Jeune
Apr 27 2008, 12:38 PM
QUOTE(Saint_Michael @ Apr 27 2008, 03:48 AM)  Nothing really special just used keywords fro myour description and google this search:multiple iexplore.exe processes to find out see what kind of stuff would show up and odds are I would have find something about trojans in the first couple of links, which I did. I should warn you that there are so many ways to help fix this problem, and since I am sticking with spybot I would check this thread out. Will do too. QUOTE Also some other questions I should have asked early, what software do you have installed that way we could find out who it is that got you this little problem, most likely a download from a P2P program. Of course curious as to what antivirus software you have as well for this system, and maybe that will determine why nothing was picked up. Well I have bit torrent and limewire but I doubt those programs are at fault. For one I haven't been using bit torrent in a while and I just feel very secure with Limewire since the only thing I download are mp3s.I got this problem after my brother went into some sites looking for cracks and illegal serials. I have the latest FREE version of AVAST installed.
Reply
bluedragon
Apr 27 2008, 06:40 PM
 Limewire .. I think that could be the culprit I was also using it for mp3s only.. but then I realised its downloading more than just mp3s.. AVAST is not that good... Use either Zonealarm or Norton Security Suite..
Reply
Saint_Michael
Apr 27 2008, 11:55 PM
Yeah it is Limewire, the P2P program has never been safe since it has been out, I used it early on after replacing it with another P2P program that was just as bad. I bet if you uninstall Limewire, delete all the fires you got from limewire and then run spybot, and a good antivirus software, McAfee Security Suite, your internet explorer problem will go away. Yeah cracks and stuff like that are the major source of trojans and viruses and malware, and so you could blame your brother for screwing your computer up. However, in order to clean your computer properly you need to go into safe mode, disable system restore, and run spybot and a good antivirus software in order to clean your computer. Or you could completely reinstall your computer to clean up your program.
Reply
Jeune
Apr 28 2008, 02:37 PM
Dear Bluedragon, below is my hijackthis.log I tried using Super Ad Blocker. I forgot where I got this idea from though and I was able to remove two infections. Now I don't have the Iexplore.exe appearing multiple times! Yey! HOWEVER, my firefox is now using 100,000 k in my process window and continues to rise! CODE Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:44 PM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Daphne\Daphne.exe
C:\Documents and Settings\Jose\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Winupdates] sjjp5.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WintelUpdate] c:\jghp.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: icq5s.dll
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6697 bytes In the meantime, I'll work on Saint Michael's latest suggestions. 
Reply
Saint_Michael
Apr 28 2008, 05:32 PM
Well at least you got your IE problem fix, and as for your firefox problem, you can't do anything about the memory leaks unless you install and run firefox 3. Depending on how many extensions and tabs you have open the amount of memory will keep on increasing in firefox 2, however, if you just hae on tab open and you spend a few hours on firefox 2 the memory will increase over time. So the best solution is to close out firefox and then run it again to refresh the memory that way.
Reply
bluedragon
Apr 28 2008, 07:33 PM
QUOTE O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) that was the trojan file .. Thats somehow removed now C:\Program Files\DNA\btdna.exe >> Are u using bittorrent 6.0 ? Don't know what these are .. >> QUOTE
--------------------------------------------------------
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE ----------- Is this related to your Internet service provider ?
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE ----------- Are you using ALC soundcard ?
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE ------ Is it realtek ALC97 ?
--------------------------------------------------------
These Look more like a Trojan infections to me.. QUOTE
---------------------------------------------------------
O4 - HKLM\..\Run: [zzzHPSETUP]D:\Setup.exe
O4 - HKLM\..\Run: [Winupdates] sjjp5.exe
O4 - HKCU\..\Run: [WintelUpdate] c:\jghp.exe
---------------------------------------------------------
Please check them before you remove the entry.. they may be legit.. >> go to path specified alongside and try to find out what these are (right click and properties) if it doesn't look normal.. (I mean you should look for the versions tab under properties; if its a legit file it will have information like original name, company, version etc; if its not there then the file is not legit, i'll suggest you delete these unless you created them) to remove the entry, Boot in Safe mode, run HijackThis and click on the 'checkbox' beside the item.. now click 'fix Checked'. If possible (they get deleted automatically sometimes) while in safe mode, go to the path specified in the HijackThis log and delete the files manually. P.S. Don't forget to show all your hidden files/system files while looking for these files, they are generally hidden.
Reply
Jeune
May 1 2008, 03:32 PM
QUOTE(Saint_Michael @ Apr 29 2008, 01:32 AM) Well at least you got your IE problem fix, and as for your firefox problem, you can't do anything about the memory leaks unless you install and run firefox 3. Depending on how many extensions and tabs you have open the amount of memory will keep on increasing in firefox 2, however, if you just hae on tab open and you spend a few hours on firefox 2 the memory will increase over time. So the best solution is to close out firefox and then run it again to refresh the memory that way. That's exactly what heppens, I have one tab open and the memory reaches to 100k +. Would you really advice I install firefox 3? Mr Bluedragon, I'll get back to the hijack this in a while, the dsl in part of the world is so crappy. 
Reply
Saint_Michael
May 1 2008, 04:40 PM
It is up to you really as I have like 5 different browsers installed and use them for various things, and unless you don't have a ton of extensions that you use on firefox, which also increases memory, then move on to FF3 beta 5 as it is stable and pretty much the final beta that I am aware of before final release.
Reply
Hagebyhemdata
May 1 2008, 10:09 PM
QUOTE(lefehe @ Apr 26 2008, 07:42 PM) I used to work with Spybot and Adaware, but both have a limited rate of success. For an almost-perfect fully-automated malware solution I personally recommend the one that is called "Superantispyware". Yes, I know, it has a name that might remind those scams that are actually malware. However, it is very good. They have two flavors of their software: a commercial one and a free one. The free one is good enough for a one-time disinfection. Thanks lefehe for recommending this superb software! When working with customers computer security I always use Spybot - Search & Destroy, Lavasofts Ad-Aware 2007 Free and Microsoft own Windows Defender. It's three different types of spyware/removal tools that makes a good complement to each other. By running these three program I have thought it would be enough to keep the computer safe from harm. If the damage is already done, then I also use HiJackThis. Yeah, Superantispyware, sounds like a scam or malware program, but seems to be a really good program, which I plan to use for my customer. Thanks again! By the way, when the subject is up concerning spyware/malware/Hijacking I have read an interesting article preventing being hijacked and by tweaking the Browser Appliance using linux os in VMware's Player. Since Linux are built with more security it's not a bad idea. Read about it more - http://www.spywareinfo.com/articles/vmware/baintro.php
Reply
Jeune
May 3 2008, 01:14 PM
Dear Bluedragon, QUOTE(bluedragon @ Apr 29 2008, 03:33 AM) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) this is a program from apple,though i can't recall installing itunes. I don't even have an ipod! What I do remember is that my sister plugged hers into my pc to get some mp3s. Could it be that mDNSResponder.exe came from there? i already deleted the said file, should I now remove it completely from the registry? QUOTE
O4 - HKLM\..\Run: [SkyTel]SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
Everything above is legit. All Realtek stuff. QUOTE
O4 - HKLM\..\Run: [zzzHPSETUP]D:\Setup.exe
O4 - HKLM\..\Run: [Winupdates] sjjp5.exe
O4 - HKCU\..\Run: [WintelUpdate] c:\jghp.exe
There are no traces of these files in my system. My folders have "show hidden files" in them set already and I already used search. I think D:\Setup.exe is part of my HP Scanner Program so I am going to put it there. The others I just deleted via normal mode. Is that ok? Here's my new HiJackthis log (lemme know if you find something new): QUOTE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:36 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\Jose\My Documents\Tools\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {00000000-6C30-11D8-9363-000AE6309654} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O3 - Toolbar: (no name) - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon]RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Winupdates] sjjp5.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: icq5s.dll
O20 - Winlogon Notify: !SABWinLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6703 bytes
Reply
Recent Queries:--
iexplore.exe 100000k - 14.26 hr back. (1)
-
can a virus attach to iexplore.exe? - 25.27 hr back. (1)
Similar Topics
Keywords : iexplore, exe, virus
- Got A Virus Thru Msn! Im Miserable
newest msn virus (6)
Virus Thru Msn Messenger
Instant message supposedly thru my daughter... (6) I clicked on a fake instant message from my daughter 4 months ago. Clicked on a link that was
supposed to take me to a site to find out if anyone has blocked me. Daughter & I just talked the
week before & discussed whether my son was blocking me. I'm in a computer nightmare. Damn
virus, or whatever has taken over my pc.. Administrative rights.....won't let me install my new
printer...won't allow me to reinstall windows, pc shuts down during process. How do I get my
life back?....
Best Anti-virus Program? [closed For Redundancy]
(4) I want to lnow which one is the best anti-virus program because i'm having serious problems
regarding all these viruses and spywares.So i want to know which is the best one around which i
should use....
Pop-up Virus / Trojan Problem
Constant pop-up, won't go away (7) Hi Guys, Lately I have had this same annoying pop-up dialog box pop up that says: QUOTE NOTICE:
If your computer has been running slower than normal, it may be infected with Viruses, Adware, or
Spyware. Adwareremover2007 will perform a quick and completely FREE scan of your system for
malicious programs. Download AdwareRemover2007 for FREE now! I have scanned it with Avira
AntiVirus and ad-aware2007. They both returned infected files, which i deleted, but i still have the
pop-ups. Any ideas?....
Virus Alert In My Computer
(4) Hi I think I have a spyware infection. The symptoms are as follows: "Windows Antivirus" message
screen keeps on popping up from an icon on the task bar announcing that windows has detected spyware
and suggesting downloading of antispyware. Occasionally another "Windows security Alert" window also
pops up warning that the system is making copies of system files, etc. I am also unable to access
control panel. Can somebody help ? /biggrin.gif" style="vertical-align:middle" emoid=":D"
border="0" alt="biggrin.gif" />....
[question]best Virus Protector
(4) Well I get a lot of viruses, and I must ask: What is the very best 'free' virus protection
software? I have McAfee and Avira AntiVir, but I was just wondering if there was better.....
*** Virus Alert *** Important ***
*** DO NOT TOUCH THESE LINKS *** (14) Sources have warned that the following links, or similar, should not be "touched" or linked to.
Your Anti-virus will issue a severe warning if you click to these links. It would appear that the
common element is the filename in the link which follows the web protocol h t t p. h {double t} p
{colon} //xxthebestxx.hut2.ru/ r57.txt h {double t} p {colon} //www.hdcs.org.np/ r57.txt
h {double t} p {colon} (a file on your account) %20script:void(0) h {double t} p {colon}
//turkey.dnsdc9.com/~activ7/ r57.txt h {double t} p {colon} //turkey.dnsdc9.co....
New Virus
(13) There's a new virus nowadays that attacks computers via Skype. If you have it - it's
possible that you'd get an email FROM ONE OF YOUR CONTACTS with a message: "Have you seen the
last pix of >? {URL}". Thus the virus spreads across your contacts, and then, if you click on the
link - your computer will be infected. Beware - the epidemic only started a few days ago. If you
get that message from someone you know - ask a person, if they really sent it (a bot would not have
a logical answer ready for that). Take care, abminara.....
Does This Sound Like A Virus?
computer meltdown (17) Hi you've probably been asked this about 50 million times, but i'm gonna ask! i bought
a computer off my dads friends and when i got it it started getting windows boxes up saying that the
computer was at risk. they popped up continuously at 2 min intervals. This then stopped. i have my
ntl firewall and security check this used to pop up when starting up but it doesn't do it any
more. Its then started to connect its self to the internet to a web page that just has 21600 on it.
if u shut it down it may pop up again later. At the weekend its starting to lo....
Prank Phone Virus That Can Kills Sends Pakistan Mobile Users Into Hysteria
(0) Although not a big secuirty risk more like something interesting about what human mind viruses can
do ot a person once they recieve a message. On friday pretty much all hell broke loose in Pakistan
when people start recieving, hear, readying about a message that a Virus sen through a mobile phone
will kill people and so every mobile user in Pakinstan went into a craze and cllaed their providers
to see whats going on. The message alos mention that 20 people have died so far, of course they
make mention about the movie "The Ring" in which once a person watched this kil....
New Virus Called Storm Worm Or W32/nuwar@mm Is Out And About
WINZIP/Rar be WARNED (4) To think the Microsoft ANI exploit and the botnet things were bad but this just top the charts, this
new variation of the Storm virus of last year gets a new powerful punch. The virus gets sent
through a password protected zip fil in which the password is contain in a image file in the email.
The email subject contains either Worm Alert!" or "Trojan Detected! so do not open and just
delete it. Also the image file will read something like UrgentNotice.gif" or "AbuseReport.gif. and
the zip file will read something like "patch-####.zip" or "removal-####.zip.". ....
Security Firm Kaspersky Lab Creates Ipod Virus
(1) With the flood of news coming about the .ani exploits it seems the tech world is recieve more news
about new hacks, viruses and other bad stuff these days. Today Kaspersky Lab created a virus that
is able to affect the Ipod, however, it is only affecting Ipod's that have linux installed and
not the standard OS that comes with Ipod. The virus goes by the name of Podloso, although they say
it doesn't show a current threat this virus does show the possiblity to install malware into
devices such as the Ipod. They also mention that the virus does not copy it self....
New Virus Masking As Ie7 Download
(5) Yesterday it was reported that their a new virus masking as a IE7 download using a very creative
looking email message with a link instead of a attachment. Name of the virus is called
Virus.Win32.Grum.A,, they mention that their hasn't been much damage cause by this however,
since they mention that instead of the download being attach they are providing a link. So once a
person clicks that link the virus will kick in. Their hasn't been any reports about what the
virus payload is, they do mention that it usually carries a keylogger program. Funny enough this v....
Some New Apple Ipods Contain A Virus From Windows!
(7) Here is the deal. I got this video ipod recently and it turns out that it had a worm on it. I was
only one fo the few but it did have one. The virus is called RavMonE Virus. Here is a link to find
out more about it. more info It doesn't affect macs only windows based computers. I plugged
it up to the computer and my antivirus detected a worm and I was very surprised. I did some
research and it turns out that some contracted company who builds the ipods for apple had computers
connected to the ipods and they had been infected. These computers were windows....
Virus-spyware Protection An Detection
(3) Best Online Scanners: QUOTE HouseCall http://housecall.trendmicro.com/ Panda
http://www.pandasoftware.com/activescan/ BitDefender Online
http://www.bitdefender.com/scan8/ie.html eTrust Antivirus Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Jotti.org single file scanner
http://virusscan.jotti.org/ Online malware scan Utilizes 8 major Antivirus Scans to analyze
individual files. AV "sandbox" component provides detailed analysis. Libraries and further
information: Symantec http://securityresponse.symantec.co...er/vinfodb.html ....
How Do I Completely Remove Trojan Viruses
anti-virus put them in virus vault (32) I have AVG anti-virus on my PC, and a few weeks back it found a trojan virus on my pc. It put it
into the virus vault but could not heal it. How do I completly remove a trojan virus? Or even can
I? Do I have to download specific software to remove it, or is there some more complexe way of
going in to the system?....
Spyware / Virus Removal Help Needed
(10) Hey guys all of a sudden in the last two days my computer has just been attacked by all types of
malicous software! and im not even kidding when almost instantly it went from running with out a
hitch to so much slow down and so many pop ups i had to run avg. 648 virus and trojans! All
deleted or moved to the vault, thought i was out of the woods than i ran adaware 202 Critical and
malicous objects I deleted them then i ran adaware again got over a hundred bad things again after
the restart and then ran adaware as well and after deleting over 1000 bad things I wa....
Microsoft Warns Of Virus Entering Pcs Via Powerpoint
(3) QUOTE Microsoft has alerted users of a virus that enters PCs through the PowerPoint program. The
virus attaches itself to a contaminated presentation that when accessed installs a keylogging
software on a computer. Users are being warned to take precautions because Microsoft patch that
guards against the security loophole will still be tentatively released on August 8. Reports say
the virus has infected relatively few people with the poisoned presentation. Malicious hackers used
the bug found in PowerPoint 2000, 2002 and 2003. Security experts report that the vir....
Why Havn't I Ever Gotten A Virus, Nothing.
My death wish, I know it. (27) So, my computers about 4 years old. I never really felt the need to install firewalls, virus scans,
any of that none snese. In that 4 years, I have used Limewire, Bitcomet, Azuers, Bearshare, and all
those other P2P's know for spyware, but I havn't gotten any. I don't have a firewall, I
don't really have much protecting me. I belive IE is the bridge that lets spyware installed
with Bearshare, to activate. For some reason all my friends download Limewire, and then say
they're computer went to hell. This dosn't make sense because I have installed ....
Is It A Virus Or Just Error ?
(9) Hi . Dear buddies now a days I’m have a very strange problem and I’m not able to understand
whats is the reason behind this problem and how I solve this problem. I am using “ ACDSEE 6.0 “ .
Yesterday I was “ Croping “ mine pictures in “ ACDSEE” then when I select the “ Croping Area” , I
received a error that “ ACDSEE has encountered an error and now will close “ /ph34r.gif"
style="vertical-align:middle" emoid=":ph34r:" border="0" alt="ph34r.gif" /> And when I trried again
to crop the same picture the same thing happened . Moreover , when I tried to view the sam....
Your Help Is Needed
dam virus or spyware damaged my pc help (6) Wup i just finished sweeping my pc with spysweeper, cause a spyware totally infected my pc, the
damm thing disabled my wallaper, i could only change a color, plus damaged norton, change my home
page, and installed a spysherrif program that was supposed to removed the spyware, of course you
need to buy it, plus installed a thing that every3 minutes show me a message in the minitray(righ
down corner), like if it was from windows, that tells me that my pc is infected. SpySweeper
apparently removed all the thing, but i still cant change my wallpaper, someone please hellp ....
Kama Sutra Virus
(6) At the request of an employer, I was sent to research this virus. Lo and behold, google helped
alot. But from what i found, it's a year old. It took it's effect back in 2005, and fron
what I read, was pretty much squashed from all the publicity it got. Can anyone comment on this?
Is it still around? My employer won't go online due to irrational fears, until I tell him
otherwise.....
Sony Virus
sony xcp software on cds (10) sony have been putting software ( called xcp ) on some of their audio cds. if you play these cds on
your pc it automaticallyinstalls software on your pc. this software uses "rootkit" to hide the file
from the user. here is a list of cds with the xcp software. QUOTE Trey Anastasio, Shine
(Columbia) Celine Dion, On ne Change Pas (Epic) Neil Diamond, 12 Songs (Columbia) Our Lady Peace,
Healthy in Paranoid Times (Columbia) Chris Botti, To Love Again (Columbia) Van Zant, Get Right with
the Man (Columbia) Switchfoot, Nothing is Sound (Columbia) The Coral, The Invisible In....
Install Two Anti-virus Software In 1 System
Is it ok? (35) I found out that AVG Free version isn't eliminating even trojan viruses. I only have this free
version from protecting my system. Is it okay to install one more anti-virus software on top of this
AVG Free version which is already installed and updated to the latest version? I have the option of
installing Norton Anti-virus 2005. Will it cause any problem since the two softwares may use the
same source from the computer, if I install this one? Do you recommend that I should uninstall
first the existing software and install the new one? Will Norton Anti-virus 2005 ....
New Computer Virus
Computer Virus that masquerades as NEWS (16) Have you ever read or encouter such virus that disguised as NEWS.. well here is some info on how
virus created found and works... QUOTE Researchers have identified a new computer virus that
masquerades as news headlines from CNN's Web site. Sophos, an anti-virus firm, says the virus
-- identified as Crowt-A -- pulls headlines, subject lines and other content from CNN.com. Once
opened, the virus can then scan the user's address book and try to email itself to those users.
The virus' subject line and attachment share the same name, Sophos researchers say....
Aol Im Virus
Don't click the link (16) All of my friends have been IM'ing me this virus - I haven't seen this under a topic so
I'm posting it. You'll receive an IM from someone with the wording similar to this "Hey
check out this . If you are dumb and careless enough to click it you get this virus that will
forward the message to everyone on your buddy list. I haven't asked my friends what else the
virus does, but I'm just letting you all know. This may not be a devastating virus, but
don't fall prey to these internet goofballs!!!....
New Virus Kills Music Files
Nopir.B worm wipes out all mp3 and com files (19) http://english.chosun.com/w21data/html/new...0504250004.html Not only does it not differentiate
between legal and illegal mp3 files, it also doesn't let you reboot your computer. So far,
it's been circulating only in Europe, but those in the US and Asia had better take caution as
well. It's only a matter of time.......
Warning: Virus Spreading Through Msn Messenger
any info? (12) I was online, and then a friend sent me that file, and I accepted it because he's been wanting
to send me a program that improves the resolution of the screen. But then my email address was in
the file name, so I asked him what that was. To my horror, he said 'virus', but it was too
late, I already opened it and then several chat screens popped-up, and it was auto-sent to some of
the friends on the contact list. Luckily i was quick enough to ask them not to click on it. And my
norton internet security and microsoft anti spyware program detected it and asked ....
Msn Messenger Virus
awful (60) Okay there’s a new virus going around MSN, I thought only my dumb friends were the ones accepting
it, but turns out its across the nation. So I dont know if you've got it and deleted it, or was
smart and didn’t accept it. Well it goes by (as far as I know) three names. There like "Frog
something something blender" "My new photo!" and like "Me and my lesbian friends!". Its a
17kb file, so if some1 in your list tries to send you one the those, DONT ACCEPT! It goes into
your list(takes total control, so you cant do anything) and sends itself to EVERY1 in you....
Virus Alert - Messenger Viruses
New viruses spreading through Y! Msngr (6) QUOTE If somebody by the name of json73002@yahoo.com adds you. dont accept it. Its a virus. Tell
everyone on ur bulletin because if somebody on ur list adds them, u get the virus too. Tell everyone
on your list not to open anything angell11. tewwtuler and sassy*BLEEP*. It is a hard drive killer
and a very horrible virus. Pass this letter to everyone on your buddy list. We need to find out who
is really using these accounts. Sorry for the inconvenience. Becareful while using Messengers
guys! Don't keep your messengers online unnecessarily. Go offline as so....
Looking for iexplore, exe, virus
|
|
Searching Video's for iexplore, exe, virus
|
advertisement
|
|
