Tech Problem Aggregator

Iexplorer constantly running in background

Q: Iexplorer constantly running in background

I saw other threads on this issue, but their solutions do not work in my case. I have iexplorer.exe start up automatically and constantly running in the background, while consuming a lot of capacity. I have uninstalled the real internet explorer, but in vein. There is a folder created with iexplorer.exe. I can not delete the file and when I rename it, a similar file is created during the next boot.

Spybot and Ad-Aware do not find anything.

This is the Hijack This logfile. I hope somebody can help. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 10:50:26, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\EPSON\eEBAPI\eEBSVC.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Maintenance\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://frch7.hpwis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - blank (file missing)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe
O4 - HKLM\..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
O4 - HKLM\..\Run: [ante cast ooze tray] C:\Documents and Settings\All Users\Application Data\Bin Wait Ante Cast\Plan help.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Mail Show] C:\DOCUME~1\Hans\APPLIC~1\THEMEO~1\Plus Meet.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\Pantone\Eye-One Match\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\Pantone\Eye-One Match\ProfileReminder.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://frch7.hpwis.com
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr...eleir_cert.cab
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097941822703
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.orange.fr/al/presentat...vex/Ephoto.cab
O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/Ima...eUploader3.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.photoreflex.com/tools/xupload/XUpload.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\eEBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

A: Iexplorer constantly running in background

After trying everything within my competence, I solved this by reverting to an image of the boot disk I made well before the problem started.

iexplorer (or whatever it is) does not run in the background anymore and the annoying pop up ads disappeared.

It works, but I would still be interested to know how to solve this if I would not have had a back up of the boot disk.

Thanks

1 more replies
Answer Match 79.38%

a few weeks ago my niece was playing on the internet, and probably clicked on some add. since then i've been having problems with weird things opening by themselves and applications downloading without me clicking on anything. for a while it would freeze my computer, get rid of the start bar, and open up something called HDD Defragmenter? (false antivirus) i'm not very good at getting rid of viruses, so i backed up my photos and such on an external harddrive and created a new user after i deleted the infected ones. since then i haven't had anything download themselves except internet explorer...which keeps opening in the background. also, probably unrelated, google links redirect me to advertisements 9 times out of 10. here's my DDS log and attached file you all asked for
DDS (Ver_10-11-26.01) - NTFSx86
Run by 3 at 15:04:00.96 on Fri 11/26/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1894 [GMT -8:00]

AV: avast! antivirus 4.8.1356 [VPS 101126-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWI... Read more

A:[SOLVED] iexplorer.exe running in background, multiple taskmgr.exe's running & more

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.



I'd like to see a Gmer log please.

Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click the exe file.
... Read more

19 more replies
Answer Match 77.7%

iexplorer running in background.

I use Chrome for most things and I keep getting message boxes saying IE has crashed or recently it just asked if I wanted to stay on this page or leave it. IE wasn't even open (except multiple instantances in Task Manager, 3 under my User Name and 2 under SYSTEM. This is after a fresh reboot.

Please help!
 

A:iexplorer running in background

Is it ok to bump this thread if no response after a month? Do I have a virus or is this normal?
 

1 more replies
Answer Match 77.7%

There are multiple instances of iexplorer.exe running in task manager draining resources drom my PC and a Blank Page entry in the apps section although I am not running IE at all. Moreover there are a number of entries in the frequent sites list in the Start Menu under Internet Explorer which I do not recognise. I have sought assistance from another site but to no avail. Please see attached and appreciate any help given
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by Yannis at 9:54:11 on 2014-12-30
Microsoft Windows 7 Professional   6.1.7601.1.1253.30.1033.18.3551.1169 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Wi... Read more

A:Iexplorer.exe running in the background

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
STEP 1
 
 
Please download the latest version of TDSSKiller from here and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change paramet... Read more

30 more replies
Answer Match 77.7%

Dear Tech Support Guy,

My laptop has been sluggish lately, and I noticed that when I looked at the processes running, I was surprised to find several Internet Explorer programs running even though no browsers were open. This activity was often using over 500 MB of memory and I believe tying up my bandwidth. Thank you in advance for your help.
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-3615QM CPU @ 2.30GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 8
RAM: 7973 Mb
Graphics Card: NVIDIA GeForce GT 650M, -2048 Mb
Hard Drives: C: Total - 730036 MB, Free - 507131 MB; E: Total - 199998 MB, Free - 199893 MB;
Motherboard: SAMSUNG ELECTRONICS CO., LTD., SAMSUNG_NP1234567890
Antivirus: AVG AntiVirus Free Edition 2014, Updated and Enabled
 

More replies
Answer Match 77.7%

Hi All

i have this problem since my brother try to run a game, always a hidden iexplorer process running in the background with the windows startup

i search the hijack but can't figure where is the problem,
i will really appreciate your help, thanks alot in advance

Code:

Logfile of HijackThis v1.99.1
Scan saved at 08:56:18 م, on 21/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\ESET\ESE... Read more

A:IExplorer running in background

Its was Nebuler.BHO

I scanned with Spybot then another scan with Malwarebytes

and its fine now

Thanks alot
 

1 more replies
Answer Match 77.7%

So i use windows 7 and only use chrome and firefox. iexplorer.exe keeps running in the process after i boot and start either firefox or chrome.
 
I tried many things the internet has suggested such as my Mcafee full scan (which didnt pick anything up), malewarebyte (tried it 3 times seems not effective), TDSSkiller (which found no threats), adwcleaner (used it again after combofix doesnt find anything), combofix (said it deleted stuff but problem remains), and the microsoft Fix It for internet Explorer (said it re-enable the startup to work).
 
i appreciate the help from any1 and this is the combofix log if needed for viewing
 
 
ComboFix 15-05-19.01 - Jeff 21/05/2015  14:22:27.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2815.1314 [GMT -4:00]
Running from: c:\users\Jeff\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-04-21 to 2015-05-21  )))))))))))))))))))))))))))))))
.
.
2015-05-21 18:39 . 2015-05-21 18:39    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2015-05-21 18:39 . 2015-05-21 18:39    --------    d-----w... Read more

A:iexplorer.exe keeps running in the background

and i have also take the liberaty in using the Farbar Security Scan (i'll paste the FRST txt and the Addition text below it
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by Jeff (administrator) on JEFF-PC on 21-05-2015 12:49:14
Running from C:\Users\Jeff\Desktop
Loaded Profiles: Jeff (Available profiles: Jeff & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:... Read more

3 more replies
Answer Match 77.7%

I've recently noticed that my internet connection is horribly slow, and that there are always 2 iexplorer.exe running in the background even though I never use internet explorer. They seem to be increasing the memory usage as time goes on, and I may fear that I have been infected with malware. Already scanned the pc with Malwarebytes and found some malware, but it doesn't seem to have done the trick of getting rid of the iexplorer.exe. Any suggestion on what I should do? I'm using Windows 7 Home Premium by the way!
 
Heres the FRST Log:
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Lucas (administrator) on LUCAS-PC on 15-02-2015 19:47:33
Running from C:\Users\Lucas\Documents\Downloads
Loaded Profiles: Lucas &  (Available profiles: Lucas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Norsk, bokmål (Norge)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files... Read more

A:iexplorer.exe running in the background?

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, ... Read more

27 more replies
Answer Match 77.7%

Hello,

My computer has been acting strange recently. Booting slowly and taking a long time to open any programs or browsers. I'm using Google Chrome as my default browser, which has also been acting very slow and glitchy/laggy.

Today I noticed iexplorer.exe in my task manager when I was not using Internet Explorer. I attempted to end task several times, resulting in iexplorer.exe opening again every time. It's constantly running in the background even though I never use IE. My svchost.exe files seem to be using memory excessively as well, even though I'm not doing much with my computer.

I tried to install Malwarebytes Antimalware and received a "access denied" error message every time I tried to install it. Comodo is constantly running but hasn't detected anything.

Help with this would be greatly appreciated. Am I being hacked/monitored?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:12:16 PM, on 23/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Users\Protagonist\AppData\Local\Akamai\netsession_win.exe
C:\Users\Protagonist\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files (x... Read more

A:iexplorer.exe running in the background

13 more replies
Answer Match 77.7%

Hi i always see iexplorer running in the background can u help me please
this is my HijackThis log gile
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:37:17, on 19/06/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\ERWADI\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gfe_rd=cr&ei=yyFNU_nTKYTM8ge79YBg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main... Read more

More replies
Answer Match 76.86%

I'm on a 2.6ghz WinXP home SP2 512mb ram
I hit alt + ctrl + del and open windows task manager and click processes and there are two iexplorer.exe processes running in the background, one of which is using about 15,630K Mem Usage and the other is running about 2,080K Mem Usage.
I have SpyBot S&D and Spyware Blaster, and i've ran it numerous times, it can't seem to delete like 2 or 3 things at all... even after reboot and it runs before logging in. it still can't delete some things but anyways. I'm wondering what is going on and how do i fix this?
 

A:Solved: IEXPLORER.EXE running in the background

12 more replies
Answer Match 76.86%

My son, bless his 7 year old heart, accepted a virus infected file which in turn snuck past my AVG. Since this time, I have had two to three iexplorer.exe's running in the background that refuse to be shut down manually. I have run everything I can think of and removed everything that might possibly cause this to no avail. Prior to this incident, I could manually shut down everything leaving only explorer.exe open so SIMS could play without bogging. Now with these iexplorers running taking up to 20-30 KBs each that is impossible.HELP!!!I have run hijackthis and here is the code if that helps someone tell me what else I can do to solve this problem short of doing a total recovery of my system.THANK YOU IN ADVANCE!!!TERI***************************************Logfile of HijackThis v1.99.1Scan saved at 8:04:59 AM, on 8/22/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\Grisoft\AVGFR... Read more

A:multiple iexplorer.exe running in background

Hello teasz5 and welcome to the BC HijackThis forum. Let's start out with this.It appears that NewDotNet is installed on this machine. To remove it follow these directions:Please download LSP-Fix and WinSockFix from the following links and save them to a location you can find later if necessary.LSP-Fix Download Link
WinsockFixTo remove New.net:Go to Start | Settings | Control Panel | Add/Remove ProgramsLook for and remove New.Net. If you can't find it, then please go here and follow the removal instructions in Procedure 4 at the bottom of the page.If you can not connect to the Internet after removing New.net, please run the LSP-Fix program I had you download earlier, and click on the finish button. If you still have a problem run the WinSockFix program and click the Fix button. Reboot if you run either tool and you should be able to get back on.OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.OT

3 more replies
Answer Match 76.86%

Hi guys,I've tried all sorts of tools and none will pick this random popping visual and audio 'ads' problem.Can you help?Thanks in advanced.Here's my highjackthis report:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 20:46:36, on 01/07/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18928)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Windows\System32\mobsync.exeC:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exeC:\Program Files\Mozilla Firefox 3.5 Beta 4\plugin-container.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_6930gR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Pa... Read more

A:iexplorer.exe processes always running in background

PROBLEM SOLVED!!!

Hope this helps others too, spread the word!

1- Simply make sure you have your Vista or Win7 CD, or if not download the recovery CD from <a href="http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/" target="_blank" rel="nofollow">here</a>.
2- Run the CD and choose 'Repair your computer'.
3- Choose 'Command Prompt' from the list of options.
4- Change directory to your system partition/drive, probably Drive C. Just type in <u>cd c:</u> and press ENTER.
5- At the c: prompt just type in: <u>bootrec /fixmbr</u> and press ENTER.

This will overwrite your contaminated MBR which essentially is the problem here. When you reboot none of the smss.exe and iexplorer.exe will be running any more.
The reason why this works is because as opposed to trying to heal the file, like all the malware tools I used were, we are replacing it.

This worked for me. After a whole week of headaches (and I'm used to killing these things for a living), the solution was quite simple in the end. I hope it will be just as easy for you too.

Good luck!

Miguel Simoes

1 more replies
Answer Match 76.44%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 8
RAM: 16270 Mb
Graphics Card: NVIDIA GeForce GTX 760, -2048 Mb
Hard Drives: C: Total - 228936 MB, Free - 114930 MB; D: Total - 953865 MB, Free - 708538 MB; G: Total - 238464 MB, Free - 209518 MB;
Motherboard: Gigabyte Technology Co., Ltd., Z87X-UD3H-CF
Antivirus: avast! Antivirus, Updated and Enabled

Hijack this log

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:30:18 AM, on 11/1/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)

FIREFOX: 32.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\DivX\DivX Update\Di... Read more

A:Iexplorer constantly running, hard drive getting full

bump
 

1 more replies
Answer Match 76.02%

ok so the server where i work has been infected with the HDD diagnostic virus. i cleaned it or so i thought using mbam as well as other scans. then the server got the BSOD memory dump and it has happened a few times since the cleaning. here are my logs from hijackthis and dds and others as per the read me first sticky.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:28:55 AM, on 12/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Shift4\UTG2\UTG2Svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\OfcAoSMgr.exe
C:\Program Files\Trend ... Read more

A:HDD diagnostic and iexplorer running twice in background with audio ads

Bump
 

2 more replies
Answer Match 76.02%

Hello Folks and thanks for helping us poor mortals in this dangerous cyberworld.
I was trying to open a file a friend sent me when my McAfee anti-virus detected a Trojan (sorry, I did not write the name) and said it blocked and deleted it. However, somehow something changed in my desktop. Not immediately after, but after some time, I could hear a radio station playing (eerie, yes! ). Even more eerie was the fact that I closed all my IE windows and I could still hear the radio station through the speakers. Then I went to the "Windows Task Manager" and in processes I saw several "iexplore.exe" processes running. I closed these and then the radio playback ended.
I thought that was that, but the thing is the next time I rebooted my computer, after it was on for a while, I saw a window pop up that said something like "IE is trying to navigate away from this page" or "Are you sure you want to navigate away from this page?" with an "OK" button. But THERE WERE NO IE WINDOWS OPEN! I then went to the "Windows Task Manager" again and, sure enough, several iexplore.exe processes were running. I TRIED to kill them, only this time, there was a popup that came up on the upper left of my screen with a call-out sign (pointing towards the upper left corner of the screen) saying that IE had been "able to recover this tab"... what tab that was, I have no clue, since I cannot see those windows that are appa... Read more

A:IExplorer running in Background - Infected with Trojan

Hello Ladies and Gentlemen. I thought I did everything I was asked to do to report my problem. Hopefully you can get to my problem within the next few days. It is really worrying me.

Thank you very much!

13 more replies
Answer Match 76.02%

Hi, I'm new to this forum, I'm posting my hijack this log in hopes someone can help me find something I'm missing. I've run my symantec, spybot, adaware, malwarebytes, trendmicro and they all say my computers clean. so now I ran this and am postingIE is running in the background even tho ie hasn't been opened by me, I've started using firefox, but that's not the fix. I have notice when I try to log into an internet connection, my own wired, or a random wireless, by firewall (windows) gets disconnected. also, my outlook express is sending multiple copies of emailsthanx in advanceSallhLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:24:42 PM, on 3/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Goo... Read more

A:iexplorer.exe running in background, multiple issues

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Answer Match 76.02%

Hey there! When i boot up my computer at random times it will start lagging hard. I check the processes tab and see internet explorer running random websites such as emls.domads.net, xaxis.com, wineverygame.com, pixel.cpm2track.com, etc. I end the process but it always comes back later. I've scanned with malwarebytes, mse, combofix and hijackthis. I was wondering if I could get some help. Here the hijackthis log;
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:55:12 PM, on 27/11/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
FIREFOX: 33.1 (x86 en-GB)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Users\Barbie\Downloads\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Ja... Read more

A:Iexplorer.exe running malware sites in the background

Hello and welcome.  Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.   Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

16 more replies
Answer Match 75.18%

Hello,I was advised to create a new topic here from forum member boopme.You can see the previous discussion here: Multiple iexplorer processes running, hidden files, empty start menuMalware, ESET Online Scan, MiniToolBox, restore point, and disk clean up all helped remove some of the spyware / viruses but the main issue is still here.iexplorer.exe processes are still running in the background and playing audio ads. They are initiated by SYSTEM and don't appear in programs running in task manager.Also, once in a while google search link is redirected to another page.I run Windows XP Pro 64 bit so DDS and GMER applications do not work.But I read somewhere i should use RSIT and post the logs so I have decided to be proactive and do that.Below is the info.txt file generated:info.txt logfile of random's system information tool 1.09 2012-01-19 14:10:10======Uninstall list======-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER-->C:\Program Files (x86)\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL-->C:\WINDOWS\UNNeroVision.exe /UNINSTALLµTorrent-->"C:\Program Files\uninstall.exe"7-Zip 4.65-->"C:\Program Files (x86)\7-Zip\Uninstall.exe"Acrobat.com-->msiexec /qb /x {F8131A35-47FD-27AD-116D-0E79AF5DE5EE}Acrobat.com-->MsiExec.exe /I{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}A... Read more

A:Bootkit - Iexplorer running in background + hijacking google

(Accidentally posted again here and can't delete this post. Hopefully someone still see's my issue has not been addressed. Sorry about that!)

13 more replies
Answer Match 75.18%

Hijack this:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:17:55 AM, on 7/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Documents and Settings\Austin\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Chatango\Chatango.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe... Read more

A:Audio only adds in background, iexplorer is running on its own, it is updated

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 1af81ee9fd1ba67cd6c7ee2405635334

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
Press any key to quit...
 

3 more replies
Answer Match 74.34%

Hi,

My computer recently has been having the following problems:

(1) When I click on a link from a google search, I get redirected to a different page

(2) When I open explorer, my task manager shows 2 "iexplorer.exe" running and these end up multiplying....left unchecked I get 30+ "iexplorere.exe" running. Sometimes I hear audio ads playing in the background though none of my audio software seems to be running.

I've run an antivirus but it finds nothing. I recently downloaded HijackThis but not sure what to do with the results. When I run a scan of my copmputer using HijackThis I get the following:

"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:46 PM, on 12/26/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\T... Read more

A:Problem: (1) redirected webpages and (2) multiple iexplorer.exe running in background

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

14 more replies
Answer Match 74.34%

Seems to only happen at night. I NEVER use IE but I'll find 3-4 iexplorer.exe processes running and using high CPU percentages. I have been unable thus far to find and remove the problem.  I will typically keep task manager open and close each process at it comes up, but once I've closed one, more will open. I attempted to follow the directions to post the logs from DDS, but it only created the attach.txt file. (Which I've attached.)A DDS file was not created.  Neither AVG or windows scans have found any problems. Any help will be greatly appreciated.

A:Iexplorer.exe running multiple background processes w/ high CPU usage

Hi there,please run the following scans:Step 1Please download TDSSKiller and save it to your Desktop.Start tdsskiller.exe with administrator privileges.Accept the EULA and the KSN Statement.Click on Change parameters.Make sure that all available options (except "Loaded modules") are checked and click OK.Click on Start scan.If any threats are found don't delete them but choose the Skip option for all of them.Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).Copy and paste its contents in your next reply.Step 2Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

7 more replies
Answer Match 73.5%

Hi,Newbie here. Something has infected my PC and is launching Internet Explorer in the background -- sometimes two processes at the same time. I use Firefox 99.9% of the time - almost never Internet Explorer.iexplore.exe is hogging my memory. I don't know if iexplore.exe is also responsible, but something is occasionally re-directing my mouse clicks i.e. I click on a link after a Google search, but I get re-directed to a different site. It's been going on for about a week now. Both problems started at the same time. I cleaned out the Java, Firefox and Internet Explorer caches.I've tried malwarebytes which found a few items to remove, but it has not found anything the past few scans. I also tried Trendmicro's Housecall. It found nothing. I'm sure I have a firewall enabled, but when I went to check, I got this message:In case the image doesn't show, the dialog box says, "Due to an unidentified problem, Windows cannot display Windows Firewall settings." I am logged in as the administrator.FWIW, my knowledge of computers/operating systems is not deep. If you can help at all, I would be very thankful.Below is a copy of my dds.txt log. The attach.txt file is attached.DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 7.0.6000.17114 BrowserJavaVersion: 1.6.0_31Run by new user at 13:52:12 on 2012-12-05Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1078 [GMT -8:00]..============== Running Processes ================.C:\WINDO... Read more

A:iexplorer.exe Running in Background Hogging Memory and Re-directing Mounse Clicks

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

33 more replies
Answer Match 71.82%

Background ads sounds keep running on my laptop. The ads start about a minute after windows starts and keep running, sometimes even two, three or four ad sounds run simultaneously. I have tried various solutions given at this forum as well as many other forums but to no avail. I initially posted my problem at http://www.bleepingcomputer.com/forums/t/519885/background-ad-sounds-keep-running-on-my-laptop/ and got some help from Broni. As per his advice, I ran the DDS and created the logs which are attached.
 dds.txt   10.06KB
  0 downloads
 attach.txt   6.75KB
  0 downloads
 
 

A:Ads sounds constantly running in the background

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your re... Read more

9 more replies
Answer Match 71.82%

Hello, I have spent ages looking on google for a way to rectify this issue with no luck. I use Firefox as my browser, yet Iexplore.exe constantly runs in the background. When I go to the task manager, there are always two iexplore.exe processes running. If I kill them then they restart again after about five minutes. I have tried quite a few things and am out of options! Below is my Hijack This log. Any help would be very much appreciated. If you need anything else please let me know. Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:54:59 PM, on 11/5/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Unable to get Internet Explorer version!Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\RtHDVCpl.exeC:\Program Files\McAfee\Common Framework\UdaterUI.exeC:\Program Files\McAfee\VirusScan Enterprise\shstat.exeC:\Program Files\Kontiki\KHost.exeC:\Program Files\McAfee\Common Framework\McTray.exeC:\Users\Luke\AppData\Local\Temp\RtkBtMnt.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\Taskmgr.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Windows Media Player\wmpnscfg.e... Read more

A:Iexplore.exe constantly running in the background

Hello KingcoveyWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.===========Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be checked by... Read more

1 more replies
Answer Match 71.82%

So basically I was browsing around one day and suddenly I started hearing adverts. I couldn't find which page they were coming from so I exited google chrome and it still persisted. I opened task manager and found iexplorer running and tried ending it. The advert stopped making a noise but iexplorer restarted seconds after. The ads don't always play and other symptoms are I can hear the link clicking noise that internet explorer makes occasionally. One other symptom is it seems to mute all WAVE sounds every 5 or so minutes.

Things I've tried are: Upating to IE8 (has stopped the ads). System restore (temporarily stopped it). Malaware anti bytes scan found nothing. Spybot only found cookies. K7AntiVirus found something and deleted it but nothing changed (I'm assuming what it found was something else). I've done two scans with K7 and Malaware anti bytes and found nothing since but the problem persists.

I'm running on Windows XP

A:IEexplorer running in the background constantly

any help?

8 more replies
Answer Match 71.82%

Hello, I'm having some problems with internet explorer running in the background on my computer, even when I end the process through task manager it pops back up. I would really appreciate some advice on this situation. Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:16:38 AM, on 4/28/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\taskmgr.exeC:\WINDOWS\EXPLORER.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Pando Networks\Pando\pando.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\System32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/R1 - HKCU\Softw... Read more

A:iexplore.exe constantly running in background

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Answer Match 70.56%

Good evening! 
 
I was directed to a suspected unsafe site about a week ago. Since then, I've noticed my computer being busy or loading when in the past it had sat idle (I run windows 7 so I get the busy circle right by my pointer for about 30-45 seconds during the happenings). This happens during all times of operation; web surfing, program running (iTunes, Media Monkey, Microsoft Word), and even sitting idle on the desktop. My "issue" occurs even after a fresh restart or power up. \
 
I'm suspecting I somehow downloaded some type of process that is always running and hogging resources from my system. I could however be paranoid. I want to confirm or dis-confirm my assumptions with some help here. I have posted my recent Hijack This log below. I've used Hijack This! Before, however It's been a year or so and my skills at identifying things are dull. Please, if you would take a look and let me know if I have anything that shouldn't be present in my log file. I greatly appreciate it! 
 
 
Logfile of HijackThis v1.99.1
Scan saved at 10:34:52 PM, on 3/31/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
 
Running processes:
C:\VIA_XHCI\usb3Monitor.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
B:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java... Read more

A:Computer Loading Constantly, Process Running in Background?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===HijackThis doesn't handle 64 bit computer well. In your case I need to see a final DDS Log.Remove your old version of HijackThis using the Add/Remove Programs list.Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)2: DDS.pif3: DDS.COMDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run.Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.===Third party programs if not up to date can be the cause of infiltration an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Search and delete the AdWare, PUP (Potentially Unwanted Program) insta... Read more

18 more replies
Answer Match 67.62%

I seem to have a very nasty bug that runs iexplorer in the background that produces some ads or something that I hear but cannot see. I also can't run spyhunter anymore or SDFix. It shows up in the task manager for a few mins or so and then goes away, but never runs.

After running RegCure once, I got a winsock error that had me down for several days. Just fixed that which allowed me back on the internet. Was going to do a complete wipe, but I can't even seem to do that. My pc is now running at 100% memory usage and I have no idea where to turn. PLEASE HELP!!

I have the DDS and attach....also Hijack This log as well.

A:redirecting virus and iexplorer running in background virus/spyware??

Hello Just D,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

4 more replies
Answer Match 63.42%

How to stop "Runtime Broker" from running constantly in the background.
Running win 10 Home 32 bit upgraded from Win 7 Home Premium

A:Stop "Runtime Broker" from running constantly in the background

Someone mentioned that they solved this problem by going to Settings, System Display, Notifications & actions. Turn OFF "Show me tips about windows".

If that doesn't work, you can edit the Registry to disable "Runtime Broker", but this will also prevent Microsoft Store Apps from running.

Runtime Broker is a service called Time Broker, which can be disabled through editing the registry.

Right-click on the Start Menu Icon. Go to RUN and type regedit.exe and select OK.

Find the following entry:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TimeBroker] "Start"=dword:00000003

Change the 3 to a 4.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TimeBroker] "Start"=dword:00000004

4 is Disabled, 3 is Manual and 2 is Automatic startup.

Before editing, the original value was 3. Set to 4 to disable. Just change the 3 to a 4 through the MODIFY menu selection, exit regedit and reboot your system.

19 more replies
Answer Match 58.8%

Hi there, I recently got over a wave of malware attack and got rid of them using malware bytes, but now im suffering from two problems

1) background noises for ads running through internet explorer(as a script not working for ie pops up right before i hear the advertisment)
-I tried flushing my dns
-everytime i use ccleaner it shows me cookies from random ad sites which i have not visited

2) My Firefox browser occasionally redirects my searches to advertising and suspicious sites

PLEASE HELP

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6422

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

22/04/2011 2:38:51 PM
mbam-log-2011-04-22 (14-38-51).txt

Scan type: Quick scan
Objects scanned: 164055
Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spyware Protection (Trojan.FakeAlert.Gen) -> Value: Spyware Protection -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Jagj... Read more

A:Background iexplorer ads

follow advice here and post the logs those programs make
 

1 more replies
Answer Match 57.96%

Hello my name is Juan.

For the past 2 weeks, my pc has become a very sluggish. I've investigated by running my version of Advance SystemCare Pro but it showed no unusual results. I decided to see what exactly is causing the lag and checked my task manager. There I noticed one .exe that was runing with out my knowledge. It was iexplore.exe It shows up all in caps incase that helps identify the problem. Now the unusual thing is that this program upon being terminated kicks back up after exactly 1 minute. The big issue is what I observed the program doing in task manager. It starts up at 12k in mem usag and this number keeps growing and growing untile my computer cant process other applications smoothly. I notice when its getting large when the cursor of my mouse seems to trail across the screen appearing in one spot then another when I move the mouse. Instead of the smooth moving motion. I'll post the HJT log file and anything else you may need to aid me in this problem.

Hijack This Log
=========================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:48 PM, on 2/18/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.... Read more

A:iexplorer.exe runing in background

Well this problem has gotten a bit worse. The newest thing that is happening with my pc is that every now and then. After I log into my profile, the shutdown window pops up. The one that comes up when a critical system service was terminated. Also I've noticed that I sometimes hear random warnings by window. The ones when you attempt to do something but the computer doesn't let you so you get prompted with a sound. Now I know its not prompting me since I'm not doing anything when the noise is triggered. I've begun to think that it could be a browser hijack from the internet. The latest thing I installed to attempt to aid me in this problem was Zone Alarm Firewall. Yet the IEXPLORE.EXE still keeps starting up even though I have ZA set to the highest internet security. I'll post a screen shot of the file running in task manager.

 

2 more replies
Answer Match 57.96%

I end task it but the process keeps popping back up. And sometimes on my web browser when I click on a page on google, it redirects to an ad.

A:IEXPLORER.EXE Runs Ads in the background

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

3 more replies
Answer Match 57.96%

I have a iexplorer.exe running in the background on start and it connects to this address.

When I log on it also pops up in the cornor a personalized settings dialog then it disapears really quick (it doesn't say anythign else)

TCP klownicl-1xdd0i:2081 dslb-088-064-022-144.pools.arcor-ip.net:http SY
N_SENT

Done a virus scan with most updated Avast. Fresh install of Windows xp. Only got a couple of programs on it so far.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:31:21 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
D:\BACKUP\EXECUTABLES\HiJackThis_v2.exe

O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\a... Read more

A:iexplorer.exe in background on startup

it seemed this has been fixed by running ComboFix.
 

1 more replies
Answer Match 57.54%

Hello,

I am having trouble getting rid of these multiple (precisely 3) internet explorer processes that startup in the background periodically. Only one of the 3 processes is actually taking up all the CPU. In the application view on task manager I can see the internet explorer program, even when I do not have it open. I can also see the application at random websites (changing between them).
 

More replies
Answer Match 57.54%

I am unsure when this happened, but I noticed it yesterday. Iexplorer.exe keeps launching itself off of the DCOM svchost.exe service. iexplorer.exe is launching from the correct directory (c:\program files\Internet Explorer) and causing ads to run in the background. I haven't found a way to stop it, killing it just launches another, renaming the directory stops it but only until I rename it back. I've run multiple virus/malware scans and nothing returns any malicious files. I've tried running HijackThis but didn't see any results that bothered me. I'm at a loss here. Thank you for your time.EDIT: Added report from RKUnHooker and MBRCheck. Also ran GMER once and it saw a library that it flashed red, but I can't get it to show again. Attached that log as well.DDS report:DDS (Ver_10-03-17.01) - NTFSx86 Run by Jason at 11:34:15.24 on Tue 07/20/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3071.1642 [GMT -4:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exesvchost.exe 4C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRe... Read more

A:IExplorer.exe launching in background off of svchost.exe

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

13 more replies
Answer Match 57.54%

Hello,

I need some help removing the Google redirect virus and also stopping iexplorer from running in the background. I am posting them both together because I hope they are related.

I have had the Google redirect issue before, and fixed it, but now that it's back with other issues I want professional help.

I have run both Malwarebytes and Spybot S&D.
DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_29
Run by Ryan Deutsch at 12:30:01 on 2012-10-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.247 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware&#... Read more

A:iexplorer background and google redirect

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

16 more replies
Answer Match 57.12%

Hey all.
 
My troubles started today. All of a sudden XP started up 4 to 5 times slower.
 
iexplorer.exe process also consistently spawns forcing me to manually wipe it using the task manager. It spawns at random short intervals, begins at a small 76K mem and quickly balloons to >100,000K mem and continues to spawn another. At this point my computer slows to a halt and starts to crash. 
 
Currently scanning my computer with Malwarebytes.
 
Any help or advice on further action will be greatly appreciated.
 
VyR
 
PS - Will repost in the Logs section. Mods feel free to delete this thread.

More replies
Answer Match 57.12%

Hey all.
 
My troubles started today. All of a sudden XP started up 4 to 5 times slower.
 
iexplore.exe process also consistently spawns forcing me to manually wipe it using the task manager. It spawns at random short intervals, begins at a small 76K mem and quickly balloons to >100,000K mem and continues to spawn another (I've seen up to 5 such instances). At this point my computer slows to a halt and starts to crash. 
 
Upon using DDS it only generates 1 log file - attach.txt.
No logfile named dds.txt was generated.
 
After a little bit of reading up, I realize iexplore.exe is a virus that has been here for quite sometime now. Is there a standard route to go about removing this from my computer? Hardly usable with such insane memory spikes.
 
DAY 2 UPDATE: No iexplore.exe processes spawned this session. Rig is still running extremely slowly. No idea if the virus went underground or that its something more sinister. 
 
VyR

A:XP SP3 - Sudden slow startup, iexplorer.exe process constantly spawns.

An update on what I have done since:
 
1. Malwarebtyes Anti-Malware
2. SUPERAntiSpyware
3. AdwCleaner - Logs available
4. JunkRemovalTool - Logs available
5. AVG Complete Scan
6. Spybot Search-and-Destroy
 
Others: Used msconfig - checked 'Hide Microsoft processes' and unchecked all non-essentials. No improvement on startup times.
 
Computer still starting up extremely slowly. I no longer see iexplore.exe in the Task Manager (I only ever use Chrome or Firefox). However, something is constantly running in the background and causing major lag. I'm unable to identify the source from Task Manager.
 
Lag spikes occur every second or so, giving the computer a "jerk" every couple of seconds. Programs are slow to startup as well, with loading times greatly increased.
 
Help is urgently needed.
 
Please advise asap.

3 more replies
Answer Match 57.12%

Computer constantly opens google windows when i try to go to a website on explorer...Firefox just crashes whenever opened...Some websites work fine in explorer but many just go back to google...Are there any programs that you would recommend downloading to scan my computer and help figure out what the problem is..Any help would be appreciatedEDIT: Moved from XP to Am I Infected forum ~ Hamluis.

More replies
Answer Match 56.7%

Hey, this is pretty much the same as this one , i tried the instructions but it didn't work for me or i did it wrong.I would attach a GMER but my os is W7 64bitDDS.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26Run by Lewis Kwong at 1:54:12 on 2012-02-02Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8190.5559 [GMT 13:00].AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\Sandboxie\SbieSvc.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeC:\Windows\... Read more

A:Iexplorer audio in background/google redirects

ComboFix 12-02-01.01 - Lewis Kwong 02/02/2012 9:56.2.4 - x64Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8190.5942 [GMT 13:00]Running from: c:\users\Lewis Kwong\Desktop\ComboFix.exeAV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\awsobaa.tmpc:\programdata\eipqbaa.tmpc:\programdata\fipqbaa.tmpc:\programdata\gipqbaa.tmpc:\programdata\gjuobaa.tmpc:\programdata\gtbreaa.tmpc:\programdata\hipqbaa.tmpc:\programdata\hjuobaa.tmpc:\programdata\htbreaa.tmpc:\programdata\ieaqbaa.tmpc:\programdata\iipqbaa.tmpc:\programdata\ijuobaa.tmpc:\programdata\itbreaa.tmpc:\programdata\jeaqbaa.tmpc:\programdata\jjuobaa.tmpc:\programdata\jtbreaa.tmpc:\programdata\keaqbaa.tmpc:\programdata\kjuobaa.tmpc:\programdata\ktbreaa.tmpc:\programdata\leaqbaa.tmpc:\programdata\meaqbaa.tmpc:\programdata\wvsobaa.tmpc:\programdata\xvsobaa.tmpc:\programdata\yvsobaa.tmpc:\programdata\zvsobaa.tmp..((((((((((... Read more

more replies
Answer Match 56.7%

I can usually fix most problems on computers by using msconfig and services, however, I finally found one that I can't fix. =(
At random times, iexplorer will open and start cloning itself while playing random audio adds in the background (while internet exlorer is not open). When I go to task manager: it shows that multiple internet explorers are open and running (when they are not) and I can't end the app, but am able to end it from ending the IEXPLORER process. When this happens, it causes my CPU to shoot up to 100%.
I run  windows 7 and use AVAST for anti virus and have malewarebytes for malware scans. I also use C Cleaner to clean out my registry.
 
Unfortunately I downloaded and ran combo fix already (because I searched youtube for a fix before I found this site) =(
I searched the forums for others with my problem before posting this, but I didn't want to follow the fixes because it seems to be different (like in a case by case basis).
Thanks in advance if anyone can help with my problems. <333

A:iexplorer cloning and playing adds in the background

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

11 more replies
Answer Match 56.7%

My brother did something to my mother's computer, and now she's PO'd to the point of giving him up for adoption. I stopped by to take a look at it and I honestly have no idea what I'm getting myself into. I'd really like some help before the bipolar premenopausal demon starts breaking more cheap plates.
 
There are four to six instances of iexplorer.exe running in the background, and trying to End Process them makes one or two more pop up like some annoying hydra. Audible ads are playing constantly, sometimes playing over top of each other or repeatedly. I already remember from a previous question on my own computer that svchost.exe runs multiple times and I shouldn't be worried about it, but one of them is using anywhere from 750,000 K of memory to the low 1,800,000s.
 
 
 
Again, I would really love some help. The only things that keep this crazy ragemonster placated are her Facebook games and over-hyped HBO shows.

A:Million K svchost.exe, multiple iexplorer.exe, and ads in the background.

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

1 more replies
Answer Match 56.7%

IExplorer.exe randomly runs as SYSTEM in the background. It disappears and pops up randomly. I did nearly everything and got most of the malware removed. This is the last thing I can't figure out.

I ran TDSS Killer, Rogue Killer, Combofix, I ran recovery console and did a FixMBR(my MBR was infected too). I can't seem to figure out this last part in removing the adware. I'm stuck.

A:IEXPLORER.exe runs in background / pages redirects

MienTommy2,

Is this the same computer that you posted about here? http://www.bleepingcomputer.com/forums/topic459714.html

2 more replies
Answer Match 56.28%

Like I said in my Topic Description I searched and found many similar cases but (if I may say) I think that each case has similar malware / etc.. but each situation are different so I am making a thread of my own.

I tried running AVG 8.5 and it seems to have found and deleted but when I search again the same results are coming up. The things listed from AVG search that were sent to the Virus Vault were "Downloader .Zlob.ANQM","Clicker .AAJC", "Generic14 .DNP" and "Agent2 .NWN" all four of these were found in my "\LocalSettings\Temp" and described as "Trojans" in AVG 8.5. I downloaded but can't install Malwarebytes Anti-Malware as my computer is only seeming to work in Safe Mode. I've restarted numerous times but it seems to only work 1/10th of the time in which if I try to run AVG will crash my computer. I have received only one blue screen but it has not bothered me since then. I believe there are many other problems with this computer but the one I am describing at the moment is the one in which I need to get out of the way because it is impeding even the usage of my computer since it happened only recently during the past two days.

Here is as instructed the DDS logs: (I performed it in Safe Mode though not sure if that matters) I tried to upload the Attach but it wont seems to take it as a .rar. So I just uploaded it as the .txt I hope this is ok?

DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Neil P... Read more

A:Google Redirect / Audio Streaming Ads in Background / (iexplorer.exe)

Hello nup123,Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14. Click the "Download" button to the right. At the Select Platform and Language for your download drop down box
Select Windows and Mult-Language Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. ) The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 13
Java™ 6 Update 3 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u14-windows-i586.exe to install the newest version.******************Download Security Check by screen317 from here or here.Save it to your Desktop.Double click Sec... Read more

16 more replies
Answer Match 55.44%

I am running Windows 7 Home Premium 32bit on a VAIO laptop.As mentioned, I am having ads pop up through iexplorer in the background (up to 4 processes at a time). I am getting google redirection with Google Chrome, IE, and Mozilla. All of this started when I got the "AI Daily Updater"(or something around those lines) program that was named messenger.exe in the task manager. Previously I was running Windows Internet Security, however, it is clear now that Internet Security provides no real security at all. Since the infection I have erased mesanger.exe which was located in the C drive. I have installed Malware bytes, adaware, PC Tools Anti spam, and Hijack this * (all ran exclusively of course) and although some of these programs are finding some trojans, the original problem remain. Even worse, until about 30 minutes ago, my computer would not boot at all and instead, at startup, would go to the blue screen! I am really tired of this and I am actually starting to think about buying a mac because this is the third time this month! Previously I have formated and started from scratch, but this takes a long time, and not to mention I lose all my settings. For starters, here is my hijack this log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 4:39:53 PM, on 11/05/2011Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v9.00 (9.00.8112.16421)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\... Read more

A:Windows 7 - iexplorer background ads, google redirection, blue screen!

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

8 more replies
Answer Match 55.44%

Hello, last night I somehow stumbled into what I think was malware, zapping my memory and CPU and grinding everything to a halt. When I opened task manager I could see the bulk of resources were being taken be multiple presumably fake instances of programs that google indicated to be standard Windows programs. I remember msiexec.exe was one that had around 3 instances running at once, and even "notepad" was taking a suspiciously large amount of memory (80,000 k?) even though I wasn't running notepad. There were also about 10 instances of iexplore.exe taking a relatively small amount of memory each. I had to force restart with my PC's power button several times, and each time I'd be granted a few minutes of being able to use the computer before the resource drain made it unusable. After the first restart I was no longer allowed to close any of the runaway programs via task manager, whereas before their proliferation was simply faster than I could keep up with. I managed to download Malwarebytes and run it a few times. During the first scan it detected "trojan.fakems.ed" and the computer crashed before the scan could complete, but upon reviewing the logs after more scans it shows that it has quarantined many instances of that trojan along with "trojan.agent.ed" and several "PUP" items. Additionally, my computer seems to be running almost as normal now that Malwarebytes is running in realtime at startup. However, I'm still getting alerts from Malwarebytes pretty f... Read more

A:IExplorer continually hijacked in background following multiple fake MS programs

Greetings wbmcelroy and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

19 more replies
Answer Match 55.44%

iexplorer.exe running in task manager when ie is not running.
I need help removing what ever is causing this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:58 PM, on 10/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Techno... Read more

A:iexplorer.exe running in task manager when ie is not running

Hello bakerwd. Apologies for any delay in replying, but we have been rather busy lately.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

If you still require assistance with this issue, and since it's been several days since your original log was posted, please do this:
Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

Click Upload.

---------------------------------------------------------------------------------------------

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

19 more replies
Answer Match 54.6%

Hey!

So for the last week or so I've had a laundry list of spyware symptoms taking over my computer. I hadn't used the computer in a couple days and I woke up one morning to mayhem. I've been able to work out a lot of the problems myself but there are still quite a few pieces I need a hand with.

1. I managed to get HJT to run, but it crashes shortly after the scan is started - so I can't get a log.

2. I've managed to run anti-spyware scans a few times, but most of the infected files cannot be deleted and require a restart. However, upon restart the programs do not run, so I can't get rid of the files. This is my biggest problem.

3. Random IEXPLORER.exe services starting, no visible advertisements, but there is annoying audio playing.

4. Firefox redirects my links to shady advertisemets, and sometimes won't load any basic web address (such as myspace.com). I have to find a backdoor to get to the sites like "myspace.com/blah".

5. I've found ways around it, but my anti-spyware programs all crash either right away at startup, or shortly after the scan begins.

I have tried every online scan I can think of, but they all crash before they complete. AVG won't start scanning if I try more than once. EXE's are being renamed, programs are being blocked. I've gotten Malwarebytes to scan a few times, but again I have problems with the auto-run on reboot that I so desperately need. Spybot has the same problems.

Oh, an... Read more

More replies
Answer Match 52.92%

Hi all, I have a relatively new machine (~2 weeks) and the last two days I've noticed it is constantly downloading something. ie - I have the network connection in the sys tray and see the icon almost constantly lit up (though it at times does flash on and off rather rythmicly) and the hard disk is constantly writing. It's been going on for about two days. Happens whether I'm using the computer or have all applications closed.

How can I determine what is going on?

I have xp pro sp2, mcafee, win firewall on.

The only real problem I've noticed is that I've been trying (over past 2 days) to upload a rather large web site via ftp and am having trouble - times out when trying to upload files. And sometimes surfing seems a bit slow. Can''t watch some videos I usually watch - just never load. This all just started the past 2 days.

Thanks for any help on this.
 

A:xp pro sp2 - constantly downloading something in background

could be windows updates or virus updates
but with the other issues you have maybe worth restoring to before the problem started
did you update windows and virus

have you scanned for virus and spyware
also post a Hijackthis log and move to secruity forum

HIJACK THIS:

Download and copy hijackthis to its own folder , it makes backups so keeping them separate and available can be useful.
SO DO NOT put hjt onto the desktop or temp files.

create a directory say my documents/hjt

Note the Spyware tools websites are very often under attack and so I have provided more than 1 location to download from:
http://computercops.biz/zx/Merijn/hijackthis.zip
http://www.merijn.org/files/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
http://209.133.47.200/~merijn/downloads.html
http://www.thespykiller.co.uk/
http://aumha.org/downloads/hijackthis.exe
http://www.tomcoyote.org/hjt/
http://www.majorgeeks.com/download3155.html

---------------------------------------------------
 

1 more replies
Answer Match 52.92%

Hi, i'm new to this forum so what I want to ask might have been discussed here..

I just upgraded and clean installed my PC to win 10.so after i installed my LAN drivers it started downloading something.I thought it might have been the updates but when I checked the update manager its showing "Check for updates"..

So Ichecked everything but still not able to figure out what it's downloading..Can someone help me please to figure it out

Thanks.

A:Background download constantly

If it's stuck on 'Downloading updates', it may be downloading the last cumulative update and you have a slow connection. Just let it run, the progress bar is very undependable. If it's that the system is running hot in the background, open Task Manager and if it's 'System and compressed memory', your 10 image is just being updated and using resources.

3 more replies
Answer Match 52.5%

Hey guys, I am running Vista on an AMD Phenom X4 9150e with 4gb ram. My hard drive is constantly running and chugging away pretty good too, reading rather than writing i believe. My cpu and memory usage are quite high and my system is running relatively slow for doing simple things like opening a browser. I have attached a screenshot of the system resource monitor with basically nothing running but hijack this and a browser. Any help would be greatly appreciated. I have run scans with malware bytes and adaware, as well as AVG which all come up clean. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:14:54 AM, on 10/11/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18813)Boot mode: NormalRunning processes:C:\Program Files (x86)\AVG\AVG8\avgtray.exeC:\Program Files (x86)\DAEMON Tools Pro\DTProShellHlp.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndtR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ht... Read more

A:Slow running system and Hard drive constantly running

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

4 more replies
Answer Match 52.5%

Hey guys, I am having trouble fixing this on my own. On start up, advertisements are constantly playing in the background even though I haven't opened any internet browsers or programs yet. I've ran Malwarebytes anti-malware, but it didn't pick anything up. PLEASE HELP! Let me know what to download and what logs to post, thanks guys!

A:Advertisements playing in the background constantly

Here is the DDS txt log:
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 10.9.2
Run by Mae at 22:42:50 on 2014-01-07
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.1870 [GMT -8:00]
.
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\... Read more

30 more replies
Answer Match 52.5%

Frequently (80% of new pages and refreshes) my IExplorer runs at 99% requiring me to click "End Process" in Task Manager. Lasts 3-5 minutes
Malware Bytes AntiMalware scan reports no infected files. Microsoft Security Essentials scan found no threats.
Ran CCleaner and Regclean and rebooted.
Opened IExplorer with Yahoo as default web site. Clicked news story link. IExplorer remained at 91-99% for 3+ minutes until I stopped the process.

HiJackThis log, dds.txt, attach.txt, and GMER log file, ark.txt are attached.

TSG Sysinfo will not download - says server has been reset.

Ideas please !!!!!
 

More replies
Answer Match 52.5%

Please help!

HP computer has had two iexplorer.exe processes running with one iexplorer webbrowser...one process was always 10x's the memory than the other. Last week I had someone log into my bank account and transfer $1000 to India...I am suspecting that this computer has a keylogger which is how they got my login and password. Below is HJT, DDS is attached, I couldn't download the rootrepeal.

Thanks in advance!

Steve

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:31 PM, on 9/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\H... Read more

A:Help..two iexplorer's always running

bump...

seems like there's a long wait around here... any assistance is greatly appreciated!

Thanks,

Steve

6 more replies
Answer Match 52.5%

Hi I am new to this but heard only good things. Hope I could also be helped.My Internet windows are very slow and also freeze from time to time. I ran Norton AV, adaware, spyboy with no results. I then tried xoftspy and gave me a file name"svhost.exe" in system32 file. I deleted this file, but things are still not what they should be. My cpu also runs up very high from time to time.Upon shutdown or restart I get the message iexplore.exe not responding.I have no idea what this means. I am attaching my log file if it will help (all Greek to me)ThanksLogfile of HijackThis v1.99.1Scan saved at 7:50:51 PM, on 2/22/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor... Read more

A:Iexplorer always running

You are currently using hijackthis from a temp directory. This can cause problems. Please create a directory on your c: drive called c:\hijackthis and download and unzip hijackthis into that directory. Run the program from that directory from now on.For a tutorial on how to use HijackThis please see the following link:Using HijackThis to Remove Spyware, Browser Hijackers, and DialersPrint out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R3 - Default URLSearchHook is missingO2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)O2 - BHO: (no name) - {417BC753-7EFB-FED9-E1F2-A1A38DF1C9B9} - C:\WINDOWS\System32\rgyvxpbu.dllO2 - BHO: (no name) - {5878FE44-F856-7995-49A1-6316529821D0} - C:\WINDOWS\System32\hjfibpjo.dllO2 - BHO: (no name) - {70B85AFD-4FE7-FFB9-B573-613AC3380544} - C:\WINDOWS\System32\ilekrrzg.dllO2 - BHO: (no name) - {99E7B4CD-C7F0-BA35-90D4-18B2CA45531C} - C:\WINDOWS\System32\nuwjxgue.dllO2 - BHO: (no name) - {9BF988BE-929D-613C-F9D1-71D672A8C9A7} - C:\WINDOWS\System32\khmcwufc.dllO2 - BHO: (no name) - {B295A40C-9407-8018-9974-65E9... Read more

1 more replies
Answer Match 52.08%

Why is the CPU on my laptop at 100% when I'm using the internet? It is seriously slowing me down/ screen freezes etc. My McAfee is up to date. I've loaded up Firefox and this is working perfectly (CPU 7%) but would like to return to Internet Explorer. My OS is Vista and I was running IE8. Thanks
 

A:Solved: CPU running at 100% with iexplorer

7 more replies
Answer Match 52.08%

Hi All,

Since Wednesday, my computer seems to be infected by a virus, that I can't locate. The first weird thing that happened was that at soon as I was going on the internet, one if the svchost process was taking half the cpu.

I also noticed that they were a file called zipibn32.exe which was executed as launch time and that would not go away, I could not stop that file to be launch using msconfig, and could not remove that file either from its location.

Using process explorer, I was able to find out that the svchost.exe, the one that was taking 50% of my cpu was using a zipibn32.exe file!, in the safe mode I was able to remove that file and I thought I was done.

Now I have a process IEXPLORE.exe that launches at boot time and initiated by SYSTEM, windows won't let me kill that process, I cannot find what makes it start, as I have no entry in msconfig for that, nor the register and not in the startup menu either. The strange thing is that it launches itself in safe mode as well. If I use the at command to get system privileges that iexplore.exe is still unstoppable.

I can still use internet explorer to go on the internet, so no issue there. The only thing is that my visual studio applications have stopped working, everytime I use a .exe that has been compiled by visual studio then the cpu jumps to 50% and the application runs only in the background thus beeing useless.

If any one as any suggestion, at this stage I consider re installing XP.

After furth... Read more

A:IExplorer.exe running as system

I am moving this topic to the Am I Infected forum from the XP forum for you. ~ OB

1 more replies
Answer Match 52.08%

I have this same problem... I've done what you've said so far and I've found "Copy Style Settings.exe" and "Owns hope bike.exe" and some others in the same folder under the name "Trans Wma". What do I do now?

This is the result of the "findlop" thing:
[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AD5422649027A0A0.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\default\applic~1\transw~1\Copy Style Settings.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Default'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 12/22/2006 11:00:00
NextRun: 12/22/2006 12:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/09/1998
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-Task'
Work... Read more

A:2 iexplorer processes running

Oh sweet. Don't worry about it. I just deleted those files along with some other ones I picked up with Panda ActiveScan and now it's gone and I don't get pop-ups on Internet Explorer startup anymore and the processes have gone~ Cheers~
 

1 more replies
Answer Match 52.08%

The computer has more than one user, some of whom do banking and pay bills online. The computer is running Windows XP Home Edition service pack 3 and Internet Explorer 8. Using Microsoft Security Essentials and Avira Antivirus.

When using IE8, the windows open and close verrrrrry slowly. Google is the IE8 homepage and when I type searches in the panel the letters of the words are slow to appear and users have to wait for the letters to appear.

Task manager shows three iexplore.exe and seven svchost.exe running under the user name SYSTEM (3) and two in NETWORK SERVICE and two in LOCAL SERVICE.

DDS file follows. Attach and Ark files attached.
Thanks for the help.
JD

The DDS.txt file shows:
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.5672\swg.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc... Read more

A:three iexplorer.exe and seven svchost.exe running

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log... Read more

2 more replies
Answer Match 52.08%

This is my log i have on the notepadLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:40:32 PM, on 1/6/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\InstallShield... Read more

A:Iexplorer.exe is running i have other issues not sure what

Hi,* Please download Malwarebytes' Anti-Malware from HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

2 more replies
Answer Match 52.08%

Its really annoying every time I end the task, after a min or two the task will pop back up and a window default beep will occur. I think this is Malware or some kind of virus, how can I remove this?

More replies
Answer Match 52.08%

Im running windows xp home edition. I seem to have lot of extra process running in task manager. I need help ridding my machine of these.

A:several iexplorer running process

A screenshot of Task Manager might be more useful than the link you posted, IMO.

FWIW: IE open normally reflects at least two instances in Task Manager. For every additional window that is opened, there will appear another instance of IE in Task Manager. If I have 5 windows open in IE...I should see 6 instances of IE running in Task Manager as long as those windows are open.

Louis

7 more replies
Answer Match 51.24%

Title says it all. I open the Background Changer and 5 seconds later, it crashes every time I use it. I tried to look up how to do change the background manually, but it says I need an image that is less than 256 KB and my image is 322 KB. Does anyone know how to fix the application or change the background in another way?

A:Windows 7 Logon Background Changer Constantly Crashes

resave the image using higher jpeg compression.

3 more replies
Answer Match 51.24%

For some reason when I look in my task manager, WMP is always open even though I haven't opened it and it's not visibly open at all. I decided to do a process library scan and it came up with this result:
wmplayer.exe Startup Details
Startup Method:

Process

Parent Process:

roxioburnlauncher.exe

Startup Location:

C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup



What could this roxioburnlauncher thing be? Is this dangerous? Thanks much for your help.

A:Windows Media Player constantly open in the background?

Press Win+R to get the run window. Type msconfig there and hit enter. In the startup tab of resulting system configeration window, disable all the unnecessary entries, including the roxio entries.

Roxio Burner Launcher is not any dangerous thing, but it is unnecessary to start up with the system. Only when you burn DVDs , open it.

9 more replies
Answer Match 51.24%

I was looking at the resource monitor and noticed several suspicious services running. One of which is the fact that iexplorer.exe has 3 services running and csrss.exe has 2 running. I looked a few up and it seems as though I may have a virus. I have had problems with this computer since I purchased it. It could be possible that a virus was transferred from my old computer. I would appreciate any help with this.
Thanks,
Karen


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: AMD A4-4300M APU with Radeon(tm) HD Graphics, AMD64 Family 21 Model 16 Stepping 1
Processor Count: 2
RAM: 3547 Mb
Graphics Card: AMD Radeon HD 7420G, 512 Mb
Hard Drives: C: Total - 475960 MB, Free - 440017 MB;
Motherboard: SAMSUNG ELECTRONICS CO., LTD., NP355E7C-A01US
Antivirus: Windows Defender, Disabled
 

More replies
Answer Match 51.24%

My PC seems to be infected by something and Panda Platinum Internet Security, Spy Sweeper and Ad-aware are not removing it. Anytime I check Task Manager there are two instances of iexplorer processes running and chewing up most of the resources. Below is the HijackThis log for my system.

Thanks in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 6:57:08 AM, on 12/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\Progr... Read more

A:2 iexplorer processes running all the time

7 more replies
Answer Match 51.24%

Hello,
 
Earlier today I was browsing a website that had a Trojan on it - which McAfee caught/notified me of - but I've spent the rest of the day paranoid of what may have got through and infected my machine.
 
2 or 3 minutes after the Trojan notification, random audio started coming through the speakers (TV ads etc) - which I established wasn't coming from any of the tabs/windows I had open - so I hit Control/Alt/Delete - and on the "Applications" tab of Task Manager - 5/6 Internet Explorer windows were open that I couldn't see/were hidden so I couldn't hit close on the window itself - but every time I hit "End" in Task Manager, they just re-appeared as something else.
 
Through various scans with anti virus software I still have installed from my last malware experience - I've managed to stop the audio issues at least ... but now - if I restart the computer and go straight to Task Manager before doing anything else ... the "Applications" tab is empty - but on the "Processes" tab, there are 4 instances of "iexplorer.exe" and "iexplorer.exe *32" ... which to me, suggests the hidden Internet Explorer windows are still in the background somewhere - doing god knows what - keystroke logging/giving me a virus/who knows?
 
Am I being paranoid/is this normal - or can someone please help point me in the right direction for how I can resolve the issue?
 
Thanks very much!
Chris

A:Several processes of iexplorer.exe running - should I be worried?

    Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see hereDouble click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR... Read more

17 more replies
Answer Match 51.24%

for the past 2 days my pc been running slow and freez up after awhile also when im surfing on internet i hear voices or music like theres a pop up for somthing but the only window thats open is my firefox and theres no pop up to be seen. also in taskmanager iexplorer stays running without even using iexplorer ( been using firefox for a long time now ) and when i end the process in taskmanager it pops back up couple seconds later. any advice what this coulb be or to fix it ? thx

A:iexplorer.exe stays running in taskmanager

Hello and welcome to TSF

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 51.24%

DDS cannot finish its scan, it runs a little slow and then computer locks up and I have to restart. Some of the options for doing a GMER scan were grayed out, so I was unable follow that part of the posting instructions as well. Can you reccomend something else I can use to post logs?

While using firefox, I have been redirected to different sites, mostly when I use a search engine but other times it will just happen randomly. Also, Internet Explorer, which I never use, will open up an ad or a site on it's own. Also, I can see iexplorer.exe using task manager using up large amounts of cpu and ram even if it's not open on my screen. I have tried a system restore as well as Malware Antibytes and Avast (both up to date) which have found nothing. I have tried using TDSSKiller and it fails to open, even if I rename it and change the file extension.

It'd be really awesome if you can help me with this. It's not been a good weekend...

A:Redirect Virus and iexplorer.exe always running

DDS finally ran the whole way through!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by user at 16:23:35 on 2011-11-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.327 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WI... Read more

22 more replies
Answer Match 51.24%

for at least a month now our computer has been responding very slowly and is always running multiple copies of iexplorer.

even killing them with Task Manager is only temporary and they seem to spontaneously spawn.

We are running Windows Vista Home Basic with SP2.

Also running McAfee Total Protection (so much for total I guess).

have also tried running Malwarebytes Anti-Malware but it has come up with nothing.

DDS, ark and attach log files are attached (if I did this right).

Appologies in advance if I have not provided enough information and thanks for taking the time to help us with this.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154
Run by Elizabeth at 20:31:12 on 2011-11-20
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.61.1033.18.1791.699 [GMT 8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\... Read more

A:iexplorer keeps running and chewing up memory

BUMP please

19 more replies
Answer Match 51.24%

Hi everybody,
I am not a experienced user and I am facing a problem since 3-4 weeks: PC slowed down and I verified that multiple instances of iexplorer.exe *32 are running at the same time. I guess this is using a lot of memory and is the reason of the problem i'm facing.
I am running windows 7 home premium with service pack 1 and it's the first time i am facing this problem on this laptop, that i am using since one year.
 
My antivirus (McAfee) is updated and I run spybot but it didn't find anything.
 
Any help?
 
Thank you

A:multiple iexplorer.exe *32 instances running

Please download MiniToolBox  , save it to your desktop and run it.
 Checkmark the following checkboxes:  List last 10 Event Viewer log  List Installed Programs  List Users, Partitions and Memory size.
 Click Go and paste the content into your next post.
 Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis

4 more replies
Answer Match 51.24%

Everytime i open iexplorer two processes pop up in tskmgr, then usually the one in the background crashes. I have a feeling it is really slowing my internet down and malwarebytes doesnt seem to fix the issue any way here is my hijackthis logLogfile of Trend Micro HijackThis v2.0.4Scan saved at 2:04:16 AM, on 9/15/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18943)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\WindowsMobile\wmdcBase.exeC:\Windows\System32\wpcumi.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeD:\Program Files\HP\HP Software Update\hpwuschd2.exeC:\Windows\hffext\hffsrv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Winamp\winampa.exeC:\Windows\ehome\ehtray.exeC:\Program Files\BitLord\BitLord.exeD:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Windows\ehome\ehmsas.exeD:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeD:\Program Files\HP\Digital Imaging\bin\hp... Read more

A:Iexplorer running in backgroung and crashing

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

5 more replies
Answer Match 51.24%

I have used Ad-Aware and Symantec to scan my computer, but it says there are no viruses. But when I open task manager when I have one IE window open it shows I have two and sometimes three. Here is my Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:14:25 PM, on 11/3/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Acer\eManager\anbmServ.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exeC:\Program Files\iolo\common\lib\ioloServiceManager.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86&... Read more

More replies
Answer Match 51.24%

Hi, I have a problem with 4 iexplorer.exe running multiple in taskbar couple days now upon startup windows 7 when I notice my malware-bytes anti-exploit bar keep popping internet explorer (add-on) is now protected. The other thing is when I run active malware-bytes anti-exploit on my browsers doesn't open at all.Please help!

A:Multiples iexplorer.exe running in taskbar

Hello Twizu11, welcome to Bleeping Computer's Malware Removal forum!
 
My name is Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.
Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
======================================================
&#... Read more

4 more replies
Answer Match 51.24%

I've scanned with ad-aware, spybot, avast!, and AVG.

I have two IEXPLORER.EXEs running in my task manager. And then i try to end them, they just pop right back up.

Any idea? I dont even use internet explorer, i use firefox.

A:Two IEXPLORER.EXEs running, and wont go away.

iexplore.exe i mean. I was just thinking of internet explorer, thats where the extra 'r' came from.

1 more replies
Answer Match 51.24%

Hi, earlier this week, my internet explorer stopped working. I'd click the link on the task bar and the window for internet explorer would come up but nothing would happen. My cursor would just turn into an hourglass and do nothing. I would've put this in a different forum except when I hit ctrl alt delete and get to the task manager and look under applications there's always at least two iexplore.exe running besides the one I tried running and no matter how many times I try and end them it won't work. I can go into processes and end them there but there's about six or seven there and they keep coming back up every time I end them no matter how many times I try. This just doesn't seem right at all to me. I don't know if it's a virus or if my computer's just messed up. I'm using google chrome right now because that's actually working, and I also have windows 7. Thanks for the help!
 

More replies
Answer Match 51.24%

Hi I was wondering if you could help me with this problem. I actually started typing this thread on my computer but the thing crashed due to a ridiculous dllhost eating all of my memory. It was actually the first time I've crashed since I noticed this on my computer a day ago
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 11.25.2
Run by Greg at 19:58:43 on 2014-11-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3564.751 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\taskeng.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\AutoKMS\AutoKMS.exe
C:\windows\system32\atieclxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\... Read more

A:Excessive Dllhost and iexplorer.exe running

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555408 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

7 more replies
Answer Match 51.24%

I have noticed of late that I have two iexplorer.exe programs running in task manager at the same time so I think I have something going on. I would like to fix it. I have uninstalled ie 8 and reinstalled and it's still doing it so I think the problem is getting bad.

any help would be greatly appreciated

A:two instances of iexplorer.exe running at the same time

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

8 more replies
Answer Match 51.24%

For whatever reason there are two iexplorer.exe running on my task manager when I use IE, though I'm only running one screen of it. Also, when I use firefox, my connection is dogged-slow.
Here is the report from HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:40:48 AM, on 5/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
C:\WINDOWS\SOUNDMAN.EXE
C... Read more

A:Two iexplorer.exe running on task manager

This will explain 2 IEs in Task Manager: http://ask-leo.com/why_are_there_dup...an_it_out.html

4 more replies
Answer Match 51.24%

I have multiple instances (5 at the moment) of iexplorer.exe *32 running. I randomly have new Internet Explorer windows open with Ads and Surveys. A frequent URL includes server2.mediajmp.com. I am running Norton 360. All popup blocker settings are set to block popups. If you need more information, please let me know. HJT log file attached and pasted herein. Thank you in advance for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:16 PM, on 1/16/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Gamevance\gamevance32.exe
C:\Program Files (x86)\Norton 360\Engine\3.8.0.38\ccSvcHst.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Progra... Read more

A:Pop Up Ads & Surveys - Multiple iexplorer.exe *32 running

I believe the problem was "gamevance.exe". I saw it running in Task Manager when nothing should have been happening. Googled it and it said it was likely spyware / malware. "Gamevance is online gaming software which collects anonymous usage information and also displays pop-up ads." I found it installed in the "program files" folder and in "add/remove programs." I was able to uninstall the program over 24 hours ago and haven't had a pop up since.
 

1 more replies
Answer Match 50.82%

I noticed this issue a little while back. As I shutdown/restart my laptop, I notice it switches to a secondary desktop that has been running programs.
A good example would be trying to open my Task Manager, I can Ctrl-Alt-Del and it will allow me to open Task Manager - however when I click on Task Manager, it opens on the Desktop running in the background.
I can't even access the Desktop in the background, it only shows up as I'm shutting down - closing programs that I tried opening awhile ago.

I really hope this makes sense.. it's getting frustrating.

A:Two desktops running at the same time. Background programs running.

It sounds like you have a virtual desktop.

This is not something that could 'just happen' in Windows 7. You would need to install a third party program to do this.

So if you did not install anything that might add virtual desktop capability, or this is not a situation where you inherited or obtained this computer from someone else and are not quite sure what is installed on it, then I would suggest first running virus and malware scans to start.

7 more replies
Answer Match 50.82%

Hi there,

I believe I have two problems, which may be separate or related, and I've had a look around the web to find some answers and have come to the conclusion that I probably need help from you guys! As the title suggests, I seem to have multiple versions of both iexplorer and chrome running at the same time, even when I am not running them at all. The processes are using large proportions of my system resources (around 10% cpu and roughly 66% of physical memory), thus making the pc slow. This is a real pain.
Also annoying is the intermittent re-direction of my browsers as they load a new web page, to move me onto some ads for lots of rubbish that I don't want.
These problems have been ongoing for a couple of weeks or so, but haven't been too much for me to cope with until the last couple of days when I have been busy on the pc.
I have done nothing to my machine to try to rectify the problem, except for searching the web to find out info on the problems.
Any help would be greatly appreciated.

 

A:multiple iexplorer and chrome processes running

User receiving assistance at different forum.
 

1 more replies
Answer Match 50.82%

I am using a Dell Inspiron laptop with 160 GB hard drive and 3 GB RAM, running Vista and iexplorer 8.
I noticed that the CPU is frequently at 100%. It takes a while for the computer to regain a useful portion of that 100% so that I can continue working.

Can I, should I, terminate the multiple IE copie processes ? Got any idea how or why these copies are running?

In your opinion, will upgrading to Windows 7 solve this IE problem ?

Any suggestions are welcomed and very much appreciated.
Thank You,
Jerry D.
 

A:Solved: Multiple copies of IEXPLORER.exe running

16 more replies
Answer Match 50.82%

I got a bad virus somehow and i managed to delete it with the trial version of the buyable SuperAntiSpyware. Unfortunately it did not get rid of the entire virus. I then heard of A Squared and got that, I ran it and it found viruses so I chose "Fix". It couldn't fix it so I instead chose "Quarantine" and my computer crashed and I had to repair it with my XP reinstalling disk. Currently I have many svchost.exe's running in SYSTEM on my TaskManager and I am also getting IEXPLORE.exe running in SYSTEM randomly. Nothing bad has happened except for one instance where an IEXPLORE.exe in SYSTEM caused what I think to be a commercial(audio only) to be played in the background. There was no window for the commercial only audio coming out of my computer's speakers. Here is the DDS log I was told to post.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Ghetto Muffin at 10:14:09.00 on Fri 05/22/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.992.658 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobile... Read more

A:Multiple svchost.exe running in SYSTEM? IEXPLORER.exe in there as well.

Hello.

One of the infection is a backdoor/rootkit.

Backdoor Threat

Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

If you wish to continue, then follow the instructions below

Install Recovery Console and Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Please download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2... Read more

6 more replies
Answer Match 50.82%

Good day,
I've lately been having an excess of freezing and slowing issues. I currently run malbytes and stopzilla and earlier ran malbytes root version. This did catch and appear to remove multiple issues. However, the slowness and lagging is still occuring and am often running multiple iexplorer.exe when I pull up the task manager (always a minimum of two running but sometimes more).
I've searched for others who have had the same issue but it seems to be a problem beyond my limited attempts. Any help will be appreciated- even if just pointing me in a the right direction where to start next.
Thanks in advance!

A:slow down and freezing with mulitple iexplorer.exe running

Hello can you psot those scan logs for review?

3 more replies
Answer Match 50.82%

Okay, I have a stupid issue with IE running in my background, which will NOT go away, i try ending the processes, but they come back right away using 8,000k of memory eahc time, sometimes upwards of 4 of them open, and reluctant to close, I dont even use IE at all, i am a firefox userGoogle searching this i have found this could be the work of some sort of virus controlling how they run and could very well cripple my system over time, so i need some insight into this, am I being too paranoid or is this a legitimate issue that i am having trouble ridding of?I did run superantispyware, spybot S&D and CCleaner as one youtube thing told me to try, as my AVIRA program will not find anything and nor did the three listed before, so i tried combofix last and even that didnt give me any results. should I post the Combofix log? (told to post in this forum rather than another)

A:two iexplorer.exe instances running - wont close

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

1 more replies
Answer Match 50.82%

Okay, I have a stupid issue with IE running in my background, which will NOT go away, i try ending the processes, but they come back right away using 8,000k of memory eahc time, sometimes upwards of 4 of them open, and reluctant to close

Google searching this i have found this could be the work of some sort of virus controlling how they run and could very well cripple my system over time, so i need some insight into this, am I being too paranoid or is this a legitimate issue that i am having trouble ridding of?

I did run superantispyware, spybot S&D and CCleaner as one youtube thing told me to try, as my AVIRA program will not find anything and nor did the three listed before, so i tried combofix last and even that didnt give me any results. should I post the Combofix log?

A:two iexplorer.exe instances running - wont close

Hi Khanar,If you think your computer may be infected I would recommend posting in the Am I infected? What do I do?Before posting read Before You Post About A Problem .Pauline

2 more replies
Answer Match 50.82%

Hello, I really hope someone can help I'm pulling out my hair. Ok about a week ago I noticed my Windows Defender wasn't running so I went to manually turn it on It gave me an error saying it couldnt run for some reason dont know the error and thats not my main problem. Since then I downloaded Avast and have deleted tons of Malware. My computer seems to be running fine but when I open Internet Explore everything starts to run very slow. My pages seem to be re-directed to multiple sites I uses Yahoo as my default browser. When I open my Task Manager it shows two iexplorer.exe running when in fact I'm only using one and one of the iexplorer.exe is using tons of memory usage. This is my main problem and when i close the iexplorer using the most memory it opens itself back up. I would greatly appreciate some help. I also think whatever is causing this is disabling a portion of any anti-virus program I use because Avast doesn't seem to be working properly I like Win Def much better. Thank You My DDS is below and the other files are attached.DDS (Ver_09-11-24.02) - NTFSx86 Run by Zack at 0:49:58.20 on Fri 11/27/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15AV: avast! antivirus 4.8.1356 [VPS 091126-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ============================= Pseudo HJT Report ===============uSearch Page = uStart Page = hxxp://www.yahoo.com/uWindow Title = Windows Internet Ex... Read more

A:running multiple iexplorer.exe unwillingly? Cannot end task

Hi Dejshi,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."Click on Start->Run, and copy-paste the following command (the bold text) into the "Open" box, and click OK:cmd /c dir /a/s %systemdrive%\eventlog.dll %systemdrive%\scecli.dll %systemdrive%\netlogon.dll %systemdrive%\logevent.dll %systemdrive%\ntelogon.dll %systemdrive%�... Read more

3 more replies
Answer Match 50.4%

Hello Everyone...

I have a computer that got a massive virus on it...I'm thinking more than one...and I have run Malewarebytes a few times and it keeps finding the same ones. I also now have a "corrupted recycle bin" and in my "task manager" iExplorer.exe is always running randomly even when ie isn't open. I've looked in the services for this "Windows_XP" that seems to be the file that starts this, but it doesn't have it. Please help. Its driving me nuts.
Oh...and to top it off...under "Documents and Settings" there is a folder named NetworkService that has a folder in IT called "LocalSettings" and there is a temporary internet files folder that has stored 140Gb of random data on this 150Gb hard drive. I had 300mb left to use. I have manually deleted as much as I can but its starting to drive me nuts. Any suggestions? I am MORE than open to those.

Thank you WAY in advance for helping me in this matter.

DJ

A:Temp Files showing 140Gb, iExplorer.exe running

...and to add the icing, I can't use Microsoft Update Service when I AM connected to the internet because some of the files are "corupted"

10 more replies
Answer Match 50.4%

I've read around and tried typing net administrator /active:yes and I could'nt delete the file still, kept telling me I needed permission. I then tried a System Restore, but here it was in the registry or something, so that didn't work either. Then, I got HijackThis and here are my logs, on the task managers > processes tab, there are A LOT of winlogon.exe and iexplorer.exe's running, please help me Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:18:52 PM, on 2/6/2010Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v8.00 (8.00.6001.18882)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\explorer.exeC:\hp\support\hpsysdrv.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Lexmark 1300 Series\lxdcamon.exeC:\Windows\System32\jusched.exeC:\Program Files\Sophos\AutoUpdate\ALMon.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\Taskmgr.exeC:\hp\kbd\kbd.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Inte... Read more

A:winlogon.exe -- iexplorer.exe (ALOT OF INSTANCES RUNNING AT THE SAME TIME)

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

2 more replies