2 process of iexplore.exe in task manager

By BMXer Dan
Nov 5, 2008
  1. First of all the computer that i would like fixing is my parents desktop.

    It has Windows XP Home

    The computer is now unbarably slow and i have offered to find a solution to it.

    I have 2 processes of iexplore.exe in the task manager, and they wont go away when i try to end the process on them, they just come straight back. (Internet explorer isnt open whilst these processes are running, also every so often an I Explorer window ecides to open with random adverts in it(out default browser is firefox so this shouldnt happen))

    Also there are a few other processes that are running in duplicate and even tripple for no aparent reason.

    AVG Free Anti-Virus found nothing, I also ran HIJACKTHIS and attached the log file.

    Thanks in advance for any help

  2. momok

    momok TS Rookie Posts: 2,265

    You are infected, and your HJT is outdated. Please visit the malware removal sticky and complete the 8 step instructions (including the latest version of HJT)
  3. BMXer Dan

    BMXer Dan TS Rookie Topic Starter

    Right, im back from being out and the scans have finished.

    I have followed steps 1 to 8 and here are the 3 sets of logs


    Attached Files:

  4. momok

    momok TS Rookie Posts: 2,265


    Please run HijackThis and fix these entries:

    O2 - BHO: (no name) - {5B794827-1D95-9A17-0FAF-932AF9C78B0C} - C:\DOCUME~1\NEILTW~1\APPLIC~1\HIDEBU~1\Mail heart.exe (file missing)
    O4 - HKCU\..\Run: [Internetsite] C:\DOCUME~1\NEILTW~1\APPLIC~1\MEALPR~1\nounuser.exe

    I'm particularly concerned about your mbam log, which shows 946 infected items. Could you run Combofix from here? I wish to check for any other hiding malwares.
    Do ensure that SpyBot teatimer is not running when you run Combofix.

    Post both logs here in your reply.
  5. BMXer Dan

    BMXer Dan TS Rookie Topic Starter

    romoved those two instances with HijackThis

    and also ran Combofix

    Here are the two Logs:


    with these scans

    was i supposed to heal them and remove whatever it found to be bad, because i havent

    also there are still two iexplore.exe running and hogging
    ive attacked a jpeg showing the task manager
  6. momok

    momok TS Rookie Posts: 2,265

    Please temporarily disable turn off AVG's real-time monitoring function(in your windows system tray bottom right) before you commence with the following instructions.

    1. Open notepad and copy/paste the text in the quote box below into it:

    2. Save this as "CFScript.txt" on the desktop.
    3. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
    4. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
      Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang
    Paste the new Combofix log in your next reply.

    Next run HijackThis and fix these:

    O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\real bat.exe
    O8 - Extra context menu item: &Search - ?p=ZU

    Post a fresh HJT log as well as the combofix log in your next reply. Thanks.
  7. BMXer Dan

    BMXer Dan TS Rookie Topic Starter

    just performed the requested actions

    here are the logs

  8. momok

    momok TS Rookie Posts: 2,265


    Please modify the CFScript.txt with these text:
    c:\program files\meal proxy support
    C:\Documents and Settings\Neil Twomey\Application Data\meal proxy support
    Boot into safe mode and run Combofix using the same method with the new CFScript.

    Also run HJT and fix these entries:
    O4 - HKCU\..\Run: [Internetsite] C:\DOCUME~1\NEILTW~1\APPLIC~1\MEALPR~1\nounuser.exe
    O20 - AppInit_DLLs: avgrsstx.dll WIKI.DLL

    Reboot into normal mode and post a fresh HJT log as well as the resultant combofix log. Thanks
  9. BMXer Dan

    BMXer Dan TS Rookie Topic Starter

    here are the required logs

  10. momok

    momok TS Rookie Posts: 2,265

    Hi, I had requested a HJT log from normal mode.
    I believe the problem should be fixed now, just need to be sure with your normal mode log.

    Are you facing any issues?
  11. BMXer Dan

    BMXer Dan TS Rookie Topic Starter

    Sorry, didnt realise you wanted the HijackThis log in normal mode (attached now)

    The ony issues im facing at the moment is that the internet takes its time in opening

    The computers performance is much better, its quicker and doesnt lag when you click on things, well some not as much as it used to
  12. momok

    momok TS Rookie Posts: 2,265

    Nice, its clean alright.
    Now that you're gd to go,
    1. Please download and run CCleaner via step 3 of the instructions HERE.

    2. Clear your existing System Restore points and establish a new clean restore point:
      Go to Start > All Programs > Accessories > System Tools > System Restore> Select Create a restore point> OK.

      Next, go to Start > Run > cleanmgr
      Select the More options tab > Choose the option to clean up System Restore and OK.
      This will remove all restore points except the new one you just created.

    3. Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
      May I recommend you to read this article.
      This can help to prevent future infections.
  13. BMXer Dan

    BMXer Dan TS Rookie Topic Starter

    Thankyou very much for your help

    I appreciate it greatly :)


Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...