2 x IE.exe in Task Manager - Possible Mal/Spyware Infection

[saba7]

Hi! I'm new to this forum so I'll try to keep things short and concise:

I've had problems for some time now with IE 'not responding', usually after I've opened certain pages or have closed a tab. When I open Task Manager to shut down the process, there are 2 IE applications displayed and 2 IE.exe processes, but only one page is visible ('not responding') on the desktop. I've tried various fixes for this including trying various registry cleaners and following the steps regimentally on the Windows IE troubleshooting site...all to no avail; even uninstalling and reinstalling IE has no discernible effect - sooner, rather than later, an IE window stops responding.

Yesterday, I decided to download the beta IE 8 in response to some favourable reviews I'd read on forums stating that IE 8 was 'immune' to the various causes of 'not responding' pages. So far, so good, but I have noticed that there are still 2 IE.exe processes running despite only one window being open. Would anyone be kind enough to diagnose the problem (if there is one)? I'd be eternally grateful.

I've followed the 8 step Preliminary Removal Instructions to the letter and have included the 3 logs for your convenience.

Many thanks in advance!

 

[saba7]

Bump!

I'm pretty sure that I've followed Techspot's etiquette to the letter, which is why I'm puzzled that I have not, as yet, received a reply If I am doing something wrong could someone at least reply to let me know what I would need to do to get somebody to cast an expert eye over my logs?

My apologies if there is a backlog, but I've witnessed my post descend further and further down the front pag of threads and wanted it to stay at or near the top of the list so that anyone who might be able to help would spot me.

Could somebody give me the benefit of their advice, please? I'd be extremely grateful.

Best wishes,

Saba7:wave:

 

[kimsland]

It looks already clean
You could run HJT and check these two entries and select fix:

O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

I noticed that you have "syssetup.dll" starting with Windows as well (as shown in your 04 entries of HJT log)
This file is used for configuring Windows, ie like setting it up
If you are not setting up Windows any longer you can tick those 04 entries as well


Combofix Instructions

• Download Combofix to your desktop.
• Double click Combofix & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt
Also attach a fresh HiJackThis scan ran afterwards

 

[saba7]

Thank you!

Thanks ever so much Kimsland!

I have deleted these files via HJThis:

O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

I also deleted the

"syssetup.dll" (as shown in your 04 entries of HJT log)

I downloaded and ran Combofix followed by another scan with HJThis and have attached the 2 logs below.

As an afterthought, I am still wondering about those 2 (sometimes 3) iexplorer.exe processes running despite having just one page/tab open. I had read somewhere that the 2nd or 3rd process is connected to the new crash recovery function in IE 8. Can you confirm whether this is the case? Do I have anything to worry about?

I'd just like to say thanks once again for providing your expertise so willingly. God bless and take care!

 

[kimsland]

Download and run KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
(uncheck RelevantKnowledge during install, pic here: http://i42.tinypic.com/aloy8z.gif)

Clear & Reset System Restore's Cache

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

Fix System Restore
https://www.techspot.com/vb/topic123379.html


Un-install Combofix

• Click START then RUN
• Now type Combofix /u in the runbox and click OK
• 
• When shown the disclaimer, Select "2"

(Note: 1 space after ComboFix in that uninstall command)

Restart
You should not normally have extra IE processes now
If you want to go one step further you could run an IE Reset
Then restart again

Should be good news after restart

 

[saba7]

Thank you!

Thank you once again Kimsland :wave:

I downloaded KCleaner

Download and run KCleaner
(uncheck RelevantKnowledge during install, pic here

NB - It may just be my version of NOD32, but having followed the link to the ftp address and downloaded KCleaner, I received a malware/adware alert (probably the RelevantKnowledge?) and the file was quarantined.

I searched for KC Softwares, found their site, and instead of downloading the file as an executable, downloaded it in RAR format. I then opened it with no problems from there. Just for your info. (not sure if this is important?).

Then I reset the system restore cache as per instructions

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

Now, when I tried to uninstall ComboFix by your method

Un-install Combofix
Click START then RUN
Now type Combofix /u in the runbox and click OK. When shown the disclaimer, Select "2"
(Note: 1 space after ComboFix in that uninstall command)

ComboFix started up (asked me to close my AV followed by OK). I closed the dialogue box, then another one before a new dialogue box flashed up saying 'ComboFix uninstalled'...most odd! Still it did the trick - not sure if this is helpful but I've added it anyway...I like to be thorough.

Then I restarted, opened IE and checked Task Manager - still 2 iexplorer.exe's

So, I reset the IE settings as per your pointer and the other thread, restarted and opened IE and Task Manager again: unfortunately, there were still 2 IE processes running.

Not to worry, I'm guessing that this has something to do with IE8's crash recovery and I don't think it's particularly nefarious. Unless you have any other suggestions I'll consider this problem solved to my satisfaction.

Thank you ever so much for taking the time to explain such things to a dunce like me; it's a credit to the experts@Tech Spot that you're all so very knowledgeable.

Many thanks and best wishes,

Saba7

 

[kimsland]

Hmm I've updated my link to Kcleaner to TechSpot's own Server (being one of the alternatives on their Home Page): https://www.techspot.com/downloads/4755-kcleaner.html
So thanks for that info :grinthumb

The malware/adware alert, was definitely RelevantKnowledge (why they keep that program in there is beyond me), anyway if you didn't agree to installing it, then all should be ok

ComboFix uninstall method, has possibly changed I'll need to also change my wording on that as well

2 Iexplore processes, still the same!
Hmm I have IE7, so what you are saying is possible... actually I just searched this...

3 different things between IE7 and IE 8 for tabs.

1.IE8 runs 2 processes when run.
2.IE8 has a Crash prevention function.
3.IE8 has a Crash recovery function

The 3rd one above allows crash recovery if your active IE8 window crashes, the 2nd IE8 process will enable

Hmm we learn something new everyday

Well at least we cleaned up your system