Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

multiple instances of iexplore running in bakground

Register Points Site Spy New Posts Donate Unanswered Posts Search Forum Rules


Reply
 
LinkBack Thread Tools
  #1  
Old 12th Jul 2008, 10:33 PM
No Avatar
walnav  Peru
New Member Group
Intel Nvidia
walnav is offline
 
Join Date: 12th Jul 2008
Last Online: 12th Jul 2008 10:39 PM
Posts: 1
iTrader: (0)
walnav is on a distinguished road
Default multiple instances of iexplore running in bakground
Hello everyone. Not to long ago I noticed there are two instances of iexplore.exe running even though I'm actually not running Internet Explorer. I've tried finishing the processes with no success.
I used both Ad-Aware and Spybot S&D and found anything.
Here's my HJT log for reference.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:16:53 AM, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program files\Archivos comunes\Network Associates\TalkBack\TBMon.exe
C:\Program files\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\Program files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program files\Network Associates\Common Framework\FrameworkService.exe
C:\Program files\Network Associates\VirusScan\Mcshield.exe
C:\Program files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program files\Archivos comunes\Protexis\License Service\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program files\Internet Explorer\IEXPLORE.EXE
C:\Program files\Internet Explorer\IEXPLORE.EXE
C:\Program files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = 192.168.1.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.1.2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program files\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program files\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program files\Archivos comunes\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program files\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\\WNAVARRETE\EPSON Stylus C92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB ZL.EXE /FU "C:\DOCUME~1\IBM\CONFIG~1\Temp\E_S42.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HeckBuild] C:\DOCUME~1\IBM\DATOSD~1\JUMPTH~1\PARTMEETOKAY.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1195420523625
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program files\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program files\Archivos comunes\Protexis\License Service\PSIService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program files\Viewpoint\Common\ViewpointService.exe
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #2  
Old 13th Jul 2008, 12:35 AM
evilfantasy's Avatar
Moderator Group
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: 15th Jul 2007
Last Online: Today 09:01 PM
Posts: 5,340
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default multiple instances of iexplore running in bakground
Welcome to CJ.

There are a few suspicious files we need to look at but I'm not sure this is malware or not. Plus a few more things to we can do now.

Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

----------

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:It is suggested to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar
  • Viewpoint Experience Technology
If you have trouble removing Viewpoint, I suggest that you use ViewpointKiller

Once you have downloaded ViewpointKiller, unzip it to a convenient location such as your desktop.
Run ViewpointKiller, and select File > Do All Killings
Follow the prompts, selecting Yes or No, depending on which selection you are most comfortable with.
A logfile will be created in the folder you unzipped ViewpointKiller to, please paste the contents here.

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Remove the old version(s)
  • Go to add/remove programs and uninstall all old versions.
  • Be sure not to remove the new version that was just installed.
  • Download JavaRaand unzip the file to your Desktop.
  • Open JavaRA.exe and choose Remove Older Versions
  • Once complete exit JavaRA and delete the program.
  • Run CCleaner.
----------

Can you tell me what these are?

C:\WINDOWS\system32\PrintDisp.exe

C:\DOCUME~1\IBM\DATOSD~1\JUMPTH~1\PARTMEETOKAY.exe

If you don't know what they are then do the following.

Scan Suspicious File(s)

Visit Virustotal
(If more than one file needs scanned they must be done separately and logs posted for each one)
  • Copy the file path in the below Code box:
Code:
C:\DOCUME~1\IBM\DATOSD~1\JUMPTH~1\PARTMEETOKAY.exe
  • At the upload site, click once inside the window next to Browse.
  • Press Ctrl+V on the keyboard (both at the same time) to paste the file path in the window.
  • Next click Send File
    • Your file will possibly be entered into a queue which normally takes less than a minute to clear.
  • This will perform a scan across multiple different virus scanning engines.
  • Important: Wait for all of the scanning engines to complete.
  • Copy and then Paste the link to the results in the next reply.
Do the same for this file (if you don't know what it is)

Code:
C:\WINDOWS\system32\PrintDisp.exe
----------

Next post add:
Links to VirusTotal file(s)
__________________
.
.
Last edited by evilfantasy : 13th Jul 2008 at 12:42 AM.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote

Please support this forum, donate towards our running costs.
Reply

Thread Tools
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Iexplore running in background xbaliff Virus, Spyware & Security 27 12th Jun 2008 05:12 PM
problems with popups and iexplore running process 1carly1 Virus, Spyware & Security 3 15th Feb 2008 09:36 AM
Multiple Routers JohnDope Networking, Modems & VoIP 7 16th Jul 2007 11:52 AM
How do I post multiple mix cards in one... Freedom Off Topic Discussion 1 2nd Apr 2007 12:11 AM


Copyright ©2006 - 2008 Computer Juice.
Contact Us - Privacy Statement - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2008 Jelsoft Enterprises Ltd. SEO by vBSEO ©2008, Crawlability, Inc.