Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

running multiple iexplorer.exe unwillingly? Cannot end task


  • This topic is locked This topic is locked
3 replies to this topic

#1 Dejshi

Dejshi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 27 November 2009 - 03:54 AM

Hello,

I really hope someone can help I'm pulling out my hair. Ok about a week ago I noticed my Windows Defender wasn't running so I went to manually turn it on It gave me an error saying it couldnt run for some reason dont know the error and thats not my main problem. Since then I downloaded Avast and have deleted tons of Malware. My computer seems to be running fine but when I open Internet Explore everything starts to run very slow. My pages seem to be re-directed to multiple sites I uses Yahoo as my default browser. When I open my Task Manager it shows two iexplorer.exe running when in fact I'm only using one and one of the iexplorer.exe is using tons of memory usage. This is my main problem and when i close the iexplorer using the most memory it opens itself back up. I would greatly appreciate some help. I also think whatever is causing this is disabling a portion of any anti-virus program I use because Avast doesn't seem to be working properly I like Win Def much better.

Thank You

My DDS is below and the other files are attached.


DDS (Ver_09-11-24.02) - NTFSx86
Run by Zack at 0:49:58.20 on Fri 11/27/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
AV: avast! antivirus 4.8.1356 [VPS 091126-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Qwest
uDefault_Page_URL = hxxp://qwest.live.com
uSearch Bar =
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {156743b4-8e6e-4501-bc96-7ca687e23090} - c:\windows\system32\ersvc32.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\search\YSearchSuggest.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: {c2a1c5cb-c0ef-4689-9436-f62cca1c5383} - c:\program files\video add-on\isfmdl.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: GreatAdsForYou: {ddd38b53-8fb2-27b4-36b9-fd312993ee27} - c:\program files\greatadsforyou\GreatAdsForYou.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: e404mgr Class: {f10587e9-0e47-4cbe-abcd-7dd20b862223} - c:\program files\helper\1202575575.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
uRun: [AnVir Task Manager Pro] "c:\program files\anvir task manager pro\AnVir.exe" Minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [A00F38C3018.exe] c:\docume~1\zack\locals~1\temp\_A00F38C3018.exe
uRun: [A00F40CBFC6.exe] c:\docume~1\zack\locals~1\temp\_A00F40CBFC6.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [95157431] c:\docume~1\alluse~1\applic~1\95157431\95157431.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1258022924484
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177892765921
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
TCP: {4435C9CC-9A7B-453A-9A4B-74DBD12604E0} = 205.171.3.65,205.171.2.65
Notify: 71148b55697 - c:\windows\system32\comrepl32.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IfxWlxEN - IfxWlxEN.dll
Notify: OneCard - c:\program files\bioscrypt\verisoft\bin\ASWLNPkg.dll
Notify: __c00D9039 - c:\windows\system32\__c00D9039.dat
AppInit_DLLs: APSHook.dll,c:\windows\system32\comrepl32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {747e1fbe-b70f-441d-bbca-6e536c04924a}: didact
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 217.20.175.74 www.review.2009softwarereviews.com
Hosts: 217.20.175.74 review.2009softwarereviews.com
Hosts: 217.20.175.74 a1.review.zdnet.com
Hosts: 217.20.175.74 www.d1.reviews.cnet.com
Hosts: 217.20.175.74 www.reviews.toptenreviews.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============


============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-11-27 07:39:11 35328 ----a-w- c:\windows\system32\__c00D9039.dat
2009-11-26 18:36:51 187904 ----a-w- c:\windows\system32\ersvc32.dll
2009-11-26 18:36:50 615 ----a-w- c:\windows\system32\TDWxTlJ.vbs
2009-11-26 16:06:21 615 ----a-w- c:\windows\system32\wYWlI.vbs
2009-11-26 16:06:21 187904 ----a-w- c:\windows\system32\comaddin32.dll
2009-11-26 15:53:07 187904 ----a-w- c:\windows\system32\dmsynth32.dll
2009-11-26 15:53:06 615 ----a-w- c:\windows\system32\WMO8PIokExRDN.vbs
2009-11-26 09:16:57 187904 ----a-w- c:\windows\system32\dsauth32.dll
2009-11-26 09:16:52 615 ----a-w- c:\windows\system32\TLh6mGg.vbs
2009-11-26 08:09:33 615 ----a-w- c:\windows\system32\NNDpsGF0CVS821Z.vbs
2009-11-26 05:37:37 0 d-----w- c:\windows\system32\MpEngineStore
2009-11-26 05:36:20 187904 ----a-w- c:\windows\system32\dispex32.dll
2009-11-26 05:36:18 615 ----a-w- c:\windows\system32\uSLuM6ZFZVcs9.vbs
2009-11-25 16:53:22 187904 ----a-w- c:\windows\system32\dsdmoprp32.dll
2009-11-25 16:53:19 615 ----a-w- c:\windows\system32\9EFw5OI7H3ee4.vbs
2009-11-24 17:16:24 30208 ----a-w- c:\windows\system32\__c00735AC.dat
2009-11-24 17:12:16 615 ----a-w- c:\windows\system32\J7QuEJPwe8Nwi.vbs
2009-11-24 14:15:23 615 ----a-w- c:\windows\system32\J0jju.vbs
2009-11-23 15:38:34 615 ----a-w- c:\windows\system32\Zr3zbMxRnsWGBaH.vbs
2009-11-23 15:27:06 615 ----a-w- c:\windows\system32\yFgxt.vbs
2009-11-23 15:27:06 187904 ----a-w- c:\windows\system32\credssp32.dll
2009-11-22 15:50:22 187904 ----a-w- c:\windows\system32\drmclien32.dll
2009-11-22 15:50:21 615 ----a-w- c:\windows\system32\dBc1gJrW5PQNLf4.vbs
2009-11-22 15:39:26 0 d-----w- c:\program files\CONEXANT
2009-11-22 08:38:00 615 ----a-w- c:\windows\system32\5AK1ox3kWuPPS.vbs
2009-11-22 08:38:00 187904 ----a-w- c:\windows\system32\csseqchk3232.dll
2009-11-22 07:23:16 615 ----a-w- c:\windows\system32\Xy9Xq.vbs
2009-11-22 03:20:21 187904 ----a-w- c:\windows\system32\d3dpmesh32.dll
2009-11-22 03:20:20 615 ----a-w- c:\windows\system32\66Eup7JEnjic7m0.vbs
2009-11-21 22:22:53 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-21 22:22:52 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-21 22:22:52 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-21 22:22:50 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-21 21:51:19 28160 ----a-w- c:\windows\system32\__c00B0062.dat
2009-11-21 21:49:33 187904 ----a-w- c:\windows\system32\eapphost32.dll
2009-11-21 21:49:14 615 ----a-w- c:\windows\system32\ZNxUbD1m1vnWz.vbs
2009-11-20 16:53:38 187904 ----a-w- c:\windows\system32\fltlib32.dll
2009-11-20 16:53:37 615 ----a-w- c:\windows\system32\sZaLz87.vbs
2009-11-20 09:22:15 187904 ----a-w- c:\windows\system32\csrsrv32.dll
2009-11-20 09:22:13 615 ----a-w- c:\windows\system32\L5XQGVfxwXGqebM.vbs
2009-11-19 15:41:53 187904 ----a-w- c:\windows\system32\fwcfg3232.dll
2009-11-19 15:41:52 615 ----a-w- c:\windows\system32\MUKhBXNNR1DTyyq.vbs
2009-11-19 07:33:34 187904 ----a-w- c:\windows\system32\dpnhupnp3232.dll
2009-11-19 07:33:33 615 ----a-w- c:\windows\system32\9dF98njGvavdo.vbs
2009-11-18 16:26:05 187904 ----a-w- c:\windows\system32\comsvcs32.dll
2009-11-18 16:26:04 615 ----a-w- c:\windows\system32\QIqmL9q.vbs
2009-11-18 15:50:35 187904 ----a-w- c:\windows\system32\esent9732.dll
2009-11-18 15:50:34 615 ----a-w- c:\windows\system32\GmVPMA9tez2ujbM.vbs
2009-11-18 11:29:59 1356 --sha-w- c:\windows\system32\558160645
2009-11-18 11:29:58 817 ----a-w- c:\windows\system32\1897171797
2009-11-18 11:29:01 0 d-sh--w- c:\windows\system32\SysWoW32
2009-11-18 11:27:33 203776 --sh--w- c:\windows\system32\unrar.exe
2009-11-18 11:27:33 0 d-----w- c:\windows\system32\1126624306
2009-11-18 11:27:06 738816 --sha-w- c:\windows\system32\20.tmp
2009-11-18 10:17:38 187904 ----a-w- c:\windows\system32\dmcompos32.dll
2009-11-18 10:17:35 615 ----a-w- c:\windows\system32\Kxavc.vbs
2009-11-18 10:01:48 0 d-----w- c:\docume~1\alluse~1\applic~1\95157431
2009-11-18 07:59:02 615 ----a-w- c:\windows\system32\0EdwWy86BjcPn.vbs
2009-11-17 17:43:20 615 ----a-w- c:\windows\system32\Q5o4xdfe4dc8IyS.vbs
2009-11-17 17:43:20 187904 ----a-w- c:\windows\system32\dot3svc32.dll
2009-11-17 06:18:20 0 ----a-w- c:\windows\system32\33.tmp
2009-11-17 04:42:25 615 ----a-w- c:\windows\system32\P2goObAOWJ6Yv.vbs
2009-11-17 04:42:25 187904 ----a-w- c:\windows\system32\dpnwsock32.dll
2009-11-16 15:01:18 187904 ----a-w- c:\windows\system32\cdmodem32.dll
2009-11-16 15:01:17 615 ----a-w- c:\windows\system32\NaDScjedaIUkhfz.vbs
2009-11-16 04:37:49 187904 ----a-w- c:\windows\system32\E_SAGSET32.dll
2009-11-16 04:37:48 615 ----a-w- c:\windows\system32\UwHZ9ASpLE8rUe6.vbs
2009-11-15 07:33:00 187904 ----a-w- c:\windows\system32\crtdll32.dll
2009-11-15 07:32:58 615 ----a-w- c:\windows\system32\d0cGD.vbs
2009-11-14 17:40:56 187904 ----a-w- c:\windows\system32\HdAudRes32.dll
2009-11-14 17:40:52 615 ----a-w- c:\windows\system32\WepAcp8.vbs
2009-11-14 08:36:30 615 ----a-w- c:\windows\system32\LxrnWSu2dYm2x4S.vbs
2009-11-13 21:30:14 615 ----a-w- c:\windows\system32\sRIIpzi.vbs
2009-11-13 16:55:36 615 ----a-w- c:\windows\system32\OtgK17FgYByZDkT.vbs
2009-11-12 23:42:01 0 d-----w- c:\program files\AnVir Task Manager Pro
2009-11-12 14:31:49 615 ----a-w- c:\windows\system32\1WSdUdEfheYeM.vbs
2009-11-12 11:44:19 53136 ----a-w- c:\windows\system32\PxSecure.dll
2009-11-12 11:44:18 46768 ----a-w- c:\windows\system32\drivers\pxrts.sys
2009-11-12 11:44:18 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-11-12 11:44:16 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2009-11-12 11:44:08 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-11-12 11:28:07 615 ----a-w- c:\windows\system32\9Qb5x.vbs
2009-11-12 11:22:46 615 ----a-w- c:\windows\system32\60cW0Jz5UcWf0ry.vbs
2009-11-12 09:54:38 0 d--h--w- c:\windows\system32\GroupPolicy
2009-11-12 09:35:11 615 ----a-w- c:\windows\system32\ExxRP213E4tsi.vbs
2009-11-12 09:01:23 615 ----a-w- c:\windows\system32\OVIASqOZAAuo3.vbs
2009-11-12 08:53:21 0 ----a-w- c:\windows\win32k.sys
2009-11-12 08:32:20 615 ----a-w- c:\windows\system32\xZwPf.vbs
2009-11-11 18:34:08 743 ----a-w- C:\xcrashdump.dat
2009-11-11 06:35:17 1919 ----a-w- c:\windows\GnuHashes.ini
2009-11-11 06:22:42 206848 ----a-w- c:\windows\system32\dpnhupnp32.dll
2009-11-11 06:22:38 615 ----a-w- c:\windows\system32\UFCeVFC56na3p9j.vbs
2009-11-11 06:12:14 0 d-----w- c:\program files\CS
2009-11-11 05:09:27 206848 ----a-w- c:\windows\system32\csseqchk32.dll
2009-11-11 05:09:21 615 ----a-w- c:\windows\system32\abt5UlX.vbs
2009-11-11 05:07:20 615 ----a-w- c:\windows\system32\eC4Pi.vbs
2009-11-11 05:05:37 1348 --sha-w- c:\windows\system32\GroupPolicy000.dat
2009-11-11 05:05:37 0 d-sh--w- c:\windows\system32\LocalService
2009-11-11 05:05:27 523776 --sha-w- c:\windows\system32\D.tmp
2009-11-11 05:05:26 206848 ----a-w- c:\windows\system32\confmsp32.dll
2009-11-11 05:05:24 122880 ----a-w- c:\windows\system32\comrepl32.dll
2009-11-11 05:05:22 615 ----a-w- c:\windows\system32\k2DMSKKCTK0riCf.vbs
2009-11-11 04:42:24 0 d-----w- c:\docume~1\zack\applic~1\Uniblue
2009-11-11 00:02:05 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2009-11-11 00:00:43 0 d-----w- c:\program files\common files\iS3
2009-11-11 00:00:42 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-11-08 00:47:25 0 d-----w- c:\docume~1\zack\applic~1\Megaupload
2009-11-08 00:46:31 0 d-----w- c:\program files\GreatAdsForYou
2009-11-08 00:46:31 0 d-----w- c:\program files\FBrowsingAdvisor
2009-11-08 00:46:20 0 d-----w- c:\program files\PlayMP3z
2009-11-06 19:54:15 0 d-sh--w- C:\found.000
2009-11-06 07:21:02 0 d-----w- c:\docume~1\zack\applic~1\MozillaControl
2009-11-06 07:20:46 0 d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-11-06 07:20:01 0 d-----w- c:\program files\VideoLAN

==================== Find3M ====================

2009-11-03 03:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2008-01-20 19:08:06 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-08-23 16:54:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 0:53:52.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:30 PM

Posted 27 November 2009 - 09:41 AM

Hi Dejshi,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Click on Start->Run, and copy-paste the following command (the bold text) into the "Open" box, and click OK:

cmd /c dir /a/s %systemdrive%\eventlog.dll %systemdrive%\scecli.dll %systemdrive%\netlogon.dll %systemdrive%\logevent.dll %systemdrive%\ntelogon.dll %systemdrive%\scecli.dll %systemdrive%\sceclt.dll>log.txt&start log.txt

A command window will opens wait until it is finished. A log.txt file opens, copy and paste the content the log to your reply.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:30 PM

Posted 30 November 2009 - 05:35 AM

Are you still there?

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:30 PM

Posted 04 December 2009 - 08:18 AM

This thread will now be closed due to inactivity.

If you should have the same or a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users