Ad:

Viruses, Spyware and other Nasties Discussion Thread
Unsolved
Views: 5292

Oct 28th, 2004

Browser opens automatically in task manager

Expand Post »

Hello holy gurus of Computer Tech!! this is my 1st post! hopefully someone can me with my problem...
Immediately after windows starts up, i find that there are usually already 2-3 internet explorers opened up in the background (not visible on desktop but visible in task manager) when i try to end process tehy keep respawning repeatedly.

this is really annoying as i know it is eating up my memory and slowing down my computer! i have used ad aware and avast! antivirus to scan but to no avail..

after browsing through the forums i noticed that hijackthis was a tool regularly used and i have thus created a log for u peeps to examine.

Any help would be greatly appreciated!@!

thanx in advance, -Rev.

Logfile of HijackThis v1.98.2
Scan saved at 10:11:15 PM, on 28/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\NVATray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\DL Software\D-Color\dcolor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\Chapman\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mlmzloghbzmhskwohz.com/Ph...45MEkfUg5.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smh.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://all-find.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.usyd.edu.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R3 - URLSearchHook: (no name) - {2D49ADC8-E4B8-E927-9BC8-1E19E6C75FB8} - C:\DOCUME~1\Chapman\LOCALS~1\Temp\7gh30w50.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} - C:\WINDOWS\mslagent\4b_1,0,1,1_mslagent.dll (file missing)
O2 - BHO: (no name) - {C4614F62-DBC3-70C9-F0AA-5C4C8221A4BC} - C:\DOCUME~1\Chapman\APPLIC~1\IDOLTH~1\datatest.exe
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: BHO Class - {CBEFB350-ED5B-4115-B846-C1041676B377} - C:\WINDOWS\System32\CustomIE32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [Reg32] C:\WINDOWS\reg33.exe
O4 - HKLM\..\Run: [Dial33] C:\WINDOWS\dlm.exe
O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe
O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\sxchost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogonUIBootRandomizer] "D:\Desktop Tweaks\LogonUIBootRandomizer v3.9.1[Chaos]\LogonUIBootRandomizer\RandomScreens.exe" /RandomizeLogon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Iesearch.exe] C:\Program Files\Internet Explorer\Iesearch.exe
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [A08C9ACB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\p9cq8qmvl3.exe
O4 - HKLM\..\Run: [DEBEF363] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jvumk6t2k.exe
O4 - HKLM\..\Run: [51C0DC76] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zh65kv66.exe
O4 - HKLM\..\Run: [8C12BA5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\00zfqql9.exe
O4 - HKLM\..\Run: [B3CC9CDE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\tvra2.exe
O4 - HKLM\..\Run: [F0EE79DE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\yx8s9jihf.exe
O4 - HKLM\..\Run: [867243E6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\s70gh.exe
O4 - HKLM\..\Run: [9BDBCDC6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\6igv7h8lrw.exe
O4 - HKLM\..\Run: [B78D44EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2feas.exe
O4 - HKLM\..\Run: [93F81456] C:\DOCUME~1\Chapman\LOCALS~1\Temp\n0ivmzmmj8n7.exe
O4 - HKLM\..\Run: [B12CC963] C:\DOCUME~1\Chapman\LOCALS~1\Temp\wf3gtt7.exe
O4 - HKLM\..\Run: [83D6EDFE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2djs8t3f0uv.exe
O4 - HKLM\..\Run: [DAA14BEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3cs2g5g.exe
O4 - HKLM\..\Run: [EC2C7D8B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\s3vnq6nri8g.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AE374276] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zn7jsr6p96.exe
O4 - HKLM\..\Run: [842193EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3xt02fo.exe
O4 - HKLM\..\Run: [A67A4FDB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\prpml.exe
O4 - HKLM\..\Run: [C090845E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\pt0d0r5qoh.exe
O4 - HKLM\..\Run: [BD6A1766] C:\DOCUME~1\Chapman\LOCALS~1\Temp\t5fb721s21.exe
O4 - HKLM\..\Run: [FB614A7E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jsxf.exe
O4 - HKLM\..\Run: [91C949CB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z3l2nnef61.exe
O4 - HKLM\..\Run: [F128CDEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\v2jaf3dw.exe
O4 - HKLM\..\Run: [FABCF54B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\va654gh4d9g.exe
O4 - HKLM\..\Run: [F3011AEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\f2iolk.exe
O4 - HKLM\..\Run: [BBA73F6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ffw00.exe
O4 - HKLM\..\Run: [D7724F5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\pupox.exe
O4 - HKLM\..\Run: [FB0EE273] C:\DOCUME~1\Chapman\LOCALS~1\Temp\hmylbi28iev.exe
O4 - HKLM\..\Run: [17C4A68E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mlpm5f79y.exe
O4 - HKLM\..\Run: [96178C6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jm0j9xr.exe
O4 - HKLM\..\Run: [824ECA7B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ml9p.exe
O4 - HKLM\..\Run: [F8A14A5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2asn.exe
O4 - HKLM\..\Run: [A3DB8CE3] C:\DOCUME~1\Chapman\LOCALS~1\Temp\trci.exe
O4 - HKLM\..\Run: [B66C0DF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ysq.exe
O4 - HKLM\..\Run: [C16E0476] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mb2r3ae.exe
O4 - HKLM\..\Run: [89A2E263] C:\DOCUME~1\Chapman\LOCALS~1\Temp\q8sgdmjy3xl.exe
O4 - HKLM\..\Run: [BD8ECB5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\gtztgr2mf4.exe
O4 - HKLM\..\Run: [BAF54FCE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\fy6qq0n5mf.exe
O4 - HKLM\..\Run: [5560006E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\fuk9xrv4xi.exe
O4 - HKLM\..\Run: [C7CC39EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zajhbp.exe
O4 - HKLM\..\Run: [949BCE63] C:\DOCUME~1\Chapman\LOCALS~1\Temp\tj0e5au.exe
O4 - HKLM\..\Run: [CD7B3D5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\0r0umh8nyjb.exe
O4 - HKLM\..\Run: [8BB00E4E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\1neds8gm9mbo.exe
O4 - HKLM\..\Run: [E84E9266] C:\DOCUME~1\Chapman\LOCALS~1\Temp\crj332jcl.exe
O4 - HKLM\..\Run: [0D8F905E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mh35b6f89.exe
O4 - HKLM\..\Run: [DAE02BEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\kwj2lgw.exe
O4 - HKLM\..\Run: [EDA64EF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\9lcwhu.exe
O4 - HKLM\..\Run: [ED8A0CF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\cvc.exe
O4 - HKLM\..\Run: [A7FB0463] C:\DOCUME~1\Chapman\LOCALS~1\Temp\xh1zxxvf.exe
O4 - HKLM\..\Run: [5F22BCF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2z4rh2kansxm.exe
O4 - HKLM\..\Run: [A56D9DE6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\cobphma7md.exe
O4 - HKLM\..\Run: [F0A2B366] C:\DOCUME~1\Chapman\LOCALS~1\Temp\m7qt9rjkz4.exe
O4 - HKLM\..\Run: [AC6D2CE6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\7gh30w50.exe
O4 - HKLM\..\Run: [4E8DF246] C:\DOCUME~1\Chapman\LOCALS~1\Temp\urgibdd33do.exe
O4 - HKLM\..\Run: [E1EB917B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\4d0zify3c0v.exe
O4 - HKLM\..\Run: [5511BC6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zj66xei.exe
O4 - HKLM\..\Run: [AA02BB6B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\bn6jiwa442gi.exe
O4 - HKLM\..\Run: [B1840F76] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mye.exe
O4 - HKLM\..\Run: [CA925873] C:\DOCUME~1\Chapman\LOCALS~1\Temp\isep6t.exe
O4 - HKLM\..\Run: [9E2040EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z0cljr2g8q5.exe
O4 - HKLM\..\Run: [BB37195E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\31w4dwqosa3u.exe
O4 - HKLM\..\Run: [8A3CAEC6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\5sdfbix8i.exe
O4 - HKLM\..\Run: [F30561EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zyil.exe
O4 - HKLM\..\Run: [DBEAF26E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2672jin.exe
O4 - HKLM\..\Run: [E33DA1DE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\26oj.exe
O4 - HKLM\..\Run: [04CF34E6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ja58wksug7es.exe
O4 - HKLM\..\Run: [A4178883] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jzswu5w55hp2.exe
O4 - HKLM\..\Run: [4ACC4ADE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\70px.exe
O4 - HKLM\..\Run: [R8bK] C:\documents and settings\chapman\local settings\temp\R8bK.exe
O4 - HKLM\..\Run: [8AC1548B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\m136zbezv.exe
O4 - HKLM\..\Run: [8B82FAEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2k5yln8hp67l.exe
O4 - HKLM\..\Run: [438B627E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\o7ka.exe
O4 - HKLM\..\Run: [mxLeB] c:\documents and settings\chapman\local settings\temp\mxLeB.exe
O4 - HKLM\..\Run: [e71d5fee4c3d] C:\WINDOWS\System32\bitsprx3.exe
O4 - HKLM\..\Run: [01858AF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\qighi.exe
O4 - HKLM\..\Run: [B1220CF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\qwf.exe
O4 - HKLM\..\Run: [D03B026B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3ql2fx3q.exe
O4 - HKLM\..\Run: [Pile ping chin pop] C:\Documents and Settings\All Users\Application Data\each build pile ping\acedog.exe
O4 - HKCU\..\Run: [Security Updater] secupd.exe -nos
O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [nwcfg] C:\WINDOWS\System32\nwcfg.exe
O4 - HKCU\..\Run: [mstext40] C:\WINDOWS\System32\mstext40.exe
O4 - HKCU\..\Run: [SpywareGuardPlus] C:\WINDOWS\system32\winmm64.exe
O4 - HKCU\..\Run: [64symsms] C:\WINDOWS\64symsms.exe
O4 - HKCU\..\Run: [ntPEnt] C:\WINDOWS\ntPEnt.exe
O4 - HKCU\..\Run: [A08C9ACB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\p9cq8qmvl3.exe
O4 - HKCU\..\Run: [DEBEF363] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jvumk6t2k.exe
O4 - HKCU\..\Run: [51C0DC76] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zh65kv66.exe
O4 - HKCU\..\Run: [8C12BA5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\00zfqql9.exe
O4 - HKCU\..\Run: [B3CC9CDE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\tvra2.exe
O4 - HKCU\..\Run: [F0EE79DE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\yx8s9jihf.exe
O4 - HKCU\..\Run: [867243E6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\s70gh.exe
O4 - HKCU\..\Run: [9BDBCDC6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\6igv7h8lrw.exe
O4 - HKCU\..\Run: [B78D44EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2feas.exe
O4 - HKCU\..\Run: [93F81456] C:\DOCUME~1\Chapman\LOCALS~1\Temp\n0ivmzmmj8n7.exe
O4 - HKCU\..\Run: [B12CC963] C:\DOCUME~1\Chapman\LOCALS~1\Temp\wf3gtt7.exe
O4 - HKCU\..\Run: [83D6EDFE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2djs8t3f0uv.exe
O4 - HKCU\..\Run: [DAA14BEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3cs2g5g.exe
O4 - HKCU\..\Run: [EC2C7D8B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\s3vnq6nri8g.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [AE374276] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zn7jsr6p96.exe
O4 - HKCU\..\Run: [842193EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3xt02fo.exe
O4 - HKCU\..\Run: [ThisDeaf] C:\DOCUME~1\Chapman\APPLIC~1\COPYSK~1\mpeg else.exe
O4 - HKCU\..\Run: [A67A4FDB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\prpml.exe
O4 - HKCU\..\Run: [C090845E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\pt0d0r5qoh.exe
O4 - HKCU\..\Run: [BD6A1766] C:\DOCUME~1\Chapman\LOCALS~1\Temp\t5fb721s21.exe
O4 - HKCU\..\Run: [FB614A7E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jsxf.exe
O4 - HKCU\..\Run: [91C949CB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z3l2nnef61.exe
O4 - HKCU\..\Run: [F128CDEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\v2jaf3dw.exe
O4 - HKCU\..\Run: [FABCF54B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\va654gh4d9g.exe
O4 - HKCU\..\Run: [F3011AEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\f2iolk.exe
O4 - HKCU\..\Run: [BBA73F6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ffw00.exe
O4 - HKCU\..\Run: [D7724F5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\pupox.exe
O4 - HKCU\..\Run: [FB0EE273] C:\DOCUME~1\Chapman\LOCALS~1\Temp\hmylbi28iev.exe
O4 - HKCU\..\Run: [17C4A68E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mlpm5f79y.exe
O4 - HKCU\..\Run: [96178C6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jm0j9xr.exe
O4 - HKCU\..\Run: [824ECA7B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ml9p.exe
O4 - HKCU\..\Run: [F8A14A5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2asn.exe
O4 - HKCU\..\Run: [A3DB8CE3] C:\DOCUME~1\Chapman\LOCALS~1\Temp\trci.exe
O4 - HKCU\..\Run: [B66C0DF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ysq.exe
O4 - HKCU\..\Run: [C16E0476] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mb2r3ae.exe
O4 - HKCU\..\Run: [89A2E263] C:\DOCUME~1\Chapman\LOCALS~1\Temp\q8sgdmjy3xl.exe
O4 - HKCU\..\Run: [BD8ECB5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\gtztgr2mf4.exe
O4 - HKCU\..\Run: [BAF54FCE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\fy6qq0n5mf.exe
O4 - HKCU\..\Run: [5560006E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\fuk9xrv4xi.exe
O4 - HKCU\..\Run: [C7CC39EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zajhbp.exe
O4 - HKCU\..\Run: [949BCE63] C:\DOCUME~1\Chapman\LOCALS~1\Temp\tj0e5au.exe
O4 - HKCU\..\Run: [CD7B3D5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\0r0umh8nyjb.exe
O4 - HKCU\..\Run: [8BB00E4E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\1neds8gm9mbo.exe
O4 - HKCU\..\Run: [32s-64ntms] C:\WINDOWS\system32\32s-64ntms.exe
O4 - HKCU\..\Run: [E84E9266] C:\DOCUME~1\Chapman\LOCALS~1\Temp\crj332jcl.exe
O4 - HKCU\..\Run: [0D8F905E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mh35b6f89.exe
O4 - HKCU\..\Run: [DAE02BEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\kwj2lgw.exe
O4 - HKCU\..\Run: [EDA64EF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\9lcwhu.exe
O4 - HKCU\..\Run: [ED8A0CF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\cvc.exe
O4 - HKCU\..\Run: [A7FB0463] C:\DOCUME~1\Chapman\LOCALS~1\Temp\xh1zxxvf.exe
O4 - HKCU\..\Run: [5F22BCF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2z4rh2kansxm.exe
O4 - HKCU\..\Run: [A56D9DE6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\cobphma7md.exe
O4 - HKCU\..\Run: [F0A2B366] C:\DOCUME~1\Chapman\LOCALS~1\Temp\m7qt9rjkz4.exe
O4 - HKCU\..\Run: [AC6D2CE6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\7gh30w50.exe
O4 - HKCU\..\Run: [4E8DF246] C:\DOCUME~1\Chapman\LOCALS~1\Temp\urgibdd33do.exe
O4 - HKCU\..\Run: [E1EB917B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\4d0zify3c0v.exe
O4 - HKCU\..\Run: [5511BC6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zj66xei.exe
O4 - HKCU\..\Run: [AA02BB6B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\bn6jiwa442gi.exe
O4 - HKCU\..\Run: [B1840F76] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mye.exe
O4 - HKCU\..\Run: [CA925873] C:\DOCUME~1\Chapman\LOCALS~1\Temp\isep6t.exe
O4 - HKCU\..\Run: [D-Color] C:\Program Files\DL Software\D-Color\dcolor.exe
O4 - HKCU\..\Run: [ors-32] C:\WINDOWS\ors-32.exe
O4 - HKCU\..\Run: [9E2040EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z0cljr2g8q5.exe
O4 - HKCU\..\Run: [BB37195E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\31w4dwqosa3u.exe
O4 - HKCU\..\Run: [8A3CAEC6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\5sdfbix8i.exe
O4 - HKCU\..\Run: [F30561EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zyil.exe
O4 - HKCU\..\Run: [DBEAF26E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2672jin.exe
O4 - HKCU\..\Run: [E33DA1DE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\26oj.exe
O4 - HKCU\..\Run: [04CF34E6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ja58wksug7es.exe
O4 - HKCU\..\Run: [A4178883] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jzswu5w55hp2.exe
O4 - HKCU\..\Run: [4ACC4ADE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\70px.exe
O4 - HKCU\..\Run: [8AC1548B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\m136zbezv.exe
O4 - HKCU\..\Run: [8B82FAEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2k5yln8hp67l.exe
O4 - HKCU\..\Run: [438B627E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\o7ka.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [01858AF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\qighi.exe
O4 - HKCU\..\Run: [B1220CF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\qwf.exe
O4 - HKCU\..\Run: [D03B026B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3ql2fx3q.exe
O4 - Startup: deskview.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra button: Corel Network monitor worker - {12BC21BA-6709-437A-A96A-63F343C4A0E4} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {12BC21BA-6709-437A-A96A-63F343C4A0E4} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Corel Network monitor worker - {12BC21BA-6709-437A-A96A-63F343C4A0E4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {12BC21BA-6709-437A-A96A-63F343C4A0E4} - (no file) (HKCU)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/co...rolLite_EN.cab
O20 - AppInit_DLLs: c:\windows\system32\comodh.dll

Similar Threads

Task manager and registry editor disabled in Windows NT / 2000 / XP
Browser Redirects, Locked out of Task Manager; Errors Abound in Viruses, Spyware and other Nasties
Multiple Internet Explorer 6 - opens automatically. but why? in Viruses, Spyware and other Nasties
helpctr.exe fills task manager-HELP in Windows NT / 2000 / XP

revenant92

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

2 posts
since Oct 2004

Permalink

Oct 28th, 2004

Re: Browser opens automatically in task manager

You have a ton of malware lurking in your Temp folder(s), that's probably why they keep "respawning." Follow these instructions to clean it up:

Open Windows Explorer, go to Tools, Folder Options, View, and select "Show hidden files and folders", and uncheck "Hide protected operating system files".

For every user account listed under C:\Documents and Settings, delete the entire contents of these folders:

Local Settings\Temp
Local Settings\Temporary Internet Files\Content.IE5
Cookies
History

Delete the contents of your C:\Windows\Temp folder.

(If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed.)

Do a search for *.tmp and delete everything found.

Empty your Recycle Bin. All this should be done on a regular basis.

Go to this thread for instructions on fixing your bridge.dll problem:
http://www.daniweb.com/techtalkforums/thread7370.html

Reboot, close all windows, scan with HJT, and post a new log.

dlh6213

Team Colleague

Reputation Points: 63

Solved Threads: 213

Posting Maven

Offline

2,962 posts
since Jul 2004

Permalink

Oct 29th, 2004

Re: Browser opens automatically in task manager

hey thanx for replying m8.... i've done what you said.. except for some files in C:\WINDOWS\Temp called jetad77.tmp and jetbo54 in which i cannot delete (says files in use) and also a file in local settings/temp called pjepcnpi.exe(same problem) i've noticed that more keep appearing here on start up even though i havent been to anysite online..

i have closed all non-system processes other than explorer/taskmanager and the iexplorers that still keep restarting each time i end them yet they still say that some program is running them. help?

heres my new log:

Logfile of HijackThis v1.98.2
Scan saved at 4:34:09 PM, on 29/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\devldr32.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Chapman\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bywymjqazsiqeueeogsbqzyr....T45MEkfUg5.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smh.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://all-find.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.usyd.edu.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R3 - URLSearchHook: (no name) - {2D49ADC8-E4B8-E927-9BC8-1E19E6C75FB8} - C:\DOCUME~1\Chapman\LOCALS~1\Temp\7gh30w50.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} - C:\WINDOWS\mslagent\4b_1,0,1,1_mslagent.dll (file missing)
O2 - BHO: (no name) - {C4614F62-DBC3-70C9-F0AA-5C4C8221A4BC} - C:\DOCUME~1\Chapman\APPLIC~1\IDOLTH~1\datatest.exe
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: BHO Class - {CBEFB350-ED5B-4115-B846-C1041676B377} - C:\WINDOWS\System32\CustomIE32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [Reg32] C:\WINDOWS\reg33.exe
O4 - HKLM\..\Run: [Dial33] C:\WINDOWS\dlm.exe
O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe
O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\sxchost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogonUIBootRandomizer] "D:\Desktop Tweaks\LogonUIBootRandomizer v3.9.1[Chaos]\LogonUIBootRandomizer\RandomScreens.exe" /RandomizeLogon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Iesearch.exe] C:\Program Files\Internet Explorer\Iesearch.exe
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [A08C9ACB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\p9cq8qmvl3.exe
O4 - HKLM\..\Run: [DEBEF363] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jvumk6t2k.exe
O4 - HKLM\..\Run: [51C0DC76] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zh65kv66.exe
O4 - HKLM\..\Run: [8C12BA5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\00zfqql9.exe
O4 - HKLM\..\Run: [B3CC9CDE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\tvra2.exe
O4 - HKLM\..\Run: [F0EE79DE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\yx8s9jihf.exe
O4 - HKLM\..\Run: [867243E6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\s70gh.exe
O4 - HKLM\..\Run: [9BDBCDC6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\6igv7h8lrw.exe
O4 - HKLM\..\Run: [B78D44EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2feas.exe
O4 - HKLM\..\Run: [93F81456] C:\DOCUME~1\Chapman\LOCALS~1\Temp\n0ivmzmmj8n7.exe
O4 - HKLM\..\Run: [B12CC963] C:\DOCUME~1\Chapman\LOCALS~1\Temp\wf3gtt7.exe
O4 - HKLM\..\Run: [83D6EDFE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2djs8t3f0uv.exe
O4 - HKLM\..\Run: [DAA14BEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3cs2g5g.exe
O4 - HKLM\..\Run: [EC2C7D8B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\s3vnq6nri8g.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AE374276] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zn7jsr6p96.exe
O4 - HKLM\..\Run: [842193EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3xt02fo.exe
O4 - HKLM\..\Run: [A67A4FDB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\prpml.exe
O4 - HKLM\..\Run: [C090845E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\pt0d0r5qoh.exe
O4 - HKLM\..\Run: [BD6A1766] C:\DOCUME~1\Chapman\LOCALS~1\Temp\t5fb721s21.exe
O4 - HKLM\..\Run: [FB614A7E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jsxf.exe
O4 - HKLM\..\Run: [91C949CB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z3l2nnef61.exe
O4 - HKLM\..\Run: [F128CDEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\v2jaf3dw.exe
O4 - HKLM\..\Run: [FABCF54B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\va654gh4d9g.exe
O4 - HKLM\..\Run: [F3011AEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\f2iolk.exe
O4 - HKLM\..\Run: [BBA73F6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ffw00.exe
O4 - HKLM\..\Run: [D7724F5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\pupox.exe
O4 - HKLM\..\Run: [FB0EE273] C:\DOCUME~1\Chapman\LOCALS~1\Temp\hmylbi28iev.exe
O4 - HKLM\..\Run: [17C4A68E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mlpm5f79y.exe
O4 - HKLM\..\Run: [96178C6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jm0j9xr.exe
O4 - HKLM\..\Run: [824ECA7B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ml9p.exe
O4 - HKLM\..\Run: [F8A14A5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2asn.exe
O4 - HKLM\..\Run: [A3DB8CE3] C:\DOCUME~1\Chapman\LOCALS~1\Temp\trci.exe
O4 - HKLM\..\Run: [B66C0DF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ysq.exe
O4 - HKLM\..\Run: [C16E0476] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mb2r3ae.exe
O4 - HKLM\..\Run: [89A2E263] C:\DOCUME~1\Chapman\LOCALS~1\Temp\q8sgdmjy3xl.exe
O4 - HKLM\..\Run: [BD8ECB5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\gtztgr2mf4.exe
O4 - HKLM\..\Run: [BAF54FCE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\fy6qq0n5mf.exe
O4 - HKLM\..\Run: [5560006E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\fuk9xrv4xi.exe
O4 - HKLM\..\Run: [C7CC39EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zajhbp.exe
O4 - HKLM\..\Run: [949BCE63] C:\DOCUME~1\Chapman\LOCALS~1\Temp\tj0e5au.exe
O4 - HKLM\..\Run: [CD7B3D5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\0r0umh8nyjb.exe
O4 - HKLM\..\Run: [8BB00E4E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\1neds8gm9mbo.exe
O4 - HKLM\..\Run: [E84E9266] C:\DOCUME~1\Chapman\LOCALS~1\Temp\crj332jcl.exe
O4 - HKLM\..\Run: [0D8F905E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mh35b6f89.exe
O4 - HKLM\..\Run: [DAE02BEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\kwj2lgw.exe
O4 - HKLM\..\Run: [EDA64EF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\9lcwhu.exe
O4 - HKLM\..\Run: [ED8A0CF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\cvc.exe
O4 - HKLM\..\Run: [A7FB0463] C:\DOCUME~1\Chapman\LOCALS~1\Temp\xh1zxxvf.exe
O4 - HKLM\..\Run: [5F22BCF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2z4rh2kansxm.exe
O4 - HKLM\..\Run: [A56D9DE6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\cobphma7md.exe
O4 - HKLM\..\Run: [F0A2B366] C:\DOCUME~1\Chapman\LOCALS~1\Temp\m7qt9rjkz4.exe
O4 - HKLM\..\Run: [AC6D2CE6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\7gh30w50.exe
O4 - HKLM\..\Run: [4E8DF246] C:\DOCUME~1\Chapman\LOCALS~1\Temp\urgibdd33do.exe
O4 - HKLM\..\Run: [E1EB917B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\4d0zify3c0v.exe
O4 - HKLM\..\Run: [5511BC6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zj66xei.exe
O4 - HKLM\..\Run: [AA02BB6B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\bn6jiwa442gi.exe
O4 - HKLM\..\Run: [B1840F76] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mye.exe
O4 - HKLM\..\Run: [CA925873] C:\DOCUME~1\Chapman\LOCALS~1\Temp\isep6t.exe
O4 - HKLM\..\Run: [9E2040EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z0cljr2g8q5.exe
O4 - HKLM\..\Run: [BB37195E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\31w4dwqosa3u.exe
O4 - HKLM\..\Run: [8A3CAEC6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\5sdfbix8i.exe
O4 - HKLM\..\Run: [F30561EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zyil.exe
O4 - HKLM\..\Run: [DBEAF26E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2672jin.exe
O4 - HKLM\..\Run: [E33DA1DE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\26oj.exe
O4 - HKLM\..\Run: [04CF34E6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ja58wksug7es.exe
O4 - HKLM\..\Run: [A4178883] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jzswu5w55hp2.exe
O4 - HKLM\..\Run: [4ACC4ADE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\70px.exe
O4 - HKLM\..\Run: [R8bK] C:\documents and settings\chapman\local settings\temp\R8bK.exe
O4 - HKLM\..\Run: [8AC1548B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\m136zbezv.exe
O4 - HKLM\..\Run: [8B82FAEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2k5yln8hp67l.exe
O4 - HKLM\..\Run: [438B627E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\o7ka.exe
O4 - HKLM\..\Run: [mxLeB] c:\documents and settings\chapman\local settings\temp\mxLeB.exe
O4 - HKLM\..\Run: [e71d5fee4c3d] C:\WINDOWS\System32\bitsprx3.exe
O4 - HKLM\..\Run: [01858AF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\qighi.exe
O4 - HKLM\..\Run: [B1220CF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\qwf.exe
O4 - HKLM\..\Run: [D03B026B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3ql2fx3q.exe
O4 - HKLM\..\Run: [Pile ping chin pop] C:\Documents and Settings\All Users\Application Data\each build pile ping\acedog.exe
O4 - HKLM\..\Run: [4AD8CD6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2bhxguft.exe
O4 - HKLM\..\Run: [EBB84866] C:\DOCUME~1\Chapman\LOCALS~1\Temp\i2uuoftgh.exe
O4 - HKLM\..\Run: [8B602363] C:\DOCUME~1\Chapman\LOCALS~1\Temp\klz00rgv.exe
O4 - HKLM\..\Run: [86CF3C53] C:\DOCUME~1\Chapman\LOCALS~1\Temp\47vmqzb16kmt.exe
O4 - HKLM\..\Run: [FAD5275B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\buihpyhp.exe
O4 - HKLM\..\Run: [D6C24576] C:\DOCUME~1\Chapman\LOCALS~1\Temp\yufhf9rqn.exe
O4 - HKLM\..\Run: [D1C399EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ug3dc.exe
O4 - HKLM\..\Run: [E02079EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z6ttifaiw.exe
O4 - HKLM\..\Run: [B4CB9EEB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\gyw7rar.exe
O4 - HKLM\..\Run: [A88A54FE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\lhepawb3qr9d.exe
O4 - HKCU\..\Run: [Security Updater] secupd.exe -nos
O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [nwcfg] C:\WINDOWS\System32\nwcfg.exe
O4 - HKCU\..\Run: [mstext40] C:\WINDOWS\System32\mstext40.exe
O4 - HKCU\..\Run: [SpywareGuardPlus] C:\WINDOWS\system32\winmm64.exe
O4 - HKCU\..\Run: [64symsms] C:\WINDOWS\64symsms.exe
O4 - HKCU\..\Run: [ntPEnt] C:\WINDOWS\ntPEnt.exe
O4 - HKCU\..\Run: [A08C9ACB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\p9cq8qmvl3.exe
O4 - HKCU\..\Run: [DEBEF363] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jvumk6t2k.exe
O4 - HKCU\..\Run: [51C0DC76] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zh65kv66.exe
O4 - HKCU\..\Run: [8C12BA5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\00zfqql9.exe
O4 - HKCU\..\Run: [B3CC9CDE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\tvra2.exe
O4 - HKCU\..\Run: [F0EE79DE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\yx8s9jihf.exe
O4 - HKCU\..\Run: [867243E6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\s70gh.exe
O4 - HKCU\..\Run: [9BDBCDC6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\6igv7h8lrw.exe
O4 - HKCU\..\Run: [B78D44EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2feas.exe
O4 - HKCU\..\Run: [93F81456] C:\DOCUME~1\Chapman\LOCALS~1\Temp\n0ivmzmmj8n7.exe
O4 - HKCU\..\Run: [B12CC963] C:\DOCUME~1\Chapman\LOCALS~1\Temp\wf3gtt7.exe
O4 - HKCU\..\Run: [83D6EDFE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2djs8t3f0uv.exe
O4 - HKCU\..\Run: [DAA14BEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3cs2g5g.exe
O4 - HKCU\..\Run: [EC2C7D8B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\s3vnq6nri8g.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [AE374276] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zn7jsr6p96.exe
O4 - HKCU\..\Run: [842193EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3xt02fo.exe
O4 - HKCU\..\Run: [ThisDeaf] C:\DOCUME~1\Chapman\APPLIC~1\COPYSK~1\mpeg else.exe
O4 - HKCU\..\Run: [A67A4FDB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\prpml.exe
O4 - HKCU\..\Run: [C090845E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\pt0d0r5qoh.exe
O4 - HKCU\..\Run: [BD6A1766] C:\DOCUME~1\Chapman\LOCALS~1\Temp\t5fb721s21.exe
O4 - HKCU\..\Run: [FB614A7E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jsxf.exe
O4 - HKCU\..\Run: [91C949CB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z3l2nnef61.exe
O4 - HKCU\..\Run: [F128CDEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\v2jaf3dw.exe
O4 - HKCU\..\Run: [FABCF54B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\va654gh4d9g.exe
O4 - HKCU\..\Run: [F3011AEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\f2iolk.exe
O4 - HKCU\..\Run: [BBA73F6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ffw00.exe
O4 - HKCU\..\Run: [D7724F5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\pupox.exe
O4 - HKCU\..\Run: [FB0EE273] C:\DOCUME~1\Chapman\LOCALS~1\Temp\hmylbi28iev.exe
O4 - HKCU\..\Run: [17C4A68E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mlpm5f79y.exe
O4 - HKCU\..\Run: [96178C6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jm0j9xr.exe
O4 - HKCU\..\Run: [824ECA7B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ml9p.exe
O4 - HKCU\..\Run: [F8A14A5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2asn.exe
O4 - HKCU\..\Run: [A3DB8CE3] C:\DOCUME~1\Chapman\LOCALS~1\Temp\trci.exe
O4 - HKCU\..\Run: [B66C0DF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ysq.exe
O4 - HKCU\..\Run: [C16E0476] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mb2r3ae.exe
O4 - HKCU\..\Run: [89A2E263] C:\DOCUME~1\Chapman\LOCALS~1\Temp\q8sgdmjy3xl.exe
O4 - HKCU\..\Run: [BD8ECB5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\gtztgr2mf4.exe
O4 - HKCU\..\Run: [BAF54FCE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\fy6qq0n5mf.exe
O4 - HKCU\..\Run: [5560006E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\fuk9xrv4xi.exe
O4 - HKCU\..\Run: [C7CC39EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zajhbp.exe
O4 - HKCU\..\Run: [949BCE63] C:\DOCUME~1\Chapman\LOCALS~1\Temp\tj0e5au.exe
O4 - HKCU\..\Run: [CD7B3D5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\0r0umh8nyjb.exe
O4 - HKCU\..\Run: [8BB00E4E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\1neds8gm9mbo.exe
O4 - HKCU\..\Run: [32s-64ntms] C:\WINDOWS\system32\32s-64ntms.exe
O4 - HKCU\..\Run: [E84E9266] C:\DOCUME~1\Chapman\LOCALS~1\Temp\crj332jcl.exe
O4 - HKCU\..\Run: [0D8F905E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mh35b6f89.exe
O4 - HKCU\..\Run: [DAE02BEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\kwj2lgw.exe
O4 - HKCU\..\Run: [EDA64EF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\9lcwhu.exe
O4 - HKCU\..\Run: [ED8A0CF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\cvc.exe
O4 - HKCU\..\Run: [A7FB0463] C:\DOCUME~1\Chapman\LOCALS~1\Temp\xh1zxxvf.exe
O4 - HKCU\..\Run: [5F22BCF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2z4rh2kansxm.exe
O4 - HKCU\..\Run: [A56D9DE6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\cobphma7md.exe
O4 - HKCU\..\Run: [F0A2B366] C:\DOCUME~1\Chapman\LOCALS~1\Temp\m7qt9rjkz4.exe
O4 - HKCU\..\Run: [AC6D2CE6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\7gh30w50.exe
O4 - HKCU\..\Run: [4E8DF246] C:\DOCUME~1\Chapman\LOCALS~1\Temp\urgibdd33do.exe
O4 - HKCU\..\Run: [E1EB917B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\4d0zify3c0v.exe
O4 - HKCU\..\Run: [5511BC6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zj66xei.exe
O4 - HKCU\..\Run: [AA02BB6B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\bn6jiwa442gi.exe
O4 - HKCU\..\Run: [B1840F76] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mye.exe
O4 - HKCU\..\Run: [CA925873] C:\DOCUME~1\Chapman\LOCALS~1\Temp\isep6t.exe
O4 - HKCU\..\Run: [D-Color] C:\Program Files\DL Software\D-Color\dcolor.exe
O4 - HKCU\..\Run: [ors-32] C:\WINDOWS\ors-32.exe
O4 - HKCU\..\Run: [9E2040EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z0cljr2g8q5.exe
O4 - HKCU\..\Run: [BB37195E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\31w4dwqosa3u.exe
O4 - HKCU\..\Run: [8A3CAEC6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\5sdfbix8i.exe
O4 - HKCU\..\Run: [F30561EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zyil.exe
O4 - HKCU\..\Run: [DBEAF26E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2672jin.exe
O4 - HKCU\..\Run: [E33DA1DE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\26oj.exe
O4 - HKCU\..\Run: [04CF34E6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ja58wksug7es.exe
O4 - HKCU\..\Run: [A4178883] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jzswu5w55hp2.exe
O4 - HKCU\..\Run: [4ACC4ADE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\70px.exe
O4 - HKCU\..\Run: [8AC1548B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\m136zbezv.exe
O4 - HKCU\..\Run: [8B82FAEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2k5yln8hp67l.exe
O4 - HKCU\..\Run: [438B627E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\o7ka.exe
O4 - HKCU\..\Run: [01858AF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\qighi.exe
O4 - HKCU\..\Run: [B1220CF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\qwf.exe
O4 - HKCU\..\Run: [D03B026B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3ql2fx3q.exe
O4 - HKCU\..\Run: [4AD8CD6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2bhxguft.exe
O4 - HKCU\..\Run: [EBB84866] C:\DOCUME~1\Chapman\LOCALS~1\Temp\i2uuoftgh.exe
O4 - HKCU\..\Run: [8B602363] C:\DOCUME~1\Chapman\LOCALS~1\Temp\klz00rgv.exe
O4 - HKCU\..\Run: [86CF3C53] C:\DOCUME~1\Chapman\LOCALS~1\Temp\47vmqzb16kmt.exe
O4 - HKCU\..\Run: [FAD5275B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\buihpyhp.exe
O4 - HKCU\..\Run: [D6C24576] C:\DOCUME~1\Chapman\LOCALS~1\Temp\yufhf9rqn.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [D1C399EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ug3dc.exe
O4 - HKCU\..\Run: [E02079EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z6ttifaiw.exe
O4 - HKCU\..\Run: [B4CB9EEB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\gyw7rar.exe
O4 - HKCU\..\Run: [A88A54FE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\lhepawb3qr9d.exe
O4 - Startup: deskview.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra button: Corel Network monitor worker - {12BC21BA-6709-437A-A96A-63F343C4A0E4} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {12BC21BA-6709-437A-A96A-63F343C4A0E4} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Corel Network monitor worker - {12BC21BA-6709-437A-A96A-63F343C4A0E4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {12BC21BA-6709-437A-A96A-63F343C4A0E4} - (no file) (HKCU)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/co...rolLite_EN.cab
O20 - AppInit_DLLs: c:\windows\system32\comodh.dll

thanx for your time!
-rev.

Last edited by revenant92; Oct 29th, 2004 at 3:32 am. Reason: ??

revenant92

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

2 posts
since Oct 2004

Permalink

Oct 29th, 2004

Re: Browser opens automatically in task manager

Try booting into Safe Mode and clearing all the temp stuff from there.

dlh6213

Team Colleague

Reputation Points: 63

Solved Threads: 213

Posting Maven

Offline

2,962 posts
since Jul 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Cannot find server or DNS error - please help!!!!

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Hijacked browser - how to get rid of....

DaniWeb Message

Cancel Changes

User Name
Password