Iexplore.exe running w/o opening IE

[vanillapudding]

iexplore.exe is running without my having opened IE. I see from poking around that this is a common backdoor process. When i stop the process, it restarts itself. Bitdefender does not catch anything. Please help - I already had one username/password stolen, presumably from this backdoor. Please help!

Here is my HJT Scan log:

 

[xxdanielxx]

go to the link below and follow the guide then post the 3 logs here

https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[vanillapudding]

Here are the logs

Also PAVARK reported this:

Unknown root at C:\WINDOWS\System32:winsock.exe

THANK YOU for your help!

 

[xxdanielxx]

download SDFix from the link below to your desktop then run it SDFix will create a folder in your C drive boot into safe mode and go to C:\SDFix and run --->RunThis.bat. Post the log it creates here. to boot into safe mode reboot computer and start tapping the F8 key until you get to a menu select safe mode. Please post a fresh hijackthis log after running the software

SDFix:
http://www.bleepingcomputer.com/files/sdfix.php

P.S.

Only bad thing i see is this

O4 - HKLM\..\Run: [winsock32] C:\WINDOWS\system32:winsock32.exe <-- this is a worm/trojan below is a link with more info

http://www.castlecops.com/s13621-winsock32_exe.html

 

[vanillapudding]

Here is the SDFix log.

Thanks again.

PS

I see now that iexplore.exe is no longer running, and the winsock32.exe is no longer in C:\WINDOWS\system32. I guess SDFix did the trick?

 

[xxdanielxx]

can you post a fresh hijackthis log

 

[vanillapudding]

Here it is

Thank you so much for your help.

 

[xxdanielxx]

did you set a proxy your self or have you never put one

 

[vanillapudding]

I have set one for myself. I have a static IP issued by my tech guy (I am a dorm parent living on the campus of a school) so that i could bypass the Websense filters through the proxy. However, since one of my username and passwords was stolen and i noticed iexplore.exe (and firefox.exe) running in the background, I knew something was up. I thought it might help to run through the proxy for a while, figuring someone had identified my static IP as vulnerable. Is this probably the case? I have changed all of my other usernames and passwords via another computer as of yesterday. Thanks again for your help. is there a way i can donate $ to this site? You guys are more help than Bitdefender's "customer service" ever was.

 

[xxdanielxx]

thanks i dont know if you can donate but maybe one of the mods can say yes or no to that. But it looks like your logs are now clean test your internet and computer speed and post back if you see anything funny make sure to get some

anti-virus
anti-spyware
firewall protection

also forgot download ATF from the link below and run it and select all then click on empty. Then turn off system restore reboot then turn it back on.

ATF:
http://www.atribune.org/ccount/click.php?id=1

Steps to turn off System Restore
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.

 

[zipperman]

How i read this Topic

I have not read all posts,but your topic title Is hard to understand.
I can run Iexplorer without opening IE.
To get here i click an icon and IE opens here.
Heres my shortcut propertys to come here and logged in.
https://www.techspot.com/vb/index.php
Right click this Forum and create a shortcut to it on your desktop or add to your Favorites.