AAE2-DD605BB90019}\RP34\A0008102.EXE
To remove run avg Done it and nothing found

also getting a run time error as occured do i wish to debug line 44 syntax error( this was why i was trying to do on-line scan at symantec
Virus Status: Safe!
Your computer is free of known viruses and Trojan horses

39594 files scanned, 0 file(s) infected on your disk drives.


No viruses were detected in memory.

Well there's not much more i can do I've reached my limits lol so if trogan in system restore dont know what else to do.

When you turn off System Restore, you wipe its entire contents, this would include virii, etc. You cannot delete or quarantine a virus that is in System Volume Information/ Restore - this is a protected directory by Windows.

Therefore, it may get detected in System Volume Information - but cannot be deleted in anyway. This is why you should always turn System Restore off before doing a second scan if you find a virus on your system. A virus which is detected in System Restore is dormant, unless at anytime you actually restore your system to a previous date, then you would release the virus back into your system.

Hope that explains why you can nolonger find it!

__________________
Hybrid

linkShareLive <-- Free and Paid Directory Listing (get your website listed now)
'Forever busy.... is there more to life?'
Microsoft TechNet Member
My Space Profile: http://www.myspace.com/syrusxl

Thanks hybrid,i tried to delete an hijack this file ,I tried to delete tintsvr.exe which is in windows system 32 files but it's not having any,also on BHODEMON it found 2 files and they wanted for me to give permission to send info back to them as they said was new to them,I did this and was told a new version was available,well i tried to download it ,problems would not install ,so I'm trying to find and delete all the old files to bho then re-install if it will let me,Ill let you know how I get on.Also some pages I visit I keep getting debug error I've now disabled de bugging and just hope it stops this annoying error script popping up

tlntsvr.exe is part of Windows operating systems. It's an old form of internet communication, but still used by some people.

It's actual meaning is a Telnet Server, however since most users do not use it - you can turn it off. Details on how to do this can be found on this site.

Have a look here:

http://www.digitalport.co.uk/port/displayarticle19.html

Debugging errors are normally caused by badly written scripts, on webpages - not necessarily anything to do with your browser.

Hope this helps...

__________________
Hybrid

linkShareLive <-- Free and Paid Directory Listing (get your website listed now)
'Forever busy.... is there more to life?'
Microsoft TechNet Member
My Space Profile: http://www.myspace.com/syrusxl