Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe Still running High


  • Please log in to reply
16 replies to this topic

#1 Boog403

Boog403

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 28 October 2014 - 02:54 AM

Hi all,

thought I fixed it with my last update but it seems to be getting worse. IE is running my physical memory to 94%. Don't have the Windows 7 disk anymore so I'm looking for any help I can get to repair my laptop without wiping it. Thank you in advance

 

 

EDIT* It's not IE but explorer.exe which is running high mem in the task manager.  Mod Edit:  Changed title to reflect - Hamluis.


Edited by hamluis, 31 October 2014 - 09:05 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Boog403

Boog403
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 28 October 2014 - 02:55 AM

Ran an older version of Rkill and got:

Rkill was run on 10/28/2014 at  0:26:33.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Windows\SysWOW64\InfDefaultInstall.exe
C:\Windows\SysWOW64\InfDefaultInstall.exe
C:\Windows\SysWOW64\InfDefaultInstall.exe
C:\Windows\SysWOW64\runonce.exe
C:\Windows\SysWOW64\runonce.exe
C:\Windows\SysWOW64\runonce.exe



#3 Boog403

Boog403
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 28 October 2014 - 02:12 PM

I also started having the CMD propt pop up quite frequently without me using it. Since I'm on admin, it keeps asking me for permission to pop up but i keep closing it and it keeps coming back. Is this something I should be worried about or should i just let it run?



#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:19 PM

Posted 29 October 2014 - 06:08 PM

Please...do not post unrequested files or data...just clutters up the topic.  RKill is a tool used for malware situations and such are not worked in this forum.

 

Do you feel that you have a malware issue?

 

If not...

 

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis



#5 Boog403

Boog403
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 31 October 2014 - 02:26 AM

I believe it is a malware issue but I really have nothing to support that other than the pop up programs which feel malware like. Windows asks for my permission and I deny but they keep popping back up. One for CMD and other for some really random programs I'm sure I didn't install. Should I still be running minitoolbox?



#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:19 PM

Posted 31 October 2014 - 09:03 AM

Thanks...no, don't bother since I will move this to a malware forum where the more knowledgeable can check the system for malware and MTB is not of any particular value if malware is involved.

 

Louis



#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,364 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:19 PM

Posted 31 October 2014 - 09:45 AM

Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.
 
 
 

Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
malwarerun_zps9abd4ef1.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 Boog403

Boog403
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 03 November 2014 - 04:50 PM

 AdwCleaner v3.311 - Report created 03/11/2014 at 13:44:54
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chewy - COLLIN
# Running from : C:\Users\Chewy\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17116


-\\ Mozilla Firefox v33.0 (x86 en-GB)

[ File : C:\Users\CChiu\AppData\Roaming\Mozilla\Firefox\Profiles\hbk5r1u1.default\prefs.js ]


[ File : C:\Users\Chewy\AppData\Roaming\Mozilla\Firefox\Profiles\g9nkt3fa.default\prefs.js ]


[ File : C:\Users\Luckie\AppData\Roaming\Mozilla\Firefox\Profiles\nzkcmi75.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\CChiu\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

[ File : C:\Users\Chewy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={9FDAB740-05ED-11E3-A570-1C7508322AB0}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[ File : C:\Users\Luckie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [2622 octets] - [03/11/2014 13:42:10]
AdwCleaner[S0].txt - [2587 octets] - [03/11/2014 13:44:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2647 octets] ##########



#9 Boog403

Boog403
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 03 November 2014 - 05:40 PM

Scanned Malwarebytes and it says there's nothing in the log.



#10 Boog403

Boog403
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 03 November 2014 - 05:43 PM

My task manager however is now showing 17 dllhost.exe and dllhost.exe*32 running now. Is that normal?



#11 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,364 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:19 PM

Posted 04 November 2014 - 10:06 AM

What is the CPU and Memory percentage of use with these?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#12 Boog403

Boog403
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 04 November 2014 - 02:32 PM

75-100% of both. Ran rkill and have been ending processes manually so that I could use my computer to send this.



#13 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,364 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:19 PM

Posted 05 November 2014 - 10:41 AM

Please run the following scans.
 

 

 
Please download and install Emsisoft.
 
1.  When Emsisoft opens click on Update.
 
emsisoft6_zpsace019ac.png
 
2.  Click on Full Scan.
 
emsisoft7_zps9186dacd.png
 
3.  After the scan has completed the results will be displayed.  Make sure there is a check in the box of each item found, then click on Quarantine.
 
emsisoft9_zpsf493a30a.png
 
4.  After the items have been quarantined click on OK.
 
emsisoft10_zpscd89d5de.png
 
5.  After the quarantine has been completed click on Logs.
 
emsisoft11_zps7f976399.png
 
6.  Click on Export and save the log to a location which you will be able to find and open.  Open the log, copy and then paste the log in your topic.
 
emsisoft12_zpsb7365391.png

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to have the time to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

  • Click on this link to open ESET OnlineScan in a new window.
  • The ESET Online Scanner page will open, click on Yes, I agree to the trems of use, then click on Start, the scan will now begine.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#14 Boog403

Boog403
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 07 November 2014 - 12:52 AM

Emsisoft Emergency Kit - Version 9.0
Last update: 11/6/2014 11:08:40 AM
User account: Collin\Chewy
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 11/6/2014 8:40:16 PM
C:\Users\Chewy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\46d0159e-7ad3ab88 detected: Exploit.Java.Agent (A)
C:\Users\Chewy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\dce9ca4-19f81765 detected: Exploit.Java.Agent (A)
 
Scanned 195495
Found 2
 
Scan end: 11/6/2014 9:49:14 PM
Scan time: 1:08:58
 
C:\Users\Chewy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\dce9ca4-19f81765 Quarantined Exploit.Java.Agent (A)
C:\Users\Chewy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\46d0159e-7ad3ab88 Quarantined Exploit.Java.Agent (A)
 
Quarantined 2


#15 Boog403

Boog403
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 07 November 2014 - 12:54 AM

Emisoft keeps crashing on me but I was able to get the log before it crashed again. Haven't run esetsmartininstaller yet but will post that soon.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users