Iexplore.exe multiple processes (keeps spawning)

Status
Not open for further replies.
If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

I didn't check these logs. FYI, if you use IE v8, multiple iexplore.exe processes are normal.
 
One of the reasons why we tell users not to run Combofix unless their helper instructs them to is that they do not follow the guidance set up. The following is script that will run in Combofix. It does not mean that you don't need to run the other programs.

Please be sure to follow the following instructions to disable your security before running:
b]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.[/b]

Custom CFScript

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad and copy/paste the text in the code below into it:
Code: 
File::
c:\windows\Internet Logs\xDB2A.tmp
c:\windows\Internet Logs\xDB2B.tmp
c:\windows\Internet Logs\xDB29.tmp
c:\windows\Internet Logs\xDB28.tmp
c:\windows\Internet Logs\xDB27.tmp
c:\program files\Viewpoint\Common\ViewpointService.exe

Extra::
File::
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

Firefox::
Firefox-: Profile - c:\documents and settings\JD Sadighi\Application Data\Mozilla\Firefox\Profiles\k7ctfi3h.default\
RegLock:
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-507921405-1682526488-839522115-1004\Software\G*e*n*i*e*"!\FM Genie Scout 10]
[HKEY_USERS\S-1-5-21-507921405-1682526488-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell 
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\EBB2C2E551D91D14350DC3E3F0408953]
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\0ECC3A43B9416605BEB3AE7E61B07718]
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\B405A2EBBFCE91A4C13BDEA4B89DC260]
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\D3D1B0FFCBEAEE83F78310A5B5826958]

Folder::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=-

Driver::
Viewpoint Service
FCopy::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
========================================
I note that you are using 3 file sharing programs: LimeWire, Gnutella and BitComet and that a 4th, BitTorrent[/b] has just been uninstalled.[/B] And I notice that ou have globally open ports for BitComent. That means that any account on the system can use BitComet at lower security settings.You can expect to get frequent, multiple malware infection from these programs. I recommend that you uninstall all 3 of them for these reasons:
  • Even if you are using a "safe" P2P program, it is only the program that is safe.
  • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
  • Malware writers use these program to include malicious content.
  • Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
  • The 'sharing' also includes malware that the shared system has on it.
  • Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.

If you decide not to uninstall them, please do not use any of them while I am helping you.

Include all logs in your next reply.
 
I followed the instructions in the first post. I have AVG as my anti-virus, but that scan garnered no results.

I downloaded and ran TFC, Malwarebytes' Anti Malware, GMER, and DDS.

Malwarebytes' Anti Malware found one Malware on my system which I obviously removed promptly.

For some reason my computer had to restart during the GMER scan because of a fatal error. However, when the computer rebooted back into windows the iexplorer.exe processes were no longer spawning.

I think Malwarebytes' Anti Malware found the culprit and removed it. Anyway, I've attached the logs from the Anti Malware and DDS scans.

Shall I proceed to use your instructions with ComboFix outlined in your second post? Moreover, the P2P filesharing and Torrent programs you spoke of were uninstalled long ago.

View attachment mbam-log-2010-07-12 (11-34-36).txt

View attachment DDS.txt

View attachment Attach.txt
 
One other thing, I have a sinking suspicion that an svchost.exe process is the root of the problem. In my task manager, I have a total of 9 svchost.exe processes running at once. I know that multiple svchost.exe processes is normal, however is it normal to have that many?

I ran a windows search which returned the following results:

C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf
C:\WINDOWS\system32\svchost
C:\WINDOWS\erdent\cache\svchost
C:\WINDOWS\ServicePackFiles\i386\svchost
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
 
I run 7-9 svchost.ese processes everyday. My computer is clean. Understand that malware can hide in this process but multiple copies can be just fine also. Many of the Services in the Administrative Tools run a svchost.exe.

[QUOTEMoreover, the P2P filesharing and Torrent programs you spoke of were uninstalled long ago.][/QUOTE]
If I see the programs, it means that entries have been left in your system. I noted these 3: LimeWire, Gnutella and BitComet currently running and BitTorrent just uninstalled.

IF you let me know which you want to have completely uninstalled, I can add the entries to script I'm writing.

Here is the definition of spawning (computer): To launch another program from the current program. The child program is spawned from the parent program. Please explain what you mean when you use this term.

Yes, run Combofix.
 
Yes, run Combofix.
Click to expand...
Looks like we posted at the same time! My reply was meant for information only. And I also asked:
IF you let me know which you want to have completely uninstalled, I can add the entries to script I'm writing.
Click to expand...

Run the script you already have. Leave the log that generates. Tell me which P2P programs you want uninstalled and I'll include them in another script.

After running the script in Combofix, do the following:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
 
Status
Not open for further replies.

Similar threads

Dood123
Help login in Instagram account, says use 2FA code but have not set up 2FA for insta
Replies
0
Views
706
Dood123
Dood123
BBrown2022
  • Locked
Inactive Windows .DLL Files & Drivers overwritten
Replies
8
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back