iexplore.exe
Please support our Viruses, Spyware and other Nasties advertiser: Programming Forums
 |
iexplore.exe keeps coming up in my processes under a system file. When i'm playing games or just surfing i keep hearing the clicks like I'm browsing and on occasion I get some sort of news station that just automatically starts playing in the background with no warning. When I go into processes and shut down the iexplore.exe it stops the news audio immediately but the process comes right back into my list. Here is the Hijackthis log. Any help would be greatly appreciated.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:40:01 PM, on 11/22/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\Ventrilo\Ventrilo.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispat...=%s&tbid=60283 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bellsouth.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.citycompserv.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file) O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Intelinet] C:\Program Files\Intelinet\Intelinet.exe O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O8 - Extra context menu item: Crawler Search - tbr:iemenu O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Helpdesk - {8341FC33-CCAF-4AA2-ACCF-AD62EC0254E2} - http://www.citycompserv.com/helpdesk/CCSHelpDesk.exe (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.citycompserv.com O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/s...rInstaller.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - http://pbells.broadjump.com/wizlet/S...ller_4-2-0.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file) O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe -- End of file - 4736 bytes
Last edited by jbennet : Nov 22nd, 2008 at 6:02 pm. Reason: tags
Seems clean to me, but im not too great an expert on this sort of thing.
Master of puppets Im pulling your strings - blinded by me, you cant see a thing. Master! Master!
If i am helpful, please give me reputation points.
If i am helpful, please give me reputation points.
iexplorer.exe is internet explorer process.
And everything seems clean to me
And everything seems clean to me
Cohen's Website | About Cohen | Contact Cohen
If you would like assistants, pls do not PM me, post it in the appropriate area, and i'll be happy to help.
If you would like assistants, pls do not PM me, post it in the appropriate area, and i'll be happy to help.
•
•
•
•
Originally Posted by cohen 
iexplorer.exe is internet explorer process.
And everything seems clean to me
wrong wrong wrong.
iexplore.exe is internet explorer
iexplorer.exe is malware
Im a bit worried your IE may be spyware as the log says
"C:\Program Files\Internet Explorer\Iexplore.exe"
With a capital I.
Check the process list unser taskmager, it should have a lowecase i if its the real one
Last edited by jbennet : Nov 25th, 2008 at 3:32 am.
Master of puppets Im pulling your strings - blinded by me, you cant see a thing. Master! Master!
If i am helpful, please give me reputation points.
If i am helpful, please give me reputation points.
Run hijackthis and hit the Open the Misc Tools Section and then the Open Uninstall Manager.
Then hit the Save List button. Save to the desktop for easy access. Open the log file and copy the entire list and paste it here please.
===========
Copy the bold text below and paste it into notepad. Save it to your desktop as find.bat and make sure type is set to All Files.
cd\
cd Program Files
DIR /AD /B /P > ProgramFiles.txt
start ProgramFiles.txt
cls
exit
Double click find.bat and let it run for a minute. It will open up a report in notepad. Please copy that text and post it here in your next reply.
Then hit the Save List button. Save to the desktop for easy access. Open the log file and copy the entire list and paste it here please.
===========
Copy the bold text below and paste it into notepad. Save it to your desktop as find.bat and make sure type is set to All Files.
cd\
cd Program Files
DIR /AD /B /P > ProgramFiles.txt
start ProgramFiles.txt
cls
exit
Double click find.bat and let it run for a minute. It will open up a report in notepad. Please copy that text and post it here in your next reply.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help, (I will ignore you if you do). Instead, post in the public forum where others may benefit.
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help, (I will ignore you if you do). Instead, post in the public forum where others may benefit.
|
Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
- How do I get rid of the IEXPLORE.EXE virus? (Viruses, Spyware and other Nasties)
- Multiple iexplore.exe and multiple symantec email proxy warnings (Viruses, Spyware and other Nasties)
- unclosable process firefox.exe or iexplore.exe (Viruses, Spyware and other Nasties)
- ERROR C:\PROGRA~1\INTERN~1\iexplore.exe (Viruses, Spyware and other Nasties)
- iexplore.exe keeps showing up help! (Windows NT / 2000 / XP / 2003)
- Help in error:IEXPLORE.EXE - Application Error (Web Browsers)
- iexplore.exe; rundll32.exe; HiJackThis Log Posted - Please help (Viruses, Spyware and other Nasties)
- Iexplore.exe application failed?? (Web Browsers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Help removing suspected adware/virus etc.
- Next Thread: need help? post here.. easier for me to see
•
•
•
•
Views: 1807 | Replies: 5 | Currently Viewing: 1 (0 members and 1 guests)
Linear Mode
