TechSpot

Iexplore.exe continuously running

By 2bitmick
Sep 18, 2010
  1. When I open my browser I get 2 iexplore.exe running and when I close the browser they are still running. If I open my browser again I get 2 more iexplorer.exe.

    I have tried removing malware and spyware with Shawsecure Online and Malwarebyte's Anti-Malware to no avail.

    I could use a little help

    Thanks

    [HJT log removed - Broni]
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

  3. 2bitmick

    2bitmick TS Rookie Topic Starter

    Hi Broni

    I've attached all the output files. I noticed when I did not have the Shaw Secure F-Secure antivirus running I still got 2 iexplore.exe but they both closed when I close the browser.

    Cheers
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Which one would that be? Can't be both.
     
  5. 2bitmick

    2bitmick TS Rookie Topic Starter

    I was mistaken I still get 2 iexplore.exe when I open my browser and I continue to get 2 more each time I open my browser. They just keep adding up.

    The only way I can get rid of them is to End Process under the Processes tab in Task Manager
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I still don't understand.
    When you have your browser CLOSED, do you have any iexplore.exe running?

    Keep in mind, that with IE8, when you open it, it'll run TWO iexplore.exe processes from the get go and then, every new tab open will produce another iexplore.exe process.
     
  7. 2bitmick

    2bitmick TS Rookie Topic Starter

    Yes, when I close my browser I still have 2 iexplorer.exe running the processes do not stop when I close the browser. The icon closes in Task Manager under the Application tab but the two iexplore.exe are seen under the Processes tab.

    So when I open the browser again without Ending the previous 2 iexplorer.exe I get two more for a total of 4. etc etc.........

    Didn't know IE8 opens 2 iexploer.exe
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    OK, you're infected then....

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  9. 2bitmick

    2bitmick TS Rookie Topic Starter

    Here the results.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000003d

    Kernel Drivers (total 218):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF7C24000 \WINDOWS\system32\KDCOM.DLL
    0xF7B34000 \WINDOWS\system32\BOOTVID.dll
    0xF76D5000 ACPI.sys
    0xF7C26000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF76C4000 pci.sys
    0xF7724000 isapnp.sys
    0xF7CEC000 pciide.sys
    0xF79A4000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7C28000 aliide.sys
    0xF7C2A000 cmdide.sys
    0xF7C2C000 toside.sys
    0xF7C2E000 viaide.sys
    0xF7C30000 intelide.sys
    0xF7734000 MountMgr.sys
    0xF76A5000 ftdisk.sys
    0xF79AC000 PartMgr.sys
    0xF7744000 VolSnap.sys
    0xF7B38000 cpqarray.sys
    0xF768D000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xF7618000 iaStor.sys
    0xF7600000 atapi.sys
    0xF7B3C000 aha154x.sys
    0xF79B4000 sparrow.sys
    0xF7B40000 symc810.sys
    0xF7754000 aic78xx.sys
    0xF7B44000 dac960nt.sys
    0xF7764000 ql10wnt.sys
    0xF7B48000 amsint.sys
    0xF79BC000 asc.sys
    0xF7B4C000 asc3550.sys
    0xF79C4000 mraid35x.sys
    0xF79CC000 i2omp.sys
    0xF7B50000 ini910u.sys
    0xF7774000 ql1240.sys
    0xF7784000 aic78u2.sys
    0xF79D4000 symc8xx.sys
    0xF79DC000 sym_hi.sys
    0xF79E4000 sym_u3.sys
    0xF79EC000 ABP480N5.SYS
    0xF79F4000 asc3350p.sys
    0xF7C32000 cd20xrnt.sys
    0xF7794000 ultra.sys
    0xF75E7000 adpu160m.sys
    0xF79FC000 dpti2o.sys
    0xF77A4000 ql1080.sys
    0xF77B4000 ql1280.sys
    0xF77C4000 ql12160.sys
    0xF7A04000 perc2.sys
    0xF7C34000 perc2hib.sys
    0xF7A0C000 hpn.sys
    0xF7B54000 cbidf2k.sys
    0xF75BB000 dac2w2k.sys
    0xF77D4000 disk.sys
    0xF77E4000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF759B000 fltmgr.sys
    0xF7589000 sr.sys
    0xF7574000 drvmcdb.sys
    0xF77F4000 PxHelp20.sys
    0xF755D000 KSecDD.sys
    0xF74D0000 Ntfs.sys
    0xF74BE000 fsdfw.sys
    0xF7491000 \WINDOWS\System32\drivers\NDIS.SYS
    0xF7804000 sisagp.sys
    0xF7814000 viaagp.sys
    0xF7824000 ohci1394.sys
    0xF7834000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF7477000 Mup.sys
    0xF7844000 fsbts.sys
    0xF7854000 agp440.sys
    0xF7864000 alim1541.sys
    0xF7874000 amdagp.sys
    0xF7884000 agpCPQ.sys
    0xF78B4000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF682D000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF6648000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xF6634000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF6606000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xF676B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF65E2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF675B000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF67AD000 \SystemRoot\system32\DRIVERS\IntelC53.sys
    0xF65BF000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF6498000 \SystemRoot\system32\DRIVERS\IntelC51.sys
    0xF6403000 \SystemRoot\system32\DRIVERS\IntelC52.sys
    0xF674B000 \SystemRoot\system32\DRIVERS\mohfilt.sys
    0xF6743000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF6385000 \SystemRoot\system32\drivers\ctaud2k.sys
    0xF6361000 \SystemRoot\system32\drivers\portcls.sys
    0xF6E53000 \SystemRoot\system32\drivers\drmk.sys
    0xF632D000 \SystemRoot\system32\drivers\ctoss2k.sys
    0xF6733000 \SystemRoot\System32\drivers\ctprxy2k.sys
    0xF73AF000 \SystemRoot\system32\DRIVERS\gameenum.sys
    0xF62ED000 \SystemRoot\system32\drivers\smwdm.sys
    0xF623A000 \SystemRoot\system32\drivers\senfilt.sys
    0xF3AA0000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF2D42000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF3820000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF73AB000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF3800000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF39C3000 \SystemRoot\system32\drivers\pfc.sys
    0xEE000000 \SystemRoot\system32\drivers\sscdbhk5.sys
    0xECC5A000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xECC3A000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xEC6AF000 \SystemRoot\system32\drivers\InCDPass.sys
    0xECC1A000 \SystemRoot\system32\drivers\InCDRm.sys
    0xEC69F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xEC54F000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xECBFA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xECCDA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xEB7A5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xEC316000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xEC2F6000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xEC68F000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xEB794000 \SystemRoot\system32\DRIVERS\psched.sys
    0xEC2C6000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xEC3D8000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xEC3C8000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xEC3B8000 \SystemRoot\system32\DRIVERS\wanatw4.sys
    0xEC2A6000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xEC3B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xEC3A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xEDFFA000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xEB736000 \SystemRoot\system32\DRIVERS\update.sys
    0xECCCA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xEBB2D000 \SystemRoot\system32\DRIVERS\omci.sys
    0xEB7D9000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF3430000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xEDFF6000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xEBE60000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0xB27D5000 \SystemRoot\System32\drivers\hap16v2k.sys
    0xB26CB000 \SystemRoot\System32\drivers\ha10kx2k.sys
    0xB269C000 \SystemRoot\System32\drivers\emupia2k.sys
    0xB2673000 \SystemRoot\System32\drivers\ctsfm2k.sys
    0xB25D7000 \SystemRoot\System32\drivers\ctac32k.sys
    0xB25BC000 \SystemRoot\system32\COMMONFX.DLL
    0xB252E000 \SystemRoot\system32\CTSBLFX.DLL
    0xB24A3000 \SystemRoot\system32\CTAUDFX.DLL
    0xEBB0D000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xEBE44000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xED9BC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF3192000 \SystemRoot\System32\Drivers\Null.SYS
    0xED9B8000 \SystemRoot\System32\Drivers\Beep.SYS
    0xEBAED000 \SystemRoot\system32\drivers\ssrtln.sys
    0xF3A90000 \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
    0xF3A88000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF3A78000 \SystemRoot\System32\drivers\vga.sys
    0xED9B4000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xED9B0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF4497000 \SystemRoot\System32\Drivers\InCDrec.SYS
    0xB2467000 \SystemRoot\system32\drivers\InCDFs.sys
    0xF3A68000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF3A58000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF448F000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB2454000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB23FB000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB23D3000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB23AD000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF2D60000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF39CB000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xB238B000 \SystemRoot\System32\drivers\afd.sys
    0xF6E33000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xF6E13000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB2360000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xF3186000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
    0xB22F0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF7924000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF7954000 \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys
    0xB22DC000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
    0xF3464000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF683D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF345C000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xF680D000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF3357000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xF3454000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xB2267000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF7C18000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF3347000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7E4F000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF04A000 \SystemRoot\System32\ati2cqag.dll
    0xBF084000 \SystemRoot\System32\ati3duag.dll
    0xBF2A7000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xEC306000 \SystemRoot\system32\drivers\drvnddm.sys
    0xEBE94000 \SystemRoot\system32\dla\tfsndres.sys
    0xB1251000 \SystemRoot\system32\dla\tfsnifs.sys
    0xF0EF2000 \SystemRoot\system32\dla\tfsnopio.sys
    0xED4F7000 \SystemRoot\system32\dla\tfsnpool.sys
    0xF7AE4000 \SystemRoot\system32\dla\tfsnboio.sys
    0xEB819000 \SystemRoot\system32\dla\tfsncofs.sys
    0xEBE92000 \SystemRoot\system32\dla\tfsndrct.sys
    0xB1238000 \SystemRoot\system32\dla\tfsnudf.sys
    0xB121F000 \SystemRoot\system32\dla\tfsnudfa.sys
    0xF2D80000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
    0xF39DB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB1142000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF3420000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB0D4F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB0C73000 \SystemRoot\System32\Drivers\Aspi32.SYS
    0xF7C72000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
    0xB0669000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB023E000 \SystemRoot\system32\DRIVERS\srv.sys
    0xAFE84000 \??\C:\WINDOWS\system32\drivers\PfModNT.sys
    0xAF68F000 \??\C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys
    0xEC386000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    0xAF0C1000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xAF1D0000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xF4870000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xF3367000 \SystemRoot\system32\DRIVERS\HPZius12.sys
    0xEC398000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xAE71E000 \SystemRoot\system32\DRIVERS\HPZid412.sys
    0xB11BB000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
    0xAE380000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

    Processes (total 89):
    0 System Idle Process
    4 System
    644 C:\WINDOWS\SYSTEM32\smss.exe
    700 csrss.exe
    724 C:\WINDOWS\SYSTEM32\winlogon.exe
    768 C:\WINDOWS\SYSTEM32\services.exe
    780 C:\WINDOWS\SYSTEM32\lsass.exe
    976 C:\WINDOWS\SYSTEM32\ati2evxx.exe
    992 C:\WINDOWS\SYSTEM32\svchost.exe
    1044 svchost.exe
    1184 C:\WINDOWS\SYSTEM32\svchost.exe
    1248 svchost.exe
    1380 svchost.exe
    1556 C:\WINDOWS\SYSTEM32\spoolsv.exe
    1896 C:\WINDOWS\explorer.exe
    160 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    184 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    188 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    200 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    252 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    296 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
    332 C:\Program Files\iTunes\iTunesHelper.exe
    340 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    428 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    456 C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    464 C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
    516 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    528 C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    544 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    588 C:\Program Files\Shaw Secure\Common\FSM32.EXE
    628 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
    680 svchost.exe
    844 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    784 C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    828 C:\WINDOWS\SYSTEM32\CtHelper.exe
    1080 C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
    1108 C:\Program Files\Citrix\ICA Client\concentr.exe
    1244 C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    1324 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    1360 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    1524 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1584 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1664 C:\WINDOWS\SYSTEM32\ctfmon.exe
    1668 C:\Program Files\Windows Media Player\wmpnscfg.exe
    1760 C:\Program Files\Bonjour\mDNSResponder.exe
    1772 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    1984 C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
    2124 C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
    2144 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    2152 C:\Program Files\Shaw Secure\Anti-Virus\fsgk32.exe
    2168 C:\Program Files\Shaw Secure\Common\FSMA32.EXE
    2216 C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    2244 C:\Garmin\gStart.exe
    2396 C:\Program Files\DellSupport\DSAgnt.exe
    2408 C:\Program Files\Shaw Secure\Common\FSHDLL32.EXE
    2556 C:\WINDOWS\SYSTEM32\svchost.exe
    2604 C:\WINDOWS\SYSTEM32\svchost.exe
    2656 C:\WINDOWS\SYSTEM32\svchost.exe
    2736 C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
    2928 C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    3104 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    3192 C:\Program Files\Java\jre6\bin\jqs.exe
    3268 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    3492 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    3612 C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    3764 C:\Program Files\Microsoft Reference\Bookshelf 99\qshelf99.exe
    3776 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
    3868 C:\WINDOWS\SYSTEM32\svchost.exe
    3912 C:\WINDOWS\SYSTEM32\svchost.exe
    3968 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    4072 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1480 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    2428 C:\WINDOWS\SYSTEM32\svchost.exe
    1904 wmpnetwk.exe
    4104 C:\Program Files\AOL Companion\companion.exe
    5072 C:\Program Files\iPod\bin\iPodService.exe
    5260 fsorsp.exe
    5524 C:\Program Files\Shaw Secure\FWES\program\fsdfwd.exe
    5520 C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
    5988 alg.exe
    2584 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    2380 C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
    5440 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    4648 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    4924 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    4176 C:\WINDOWS\SYSTEM32\wuauclt.exe
    1840 C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    5584 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
    5904 C:\Documents and Settings\Doug Donnelly\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

    PhysicalDrive0 Model Number: ST3160023AS, Rev: 8.12

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Dell MBR code detected
    SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365


    Done!
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Looks normal :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. 2bitmick

    2bitmick TS Rookie Topic Starter

    I've attached the output. Not sure if you prefer the output in a txt file or copied to the post?
     

    Attached Files:

    • log.txt
      File size:
      23.3 KB
      Views:
      2
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I like it better pasted in.

    Combofix looks good now.
    Do you still have iexplore.exe processes running with IE closed?
     
  13. 2bitmick

    2bitmick TS Rookie Topic Starter

    Yes. I still have iexplore.exe showing. They take no CPU but do take up memory. If I exit/close the browser they remain.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  15. 2bitmick

    2bitmick TS Rookie Topic Starter

    Sorry output was to long had to attach

    Here is the output. Message was no threats found.
     

    Attached Files:

  16. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download following tool, but make sure IE is closed before you run the tool.

    Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
    Click on View > Select Colunms.
    In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
    Go File>Save As, and save the report as Procexp.txt.
    Attach the file to your next reply.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I'll be forced to close this topic again and in that case I won't open it again.
     
  18. 2bitmick

    2bitmick TS Rookie Topic Starter

    I understand. I was unable to send you personal eamil as I haven't met the minimum requirements. It is OK I believe my issue has been resolved.

    Again thanks for your help.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    No problem....
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...