IEXPLORER.EXE- always running in the background

[Sarah12]

Hi,

When i am running Internet Explorer i can see "IEXPLORER.EXE" running in the task manager, when i exit Internet Explorer the process is still running, i also get two Internet Explorer processes running in the background, the process takes up "45,000 k" of memory when i look at it on the task manager. I did some searching on the net and it seems that its a trojan or some sort causing this. How can i fix this problem?

Any help is much appreciated.

Here is my "hijackthis" log-

------------------------
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sarah\My Documents\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2AE4005E-689F-4FB9-8C3D-D2B8B58AC072} - (no file)
O2 - BHO: (no name) - {9D54B04B-7864-4EA4-AEF6-CE5611AFBCAE} - C:\WINDOWS\System32\awttu.dll
O2 - BHO: {bab40750-5111-1698-aa34-2494303b493d} - {d394b303-4942-43aa-8961-111505704bab} - C:\WINDOWS\system32\twpinlje.dll
O2 - BHO: Adblock Pro - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files\Adblock Pro\AdblockPro.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [CeEKey.exe] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files\Adblock Pro\blockimg.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
O9 - Extra 'Tools' menuitem: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1197410421715
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1197410407174
O20 - Winlogon Notify: wvuvvvu - C:\WINDOWS\
O20 - Winlogon Notify: yayxuro - yayxuro.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

------------------

 

[Daveskater]

Please follow these instructions on renaming Hijack This and putting it in its own folder, then run a new scan and save a log file and upload it as an attachment to a new reply in this thread.

How to post an HJT log as an attachment

After you've uploaded the new log, please Edit your first post in this thread to take the old log out.

Also, the Internet Explorer process it IExplore.exe so if you've got IExplorer.exe then chances are it's a fake.


This thread is for the use of Sarah12 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Sarah12]

oh sorry, i meant iexplore.exe (i got it confused with explorer.exe),

i found out that it was some sort of spyware that was causing this, it was very hard to get rid of, i tried 5 different scans on my computer and couldnt get rid of it.

it was a pain, but i had to re-install windows to remove it. (the solution to everything!)

 

[Daveskater]

True, reinstalling will fix pretty much any software problem

We do have 15 step instructions for removing malware but obviously we don't need them now

 

[Bobbye]

I haven't looked at the hijack log. But I stopped by to tell you I am also having a problem with IE. First, I primarily use Firefox and it had been my default browser for several years. But occasionally, I have to open IE6. It has not been responding as quickly so I have at times pressed it again.

After I've finished, I check the Task Manager and note that it is not ending when I close it down. I also note 2 running at the same time- I assume one for each of my clicks- even though it didn't launch properly.

I set new shortcuts but it continues this action. My system is clean and well maintained.

 

[Sarah12]

Hi Bobbye,

It looks like it may be some sort of spyware or virus causing this, you say that iexplore.exe does not end when you close it down, did you select "end process" on the task manager? If so, its most likely spyware, i had a similar problem.

I recommend you run a full scan using Spybot-
http://www.safer-networking.org/en/download/index.html

and Ad-Aware-
http://www.download.com/3000-2144-10045910.html

They're both free and will pretty much get rid of all viruses, spyware etc.
If that doesnt work try attaching a Hijack This log file to a new thread (read post 2) and someone will help you.

If you're still having problems i recommend you re-install windows (once re-installed make sure you have service pack 2 installed and a virus protection software before you connect to the internet).

 

[Bobbye]

Thank you Sarah, but my security scan are run frequently. I also have The Ultimate Troubleshooter which allows me to open the program and see exactly what is running on the system at any given time. It gives a description of the process and recommendation for handling.

The iexplore process are from the browser- I can shut them down-no problem, but I shouldn't have to. the process should remove itself when I close IE.

But you are correct- these processes running could indicate malware. Fortunately that isn't my case so it's more of an annoyance than anything else. The programs you recommended are among those I run.

 

[matav]

is a trojan (no doubt)
someone has infected your system with a trojan.
(i know posionivy normally does this but there are many others out there too)
.
if you end task it, it will pop up again.
block the port that this process is using so it cant go online.
do online scan of your main windows drive using almost all different anti-virus servers (cauz one is bound to detect it and remove the infection)
or if you find out the trojan executable file somewhere in you windows folder or system32 folder, use a software such as IceSword to force delete this file.
.
if its poisonivy, it normally makes an entry in the registry here:
HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\
search here properly to find out the name of the trojan executable and then use IceSword or HijackThis to force delete this file.
dont forget to delete the registry entry related to this trojan later. [no harm if you dont but still]
.
you are on your own
.
besides... is your default web browser Firefox or Internet Explorer?

 

[Bobbye]

This question is getting a bit boggy. Sarah has the original question and has presented a hijack log of analysis. My stopping by to make the comment has confused things. I'm clear here, so address the replies to the user who asked the question.

What has confused the issue even more is that Sarah is now advising me instead of working on her own problem!