There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Malware Removal & HijackThis Logs
Tag Cloud
audio blue screen boot bsod computer cpu crash dell desktop driver drivers error excel external hard drive firefox freezes freezing hard drive hardware hijackthis install internet internet explorer itunes keyboard laptop malware motherboard mouse network networking outlook 2007 power printer problem ram restart router screen slow sound trojan usb virus vista vista 32-bit windows windows xp winxp wireless
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: Solved: Iexplore.exe using all my CPU capacity


Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members. Enjoy!

Closed Thread
Page 3 of 3 < 12 3
 
Thread Tools
alloutofgas's Avatar
Computer Specs
Junior Member with 23 posts.
  
Join Date: Apr 2008
Experience: a user not a programmer
06-Jun-2008, 05:51 AM #31
Kaspersky log
have zipped the Kaspersky log as attached.
Attached Files
File Type: zip kaspersky.zip (201.7 KB, 2 views)
cybertech's Avatar
Computer Specs
Moderator with 61,499 posts.
  
Join Date: Apr 2002
Location: Washington State
06-Jun-2008, 11:52 AM #32
Save this to notepad so you will have it while in safe mode and removing entries with hijackthis. It's important to have all of your browser windows closed!

Fix these with hijackthis while logged into the correct profile.

Log 2 (ali)

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKCU\..\Run: [darthold] C:\DOCUME~1\Ali\APPLIC~1\HEARTO~1\Mapiboldsect.exe


Log 3 hannah

O4 - HKCU\..\Run: [darthold] C:\DOCUME~1\Hannah\APPLIC~1\HEARTO~1\Mapiboldsect.exe


Log 4 Owner

O4 - HKCU\..\Run: [darthold] C:\DOCUME~1\HP_Owner\APPLIC~1\HEARTO~1\Mapiboldsect.exe


Log 4 rebecca

O4 - HKCU\..\Run: [darthold] C:\DOCUME~1\HP_Owner\APPLIC~1\HEARTO~1\Mapiboldsect.exe


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    C:\WINDOWS\Tasks\AA876005918513C9.job
C:\DOCUME~1\Ali\APPLIC~1\HEARTO~1
C:\DOCUME~1\Hannah\APPLIC~1\HEARTO~1
C:\DOCUME~1\HP_Owner\APPLIC~1\HEARTO~1
C:\Documents and Settings\Becky\Application Data\ZangoToolbar
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloadervdt2.zip
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Restart in Safe Mode.
  • To boot up in Safe mode, continuously tap the F8 key while starting your computer.
  • You should see a black screen displaying the Windows Advanced Menu Options.
  • Using your keyboard's arrow keys, select Safe mode, then hit Enter.

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders" Click "Apply" then "OK".

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Next navigate to the C:\Documents and Settings\Administrator (Repeat for all user names)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files".

Put a check by "Delete Offline Content" and click OK.


Empty your recycle bin.

Reboot to normal mode and let me know how the machine is working.
__________________
Microsoft MVP/Windows - Consumer Security


If we have helped you, please consider making a donation to TSG!
alloutofgas's Avatar
Computer Specs
Junior Member with 23 posts.
  
Join Date: Apr 2008
Experience: a user not a programmer
06-Jun-2008, 07:41 PM #33
seems to have worked ok
So far so good. Followed the instructions and now no iexplore.exe in anyones bootup.

No particular problems but I will keep an eye on things. Did you gey the Kaspersky log?

thanks and see you

log from OTMoveIT as follows

C:\WINDOWS\Tasks\AA876005918513C9.job moved successfully.
C:\DOCUME~1\Ali\APPLIC~1\HEARTO~1 moved successfully.
C:\DOCUME~1\Hannah\APPLIC~1\HEARTO~1 moved successfully.
C:\DOCUME~1\HP_Owner\APPLIC~1\HEARTO~1 moved successfully.
File/Folder C:\Documents and Settings\Becky\Application Data\ZangoToolbar not found.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloadervdt2.zip moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06062008_222528
cybertech's Avatar
Computer Specs
Moderator with 61,499 posts.
  
Join Date: Apr 2002
Location: Washington State
06-Jun-2008, 07:54 PM #34
Spybot - Search & Destroy\Recovery\ZlobDownloadervdt2.zip was all that Kaspersky found.

You should run OTCleanIt again to remove all of those moved files from your computer.


Hope things go well now!
alloutofgas's Avatar
Computer Specs
Junior Member with 23 posts.
  
Join Date: Apr 2008
Experience: a user not a programmer
07-Jun-2008, 12:18 PM #35
I'll drink to that. Many thanks for all your help getting back on the road. Hope not to speak again for a while anyway!!

Alloutofgas
cybertech's Avatar
Computer Specs
Moderator with 61,499 posts.
  
Join Date: Apr 2002
Location: Washington State
07-Jun-2008, 01:54 PM #36
You're welcome!
Closed Thread
Page 3 of 3 < 12 3

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.



Thread Tools


Related Sites: 56k Dial-Up | Tech Gift Ideas | Mobile TechGuy | Advertise on TSG
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 12:35 PM.
Copyright © 1996 - 2008 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Powered by Cermak Technologies, Inc.