I have 2 processes of IEXPLORE.EXE in my task manager, and they wont go away when i try to end process on them.
I have norton internet security 2006 installed updated it and scanned but no virus found.read in ur forum that it should not be used for net banking but my dad uses it so would be helpful if u could guide me how to solve this problem.

Will a system restore work in this case.???

The first thing that I need you to do for me is to download and install HijackThis for me,

Highjackthis Instructions

• Make sure you have the LATEST version of HJT (currently v2.0.2) it can be downloaded from HERE
• Run the HijackThis Installer and it will automatically place HJT in its own folder, usually C:\Program Files\Trend Micro\HijackThis. Please don't change the directory as it is necessary to create backups.
• After installing, the program launches automatically, select Scan now and save a log
• After the scan is complete attach the log with your reply.

Do not attempt to fix any item yet.
Do not add anything to the ignore list.
Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.

Hijackthis will give me an idea as to what nasty things there are lurking about in your system and will help the both of us get rid of them.

If you have any problems or questions then please post back.

hey kritius thanks a lot for helping i m attaching the log file created by hijack this

Attached Files

hijackthis.log (11.2 KB, 5 views)

hey kritius thanks a lot for helping i m attaching the log file created by hijack this

ummm... where did you see you shouldn't have more then one iexplorer process?

I don't believe that's true.. certainly for IE7 on XP. kritius or anyone else who wants to comment?

/*** Edit ***/
OK. Never mind. Having more then one iexplorer is not itself a problem but i see you're also having trouble killing them..

Boot to safe mode, run HJT, and fix the following:

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll

O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\Mail load.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe


And so much other junk running, not that harmful though...

Before doing that, go to add/remove programs and look for,
Search Settings
RegistryBooster 2
OneStep Search Service
Remove them

O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\Mail load.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe

Delete the foolowing,

C:\Documents and Settings\All Users\Application Data\third lies itch ford <-==This folder,
C:\Program Files\OneStepSearch<-==This folder,
C:\Program Files\Uniblue\RegistryBooster 2<-==This folder,
C:\Program Files\Search Settings<-==This folder,
C:\Program Files\OneStepSearch<-==This folder,


O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\Mail load.exe

This looks like a lop infection.

Download and Run NoLop
Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3

• First close any other programs you have running as this will require a reboot
• Double click NoLop.exe to run it.
• Now click the button labelled "Search and Destroy"
  (your computer will now be scanned for infected files)
• When scanning is finished you will be prompted to reboot only if infected, Click OK
• Now click the "REBOOT" Button.
• A Message should popup from NoLop. If not, double click the program again and it will finish.
• Please attach the C:\NoLop.log later.

Note: If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to C:\WINDOWS\system32\ folder then rerun the program.

hey did everything wat u said and now i have attached the nolop log
now wen i start my computer and check processes then only one iexplore.exe is running but dont knw even y that one is running
wen i end process that one it closes and does not start again unlike the earlier ones

Attached Files

NoLop.log (4.2 KB, 1 views)

: Download and Run DSS

Download Deckard's System Scanner (DSS) to your Desktop. You must be logged onto an account with administrator privileges.

• Close all applications and windows.
• Double-click on dss.exe to run it, and follow the prompts.
• When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
• Attach the main.txt and the extra.txt in your reply.

hey i have attached the necessary log files

Attached Files

	extra.txt (20.5 KB, 3 views)
	main.txt (21.7 KB, 3 views)

Ill post back results later, im in work at the minute.

these are certainly suspect

2008-04-07 00:00:38 705 --a------ C:\d1.exe
2008-04-07 00:00:29 2 --a------ C:\-1608041051
2008-04-07 00:00:26 6656 --a------ C:\jgkpt.exe
2008-04-07 00:00:23 125440 --a------ C:\vwhfxvxv.exe

I would verify this too: C:\wallpaperviews.vbs

autorun from a mounted drive looks suspect:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{5fe69f28-80b6-11dc-8230-0019d1653d9e}]
AutoRun\command- I:\b.com
explore\Command- I:\b.com
open\Command- I:\b.com

k so now wat should i do could u just help me out i need to fix this issue as soon as possible please could u help me

Can you please be patient, everyone here is a volunteer and everybody whos brings their problems here thinks that their need id the most urgent.

You should get a firewall as well, either, these firewalls are all free,

• Comodo
• Kerio
• Online Armor
• Zonealarm

Fix entries using HiJackThis

• Launch HiJackThis
• Click the Do a system scan only button
• Put a check next to the entries listed below

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKCU\..\Run: [Tick Sixth] C:\DOCUME~1\Neel\APPLIC~1\GPLAXI~1\Time Axis.exe

• IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
• Click the Fix checked button and close HiJackThis
• Reboot HijackThis if necessary

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Code:

  C:\d1.exe
  C:\-1608041051
  C:\jgkpt.exe
  C:\vwhfxvxv.exe
  C:\WINDOWS\system32\zip.exe
  C:\WINDOWS\system32\sed.exe
  C:\WINDOWS\system32\grep.exe
  C:\WINDOWS\system32\fdsv.exe 
  C:\wallpaperviews.vbs
  C:\DOCUME~1\Neel\APPLIC~1\GPLAXI~1

• Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and attach that document back here in your next post.


After this run a fresh HijackThis scan and post back.

hijack this log and all files were successfully moved i assure that

Attached Files

hijackthis.log (10.3 KB, 1 views)

Why did you not post the report for me?

• Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
• Right-click on the HijackThis.exe
• Choose from the pull-down menu; "Rename"
• And now Rename HijackThis.exe to saraiya.exe
• When you've renamed HijackThis, open HijackThis again.
• Take a fresh HijackThis log (click Do a system scan and save a log file)
• Post the fresh HijackThis log here.

I would like you to do an online scan so that we can what else may be in your system,
Run Kaspersky online scanner
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
Do not go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.

• The program will launch and then start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  o Scan using the following Anti-Virus database:
  o Extended (If available, otherwise use standard)
  o Scan Options:
  o Scan Archives
  o Scan Mail Bases
• Click OK
• Under select a target to scan, select My Computer
• The scan will take a while so be patient and let it run.
• Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
• Click the Save Report As... button (see red arrow below)
  
  
  
• In the Save as... prompt, select Desktop
• In the File name box, name the file
• In the Save as type prompt, select Text file (see below)
  
  
  
• Include the report in your next post.

kaspersky and hijackthis log

Attached Files

	hijackthis.log (10.3 KB, 2 views)
	Kaspersky.txt (59.2 KB, 1 views)

Instructions to follow.

hey can u tell me which instructions to follow please

When im finished coming up with them then I will.