PDA

View Full Version : Multiple Instances of Iexplore.exe - Need help bad



MHJeff06
2007-01-18, 15:07
Okay I have 2 instances of IEXPLORE.EXE running in my task manager, slowing my computer down badly. I honestly dont even know where to start with this so Ill just post a log.

Logfile of HijackThis v1.99.1
Scan saved at 7:07:41 AM, on 1/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\NOMAD Jukebox Zen\PlayCenter2\CTNMRUN.EXE
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Ikarus\GuardNT\GuardNT.exe
C:\Ikarus\VuWNT\VuW32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [Guard NT] C:\Ikarus\GuardNT\GuardNT.exe /STARTDLG /CPYTOKEN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\NOMAD Jukebox Zen\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [FileView] C:\DOCUME~1\Jeff\APPLIC~1\UPFIRS~1\Realgreat.exe
O4 - HKCU\..\RunOnce: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Guard NT - Ikarus Software Wien - C:\Ikarus\GuardNT\GuardNT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

shelf life
2007-01-19, 04:13
hi MHJeff06,

looks like some of the hjt log is missing. i dont see antivirus in log, you have one?
try this:
-----------------------
go to start, run and type in >>services.msc<<
windows service panel will open, under the name column look for this service:
Guard NT
right click, select properties and under the general tab make sure service is stopped and startup is disabled.

next:
run hijackthis, close all windows, put a check next to these items then click the Fix Checked button

O4 - HKLM\..\Run: [Guard NT] C:\Ikarus\GuardNT\GuardNT.exe /STARTDLG /CPYTOKEN

next:
look in your C: drive for a folder called Ikarus and delete it.
------------------------
you have any idea what this is?
Realgreat.exe

located here:
C:\DOCUME~1\Jeff\APPLIC~1\UPFIRS~1

if you dont recognize it i would delete it.
------------------------------
reboot once and post a new hjt log. you need antivirus software?

shelf life

tashi
2007-01-25, 08:25
This topic is closed due to lack of a response to helper, :sad: if you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.