I think i may have two viruses

Hi there,,

I think that I have more then one virus but neither Norton antivurus 2006 or Trend micro can pick up. I always have iexplore.exe running and when I run any system tool it says "another program is currently using this programâ€â€¦ pls help.. Here is my HJT log… I also run zonealarm but I’ve turn it off due it freezing my computer when I run HJT…

Logfile of HijackThis v1.99.1
Scan saved at 7:00:06 PM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS2\SOUNDMAN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS2\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS2\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700 "
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS2\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS2\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{18339888-F9AD-44B5-BA9E-56BD99421B64}: Domain = sa.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{395D40C5-72FE-4EE0-8171-71C8BBC006CE}: Domain = sa.bigpond.net.au
O17 - HKLM\System\CS1\Services\Tcpip\..\{18339888-F9AD-44B5-BA9E-56BD99421B64}: Domain = sa.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\..\{18339888-F9AD-44B5-BA9E-56BD99421B64}: Domain = sa.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\..\{18339888-F9AD-44B5-BA9E-56BD99421B64}: Domain = sa.bigpond.net.au
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS2\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS2\system32\ZoneLabs\vsmon.exe

 

Hello and welcome to WindowsBBS Forums.

Well there does appear to be one little bugger on your system. Lets get another online scan and fix with HJT.

Go to this page, Panda ActiveScan

• Click the 'Scan your PC' button. ( You may have to disable any pop up blockers)
• Then press the green 'Check Now' button.
• Enter your country and state along with a valid email address.
• Allow the ActiveX install, it may be a few minutes for all components. (For XP SP 2 watch for the yellow bar at the top of IE)
• Once installation is complete you will need to select a device to scan. Please select 'My Computer' and the scan will begin.
• Once the scan is done, click the 'See report' button, then the 'save report' button. Be sure to save the log file created in a place easy for you to find.

Run Hijackthis and look over the following entries I have listed, check the boxes next to them and press the "Fix Checked" button with HijackThis. When you are doing this, make sure you have No IE windows, or other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)

Reboot, into safe mode, this way:
Turn on the computer
Immediately begin tapping the <F8> key.
Use the arrow keys to highlight Safe Mode and press the <Enter> key.

Also, enable the 'Show Hidden Folders' option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

And search for, then delete, if found, (some may not be present after previous steps) the following files/folders:
winjvd32.dll<<<--this file

To exit Safe Mode, click the Start button, click Turn Off Computer, click Restart.

Post a new HJT log back into this thread please.

 

Logfile of HijackThis v1.99.1
Scan saved at 6:56:26 PM, on 13/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS2\SOUNDMAN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS2\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS2\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700 "
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS2\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS2\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{18339888-F9AD-44B5-BA9E-56BD99421B64}: Domain = sa.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{395D40C5-72FE-4EE0-8171-71C8BBC006CE}: Domain = sa.bigpond.net.au
O17 - HKLM\System\CS1\Services\Tcpip\..\{18339888-F9AD-44B5-BA9E-56BD99421B64}: Domain = sa.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\..\{18339888-F9AD-44B5-BA9E-56BD99421B64}: Domain = sa.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\..\{18339888-F9AD-44B5-BA9E-56BD99421B64}: Domain = sa.bigpond.net.au
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS2\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS2\system32\ZoneLabs\vsmon.exe

 

OK, that file appears to be gone, did you save the Panda report?

Are you having any more problems, lets us know please.

 

Well i still can't access any of my system tools and i still have the extra ieplore running. this is what the active scan said

Incident Status Location

Adware:adware/ist.istbar Not disinfected c:\program files\common files\Totem Shared
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Paul\Cookies\paul@com[1].txt
Potentially unwanted tool:Application/Processor

Not disinfected
C:\Documents and Settings\Paul\Local Settings\Temp\nssC.tmp
Potentially unwanted tool:Application/Processor
Not disinfected
C:\Documents and Settings\Paul\Local Settings\Temp\Rar$EX02.422\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor
Not disinfected
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\MQA9T1OM\VirtumundoBeGone[1].exe[²Æ’Ç]
Potentially unwanted tool:Application/Processor
Not disinfected
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\OLEZ2ZKT\SmitfraudFix[1].zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\helpmefiled\SmitfraudFix\Process.exe
Adware:Adware/IST.ISTBar
Not disinfected
C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.041

Adware:Adware/nCase Not disinfected D:\game stuff\Norton\Norton_Antivirus_2003_9.0_Serial.zip[crack.exe]

 

Ok, lets run a temp cleaner and see what programs are installed on your PC.

This line:
D:\game stuff\Norton\Norton_Antivirus_2003_9.0_Serial.zip[crack.exe]<<<---This needs to be deleted, warez and crackz apps are nothing but trouble and we advise strongly against ever DLing them for two reasons:

• It's illegal
• Most of these apps carry infections

Download Atribunes ATF Cleaner

• Double-click ATF-Cleaner.exe to run the program.
• Tick the following boxes:
  • Windows Temp
  • Current User Temp
  • All User Temp
  • Cookies
  • Temporary Internet Files
  • History
  • Prefetch
  • Java Cache
• Click the Empty Selected button.

We'll empty the Recycle Bin later, once we know you're all cleaned up and nothing needs to be restored.

Search for, and delete, if found, the following files/folders:
c:\program files\common files\Totem Shared<<<<---this folder

And lets get an uninstall list from HJT.

Start HijackThis

• Click on the Config button
• Click on the Misc Tools button
• Click on the Open Uninstall Manager button
• Then click on the Save list button and specify where you would like to save this file.
• When you press Save button a notepad will open with the contents of that file.
• Copy and paste the contents of that notepad back into this thread for me to view.

Let me know if the extra explore disappears.

 

Adobe Reader 7.0.8
Age of Empires III
Autodesk DWF Viewer
Azureus
BigPond Broadband ADSL FAQ
Call of Duty
ccCommon
C-Media WDM Audio Driver
DocRepair
DVDFab Decrypter 2.9.6.6
EPSON Printer Software
EPSON Scan
e-tax 2006
HijackThis 1.99.1
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 6
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Microsoft .NET Framework 2.0
Microsoft Office XP Professional with FrontPage
MSN Messenger 7.5
NAVShortcut
Need for Speed Underground 2
Nero 7 Demo
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
NVIDIA Drivers
Panda ActiveScan
PowerISO
Pro Evolution Soccer 5 DEMO(no voice)
QuickTime Alternative 1.68
Realtek AC'97 Audio
RTLSetup
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SPBBC
Star Wars Empire at War
Symantec
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
XP Codec Pack
ZoneAlarm Pro

I still have the extra ieplore.exe running...

some of my friends have had the same prob and just had to format there system is that what i'm going to have to do... or do you have a plan in mind?

 

Do you know what these are and did you install them:
Internet Worm Protection
XP Codec Pack


We can check to see where that iexplore is going by DLing an app to give us the details.

Download Port Explorer. It is a 30 day\50 execution trial.

Install as prompted and then be sure you have all applications closed, as many as possible and then look in the PE window, it will tell you what IP that iexplore is going to, by highlighting the line and right-clicking and select the 'Whois' info.

Let me know what that info is.

 

The XP codec Pack i installed to upgrade my Windows media player, But the Internet worm protection i know nothing about.

here are the results of the whois...


OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 10.0.0.0 - 10.255.255.255
CIDR: 10.0.0.0/8
NetName: RESERVED-10
NetHandle: NET-10-0-0-0-1
Parent:
NetType: IANA Special Use

 

Ok, uninstall the Internet Worm Protection thing and see if your extra iexplore goes away.

Before you delete it tho, please get me the uninstall string, via HJT:

Open HJT, select the 'None of the above, just start the program' button, then click the 'Config' button, then select the 'Misc Tools' button, then select the 'Uninstall Manager' button, hi light that entry and copy the uninstall command info which will be in the upper right hand corner of HJT.

 

this is the command line...

MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}

Can i uninstall this through HJT? Or does HJT this only use the windows based add remove program list...coz i still can't open up any system tools

 

Ok, what services are you missing exactly? None of the system tools at all?

Let me know, because there are some fixes for them, but they are individual repairs and there may be a better way of fixing them, than with one reg fix at a time.

And the Internet Protection is part of the Norton software.

 

Add new hardware
Add Or Remove programs
Automatic Updates
Date and time
Display
Internet options
Java
Keyboard
Mail
Mouse
Secuirty Centre
System
user accounts
Task and start menu
windows firewall
speech
game controllers
regional and lang options
there are a few more but they are just sound and graphic card stuff

They all come up with the error message "another program is currently use this program "....

I Use Zonealram Pro 6.1 as my firewall.

 

sorry the error message is "another program in currently using this FILE "

 

Ok, we need to look for more nasties.

Lets try a few scanners. This may be something that's hidden, making the registry changes and scanners are the easiest way to find them. The original problem was just on the surface.

Reboot before next scan with whichever app is next.

Download AVG Anti-Spyware 7.5 formerly Ewido Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

• Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
• Once the setup is complete you will need run ewido and update the definition files.
• On the main screen select the icon "Update" then select the "Update now" link.

• Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
• Under "Reports "

• Select "Automatically generate report after every scan "
• Un-Select "Only if threats were found "

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

Reboot, into safe mode, this way:

• Turn on the computer
• Immediately begin tapping the <F8> key.
• Use the arrow keys to highlight Safe Mode and press the <Enter> key.

IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning process.

Launch ewido-anti-spyware by double-clicking the icon on your desktop.

• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
• ewido will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions "
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
• Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.(Please edit out any cookies, system restore or recyler folder references)

Spybot Search & Destroy v.1.4
AdAware SE Free v1.06r

With AdAware and Spybot: DL, follow the install instructions, check for updates, then scan, repair/remove/quarantine anything found.

Only post the Ewido log please, not the other two.

 

Well at this stage i've only ran the one scanner.. this is the report

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:40:42 PM 16/10/2006

+ Scan result:




C:\WINDOWS2\3d.exe -> Trojan.Small.js : Cleaned.
C:\WINDOWS2\system32\rundll32.exe -> Trojan.Small.js : Cleaned.


::Report end

It seems that it has fixed the problems.. did you want me to do more scans still or do anything else just to see if it is so?

 

I'd do the other scans anyway, as back up, I'd bet they will pick up some other tidbits, it sure can't hurt.

 

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:40:42 PM 16/10/2006

+ Scan result:

C:\WINDOWS2\3d.exe -> Trojan.Small.js : Cleaned.
C:\WINDOWS2\system32\rundll32.exe -> Trojan.Small.js : Cleaned.


::Report end

That has fix all the problems that i've been having no more extra iexplore and i now can access all sytem tools...

Thank you very much for all your help TeMerc ...cheers

 

Glad we could be of assistance.

We have 3 more things to do, to help ensure you have removed all the little 'leftovers' which may be hiding:

Empty the TIF (Temporary Internet Files)
Delete all the files in (and any subfolders of) the C:\Windows\Temp folder
The app below will help with temp files.
Index.dat Suite

Also, delete all your cookies, and empty your recycle bin. But remember, by deleting your cookies, you will have to re-enter any passwords and log-in info for any sites you are usually required to do so with.

This would also be a good time to set a new system restore point for your machine.
Set New System Restore Point. Do not do this unless there are no other user accounts to be diagnosed.

Also, as you are an XP user, if there are any other accounts on this machine, they too, must be cleaned with AdAware, Spybot S&D, then HJT. Not all infections are global, nor are all the HJT fixes global. You can post each user account here into this thread, but please, do only one at a time to avoid confusion.

Here is a link which describes how security apps work with WIN XP machines.
XP User Accts Security Apps Operation

To further prevent the installation of ad/mal/spyware, DL the apps below, which are just as good the fight against ad/mal/spyware as AdAware & Spybot S&D:

SpywareBlaster
With SpywareBlaster v3.5.1 , just DL, install and check for updates, enable Internet Explorer protection, and your done! I don't recommend using IE restricted sites protection as it's not a very large database. Use IE-SPYADs below.

To avoid known malware infested sites from loading in IE install IESPY ADS.
And MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.

And to prevent unknown applications from being inserted to start up on your machine install WinPatrol v10.0.5.

Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.

Links for tutorials for all the apps I mentioned can be found on my site as well.

Confused about which apps are good or not? Read about Rogue/Approved Anti Security apps

And just because you have security apps installed, they are useless unless updated regularly. Keep track of updates for ALL your security needs here:
Calendar of Updates

Subscribe to update alerts for all the above security apps here.

You can also see my own ongoing security testing with all the above apps proving how securely you can safe with them installed.
TeMerc Test Box Forum

Happy surfing!!
Tom

Due to resolution or the lack of feedback this topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.