iexplorer.exe?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

susieq_j

Thread Starter
Joined
Jan 24, 2005
Messages
13
Can anyone tell me what iexplorer.exe is , what it is for, and how it got there, and do I need it?
Everytime I use internet exlporer this comes up and said something about my memory , and that it is an application problem and must terminate.
Can you tell me what I should do?
Thanks :confused:
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
go to here and download 'Hijack This!' double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
Click on the entry in start menu or on the desktop to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

susieq_j

Thread Starter
Joined
Jan 24, 2005
Messages
13
Logfile of HijackThis v1.99.1
Scan saved at 2:31:46 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Vet\VetTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Vet\isafe.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinTV\Ir.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Stardock\Object Desktop\DesktopX\DXWidget.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VetTray] C:\Vet\VetTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Weather Forecaster (animated).lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\WeatherAni.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/client/download/TNPLDownloader.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...subcatId=&search=superbuddy&skip=1&expId=7880
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118971301921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1118971243390
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/popcaploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{805BC18B-4D7A-4C53-A5C1-9A545E21125F}: NameServer = 64.215.86.12,64.84.96.2
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Vet\isafe.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Vet\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
There is nothing obviously bad showing there so I suggest this

* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan
 

susieq_j

Thread Starter
Joined
Jan 24, 2005
Messages
13
Incident Status Location

Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\ClientAX.inf
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/CWS No disinfected C:\Documents and Settings\David & Sue\Favorites\Fun & Games
Adware:Adware/FunWeb No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\clientax.inf
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Virus:Eicar.Mod No disinfected C:\Program Files\PestPatrol\Help.chm[HowCanITestDetection.html]
Spyware:Spyware/Altnet No disinfected C:\Program Files\PestPatrol\Quarantine\20050212114215.zip[__unin__.exe]
Spyware:Spyware/Altnet No disinfected C:\Program Files\PestPatrol\Quarantine\20050302063259.zip[__unin__.exe]
Adware:Adware/nCase No disinfected C:\Program Files\PestPatrol\Quarantine\20050511132949.zip[saap.exe]
Spyware:Spyware/YourSiteBar No disinfected C:\Program Files\PestPatrol\Quarantine\20050626115321.zip[ysb.dll]
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F69E81D7-2D65-49F1-9EC5-18DD7A\00CC2DDD-F41D-46E7-B3EA-B84984
Spyware:Spyware/ISTbar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\07BDBBBE-6E56-4FB6-B1FB-6C0AA7\E1254C6A-B3E2-477A-841B-C0F764
Adware:Adware/PowerScan No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A1888073-A3E3-4C87-8C59-22C02D\6618A2E2-152B-4623-AD5D-229C6D
Adware:Adware/PowerScan No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A1888073-A3E3-4C87-8C59-22C02D\BC4C4553-6339-4633-9603-0BDC3E
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Lommerse\Local Settings\Temporary Internet Files\Content.IE5\JN9J7LSW\get[1].php
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Lommerse\Local Settings\Temporary Internet Files\Content.IE5\JBPBRH0W\2-8[1].htm
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Lommerse\Local Settings\Temporary Internet Files\Content.IE5\NHZ81VFS\free-easter-wallpapers-2[1].htm
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Lommerse\Local Settings\Temporary Internet Files\Content.IE5\GGCE134T\free-easter-wallpapers[1].htm
Adware:Adware/Lop No disinfected C:\Documents and Settings\David & Sue\Application Data\Gram title\Five Deaf Log.exe
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP3\A0000175.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP6\A0000229.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP43\A0002377.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP45\snapshot\MFEX-3.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP45\snapshot\MFEX-4.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP45\snapshot\MFEX-5.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP45\snapshot\MFEX-6.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-3.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-4.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-5.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-6.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-9.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-10.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-11.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-12.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\A0002411.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\A0002430.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\A0002558.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP71\A0003926.EXE
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP71\A0003927.DLL
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004152.dll
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004170.cpl
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004176.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004177.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004178.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004179.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004180.exe
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004181.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004182.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004185.dll
Spyware:Spyware/Altnet No disinfected D:\Kazaa\TopSearch.dll
Logfile of HijackThis v1.99.1
Scan saved at 4:01:59 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Vet\VetTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Vet\isafe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinTV\Ir.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Stardock\Object Desktop\DesktopX\DXWidget.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R3 - Default URLSearchHook is missing
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VetTray] C:\Vet\VetTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Weather Forecaster (animated).lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\WeatherAni.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/client/download/TNPLDownloader.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...subcatId=&search=superbuddy&skip=1&expId=7880
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118971301921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1118971243390
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/popcaploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{805BC18B-4D7A-4C53-A5C1-9A545E21125F}: NameServer = 64.215.86.12,64.84.96.2
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Vet\isafe.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Vet\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
It looks like many of your problems were/are being caused by KAzaa, I strongly advise you to uninstall it


Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily

now Start killbox paste the first file listed below into the full pathname and file to delete box

The file name will appear in the window and if the file exists it will appear in blue under that window then select standard file kill, press the red X button, say yes to the prompt and once the file deleted message comes up then repeat for each file in turn

[Note: Killbox makes backups of all deleted files in a folder called C:\!submit we might ask you to submit those files for further examination a bit later on ]

C:\WINDOWS\Downloaded Program Files\ClientAX.inf
C:\WINDOWS\Downloaded Program Files\clientax.inf
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.inf
C:\Documents and Settings\David & Sue\Application Data\Gram title\Five Deaf Log.exe


Then on killbox top bar press tools/delete temp files and follow those prompts and say yes to everything

then as some of the folders you need to delete may be hidden do this:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

then go to C:\windows\temp and select EVERYTHING and delete it all and then do the same for C:\temp if it exists

1) Open Control Panel
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

then

Turn off system restore by following instructions here
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039
That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.

go here http://forums.techguy.org/t208517/s.html for info on how to tighten your security settings and how to help prevent future attacks.

and pay an urgent visit to windows update & make sure you are fully updated & get the bunch of new updates that are alleged to plug the security holes that let these pests on in the first place

and let us know if you are still having the problems
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top