# iexplorer.exe?



## susieq_j (Jan 24, 2005)

Can anyone tell me what iexplorer.exe is , what it is for, and how it got there, and do I need it?
Everytime I use internet exlporer this comes up and said something about my memory , and that it is an application problem and must terminate.
Can you tell me what I should do?
Thanks


----------



## HenryVI (May 27, 2005)

Holy cow you need to remove that!! DOwnload Hijackthis from here http://www.spywareinfo.com/~merijn/downloads.html

And I'll request this to be moved to the Security forum.


----------



## dvk01 (Dec 14, 2002)

go to here and download 'Hijack This!' double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop. 
Click on the entry in start menu or on the desktop to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log. 
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, 
so *do NOT fix anything yet.*
Someone here will be happy to help you analyze the results.


----------



## susieq_j (Jan 24, 2005)

Logfile of HijackThis v1.99.1
Scan saved at 2:31:46 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Vet\VetTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Vet\isafe.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinTV\Ir.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Stardock\Object Desktop\DesktopX\DXWidget.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VetTray] C:\Vet\VetTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Weather Forecaster (animated).lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\WeatherAni.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/client/download/TNPLDownloader.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...subcatId=&search=superbuddy&skip=1&expId=7880
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118971301921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1118971243390
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/popcaploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{805BC18B-4D7A-4C53-A5C1-9A545E21125F}: NameServer = 64.215.86.12,64.84.96.2
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Vet\isafe.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Vet\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe


----------



## dvk01 (Dec 14, 2002)

There is nothing obviously bad showing there so I suggest this

* Run ActiveScan online virus scan *here*

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

*Post a new HiJackThis log along with the results from ActiveScan*


----------



## susieq_j (Jan 24, 2005)

Incident Status Location

Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\ClientAX.inf 
Spyware:Spyware/Dyfuca No disinfected Windows Registry 
Adware:Adware/CWS No disinfected C:\Documents and Settings\David & Sue\Favorites\Fun & Games 
Adware:Adware/FunWeb No disinfected Windows Registry 
Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\clientax.inf 
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll 
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf 
Virus:Eicar.Mod No disinfected C:\Program Files\PestPatrol\Help.chm[HowCanITestDetection.html] 
Spyware:Spyware/Altnet No disinfected C:\Program Files\PestPatrol\Quarantine\20050212114215.zip[__unin__.exe] 
Spyware:Spyware/Altnet No disinfected C:\Program Files\PestPatrol\Quarantine\20050302063259.zip[__unin__.exe] 
Adware:Adware/nCase No disinfected C:\Program Files\PestPatrol\Quarantine\20050511132949.zip[saap.exe] 
Spyware:Spyware/YourSiteBar No disinfected C:\Program Files\PestPatrol\Quarantine\20050626115321.zip[ysb.dll] 
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F69E81D7-2D65-49F1-9EC5-18DD7A\00CC2DDD-F41D-46E7-B3EA-B84984 
Spyware:Spyware/ISTbar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\07BDBBBE-6E56-4FB6-B1FB-6C0AA7\E1254C6A-B3E2-477A-841B-C0F764 
Adware:Adware/PowerScan No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A1888073-A3E3-4C87-8C59-22C02D\6618A2E2-152B-4623-AD5D-229C6D 
Adware:Adware/PowerScan No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A1888073-A3E3-4C87-8C59-22C02D\BC4C4553-6339-4633-9603-0BDC3E 
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Lommerse\Local Settings\Temporary Internet Files\Content.IE5\JN9J7LSW\get[1].php 
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Lommerse\Local Settings\Temporary Internet Files\Content.IE5\JBPBRH0W\2-8[1].htm 
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Lommerse\Local Settings\Temporary Internet Files\Content.IE5\NHZ81VFS\free-easter-wallpapers-2[1].htm 
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Lommerse\Local Settings\Temporary Internet Files\Content.IE5\GGCE134T\free-easter-wallpapers[1].htm 
Adware:Adware/Lop No disinfected C:\Documents and Settings\David & Sue\Application Data\Gram title\Five Deaf Log.exe 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP3\A0000175.dll 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP6\A0000229.dll 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP43\A0002377.dll 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP45\snapshot\MFEX-3.DAT 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP45\snapshot\MFEX-4.DAT 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP45\snapshot\MFEX-5.DAT 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP45\snapshot\MFEX-6.DAT 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-3.DAT 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-4.DAT 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-5.DAT 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-6.DAT 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-9.DAT 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-10.DAT 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-11.DAT 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-12.DAT 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\A0002411.dll 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\A0002430.dll 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\A0002558.exe 
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP71\A0003926.EXE 
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP71\A0003927.DLL 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004152.dll 
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004170.cpl 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004176.dll 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004177.dll 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004178.dll  
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004179.dll 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004180.exe 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004181.dll 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004182.dll 
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004185.dll 
Spyware:Spyware/Altnet No disinfected D:\Kazaa\TopSearch.dll 
Logfile of HijackThis v1.99.1
Scan saved at 4:01:59 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Vet\VetTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Vet\isafe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinTV\Ir.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Stardock\Object Desktop\DesktopX\DXWidget.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R3 - Default URLSearchHook is missing
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VetTray] C:\Vet\VetTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Weather Forecaster (animated).lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\WeatherAni.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/client/download/TNPLDownloader.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...subcatId=&search=superbuddy&skip=1&expId=7880
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118971301921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1118971243390
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/popcaploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{805BC18B-4D7A-4C53-A5C1-9A545E21125F}: NameServer = 64.215.86.12,64.84.96.2
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Vet\isafe.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Vet\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe


----------



## dvk01 (Dec 14, 2002)

It looks like many of your problems were/are being caused by KAzaa, I strongly advise you to uninstall it

Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily

now Start killbox paste the first file listed below into the full pathname and file to delete box

The file name will appear in the window and if the file exists it will appear in blue under that window then select standard file kill, press the red X button, say yes to the prompt and once the file deleted message comes up then repeat for each file in turn

[Note: Killbox makes backups of all deleted files in a folder called C:\!submit we might ask you to submit those files for further examination a bit later on ]

C:\WINDOWS\Downloaded Program Files\ClientAX.inf
C:\WINDOWS\Downloaded Program Files\clientax.inf
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.inf
C:\Documents and Settings\David & Sue\Application Data\Gram title\Five Deaf Log.exe

Then on killbox top bar press tools/delete temp files and follow those prompts and say yes to everything

then as some of the folders you need to delete may be hidden do this:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

then go to C:\windows\temp and select EVERYTHING and delete it all and then do the same for C:\temp if it exists

1) Open Control Panel
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

then

Turn off system restore by following instructions here 
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039 
That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.

go here* http://forums.techguy.org/t208517/s.html *for info on how to tighten your security settings and how to help prevent future attacks.

and pay an urgent visit to windows update & make sure you are fully updated & get the bunch of new updates that are alleged to plug the security holes that let these pests on in the first place

and let us know if you are still having the problems


----------



## susieq_j (Jan 24, 2005)

Thanks so much for all your help


----------

