amnmaddox

All is good here. No bumps yet. I do now know. Seems resolved. BTW I do now know when and how i contracted this i believe. I had some issues with running .msi files and used and "online tool" to fix it. Didnt think this would happen. I'll give you an update tommorrow in the am. Thanks a bunch!

SystemLook 30.07.11 by jpshortstuff Log created at 20:14 on 03/12/2014 by Maddox Administrator - Elevation successful ========== filefind ========== Searching for "opengl32.dll" C:\Windows\System32\opengl32.dll --a---- 1039872 bytes [23:42 13/07/2009] [01:41 14/07/2009] 585FED4CDB8034B8B58AEB8008255817 C:\Windows\SysWOW64\opengl32.dll --a---- 791552 bytes [23:28 13/07/2009] [01:16 14/07/2009] D1BBE227367ED791D5FCF08E132D2956 C:\Windows\winsxs\amd64_microsoft-windows-opengl_31bf3856ad364e35_6.1.7600.16385_none_6ab9e7b9a318b3e8\opengl32.dll --a---- 1039872 bytes [23:42 13/07/2009] [01:41 14/07/2009] 585FED4CDB8034B8B58AEB8008255817 C:\Windows\winsxs\x86_microsoft-windows-opengl_31bf3856ad364e35_6.1.7600.16385_none_0e9b4c35eabb42b2\opengl32.dll --a---- 791552 bytes [23:28 13/07/2009] [01:16 14/07/2009] D1BBE227367ED791D5FCF08E132D2956 -= EOF =-

It pointed me here: c:\programdata\{9a88e103-a20a-4ea5-8636-c73b709a5bf8}\opengl32.dll But it said remediation failed. I tried navigating to it but it says it doesnt exist. Not at that location.. we will see. No activity yet and I now no longer show Explorer.exe running wild with memory. Only one instance in my processes steady at 15k kilobytes or so (approx) The log showed this file to have something to do with iexplorer.exe and this "<System_Setting ID="1"><RegistrySetting>hkey_local_machine\software\clients\startmenuinternet\iexplore.exe\shell\open"

While waiting for your reply, I ran norton power eraser, it found a threat with opengl32.dll. Not sure if it will work but i'll keep you posted.

And MBAM still blocking outbound sites from Explorer.exe, and browser history full. The funny thing is, they are all the same websites and IP addresses

Here we go.. cureit.log

It was well before that, I'd say around the first of November. Not sure exactly, I stumbled upon it by chance.

Well, I spoke too soon. Issue still there

On a side note, I downloaded Process Explorer last night after looking at some other posts on Bleeping computer. After watching it for a while this morning, I noticed the biggest resource hog was Adobe Flash Player Plug-in. I terminated the process and as of now, Iternet Explorer has not visited any wierd web pages.

Here we go.. FRST.txt

Well...after some digging I found some more info out about this, or just added more confusion, take your pick. I ran windows in safe boot, and the issue still persisted. Explorer.exe runs a memory tab, that starts as soon as windows loads in safemode. Litterally, Exeplorer.exe is somehow infected and that might explain why the scans dont pick it up. It looks like my only option is re-loading windows at this point, unless you have any other ideas.

Tried it...no difference

Also worth noting: In experimental fashion, I unplugged my CAT5 cable before leaving for work this afternoon. While I was gone, no sites were visited by IExplorer during that time.

And by no difference i mean the scan didnt help. That sounded kinda rude... I also ran a boot scan from AVAST, nothing detected. IExplorers history is still filling up. Its almost like someones browsing from my IExplorer when its closed.

No difference.... I was running IE11. When all this started, shortly before posting this thread, Microsoft forums recomended reseting or even rolling back IE11 to 10.

Hello again. So let me explain whats going on a little bit better and for some reason the log file you requested was not saved ( I attempted the scan 2 times, nothing found) About 3 weeks ago I ran CCleaner as I always do about once a week, to clean up my system. Its worth noting that this machine is dedicated to 1 or 2 programs exclusively, and I rarely, if ever, surf the web on it. I do not use torrent sites or any junk like that on it. The only reason I runn CCleaner on it is, the programs I use build temporary system files and I clean that regularly to keep the machine fast and lean. When I ran CCLeaner, 3 weeks ago or so, it took an extremely loooooooong time. Longer than normal (normal= 30sec, this time = 5mins). I noticed when it was done that it had cleaned approx. 1 GB of temp internet files from Internet Explorer. This was confusing since as stated earlier, i rarely surf on this machine. also if I do surf, its on Firefox, not InternetExplorer. So, I began monitoring IE 11 and its history after that. I noticed, with Internet Explorer CLOSED, after wiping the history clean, after 10 or so minutes, IE 11 had visited 15 to 20 sites, ON ITS OWN. It visited everything form Twitter to momthis.com to random IP Addresses in France. Without being opened. I also monitored my task manager and no intsances of iexplorer were found. The last time I was on the internet on this machine was on the 1st of November. I bought a new gaming headset and downloaded the drivers from Corsair.com. Other than that, this thing, whatever it is, just popped up out of nowhere. The reason why i posted all this is not to drone on. I just felt like I should explain my issue a little better since it seems to be an issue thats a pain in the neck to isolate. I've also seen a few posts go up on other sites and this one about a similar issue with IE11. I hope we arent chasing our tails , LOL. I senceirly appreciate your help and look foward figuring this out!

Thats affirmative. It seems to affect I Explorer as fas as the history of "sites visited" , but i noticed the process that is running in explorer.exe X2. Here's the log below SystemLook.txt

LOL, you're telling me. Still nothing detected. Its worth mentioning that the sites that appear are always the same i think. With the exception of the random IP addresses. I aslo notice in my task manager, 2 seperate Explorer.exe's running at the same time. one that seems stagnant ( ie doesnt do much in the way of memory) the other constantly ticks up up and away. Here are the logs. mbar-log-2014-11-30 (17-57-10).txt system-log.txt

Nothing found.. TDSSKiller.3.0.0.41_30.11.2014_17.37.03_log.txt

Ran both scans, I get errors with GMER. One says: C:\Windows\system32\config\system: The process cannot access the file because its being used by another process. the other says: C:\Users\%myname%\ntuser.dat: The process cannot access the file because its being used by another process. See logs below ark.txt RKreport_SCN_11302014_161745.log

This bug is still here... ComboFix.txt

Issue still there...see logs below. zoek-results1.txt

Well, tried both above and not dice still. The AV scan found some threats but, still my issue persists. See below logs. Fixlog.txt scan.txt

My mistake. Here we go. Addition.txt

Hello, WOW, quick response! Attached are my logs. I did notice a few found and removed stuff. Still no luck. Its worth metioning I did roll back IExplorer from v11 to v10 and did a full browser reset. Also, MBAM occasionally blocks sites and notify's me on my desktop, all of which are "outbound" from explorer.exe. AdwCleanerS0.txt FRST.txt mrt.log JRT.txt MBAW.txt