Followed 8 step Viruses/Spyware/Malware Preliminary Removal

By Zanarkand90210
Jun 11, 2009
  1. Hi, so im having the whole two iexplorer.exe problems... i followed all of it but it doesnt seem to go away =/
    whenever i want to see a site on google i have to multiple times click and close the false site until the site i want decides to come up... and sometimes a popup comes up saying my computer is infected and to install some stupid program.
    please help ><
  2. mflynn

    mflynn TS Rookie Posts: 2,655


    Use HJT to select then fix the following entries
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
    O2 - BHO: (no name) - rsion - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {441F23E0-F689-438D-A4C6-2512FCDAE887} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {65E4C4FA-DC8E-4C73-A980-2835E4992406} - (no file)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {F1DF9D79-EF52-4B26-8DA8-72C14837EC69} - (no file)
    O2 - BHO: (no name) - {F4ADF370-33BB-4305-BD4E-4C314F2A5ED7} - (no file)
    O8 - Extra context menu item: &Search -
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O23 - Service: HBZCFNDZ - Unknown owner - C:\DOCUME~1\Tony\LOCALS~1\Temp\HBZCFNDZ.exe (file missing)
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing)
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe (file missing)
    O23 - Service: Wireless Zero Map (WZMSV) - Unknown owner - C:\WINDOWS\system32\wzmcv.exe (file missing)

    Close IE then run Taskmgr and end the extra IExplore processes before running the the below!

    Run MBAM again and attach new log.

  3. Zanarkand90210

    Zanarkand90210 TS Rookie Topic Starter

    ok i did it and those are the results
    and whenever i close internet explorer both processes go away
    could i still have a backdoor on my computer?
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    We are not finished yet! Yes you likely have more.

    You did not elect to remove the malware on the last MBAM run as evidenced by the "No action taken".

    So run it twice more, once to delete these the another to confirm they are gone. Attach logs!

    A new HJT log!

    Only when you get a clean log with MBAM do the below!!

    Download ComboFix

    Get it here:
    Or here:

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...