branbelle
asked on
malware
When opeining IE browser, i keep getting little boxes in different parts of the web page say "page cannot be displayed. i noticed that the little boxes are linked to http://eee.jopenqc.com. I can't get rid of the boxes...please help...i ran spyware and malware detector to no avail. thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Any luck?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I flushed the DNS, but the problem still exist.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
IE6.0.2900.2810
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
armabu.exe is a legit program. I've downloaded a couple of programs already and none of them have resolved the problem. Is this the first time this problem has come up.
ASKER
The problem has been resolved by running my antivirus program, although i'm still not too sure how it was solved. I want to thank Mystic7 and rpggamergirl for their help. Mystic7 get 400 points and rpggamergirl 100 points.
ASKER
Scan saved at 2:04:54 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\spools
c:\program files\common files\logishrd\lvmvfm\LVPr
C:\Program Files\Common Files\Acronis\Schedule2\sc
C:\WINDOWS\system32\ofps.e
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\Search
C:\Program Files\Yosemite\Yosemite Backup\v8.10-sp2a\win\x86\
C:\Program Files\iPod\bin\iPodService
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.e
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService
C:\Program Files\Sophos\AutoUpdate\AL
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.
C:\Program Files\Analog Devices\SoundMAX\SMTray.ex
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.e
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Java\jre1.5.0_06\bin
C:\WINDOWS\system32\RunDLL
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.
C:\Program Files\Acronis\TrueImageHom
C:\Program Files\Acronis\TrueImageHom
C:\Program Files\Common Files\Acronis\Schedule2\sc
C:\Program Files\Common Files\LogiShrd\LComMgr\Com
C:\Program Files\Logitech\QuickCam10\
C:\Program Files\Spiceworks\bin\spice
C:\WINDOWS\system32\ctfmon
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sophos\AutoUpdate\AL
C:\Program Files\InterVideo\Common\Bi
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\LVC
C:\Program Files\Common Files\Logishrd\LQCVFX\COCI
C:\Program Files\Common Files\Real\Update_OB\reals
C:\PROGRA~1\MICROS~2\Offic
C:\WINDOWS\system32\wuaucl
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EX
C:\PROGRA~1\WINZIP\winzip3
C:\Documents and Settings\albertf\Local Settings\Temp\wz341a\Hijac
C:\WINDOWS\system32\Search
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtr
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.ex
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.e
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\Se
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobs
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [MyScreenCam] C:\Program Files\My Screen Cam\scrcam.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHom
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHom
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\sc
O4 - HKLM\..\Run: [LogitechCommunicationsMan
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [Spiceworks] C:\Program Files\Spiceworks\bin\spice
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWa
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateMana
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\Adobe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Startup: ARMABU.lnk = LWLocal\LLSS\lw2000\armabu
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\AL
O4 - Global Startup: BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In Motion\BlackBerry\Redirect
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopM
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bi
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QB
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O15 - Trusted Zone: crossnet.redcross.org
O15 - Trusted Zone: *.redcross.org
O16 - DPF: {02A08EC5-C341-4BE5-AD4F-6
O16 - DPF: {02E09B2E-2A03-4572-9291-6
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-F
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0
O16 - DPF: {0606FB52-E881-4337-A77C-5
O16 - DPF: {0C89E27C-DD69-44BB-A32E-4
O16 - DPF: {0E5F0222-96B9-11D3-8997-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {238F6F83-B8B4-11CF-8771-0
O16 - DPF: {49232000-16E4-426C-A231-6
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-0
O16 - DPF: {5879B3B0-566E-4ECB-9B77-9
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {77E32299-629F-43C6-AB77-6
O16 - DPF: {7C896371-4B7F-4B34-95B1-2
O16 - DPF: {94B82441-A413-4E43-8422-D
O16 - DPF: {AB86CE53-AC9F-449F-9399-D
O16 - DPF: {B2DCBF69-EF93-4252-BBC7-B
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
O16 - DPF: {EB387D2F-E27B-4D36-979E-8
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-0
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-0
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsr
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANot
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-9
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\sc
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPr
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\Srv
O23 - Service: OmniForm Printer - Unknown owner - C:\WINDOWS\system32\ofps.e
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLi
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWa
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Unknown owner - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.e
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\AL
O23 - Service: Sophos Message Router - Unknown owner - C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
O23 - Service: Yosemite Backup (YTBackup) - Yosemite Technologies, Inc. - C:\Program Files\Yosemite\Yosemite Backup\v8.10-sp2a\win\x86\