Ok...what in God's creation....?

Hi, new here...you guys have a poop ton of the info I crave so I choose ya'll.

Anywho, with that done:
Can someone PLEASE tell me what in God's creation is the "4fe0556.exe" running in my processes? I've searched high and low with no success and don't want it there if its not needed. So, if anybody has a clue as to what this is, and could help me out, it would be greatly appreciated. Thanks in advance for any help you might be able to offer.

Note: I've run all the prelimenary steps that are described/recommended on this site and have also run through all the spyware/malware steps in order to attain cleanliness. BTW, thanks for those steps, my computer was F*ed up something nasty and seems to be back to normal. The only thing really concerning me now is my processes b/c on average its at 50-55 processes with anywhere from 50-80% CPU Usage. I would like to decrease this if possible.

Comp Specs:
HP Pavilion zd8000
Windows XP (SP2)
Pentium 4 @ 3.20 GHz
512 MB of RAM
12% (11446 MB) of disk space usage for System Restore
768-2000 MB Paging File for Virtual Memory on C: Drive

If any additional info is needed, please let me know. Thanks again.

 

I'm not certain what it does, but I wager if you were to search your hard drive for that file, you would find it in c:\windows\temp. There always seems to be some randomly named exe in that folder running in the background. As far as I've been able to figure out, it is normal.

 

Are you sure with the spelling?

 

snellyville having 50-55 processes it pretty high, me i have 24 and in idle
it run at 0 or 1% so you have 50-80% so that's not good...

And having that files 4fe0556.exe must be spyware or adware and having a file running like Mada_Milty say it's not normal i have none maybe him to have a problem !!!

For your process type msconfig in the run command and and go to startup
and see what you can uncheck to slim down your process to around 30.....

hope this help...

 

I wouldn't expect so! I've seen this on several fresh installs of windows! There's always some randomly named exe in the temp folder. It has an icon of a little running dog. Besides, he's already followed the steps in the malware removal thread.

 

true but if he did follow the steps then the CCleaner would of cleared the temp folder, correct? or would windows recreate this file if the temp folder was infact cleared?

 

you could always post a hijackthis log for us to look at and im sure we can find a few processes you don't need running.

Matt

 

Thanks for the response Mada_Milty.

I searched my hard drive and came up with this:

4FE0556.EXE-2DE2DCA1.pf - C:\WINDOWS\Prefetch
4FE0556.EXE-315DFBCE.pf - C:\WINDOWS\Prefetch
4fe0556.exe - C:\WINDOWS\system32

That's kinda what I was thinkin...can't be too big'a deal if there isn't any info on it being bad.

And wouldn'tcha know, as soon as I post that everything seems to be running smooth, I end up jinxing myself. As soon as I finished posting the thread, I was moving some files around with My Computer and over the span of 15 minutes 3 random pop-ups come up in IE7 (which is weird cuz all I have used tonight is Firefox which is my default browser) that are the exact same size as the My Computer window I was working in... One of them said something about "ZEDO" and I didn't pay attention to the other two except that one said something about errors in my Registry. Frustrating....

Anyway, any ideas on the two subjects?
1.) 4fe0556.exe? Probably harmless right?
2.) And the newly acquired "same-size" pop-ups? Harmless....I THINK NOT!!!

 

Hmmm...pop-ups, eh? Sounds like you might have the messenger service running. Please try this:

1. Hit windows key + r (or click Start --> Run)
2. Type 'services.msc' (without the quotes)
3. Press enter (or click 'OK')
4. Locate a service called 'Messenger', and right-click it.
5. Select 'Properties'
6. Press the 'Stop' button if applicable.
7. Change the drop down menu to 'Disabled' if applicable.
8. Press the 'Apply' button.

You just disabled the messenger service. Don't worry, this won't affect MSN or Windows messenger. This service came default with pre-sp2 OS's and was exploited.

Also, we might want to do a little more research on your file. I was posting from experience, but we don't want to make any assumptions. I'll see what I can turn up.

 

you could have a look at the file and see who it was created by and if it has ny details in the properties dialog. If its created by Microsoft Corp then you may be ok how ever if there are no publisher details you may want to check it out a bit more thoroughly.

Matt

 

you can skip all these steps by just downloading this little puppy called shoot the messenger, it shows you exactly if the service is running or not:

sorry to waste your post mada lol

http://www.grc.com/stm/shootthemessenger.htm

 

Hey, no worries! Let the OP decide! Your method is easier, mine has less overhead. BOTH are correct. Just a matter of style. I'm not one to use 3rd party software to perform functions that Windows already provides, but others like it. To each their own.

 

true Mada, just thought i would stick it in for the less techy minded peeps wanting to disable it.

to Snellyville: this may seem like a silly question but you are running a Firewall and Antivirus of some sort i assume?

 

Okay...here is the HiJackThis Log. I saw an unfamiliar search URL the begining IE strands and also real quickly saw a Plaxoupdate in one of the startup process strands...but I'm just learning to decipher all that stuff so here ya go, pick away at it!

Note:I ran all those "prelimenary" steps and spyware/malware steps a little less than a week ago if that matters. OHHHH...and it took a hella long time to load up in Normal Startup mode...good Lord, like 15 minutes or so, probly more!

 

Thank you sir...did this and it was already stopped and disabled.

 

I recommend that you follow these instructions to tweak your system for performance. You may also want to consider deleteing the files in C:\windows\prefetch, as that will improve your boot time.

 

Not a silly question at all...I have A.D.D. like a mo-fo which means I have the attention span of a goldfish, the memory of Romanowski, and the organizational skills of a 2 year old...never put anything past me! But yes, I run Zone Labs Zone Alarm for my firewall and run ViRobot Expert ver. 4.0 for anti-virus (<--not sure if its any good or not but thats whats on here now). *What's the best Anti-Virus and Firewall money can buy just out of curiosity? I'd be willing to invest in them...

 

lol i have simmilar symptoms when its non-computer related

none are "Best" its really down to personal preference as you will get LOTS of different opinions on here, i myself use Zone alarm and AVG antivirus ive never had any probs with them and have been using them for nearly a year now i think.

most important thing is to update often so your are as best protected as possible.

 

1: you can probably disable windows messenger. You have Msn Messenger running to and I can't see a reason to have both.

2: Prosearching ? I can't imagine this to be good. Im pretty sure at the least this is a Hijacker and possibly worse

3: Anonomyzer? This I assume to be some form of proxy software, whilst I know several reasons to use a proxy Im not sure you need to be, it will probably be slowing down your internet and possibly your computer,

4: C:\Program Files\QuickTime\qttask.exe This is quicktime. generally its not needed to run all the time and will start when its needed. I've found in the past its pretty persistant as a startup object. you can safley stop this starting using msconfig.

5DVDServ.exe do you use a remote control with PowerDVD? if not you don't need this.

6: WinRemote.exe. since you have one for winDVD too ill assume you do use a remote. (do you need 2 dvd player applications running though? you can only watch one thing at once.

7: jusched.exe. this is an updater for the javaruntime enviromnent thing. Not really necesary for it tobe running all the time. Java runtimes will check for updates when they are used anyway I think.

8:iTunesHelper.exe I always terminate this on my system and it seems to have no adverse effects on itunes

9: iPodService.exe if you don't use an ipod with itunes then this isn't needed either.

10:AnyDVD.exe ? ANOTHER dvd player?

11:R3 - URLSearchHook: (no name) - <default> - (no file). I don't like the sound of this, perhaps someone else has some information.


In some sort of comlusion you have a lot of startup programs and running processes a lot of which are unnecesary but the only ACTUAL problem seems to be the prosearching hijacker.

Hopes this helps a bit

Matt

 

Delete all files in the C:\WINDOWS\Prefetch folder? There are 130 items in this folder....they all need to go? I went ahead and included a screen capture of the folder so ya'll can see all the files. Hope it helps.

 

In Windows XP a Prefetch file is generated each time an application is run. This helps Windows optimise the application the next time it is executed. Unfortunately these files are not deleted when the applications are removed. You can delete these files and windows will recreate the files as necessary

 

So, my big question is how to eradicate all of these unneeded processes properly so they don't come back and haunt me again anytime soon. Also, after all these problems are fixed, do I need to disable system restore, reboot, run all of my anit-spy/malware programs, and then enable system restore back to normal?

 

Thank you sir...they're gone!

 

Just an update...it seems that the only time the pop-ups are showing up is when I axess the C:\WINDOWS folder or the C:\WINDOWS\Prefetch but I believe its the first one, atleast thats when its done it the last few times...any clues?