Iexplore running in background

**xbaliff** · #1 6th Jun 2008, 08:15

I have been having a problem recently where iexplore is running twice in the background and this is causing performance issues with our pc. We are running vista on it. I attached a log from hjt for your viewing.

thanks

**xbaliff** · #2 6th Jun 2008, 11:01

Sorry, I just read about what to do before I post. I was have the logs done some time today and I'll rerun hjt and post a new log.

**xbaliff** · #3 6th Jun 2008, 18:10

After following your guide on this site my pc is now free if any problems. thanks again!!!

**evilfantasy** · #4 6th Jun 2008, 19:17

You should post a new Hijackthis log so we can be sure.

**xbaliff** · #5 8th Jun 2008, 05:41

I would but for some reason now I cant use the attachment part for responding. I also cannot download things from the net such as quicktime. Is it possible some of my IE settings changed while cleaning the pc?

**evilfantasy** · #6 8th Jun 2008, 13:41

Quote:

Originally Posted by xbaliff

I would but for some reason now I cant use the attachment part for responding.

Just copy and paste it in the next reply.

Quote:

Originally Posted by xbaliff

I also cannot download things from the net such as quicktime. Is it possible some of my IE settings changed while cleaning the pc?

I put the warnings in the removal instructions. I can't tell anything without the logs.

Quote:

Remember: Just because the symptoms may be gone does not promise that all of the malware is. It is strongly suggested to continue in posting any logs until given the all clear. You will then receive final cleanup steps specific to your PC, links to programs and advice to help you prevent infections in the future.

Quote:

Posting the logs is still suggested even if you think the PC is clean.

**xbaliff** · #7 8th Jun 2008, 17:41

Does not allow me to paste into the reply.

**evilfantasy** · #8 8th Jun 2008, 17:43

Save the file to your Desktop.

Upload the file to Savefile.com
There is no need to Register
Select Browse and locate the file.
Fill in the Title and Description and security code then click Upload
Copy the download link next to Your link to the file: and post it back here.

**xbaliff** · #9 8th Jun 2008, 17:46

Got it.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:38:55 AM, on 6/6/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\s ystem32\csrss.exeC:\Windows\system32\csrss.exeC:\W indows\system32\wininit.exeC:\Windows\system32\win logon.exeC:\Windows\system32\services.exeC:\Window s\system32\lsass.exeC:\Windows\system32\lsm.exeC:\ Windows\system32\svchost.exeC:\Windows\system32\sv chost.exeC:\Windows\system32\Ati2evxx.exeC:\Window s\System32\svchost.exeC:\Windows\System32\svchost. exeC:\Windows\system32\svchost.exeC:\Windows\syste m32\SLsvc.exeC:\Windows\system32\svchost.exeC:\Win dows\system32\Ati2evxx.exeC:\Windows\system32\svch ost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exeC:\Program Files\a-squared Free\a2service.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Windows\system32\svchost. exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exec:\PROGRA~1\COMMON~1\ mcafee\mcproxy\mcproxy.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Windows\System32\svc host.exeC:\Windows\System32\svchost.exeC:\Windows\ system32\svchost.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exeC:\Windows\system32\svchost.ex eC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Citrix\ICA Client\ssonsvr.exeC:\Windows\System32\svchost.exeC :\Windows\system32\SearchIndexer.exeC:\Windows\sys tem32\WUDFHost.exeC:\Windows\system32\Dwm.exeC:\Wi ndows\Explorer.EXEC:\Program Files\LogMeIn\x86\LogMeInSystray.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Symantec AntiVirus\VPTray.exeC:\Windows\System32\rundll32.e xeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exeC:\Windows\system32\taskeng.exeC:\Window s\system32\taskeng.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exec:\program files\google\googletoolbar2user.exeC:\Windows\syst em32\WerFault.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.e xeC:\Windows\system32\csrss.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\Windows\system32\wi nlogon.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Windows\system32\A ti2evxx.exeC:\Program Files\Citrix\ICA Client\ssonsvr.exeC:\Windows\system32\taskeng.exeC :\PROGRA~1\McAfee.com\Agent\mcagent.exeC:\Windows\ system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\LogMeIn\x86\LogMeInSystray.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Symantec AntiVirus\VPTray.exeC:\Windows\System32\rundll32.e xeC:\Program Files\McAfee\MSC\mcuimgr.exeC:\Windows\system32\Se archProtocolHost.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\WerFault. exeC:\Windows\system32\SearchFilterHost.exeC:\Prog ram Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32 \wbem\wmiprvse.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by DellR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dllO2 - BHO: (no name) - {3A66AA1C-354A-47CD-B622-01A17C3B09B7} - C:\Windows\system32\ljJBsPFX.dllO2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - C:\Windows\system32\khfGyVnk.dllO2 - BHO: {497a7b98-daf0-e11a-8ed4-75610ca45575} - {57554ac0-1657-4de8-a11e-0fad89b7a794} - C:\Windows\system32\bbrbvmii.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /autoO4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exeO4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfGyVnk.dll,#1O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exeO4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Rick\AppData\Local\Temp\hgGywTkL.dll,#1O4 - HKCU\..\Run: [BMa56bec38] Rundll32.exe "C:\Windows\system32\mynxqwnf.dll",sO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exeO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-21-3604044435-967998246-661060430-1001\..\Run: [] (User 'Val')O4 - HKUS\S-1-5-21-3604044435-967998246-661060430-1001\..\Run: [BMa56bec38] Rundll32.exe "C:\Windows\system32\mynxqwnf.dll",s (User 'Val')O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dllO9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpa...der1006.cabO16 - DPF: {87587503-20F0-4FF5-8DA3-0107C4C03FDC} (vmLaunch Class) - http://downloads.comcast.net/videoma...auncher.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...swflash.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/r...cab?lmi=100O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLLO23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exeO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exeO23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exeO23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exeO23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe--End of file - 13749 bytes

**evilfantasy** · #10 8th Jun 2008, 18:09

Run another scan and this time before posting it, in Notepad go to Edit and check Wordwrap.

Then post the new log. It is too hard to read all ran together like that.