Inactive Iexplore.exe continuously running

[2bitmick]

When I open my browser I get 2 iexplore.exe running and when I close the browser they are still running. If I open my browser again I get 2 more iexplorer.exe.

I have tried removing malware and spyware with Shawsecure Online and Malwarebyte's Anti-Malware to no avail.

I could use a little help

Thanks

[HJT log removed - Broni]

 

[Broni]

Welcome aboard

We don't use HJT around here anymore.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[2bitmick]

Hi Broni

I've attached all the output files. I noticed when I did not have the Shaw Secure F-Secure antivirus running I still got 2 iexplore.exe but they both closed when I close the browser.

Cheers

 

[Broni]

I get 2 iexplore.exe running and when I close the browser they are still running

I still got 2 iexplore.exe but they both closed when I close the browser

Which one would that be? Can't be both.

 

[2bitmick]

I was mistaken I still get 2 iexplore.exe when I open my browser and I continue to get 2 more each time I open my browser. They just keep adding up.

The only way I can get rid of them is to End Process under the Processes tab in Task Manager

 

[Broni]

I still don't understand.
When you have your browser CLOSED, do you have any iexplore.exe running?

Keep in mind, that with IE8, when you open it, it'll run TWO iexplore.exe processes from the get go and then, every new tab open will produce another iexplore.exe process.

 

[2bitmick]

Yes, when I close my browser I still have 2 iexplorer.exe running the processes do not stop when I close the browser. The icon closes in Task Manager under the Application tab but the two iexplore.exe are seen under the Processes tab.

So when I open the browser again without Ending the previous 2 iexplorer.exe I get two more for a total of 4. etc etc.........

Didn't know IE8 opens 2 iexploer.exe

 

[Broni]

Yes, when I close my browser I still have 2 iexplorer.exe running the processes do not stop when I close the browser

OK, you're infected then....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

 

[2bitmick]

Here the results.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 218):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7C24000 \WINDOWS\system32\KDCOM.DLL
0xF7B34000 \WINDOWS\system32\BOOTVID.dll
0xF76D5000 ACPI.sys
0xF7C26000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF76C4000 pci.sys
0xF7724000 isapnp.sys
0xF7CEC000 pciide.sys
0xF79A4000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7C28000 aliide.sys
0xF7C2A000 cmdide.sys
0xF7C2C000 toside.sys
0xF7C2E000 viaide.sys
0xF7C30000 intelide.sys
0xF7734000 MountMgr.sys
0xF76A5000 ftdisk.sys
0xF79AC000 PartMgr.sys
0xF7744000 VolSnap.sys
0xF7B38000 cpqarray.sys
0xF768D000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7618000 iaStor.sys
0xF7600000 atapi.sys
0xF7B3C000 aha154x.sys
0xF79B4000 sparrow.sys
0xF7B40000 symc810.sys
0xF7754000 aic78xx.sys
0xF7B44000 dac960nt.sys
0xF7764000 ql10wnt.sys
0xF7B48000 amsint.sys
0xF79BC000 asc.sys
0xF7B4C000 asc3550.sys
0xF79C4000 mraid35x.sys
0xF79CC000 i2omp.sys
0xF7B50000 ini910u.sys
0xF7774000 ql1240.sys
0xF7784000 aic78u2.sys
0xF79D4000 symc8xx.sys
0xF79DC000 sym_hi.sys
0xF79E4000 sym_u3.sys
0xF79EC000 ABP480N5.SYS
0xF79F4000 asc3350p.sys
0xF7C32000 cd20xrnt.sys
0xF7794000 ultra.sys
0xF75E7000 adpu160m.sys
0xF79FC000 dpti2o.sys
0xF77A4000 ql1080.sys
0xF77B4000 ql1280.sys
0xF77C4000 ql12160.sys
0xF7A04000 perc2.sys
0xF7C34000 perc2hib.sys
0xF7A0C000 hpn.sys
0xF7B54000 cbidf2k.sys
0xF75BB000 dac2w2k.sys
0xF77D4000 disk.sys
0xF77E4000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF759B000 fltmgr.sys
0xF7589000 sr.sys
0xF7574000 drvmcdb.sys
0xF77F4000 PxHelp20.sys
0xF755D000 KSecDD.sys
0xF74D0000 Ntfs.sys
0xF74BE000 fsdfw.sys
0xF7491000 \WINDOWS\System32\drivers\NDIS.SYS
0xF7804000 sisagp.sys
0xF7814000 viaagp.sys
0xF7824000 ohci1394.sys
0xF7834000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7477000 Mup.sys
0xF7844000 fsbts.sys
0xF7854000 agp440.sys
0xF7864000 alim1541.sys
0xF7874000 amdagp.sys
0xF7884000 agpCPQ.sys
0xF78B4000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF682D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6648000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6634000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6606000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF676B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF65E2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF675B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF67AD000 \SystemRoot\system32\DRIVERS\IntelC53.sys
0xF65BF000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6498000 \SystemRoot\system32\DRIVERS\IntelC51.sys
0xF6403000 \SystemRoot\system32\DRIVERS\IntelC52.sys
0xF674B000 \SystemRoot\system32\DRIVERS\mohfilt.sys
0xF6743000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6385000 \SystemRoot\system32\drivers\ctaud2k.sys
0xF6361000 \SystemRoot\system32\drivers\portcls.sys
0xF6E53000 \SystemRoot\system32\drivers\drmk.sys
0xF632D000 \SystemRoot\system32\drivers\ctoss2k.sys
0xF6733000 \SystemRoot\System32\drivers\ctprxy2k.sys
0xF73AF000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF62ED000 \SystemRoot\system32\drivers\smwdm.sys
0xF623A000 \SystemRoot\system32\drivers\senfilt.sys
0xF3AA0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF2D42000 \SystemRoot\system32\DRIVERS\parport.sys
0xF3820000 \SystemRoot\system32\DRIVERS\serial.sys
0xF73AB000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF3800000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF39C3000 \SystemRoot\system32\drivers\pfc.sys
0xEE000000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xECC5A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xECC3A000 \SystemRoot\system32\DRIVERS\redbook.sys
0xEC6AF000 \SystemRoot\system32\drivers\InCDPass.sys
0xECC1A000 \SystemRoot\system32\drivers\InCDRm.sys
0xEC69F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xEC54F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xECBFA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xECCDA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xEB7A5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xEC316000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xEC2F6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xEC68F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xEB794000 \SystemRoot\system32\DRIVERS\psched.sys
0xEC2C6000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xEC3D8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xEC3C8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xEC3B8000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xEC2A6000 \SystemRoot\system32\DRIVERS\termdd.sys
0xEC3B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xEC3A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xEDFFA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xEB736000 \SystemRoot\system32\DRIVERS\update.sys
0xECCCA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xEBB2D000 \SystemRoot\system32\DRIVERS\omci.sys
0xEB7D9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF3430000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xEDFF6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xEBE60000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xB27D5000 \SystemRoot\System32\drivers\hap16v2k.sys
0xB26CB000 \SystemRoot\System32\drivers\ha10kx2k.sys
0xB269C000 \SystemRoot\System32\drivers\emupia2k.sys
0xB2673000 \SystemRoot\System32\drivers\ctsfm2k.sys
0xB25D7000 \SystemRoot\System32\drivers\ctac32k.sys
0xB25BC000 \SystemRoot\system32\COMMONFX.DLL
0xB252E000 \SystemRoot\system32\CTSBLFX.DLL
0xB24A3000 \SystemRoot\system32\CTAUDFX.DLL
0xEBB0D000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xEBE44000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xED9BC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF3192000 \SystemRoot\System32\Drivers\Null.SYS
0xED9B8000 \SystemRoot\System32\Drivers\Beep.SYS
0xEBAED000 \SystemRoot\system32\drivers\ssrtln.sys
0xF3A90000 \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
0xF3A88000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF3A78000 \SystemRoot\System32\drivers\vga.sys
0xED9B4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xED9B0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF4497000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xB2467000 \SystemRoot\system32\drivers\InCDFs.sys
0xF3A68000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF3A58000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF448F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB2454000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB23FB000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB23D3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB23AD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF2D60000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF39CB000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB238B000 \SystemRoot\System32\drivers\afd.sys
0xF6E33000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF6E13000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB2360000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF3186000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xB22F0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7924000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7954000 \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys
0xB22DC000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
0xF3464000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF683D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF345C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF680D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF3357000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF3454000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB2267000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7C18000 \SystemRoot\System32\drivers\Dxapi.sys
0xF3347000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7E4F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04A000 \SystemRoot\System32\ati2cqag.dll
0xBF084000 \SystemRoot\System32\ati3duag.dll
0xBF2A7000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEC306000 \SystemRoot\system32\drivers\drvnddm.sys
0xEBE94000 \SystemRoot\system32\dla\tfsndres.sys
0xB1251000 \SystemRoot\system32\dla\tfsnifs.sys
0xF0EF2000 \SystemRoot\system32\dla\tfsnopio.sys
0xED4F7000 \SystemRoot\system32\dla\tfsnpool.sys
0xF7AE4000 \SystemRoot\system32\dla\tfsnboio.sys
0xEB819000 \SystemRoot\system32\dla\tfsncofs.sys
0xEBE92000 \SystemRoot\system32\dla\tfsndrct.sys
0xB1238000 \SystemRoot\system32\dla\tfsnudf.sys
0xB121F000 \SystemRoot\system32\dla\tfsnudfa.sys
0xF2D80000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xF39DB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB1142000 \SystemRoot\system32\drivers\wdmaud.sys
0xF3420000 \SystemRoot\system32\drivers\sysaudio.sys
0xB0D4F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB0C73000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xF7C72000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xB0669000 \SystemRoot\System32\Drivers\HTTP.sys
0xB023E000 \SystemRoot\system32\DRIVERS\srv.sys
0xAFE84000 \??\C:\WINDOWS\system32\drivers\PfModNT.sys
0xAF68F000 \??\C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys
0xEC386000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0xAF0C1000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAF1D0000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF4870000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF3367000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xEC398000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xAE71E000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xB11BB000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xAE380000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 89):
0 System Idle Process
4 System
644 C:\WINDOWS\SYSTEM32\smss.exe
700 csrss.exe
724 C:\WINDOWS\SYSTEM32\winlogon.exe
768 C:\WINDOWS\SYSTEM32\services.exe
780 C:\WINDOWS\SYSTEM32\lsass.exe
976 C:\WINDOWS\SYSTEM32\ati2evxx.exe
992 C:\WINDOWS\SYSTEM32\svchost.exe
1044 svchost.exe
1184 C:\WINDOWS\SYSTEM32\svchost.exe
1248 svchost.exe
1380 svchost.exe
1556 C:\WINDOWS\SYSTEM32\spoolsv.exe
1896 C:\WINDOWS\explorer.exe
160 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
184 C:\Program Files\Analog Devices\Core\smax4pnp.exe
188 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
200 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
252 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
296 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
332 C:\Program Files\iTunes\iTunesHelper.exe
340 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
428 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
456 C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
464 C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
516 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
528 C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
544 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
588 C:\Program Files\Shaw Secure\Common\FSM32.EXE
628 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
680 svchost.exe
844 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
784 C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
828 C:\WINDOWS\SYSTEM32\CtHelper.exe
1080 C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
1108 C:\Program Files\Citrix\ICA Client\concentr.exe
1244 C:\Program Files\Citrix\ICA Client\wfcrun32.exe
1324 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
1360 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
1524 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1584 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1664 C:\WINDOWS\SYSTEM32\ctfmon.exe
1668 C:\Program Files\Windows Media Player\wmpnscfg.exe
1760 C:\Program Files\Bonjour\mDNSResponder.exe
1772 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1984 C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
2124 C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
2144 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2152 C:\Program Files\Shaw Secure\Anti-Virus\fsgk32.exe
2168 C:\Program Files\Shaw Secure\Common\FSMA32.EXE
2216 C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
2244 C:\Garmin\gStart.exe
2396 C:\Program Files\DellSupport\DSAgnt.exe
2408 C:\Program Files\Shaw Secure\Common\FSHDLL32.EXE
2556 C:\WINDOWS\SYSTEM32\svchost.exe
2604 C:\WINDOWS\SYSTEM32\svchost.exe
2656 C:\WINDOWS\SYSTEM32\svchost.exe
2736 C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
2928 C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
3104 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3192 C:\Program Files\Java\jre6\bin\jqs.exe
3268 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
3492 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3612 C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
3764 C:\Program Files\Microsoft Reference\Bookshelf 99\qshelf99.exe
3776 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
3868 C:\WINDOWS\SYSTEM32\svchost.exe
3912 C:\WINDOWS\SYSTEM32\svchost.exe
3968 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
4072 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1480 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
2428 C:\WINDOWS\SYSTEM32\svchost.exe
1904 wmpnetwk.exe
4104 C:\Program Files\AOL Companion\companion.exe
5072 C:\Program Files\iPod\bin\iPodService.exe
5260 fsorsp.exe
5524 C:\Program Files\Shaw Secure\FWES\program\fsdfwd.exe
5520 C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
5988 alg.exe
2584 C:\Program Files\Windows Live\Contacts\wlcomm.exe
2380 C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
5440 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
4648 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
4924 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
4176 C:\WINDOWS\SYSTEM32\wuauclt.exe
1840 C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
5584 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
5904 C:\Documents and Settings\Doug Donnelly\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

PhysicalDrive0 Model Number: ST3160023AS, Rev: 8.12

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365


Done!

 

[Broni]

Looks normal

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[2bitmick]

I've attached the output. Not sure if you prefer the output in a txt file or copied to the post?

 

[Broni]

I like it better pasted in.

Combofix looks good now.
Do you still have iexplore.exe processes running with IE closed?

 

[2bitmick]

Yes. I still have iexplore.exe showing. They take no CPU but do take up memory. If I exit/close the browser they remain.

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[2bitmick]

Sorry output was to long had to attach

Here is the output. Message was no threats found.

 

[Broni]

Download following tool, but make sure IE is closed before you run the tool.

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

 

[Broni]

I'll be forced to close this topic again and in that case I won't open it again.

 

[2bitmick]

I understand. I was unable to send you personal eamil as I haven't met the minimum requirements. It is OK I believe my issue has been resolved.

Again thanks for your help.

 

[Broni]

No problem....