HELP NEEDED > Strange program running on my computer

[pradeep1]

I have a strange program in my applications tab under windows (XP SP3) task manager.

It is called "Downloads" and it is tied to explorer.exe. I have two instances of explorer.exe running on my computer. This one that is tied to "Downloads" is eating up about 30.4 megs of memory. If I close it, it warns about closing explorer and then kills my taskbar. The taskbar does not reinitialize.

I have tried Avira, Spybot, Malwarebytes, SUPERAntiSpyware and they all report no problems.

I've also done the sfc /scannow to refresh corrupted sys files to no avail.

HiJackThis logfile enclosed below.

 

[nickbits]

spyware probably

 

[pradeep1]

Originally posted by: nickbits
spyware probably

That's just it.

Avira, MalwareBytes, or Spybot shows no spyware, etc.?

The process seems to control the taskbar.

When I kill it, it kills the taskbar and it does not restart like killing explorer.exe does normally.

Any ideas?

 

[bruceb]

Try running Superantispyware and see what turns up. Also try a Rootkit scanner. You may need to post in the Security section to get someone to look at your logs. Also run the latest version of HiJack This and post that log in the security section.

 

[pradeep1]

I'll run SuperAnitSpyware and get back to you guys.

What is a good rootkit scanner?

 

[pradeep1]

Moving topic over to security forum.

Thanks.

 

[pradeep1]

Here is my HiJackThis log file.

Can someone please help?

Thanks,

Pradeep

---------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:53 AM, on 5/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RKS Fax\rksfax_control.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Pradeep Satyaprakash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Folding@Home11\srvany.exe
C:\Folding@Home12\srvany.exe
C:\Folding@Home11\FAH504-Console.exe
C:\Folding@Home12\FAH504-Console.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Folding@Home11\FahCore_78.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Folding@Home12\FahCore_78.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmflp03\BrStDvPt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RKS Fax Print Controller] "C:\Program Files\RKS Fax\rksfax_control.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS U
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pradeep Satyaprakash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co...site.cab?1220917257156
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D6186DA-8E84-461B-8FBE-90D84111FC87}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D6186DA-8E84-461B-8FBE-90D84111FC87}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: FAH1 - Unknown owner - C:\Folding@Home11\srvany.exe
O23 - Service: FAH2 - Unknown owner - C:\Folding@Home12\srvany.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98e17c50ef5b6) (gupdate1c98e17c50ef5b6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenDNS Updater (OpenDNS Updater.exe) - OpenDNS - C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14224 bytes

 

[RebateMonger]

Any strange behavior in the Task Manager is not good. I've seen programs that couldn't be clicked on in Task Manager (they were malware).

Microsoft's RootKit Revealer might help. Avast! has a bootable mode that can detect things hidden under Windows. F-Secure's Rescue CD is also free and bootable.

MalwareBytes also has a strong history of removing malware that isn't caught by many antivirus/antispyware applications.

 

[lxskllr]

Could it be related to your Orbit download tools?

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

 

[pradeep1]

I uninstalled Orbit downloader tool yet this strange "Downloads" program still is active on my computer.

I downloaded a bunch of scanners (Avira, BitDefender, Kaspersky, F-Secure) and tried to run by booting from the CD, but for some reason, they would not recognize my main C: drive, but only my D: drive. They would scan that and find nothing, which was of no use to me, since I am suspecting the problem is on my C: drive.

 

[lxskllr]

Download the Sysinternals Suite and see if you can track down the file using ProcessExplorer, and ProcessMonitor.

 

[pradeep1]

Originally posted by: lxskllr
Download the Sysinternals Suite and see if you can track down the file using ProcessExplorer, and ProcessMonitor.

Okay, I downloaded the two. I used ProcessExplorer and it showed a fairly common set of programs running under the explorer.exe tree. I killed each and every process that was under that, excluding Avira antivirus (access denied), yet this mysterious "Downloads" program still remains.

 

[lxskllr]

Using ProcessMonitor can you pinpoint the registry entries of "Download" using the filters?

 

[pradeep1]

First of all, thanks for your help.

Okay, I filtered by explorer.exe and the PID, but I still get tons of output.

I am not sure what I should be looking for. I searched the resulting filtered output for "Downloads" and nothing was found.

Remember, the program is showing up as "Downloads" in my application tab in the task manager. However, the associated process with it is explorer.exe.

 

[lxskllr]

Originally posted by: pradeep1
First of all, thanks for your help.

Okay, I filtered by explorer.exe and the PID, but I still get tons of output.

I am not sure what I should be looking for. I searched the resulting filtered output for "Downloads" and nothing was found.

Remember, the program is showing up as "Downloads" in my application tab in the task manager. However, the associated process with it is explorer.exe.

What if you filter by description using "Download" in addition to process "explorer.exe"?

I'm just kind of winging it here. I've never run into anything like this, and I have a hard time troubleshooting when I can't be hands on with the machine.

 

[pradeep1]

Originally posted by: lxskllr

Originally posted by: pradeep1
First of all, thanks for your help.

Okay, I filtered by explorer.exe and the PID, but I still get tons of output.

I am not sure what I should be looking for. I searched the resulting filtered output for "Downloads" and nothing was found.

Remember, the program is showing up as "Downloads" in my application tab in the task manager. However, the associated process with it is explorer.exe.

What if you filter by description using "Download" in addition to process "explorer.exe"?

I'm just kind of winging it here. I've never run into anything like this, and I have a hard time troubleshooting when I can't be hands on with the machine.

Yeah, I understand. It is frustrating for me too.

I did a check as you suggested, but no output comes up if I add the "Description contains Download" filter.

Weird heh? I wonder if this is just some corrupted tag somewhere in the system and not really any type of malware, etc. In the applications tab in task manager, there is no icon beside the "Downloads" program. I did a fresh reboot and killed the "Downloads" program and it closed the taskbar. The taskbar restarted again and the "Downloads" program came up again.

 

[lxskllr]

The names of the files are really unfortunate also. Between explorer, download, and malware you have just about every page on the internet covered :^D

 

[lxskllr]

See if this thread and related programs help any...

http://www.windowsbbs.com/wind...-crashes-restarts.html

 

[bsobel]

Stupid question, but are you sure that you dont have a downloads window open but some how off screen (e.g. moving from multimon to singlemon?). The fact that this is in your app list and tied to explorer makes me wonder if its not just an explorer window called 'downloads'

 

[pradeep1]

Originally posted by: lxskllr
The names of the files are really unfortunate also. Between explorer, download, and malware you have just about every page on the internet covered :^D

Yeah, I know. Searching this on google is an exercise in futility.

 

[pradeep1]

Originally posted by: bsobel
Stupid question, but are you sure that you dont have a downloads window open but some how off screen (e.g. moving from multimon to singlemon?). The fact that this is in your app list and tied to explorer makes me wonder if its not just an explorer window called 'downloads'

I thougth of that, but this is a persistent problem that is with me through multiple reboots.

 

[bsobel]

Originally posted by: pradeep1

Originally posted by: bsobel
Stupid question, but are you sure that you dont have a downloads window open but some how off screen (e.g. moving from multimon to singlemon?). The fact that this is in your app list and tied to explorer makes me wonder if its not just an explorer window called 'downloads'

I thougth of that, but this is a persistent problem that is with me through multiple reboots.

Explorer windows remember their last position. If its off screen it could simply be re-opening on every reboot. Also explains why killing it takes out the taskbar... Try 'switch to' in taskman and then hit alt-space then m. Try using your arrow keys, see if you find a window you can drag on screen...

 

[pradeep1]

Originally posted by: bsobel

Originally posted by: pradeep1

Originally posted by: bsobel
Stupid question, but are you sure that you dont have a downloads window open but some how off screen (e.g. moving from multimon to singlemon?). The fact that this is in your app list and tied to explorer makes me wonder if its not just an explorer window called 'downloads'

I thougth of that, but this is a persistent problem that is with me through multiple reboots.

Explorer windows remember their last position. If its off screen it could simply be re-opening on every reboot. Also explains why killing it takes out the taskbar... Try 'switch to' in taskman and then hit alt-space then m. Try using your arrow keys, see if you find a window you can drag on screen...

When I do 'switch to', the task manager minimizes. Alt-M brings up only the "Close" option. If I hit close, then it goes into the "Turn Off Computer" options.

Strange.

 

[pradeep1]

You know what this looks like? I have a file folder where I keep my downloaded files called aptly "Downloads". That would be a process run under explorer.exe. This seems to be like that program crashed some time ago and got permanently stuck.

Other than the words "Downloads" showing up in my applications tab, there is no other problem. I've run every virus, malware, and rootkit scanner I can find and so far nothing has been found. I even booted up in safe mode and it is still there.

Could this just be some unknown bug that really does not affect me and that I can ignore, you think?

 

[lxskllr]

I wouldn't think a folder name would show up under Explorer like that, unless something was really fubar. You may be able to ignore it, but I know it would bug the hell out of me not knowing what the issue was. I'm not really sure where else to go though. You could try running a couple of scanners from a bootable CD and see if that makes a difference :^/