2 process of iexplore.exe in task manager

[BMXer Dan]

First of all the computer that i would like fixing is my parents desktop.

It has Windows XP Home
SP3

The computer is now unbarably slow and i have offered to find a solution to it.

I have 2 processes of iexplore.exe in the task manager, and they wont go away when i try to end the process on them, they just come straight back. (Internet explorer isnt open whilst these processes are running, also every so often an I Explorer window ecides to open with random adverts in it(out default browser is firefox so this shouldnt happen))

Also there are a few other processes that are running in duplicate and even tripple for no aparent reason.

AVG Free Anti-Virus found nothing, I also ran HIJACKTHIS and attached the log file.

Thanks in advance for any help

-Dan

 

[momok]

You are infected, and your HJT is outdated. Please visit the malware removal sticky and complete the 8 step instructions (including the latest version of HJT)

 

[BMXer Dan]

Right, im back from being out and the scans have finished.

I have followed steps 1 to 8 and here are the 3 sets of logs

-Dan

 

[momok]

Hi,

Please run HijackThis and fix these entries:

O2 - BHO: (no name) - {5B794827-1D95-9A17-0FAF-932AF9C78B0C} - C:\DOCUME~1\NEILTW~1\APPLIC~1\HIDEBU~1\Mail heart.exe (file missing)
O4 - HKCU\..\Run: [Internetsite] C:\DOCUME~1\NEILTW~1\APPLIC~1\MEALPR~1\nounuser.exe

I'm particularly concerned about your mbam log, which shows 946 infected items. Could you run Combofix from here? I wish to check for any other hiding malwares.
Do ensure that SpyBot teatimer is not running when you run Combofix.


Post both logs here in your reply.

 

[BMXer Dan]

romoved those two instances with HijackThis

and also ran Combofix

Here are the two Logs:

-Dan

with these scans

was i supposed to heal them and remove whatever it found to be bad, because i havent

also there are still two iexplore.exe running and hogging
ive attacked a jpeg showing the task manager

 

[momok]

Please temporarily disable turn off AVG's real-time monitoring function(in your windows system tray bottom right) before you commence with the following instructions.

1. Open notepad and copy/paste the text in the quote box below into it:
   
   

   File::
   c:\documents and settings\Neil Twomey\GoToAssistDownloadHelper.exe
   c:\windows\Tasks\ISP signup reminder 1.job
   
   Folder::
   c:\program files\meal proxy support
   C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO
   
   Registry::
   [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fcc8cf9-cbd5-11db-856e-000e9bf33343}]

2. Save this as "CFScript.txt" on the desktop.
3. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
   
   
   
   
4. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
   Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

Paste the new Combofix log in your next reply.

Next run HijackThis and fix these:

O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\real bat.exe
O8 - Extra context menu item: &Search - ?p=ZU

Post a fresh HJT log as well as the combofix log in your next reply. Thanks.

 

[BMXer Dan]

just performed the requested actions

here are the logs

-Dan

 

[momok]

Hi,

Please modify the CFScript.txt with these text:

Folder::
c:\program files\meal proxy support
C:\Documents and Settings\Neil Twomey\Application Data\meal proxy support

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fcc8cf9-cbd5-11db-856e-000e9bf33343}]

Boot into safe mode and run Combofix using the same method with the new CFScript.

Also run HJT and fix these entries:
O4 - HKCU\..\Run: [Internetsite] C:\DOCUME~1\NEILTW~1\APPLIC~1\MEALPR~1\nounuser.exe
O20 - AppInit_DLLs: avgrsstx.dll WIKI.DLL

Reboot into normal mode and post a fresh HJT log as well as the resultant combofix log. Thanks

 

[BMXer Dan]

here are the required logs

-Dan

 

[momok]

Hi, I had requested a HJT log from normal mode.
I believe the problem should be fixed now, just need to be sure with your normal mode log.

Are you facing any issues?

 

[BMXer Dan]

Sorry, didnt realise you wanted the HijackThis log in normal mode (attached now)

The ony issues im facing at the moment is that the internet takes its time in opening

The computers performance is much better, its quicker and doesnt lag when you click on things, well some not as much as it used to

 

[momok]

Nice, its clean alright.
Now that you're gd to go,

1. Please download and run CCleaner via step 3 of the instructions HERE.
   
   
2. Clear your existing System Restore points and establish a new clean restore point:
   Go to Start > All Programs > Accessories > System Tools > System Restore> Select Create a restore point> OK.
   
   Next, go to Start > Run > cleanmgr
   Select the More options tab > Choose the option to clean up System Restore and OK.
   This will remove all restore points except the new one you just created.
   
   
3. Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
   May I recommend you to read this article.
   This can help to prevent future infections.

 

[BMXer Dan]

Thankyou very much for your help

I appreciate it greatly

Regards

-Dan