| View previous topic :: View next topic |
| Author |
Message |
Drkgodz
Flash moderator
 Reputation: 2
Joined: 17 Jul 2006
Posts: 2997
Location: Houston
|
 Posted: Sun Aug 02, 2009 1:40 am Post subject: C:\Windows\Explorer.exe |
 |
|
It's acting very weird.
Whenever I start up my computer, there are multiple instances of the process. And they show up as iexplorer.exe. However when I check to see what file iexplorer.exe is, it says it's C:\Windows\EXPLORER.exe.
So what's up with that?
I checked my registry to see if that's what's causing it to run multiple instances but I found nothing.
_________________
|
|
| Back to top |
|
 |
Haswell
Grandmaster Cheater
![]() Reputation: 10
Joined: 24 Nov 2007
Posts: 703
|
| Posted: Sun Aug 02, 2009 1:46 am Post subject: |
|
|
iexplore.exe is IE. iexplorer.exe, however, is not, neither is it explorer.exe.
Run a virus scan to be safe. Might just be a trojan or ad-ware.
|
|
| Back to top |
|
|
Hero
I'm a spammer
 Reputation: 79
Joined: 16 Sep 2006
Posts: 7154
|
| Posted: Sun Aug 02, 2009 5:17 am Post subject: |
|
|
Remove the iexplorer.exe processes.
explorer.exe = your pcs shell (icons, start bar, etc)
Iexplore.exe = IE 6-8
After you end the bad processes go to start>run>msconfig
go to start up and remove iexplorer from the list if its there. After that do a virus scan.
|
|
| Back to top |
|
|
Mozilla Firefox
Grandmaster Cheater Supreme
 Reputation: 0
Joined: 06 Feb 2007
Posts: 1250
|
| Posted: Sun Aug 02, 2009 7:09 am Post subject: |
|
|
| Post a HijackThis log here, Drk.
|
|
| Back to top |
|
|
Luigi
Grandmaster Cheater Supreme
 Reputation: 1
Joined: 24 Mar 2008
Posts: 1082
|
| Posted: Sun Aug 02, 2009 6:35 pm Post subject: |
|
|
What exclusive said.
Also what Freelancer said.
I had the same problem (like I do with everyone else). I just ended the process tree, and it came back after a bit...
A HijackThis log would help a lot.
|
|
| Back to top |
|
|
Cryoma
Member of the Year
![]() Reputation: 198
Joined: 14 Jan 2009
Posts: 1819
|
| Posted: Sun Aug 02, 2009 6:40 pm Post subject: |
|
|
Obviously spyware.
Also see if you have or get a startup manager tool.
|
|
| Back to top |
|
|
Drkgodz
Flash moderator
Reputation: 2
Joined: 17 Jul 2006
Posts: 2997
Location: Houston
|
| Posted: Sun Aug 02, 2009 7:31 pm Post subject: |
|
|
| Code: | Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:46 PM, on 8/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox 3.5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5656
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O4 - HKLM\..\Run: [] \
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O20 - Winlogon Notify: vtUopNGa - vtUopNGa.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5090 bytes
|
This log shows why my IExplorer doesn't work half the time. Some virus set the proxy server to localhost. =|
I don't use Internet Explorer though so I don't mind.
I've fixed this problem multiple times but it keeps on getting reset to localhost.
_________________
|
|
| Back to top |
|
|
Haswell
Grandmaster Cheater
![]() Reputation: 10
Joined: 24 Nov 2007
Posts: 703
|
| Posted: Sun Aug 02, 2009 7:38 pm Post subject: |
|
|
Seems like the iexplore.exe is legit...
iexplore.exe should not autorun during bootup. Try clearing your startup list of programs.
Also, what's this?
| Code: | R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5656
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local |
|
|
| Back to top |
|
|
Luigi
Grandmaster Cheater Supreme
Reputation: 1
Joined: 24 Mar 2008
Posts: 1082
|
| Posted: Sun Aug 02, 2009 7:38 pm Post subject: |
|
|
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Big duh there.
Don't take my word for it but...
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
I think I had that once (When I was an IEfag) and made a bunch come up.
Also, can you remove code tags? Easier on my eyes 
| http://www.computing.net/answers/security/iexploreexe-running-in-background/20550.html wrote: | | Ive tried ending the task, but then another copy of the program immediaetly replaces it.. |
Is that part of your problem?
The same person also said
| Quote: | | no worries... problem solved, Windows Defender finally found and removed the spyware! hoorah! |
|
|
| Back to top |
|
|
Drkgodz
Flash moderator
Reputation: 2
Joined: 17 Jul 2006
Posts: 2997
Location: Houston
|
| Posted: Sun Aug 02, 2009 7:57 pm Post subject: |
|
|
| Quote: | Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:46 PM, on 8/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox 3.5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5656
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O4 - HKLM\..\Run: [] \
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O20 - Winlogon Notify: vtUopNGa - vtUopNGa.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5090 bytes |
I am going to try Windows Defender.
Also I ended one IEXPLORER.exe task and it seemed like it got replaced. Then I tried ending another one, and all of them closed down immediately.
A symptom of this virus is IE settings for proxy being changed to 127.0.0.1:5656
EDIT:
Windows Defender Installer gave me an error trying to install.
I did find an article that seems to have the solution. I am going to try it right now:
http://dly.free.fr/site/spip.php?article2
_________________
|
|
| Back to top |
|
|
Luigi
Grandmaster Cheater Supreme
Reputation: 1
Joined: 24 Mar 2008
Posts: 1082
|
| Posted: Sun Aug 02, 2009 8:09 pm Post subject: |
|
|
| Drkgodz wrote: | | Quote: | | Deleted long quote |
I am going to try Windows Defender.
Also I ended one IEXPLORER.exe task and it seemed like it got replaced. Then I tried ending another one, and all of them closed down immediately.
A symptom of this virus is IE settings for proxy being changed to 127.0.0.1:5656 |
Good luck.
And I would keep windows defender. Although detection rate is not the best, it still removes some common problems in windows (microsoft would know, right?)
|
|
| Back to top |
|
|
Drkgodz
Flash moderator
Reputation: 2
Joined: 17 Jul 2006
Posts: 2997
Location: Houston
|
| Posted: Sun Aug 02, 2009 8:11 pm Post subject: |
|
|
| Luigi wrote: | | Drkgodz wrote: | | Quote: | | Deleted long quote |
I am going to try Windows Defender.
Also I ended one IEXPLORER.exe task and it seemed like it got replaced. Then I tried ending another one, and all of them closed down immediately.
A symptom of this virus is IE settings for proxy being changed to 127.0.0.1:5656 |
Good luck.
And I would keep windows defender. Although detection rate is not the best, it still removes some common problems in windows (microsoft would know, right?) |
I just wish there was a way to uninstall IE...sigh.
Apparently the problem is a DLL that is registered to be ran on startup which creates the iexplorer.exe process.
_________________
|
|
| Back to top |
|
|
Haswell
Grandmaster Cheater
![]() Reputation: 10
Joined: 24 Nov 2007
Posts: 703
|
| Posted: Sun Aug 02, 2009 8:16 pm Post subject: |
|
|
| You might as well delete the folder in Program Files and hunt down the registry strings. There will be a lot of stuff left in WINDOWS though.
|
|
| Back to top |
|
|
Luigi
Grandmaster Cheater Supreme
Reputation: 1
Joined: 24 Mar 2008
Posts: 1082
|
| Posted: Sun Aug 02, 2009 8:17 pm Post subject: |
|
|
| Drkgodz wrote: | | Luigi wrote: | | Drkgodz wrote: | | Quote: | | Deleted long quote |
I am going to try Windows Defender.
Also I ended one IEXPLORER.exe task and it seemed like it got replaced. Then I tried ending another one, and all of them closed down immediately.
A symptom of this virus is IE settings for proxy being changed to 127.0.0.1:5656 |
Good luck.
And I would keep windows defender. Although detection rate is not the best, it still removes some common problems in windows (microsoft would know, right?) |
I just wish there was a way to uninstall IE...sigh.
Apparently the problem is a DLL that is registered to be ran on startup which creates the iexplorer.exe process. |
There are ways to get rid of it, but (correct me if I am wrong) I think windows somehow relies on IE... same with windows updates (damn you microsoft).
And the DLL, do you know if you need it? If you don't just unregister, back it up somewhere (just in case) and delete.
|
|
| Back to top |
|
|
Drkgodz
Flash moderator
Reputation: 2
Joined: 17 Jul 2006
Posts: 2997
Location: Houston
|
| Posted: Sun Aug 02, 2009 8:30 pm Post subject: |
|
|
Yes. Windows relies on iexplorer. For example, many installers and programs use IExplorer to connect to the internet.
I tried installing A-squared but it needed internet connection to register or something. However it uses IE to connect to the internet, and IE doesn't work. So I couldn't use A-Squared.
I tried Autoruns to find the DLL discussed in the article, but I couldn't find it.
I am so confused.
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
