IEXPLORE.exe process

[ChrCarlo]

Hi, i have been googling this problem for a couple of days now and have not come to a conclusion, partly because I am no good with computers. The problem is the "IEXPLORE.exe" process is being run in my task manager even though I never use internet explorer. I use firefox. If i try to end the process, it respawns itself about a second later. Memory usage is about 30,000K, 32,000K at its highest. I don't see any noticable slowing of my computer other than when I run a full screen program, it will minimize randomly I am guessing from the IEXPLORE.exe process. My question is what is "IEXPLORE.exe" and if it is causing my problem, how can I remove it. I'd like to stay away from the option of clearing all my hard drive memory if thats possible thank you. I do have HiJackThis if you need a log or something.

 

[Blind Dragon]

Highjackthis Instructions

• Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
• Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
• After installing, the program launches automatically, select Scan now and save a log
• After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.

 

[ChrCarlo]

Log posted, can anybody tell me what to do?

 

[Blind Dragon]

You are going to have to go through the preliminary removal instructions but first let's get the main infection off there, which should get your computer a little more stable.

Remove bad HijackThis entries

• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):
  
  F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
  F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

--------------------------------------------------------

OTMoveit2 by OldTimer
Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [b]C:\WINDOWS\system32\winmgd.win
  C:\WINDOWS\system32\mouse_configurator.win[/b]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

-------------------------------------------------------

After this please follow these steps:
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

And post back here with the requested logs

 

[ChrCarlo]

Okay, ran the HiJackThis thing and MoveIt. Heres the log from OTMoveIt2

C:\WINDOWS\system32\winmgd.win moved successfully.
C:\WINDOWS\system32\mouse_configurator.win moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06232008_121447

 

[Blind Dragon]

Perfect, that should get you running a lot more stable.

Now please proceed through the preliminary removal instructions

Then come back and give me

1) MBAM or SAS log
2) Combofix or DSS log
3) New Hijackthis log

 

[ChrCarlo]

Okay i have the SAS Log, I'll edit this post with the combo log and new hijackthis log.

edit: combo log added, new hihackhis log added.

 

[Blind Dragon]

Download and Run ATF Cleaner
Download ATF Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

-----------------------------------------------------------

Run Kaspersky Online AV Scanner

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
• Click on "My Computer"
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Attach the report into your next reply