Jump to content

I'm not sure what's wrong.


munkie

Recommended Posts

For starters, I know there is a problem with my iexplorer but I don't know what it is. It is running very slowly and just recently it started running 2 instances of iexplorer.exe. I've researched it alot and every fix I find doesn't apply to my system. If there is anybody that can help me it out, it would be greatly appreciated

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:04:58 PM, on 12/19/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\RegCure\RegCure.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Sean.LIZ-8B1B717C21B\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)

O9 - Extra 'Tools' menuitem: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Sean.LIZ-8B1B717C21B\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1253753741256

O22 - SharedTaskScheduler: EtdissimKbd - {0B9B2D2C-831F-4EDC-B162-B9F0E20E50B3} - (no file)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--

End of file - 4684 bytes

Link to post
Share on other sites

Hi,

It's normal to have two (or more if more than one tab is open) instances of iexplore.exe process running while using Internet Explorer 8. There's one entry that needs further examination though.

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Link to post
Share on other sites

I know that another instance of iexplore when another tab is in use. On this report, I have 2 tabs. But no matter what, there are always 2 instances of iexplore running.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Sean at 19:16:33.21 on Mon 12/28/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.400 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\RegCure\RegCure.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Sean.LIZ-8B1B717C21B\Local Settings\Temporary Internet Files\Content.IE5\Q2024A9I\dds[1].scr

============== Pseudo HJT Report ===============

Link to post
Share on other sites

Attach

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 9/23/2009 3:28:16 PM

System Uptime: 12/19/2009 4:52:29 PM (219 hours ago)

Motherboard: Dell Inc. | | 0YC523

Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2792/800mhz

Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 228 GiB total, 135.148 GiB free.

D: is Removable

E: is Removable

F: is Removable

G: is Removable

H: is CDROM ()

I: is CDROM ()

J: is CDROM ()

K: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: PCI Modem

Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&5855BE9&0&20F0

Manufacturer:

Name: PCI Modem

PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&5855BE9&0&20F0

Service:

==== System Restore Points ===================

RP35: 9/29/2009 5:13:21 PM - System Checkpoint

RP36: 9/30/2009 1:40:13 AM - Software Distribution Service 3.0

RP37: 9/30/2009 7:50:07 AM - Software Distribution Service 3.0

RP38: 9/30/2009 9:08:14 PM - Installed MSXML 4.0 SP2 Parser and SDK

RP39: 9/30/2009 9:59:33 PM - Software Distribution Service 3.0

RP40: 9/30/2009 10:31:27 PM - Software Distribution Service 3.0

RP41: 10/1/2009 5:56:18 AM - Software Distribution Service 3.0

RP42: 10/2/2009 8:41:55 AM - System Checkpoint

RP43: 10/3/2009 10:23:01 AM - System Checkpoint

RP44: 10/4/2009 1:10:05 AM - Software Distribution Service 3.0

RP45: 10/5/2009 2:03:07 AM - System Checkpoint

RP46: 10/5/2009 8:37:11 PM - Software Distribution Service 3.0

RP47: 10/6/2009 8:49:13 PM - System Checkpoint

RP48: 10/7/2009 10:04:46 PM - System Checkpoint

RP49: 10/9/2009 1:40:39 AM - System Checkpoint

RP50: 10/10/2009 1:53:56 AM - System Checkpoint

RP51: 10/11/2009 6:53:30 AM - System Checkpoint

RP52: 10/12/2009 9:50:19 AM - Software Distribution Service 3.0

RP53: 10/12/2009 12:45:15 PM - Software Distribution Service 3.0

RP54: 10/13/2009 1:16:35 PM - System Checkpoint

RP55: 10/14/2009 2:18:36 PM - System Checkpoint

RP56: 10/15/2009 3:23:38 PM - System Checkpoint

RP57: 10/16/2009 3:25:39 PM - System Checkpoint

RP58: 10/17/2009 4:16:34 PM - System Checkpoint

RP59: 10/18/2009 5:16:34 PM - System Checkpoint

RP60: 10/19/2009 5:17:38 PM - System Checkpoint

RP61: 10/20/2009 6:16:35 PM - System Checkpoint

RP62: 10/26/2009 3:42:04 PM - Installed Linksys Wireless-G PCI Adapter

RP63: 10/27/2009 4:30:13 PM - System Checkpoint

RP64: 10/28/2009 5:30:13 PM - System Checkpoint

RP65: 10/29/2009 6:30:12 PM - System Checkpoint

RP66: 10/30/2009 7:30:13 PM - System Checkpoint

RP67: 10/31/2009 8:30:13 PM - System Checkpoint

RP68: 11/1/2009 9:30:13 PM - System Checkpoint

RP69: 11/2/2009 10:51:52 PM - System Checkpoint

RP70: 11/3/2009 11:50:00 PM - System Checkpoint

RP71: 11/4/2009 7:13:36 PM - Software Distribution Service 3.0

RP72: 11/5/2009 8:25:40 PM - System Checkpoint

RP73: 11/6/2009 9:01:39 PM - System Checkpoint

RP74: 11/7/2009 5:26:51 PM - Software Distribution Service 3.0

RP75: 11/8/2009 5:09:33 PM - System Checkpoint

RP76: 11/9/2009 5:57:45 PM - System Checkpoint

RP77: 11/10/2009 8:59:54 PM - System Checkpoint

RP78: 11/11/2009 10:31:27 PM - System Checkpoint

RP79: 11/12/2009 8:20:24 PM - Software Distribution Service 3.0

RP80: 11/12/2009 2:20:21 PM - System Checkpoint

RP81: 11/13/2009 3:04:36 PM - System Checkpoint

RP82: 11/14/2009 10:07:24 PM - System Checkpoint

RP83: 11/15/2009 5:32:35 AM - Software Distribution Service 3.0

RP84: 11/16/2009 3:00:13 AM - Software Distribution Service 3.0

RP85: 11/17/2009 3:02:51 AM - Software Distribution Service 3.0

RP86: 11/18/2009 3:00:15 AM - Software Distribution Service 3.0

RP87: 11/19/2009 3:02:17 AM - Software Distribution Service 3.0

RP88: 11/20/2009 3:00:46 AM - Software Distribution Service 3.0

RP89: 11/21/2009 3:00:14 AM - Software Distribution Service 3.0

RP90: 11/22/2009 3:02:37 AM - Software Distribution Service 3.0

RP91: 11/23/2009 3:00:14 AM - Software Distribution Service 3.0

RP92: 11/24/2009 3:00:31 AM - Software Distribution Service 3.0

RP93: 11/25/2009 3:00:15 AM - Software Distribution Service 3.0

RP94: 11/26/2009 3:00:16 AM - Software Distribution Service 3.0

RP95: 11/27/2009 3:00:14 AM - Software Distribution Service 3.0

RP96: 11/28/2009 3:01:35 AM - Software Distribution Service 3.0

RP97: 11/29/2009 3:00:14 AM - Software Distribution Service 3.0

RP98: 11/30/2009 3:00:45 AM - Software Distribution Service 3.0

RP99: 12/1/2009 3:00:18 AM - Software Distribution Service 3.0

RP100: 12/2/2009 3:00:32 AM - Software Distribution Service 3.0

RP101: 12/3/2009 3:00:16 AM - Software Distribution Service 3.0

RP102: 12/4/2009 3:00:16 AM - Software Distribution Service 3.0

RP103: 12/5/2009 3:00:21 AM - Software Distribution Service 3.0

RP104: 12/6/2009 3:00:19 AM - Software Distribution Service 3.0

RP105: 12/7/2009 3:00:14 AM - Software Distribution Service 3.0

RP106: 12/8/2009 3:00:52 AM - Software Distribution Service 3.0

RP107: 12/9/2009 3:00:14 AM - Software Distribution Service 3.0

RP108: 12/10/2009 3:00:16 AM - Software Distribution Service 3.0

RP109: 12/11/2009 3:01:32 AM - Software Distribution Service 3.0

RP110: 12/12/2009 3:00:18 AM - Software Distribution Service 3.0

RP111: 12/13/2009 3:02:58 AM - Software Distribution Service 3.0

RP112: 12/14/2009 3:00:16 AM - Software Distribution Service 3.0

RP113: 12/15/2009 3:00:15 AM - Software Distribution Service 3.0

RP114: 12/16/2009 3:00:25 AM - Software Distribution Service 3.0

RP115: 12/17/2009 3:00:15 AM - Software Distribution Service 3.0

RP116: 12/18/2009 3:00:13 AM - Software Distribution Service 3.0

RP117: 12/19/2009 3:00:33 AM - Software Distribution Service 3.0

RP118: 12/19/2009 8:28:27 PM - Removed Linksys Wireless-G PCI Adapter

RP119: 12/20/2009 3:00:14 AM - Software Distribution Service 3.0

RP120: 12/21/2009 3:00:15 AM - Software Distribution Service 3.0

RP121: 12/22/2009 3:02:54 AM - Software Distribution Service 3.0

RP122: 12/23/2009 3:00:17 AM - Software Distribution Service 3.0

RP123: 12/24/2009 3:00:22 AM - Software Distribution Service 3.0

RP124: 12/25/2009 3:00:14 AM - Software Distribution Service 3.0

RP125: 12/26/2009 3:00:43 AM - Software Distribution Service 3.0

RP126: 12/27/2009 3:00:15 AM - Software Distribution Service 3.0

RP127: 12/28/2009 3:00:30 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Link to post
Share on other sites

I know that another instance of iexplore when another tab is in use. On this report, I have 2 tabs. But no matter what, there are always 2 instances of iexplore running.

I don't think you understood me right. I meant that when you have one tab open there are two iexplore.exe processes running, when two tab open there are three processes, with three there are four and so on.

Looks like all dds.txt log contents didn't get posted. Did you run GMER yet?

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.