1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Another iexplore.exe problem

Discussion in 'Virus & Other Malware Removal' started by not_my_ip, Oct 16, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. not_my_ip

    not_my_ip Thread Starter

    Joined:
    Oct 16, 2008
    Messages:
    4
    Hello,

    I have a problem with a friend's laptops (IBM T42)

    In task manager just after start there are 2 instance s of iexplore.exe, just after fresh reboot and they just stay there. If I end process it come up again. Of course the browser do not appear, so I suspect it is some kind of malware. Other thing is Wireless network card can't connect to any wirelss network - acquiring network address all the time and doesn't go any further. I tried using IBm software and windows build in to connect - no effect.

    I checked with free avg, ad-aware, superanti spyware - last one detected adware.lop and removed it - but nothing has changed.

    So basicly Im out of ideas so decided to shout for help here. I hope you can find whats wrong in this log.

    Laptop is running Windows XP Pro, SP2
    Thanks in advance

    Oh forgot to add. I have run SDFix already, no trojans
     

    Attached Files:

  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!


    Please update your version of HJT.
    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.


    Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
    1. Close any open browsers.
    2. If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
    3. Open the OTScanit folder and double-click on OTScanit.exe to start the program.
    4. In Additional Scans section put a check in BotCheck and Disabled MS Config Items and EventViewer Errors/Warnings
    5. Now click the Run Scan button on the toolbar.
    6. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    7. When the scan is complete Notepad will open with the report file loaded in it.
    8. Save that notepad file
    If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  3. not_my_ip

    not_my_ip Thread Starter

    Joined:
    Oct 16, 2008
    Messages:
    4
    Thanks for reply cybertech,

    Both scans here, I hope you can find something in there.

    Hope to hear from you soon.
     

    Attached Files:

  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says Paste fix here and then click the Run Fix button.


    Code:
    [Kill Explorer]
    [Registry - Non-Microsoft Only]
    < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YY -> Test Math -> %AppData%\oneholeactive\Multi Acid Wma.exe [C:\DOCUME~1\IBMUSE~1\APPLIC~1\ONEHOL~1\Multi Acid Wma.exe]
    [Files/Folders - Created Within 30 days]
    NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
    NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    NY -> AC3D1B49918A9285.job -> %SystemRoot%\tasks\AC3D1B49918A9285.job
    [Empty Temp Folders]
    [Start Explorer]
    [Reboot]
    

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.
    Post that information back here.

    I will review the information when it comes back in.

    Post a new hijackthis log and let me know if there are still problems.
     
  5. not_my_ip

    not_my_ip Thread Starter

    Joined:
    Oct 16, 2008
    Messages:
    4
    Hi again cybertech

    Thanks for reply, I did all the steps, log from OTScanIt:
    Code:
    Explorer killed successfully
    [Registry - Non-Microsoft Only]
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Test Math deleted successfully.
    File C:\Documents and Settings\IBM USER\Application Data\oneholeactive\Multi Acid Wma.exe not found.
    [Files/Folders - Created Within 30 days]
    File C:\WINDOWS\tasks\AC3D1B49918A9285.job not found!
    [Empty Temp Folders]
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    FireFox cache emptied.
    RecycleBin -> emptied.
    Explorer started successfully
    < End of fix log >
    OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 10212008_120125
    
    Files moved on Reboot...
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    
    After this one one of iexplore.exe processes was killed and do not show up at start, but still have one running (taking 50MB of memory). When Laptops starts this process takes quite a lot of CPU power and than it goes silent to 0% of CPU.
    I have run HijackThis and I will attached log.
    I hope you can see something in there.
    Cheers for help so far
     

    Attached Files:

  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O4 - HKLM\..\Run: [Trans Mapi Coal Software] C:\Documents and Settings\All Users\Application Data\FLAG GLUE TRANS MAPI\Media bore.exe

    Close all applications and browser windows before you click "fix checked".



    Please download OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    • Return to OTMoveIt2, right click in the "Paste Custom List Of Files/Patterns To Move" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt2
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
     
  7. not_my_ip

    not_my_ip Thread Starter

    Joined:
    Oct 16, 2008
    Messages:
    4
    Morning !

    I think it is sorted now, log from OTMoveIT does not say much:
    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10222008_082640

    I will attach HijackThis log, just in case. I will mark as solved, as laptop works much better now and windows logs in faster aswell

    Thank you very much for your help
     

    Attached Files:

  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Looks fine now.

    • Make sure you have an Internet Connection.
    • Double-click OTMoveIt2.exe to run it.
    • Click on the CleanUp! button
    • A list of tool components used in the Cleanup of malware will be downloaded.
    • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
    • Click Yes to beging the Cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

    You're welcome!
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Another iexplore
  1. BrianJones5
    Replies:
    0
    Views:
    443
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/759700

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice