Previous Thread
Next Thread
Print Thread
Rate Thread
#6820 08/10/05 11:21 PM
Joined: May 2005
Posts: 15
G
Geek142 Offline OP
Junior Member
OP Offline
Junior Member
G
Joined: May 2005
Posts: 15
Hey Guys

Lately when i have been playing counterstrike i have been Opening the task manager and checking for porgrams i could close to stop little bits of lag and free up some of my ram. I see 2 process's called "iexplorer.exe" know i know that its internet explorer but the thing is i dont have it running. It is normally taking up 20,000 k As soon as i boot up its there. I have tried a adware scan aswell as a virus scan but still there. So i thought i would ask you guys before i go and get it reformatted. One thing to add is that i have tried to end the process but it just reappears.

Cheers

Geek


"Even the wisest of men still have something to learn"
#6821 08/11/05 12:02 AM
Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Offline
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
You ALWAYS have internet explorer running, it's integrated into windows now; it IS your file browser and it supposidly makes [censored] run easier... Close it, you'll crash and at times will blue screen... If you reformat it'll still run as it does now as it's integrated...

Want to do away with it? supposidly you can buy a special version of window$ without it due to the UK causing M$ to rethink practices; that's about all you'll be able to do unless you revert to Windows 98.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#6822 08/11/05 02:51 AM
Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
Offline
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
I have killed the iexplorer process before, but you allways have explorer. Same thing really. 20,000 is a bit high I average 15,000 to 10,000 for iexplorer. Here is an idea however.


Go to http://www.linuxiso.org/ download mandrake, redhat, slackware, what ever really and then go get wine http://www.winehq.com/, now you can kill tons of [censored] and have a much better faster system.

To fix the bugs in windows you have to get a real operating system. Windows has this virus, it takes up all of your RAM, it fills the hard drive with un needed stuff, it even updates its self, and once on your hard drive it takes over everything to a point where it can not work without it. Ummm hold up, never mind, that is windows its self.

#6823 08/11/05 03:30 AM
Joined: Sep 2002
Posts: 553
UGN Super Poster
Offline
UGN Super Poster
Joined: Sep 2002
Posts: 553
On my box (running Windows XP Professional), I never had a process called "iexplorer.exe" running all the time.

As far as I know when you start the browser, for each session a process called "IEXPLORE.EXE" starts (not "iexplorer.exe").

And the process that usually runs all the time is "explorer.exe" which is the default shell for Windows XP. Also you can kill it if you want too, without crashing the system (the desktop will dissapear but all the processes will keep on running), and you can start it again if you want to (from the task manager -> new task -> explorer.exe).

It can also be replaced all together with a different shell. I use BlackBox for Windows (http://bb4win.org).

As far as the process "iexplorer.exe" goes, in my opinion your computer is infected with a virus. There are many viruses/trojans that start this process. For a list visit this link and after you find out with what you're infected head over to Symantec and download the removal tool for the virus in case.

#6824 08/11/05 04:28 PM
Joined: Mar 2002
Posts: 815
S
nobody
Offline
nobody
S
Joined: Mar 2002
Posts: 815
Damn DG, you took the words right out of my mouth.

#6825 08/12/05 01:17 AM
Joined: Jun 2005
Posts: 24
A
Junior Member
Offline
Junior Member
A
Joined: Jun 2005
Posts: 24
No its not a virus its there the very second you boot windows for the first time. As far as i know gizmo is correct.

#6826 08/12/05 11:38 AM
Joined: Sep 2002
Posts: 553
UGN Super Poster
Offline
UGN Super Poster
Joined: Sep 2002
Posts: 553
There is no Windows legit process called "iexplorer.exe" that runs at startup. Search for "iexplorer.exe process" on Google and you'll see for yourself.

If you have it you're computer is probably infected with something (spyware/virus/trojan).

#6827 08/13/05 06:41 AM
Joined: May 2005
Posts: 15
G
Geek142 Offline OP
Junior Member
OP Offline
Junior Member
G
Joined: May 2005
Posts: 15
Would it clear things up if i took a screen shot so you could see exactly what is happening. And gizmo. I have never seen this process running before except for when i actually had Internet explorer open.


"Even the wisest of men still have something to learn"
#6828 08/13/05 06:44 AM
Joined: May 2005
Posts: 15
G
Geek142 Offline OP
Junior Member
OP Offline
Junior Member
G
Joined: May 2005
Posts: 15
Process File: iexplorer or iexplorer.exe
Process Name: RapidBlaster parasite

Description:
iexplorer.exe is the executable for a virus that is a variant of the RapidBlaster parasite that downloads and displays advertising from an Internet location. This process should be removed to ensure your personal privacy.

frown


"Even the wisest of men still have something to learn"
#6829 08/13/05 08:53 AM
Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
Offline
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
http://www.download.com/Ad-Aware-SE-Personal-Edit...ad-aware&subj=dl&tag=top5
http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html?tag=lst- 0-1
http://www.download.com/HijackThis/3000-8022_4-10379544.html?tag=lst-0-1


Download and install the first 2 links above. Run the updates then scan and remove any bad programs it lists.

Next download the third link, "scan only" your PC and export the log file. Copy and paste the results in here and I will take a look. Chances are you have more than this bad program. All you have is ad ware. It isn't a virus. It is just crapy money making scam ware. Just be glad your not infected with supersearch aka cool web search. that nasty piece of poop... anyway. adaware and spybot should kill most if not all bad progys you got.

They are both free too. as is hijack this. Oh might want to just in case down load and run CWS shredder. it will look for and remove most versions of CWS cool web search

#6830 08/15/05 11:15 PM
Joined: May 2005
Posts: 15
G
Geek142 Offline OP
Junior Member
OP Offline
Junior Member
G
Joined: May 2005
Posts: 15
Well I just ran a scan of adaware before i came to the site. Didnt pick it up. I have also kept adaware updated. I stay away from spybot. It caused my computer to need a reformatt because it deleted.... Um i forgot, something about it deleted the .exe extenion file type in folder options. Couldnt open any thing.

But ill have another go.


"Even the wisest of men still have something to learn"
#6831 08/15/05 11:16 PM
Joined: May 2005
Posts: 15
G
Geek142 Offline OP
Junior Member
OP Offline
Junior Member
G
Joined: May 2005
Posts: 15
Logfile of HijackThis v1.99.1
Scan saved at 7:25:46 AM, on 16/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\SLEE401.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\RAM Idle\RAM_XP.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\WindowsXP\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lockpicking101.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.141.76.229:8080
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {37DFCAD2-F49A-9F87-BDD2-5DD48E805C68} - C:\DOCUME~1\WINDOW~1\APPLIC~1\SOFTWA~1\1long.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Dumb File Locks Beep] C:\Documents and Settings\All Users\Application Data\Flaw Knob Dumb File\Joy Blah.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [SP2ConnPatcher] "C:\Program Files\SP2 Connection Patcher\sp2connpatcher.exe" -n=200
O4 - HKCU\..\Run: [This manager] C:\DOCUME~1\WINDOW~1\APPLIC~1\FORTRA~1\ownsmpegpoke.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://rick.viewnetcam.com/kxhcm10.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/...eb_site.cab?11 05004638572
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Steganos Live Encryption Engine (Version 401) [Service] (SLEE_401_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE401.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)


"Even the wisest of men still have something to learn"
#6832 08/16/05 12:11 AM
Joined: Jan 2005
Posts: 589
UGN Custodian
Offline
UGN Custodian
Joined: Jan 2005
Posts: 589
to quote j:
'stop double posting'
(unless u have that wierd problem i have occasionally where the server locks me out of my post)

just click on the edit/delete icon (third one from you left) and post on ur original post about a minute before.


Harry Potter Thread
if ur bored on the boards, get posting THERE!
#6833 08/16/05 07:45 AM
Joined: May 2005
Posts: 15
G
Geek142 Offline OP
Junior Member
OP Offline
Junior Member
G
Joined: May 2005
Posts: 15
Who is double posting?


"Even the wisest of men still have something to learn"
#6834 08/16/05 07:52 AM
Joined: Jan 2005
Posts: 589
UGN Custodian
Offline
UGN Custodian
Joined: Jan 2005
Posts: 589
Geek142:

your first post: posted 15-08-2005 03:15 PM
your double post: posted 15-08-2005 03:16 PM

u can edit ur post within 30mins of it being posted. (usually)


Harry Potter Thread
if ur bored on the boards, get posting THERE!
#6835 08/16/05 11:59 PM
Joined: May 2005
Posts: 15
G
Geek142 Offline OP
Junior Member
OP Offline
Junior Member
G
Joined: May 2005
Posts: 15
Ok, I am confused. They are both 2 different posts. The one at 03:16 PM was the log file of "hijackthis".
confused

Geek


"Even the wisest of men still have something to learn"

Link Copied to Clipboard
Member Spotlight
Phatal
Phatal
Houston, TX
Posts: 298
Joined: April 2004
Forum Statistics
Forums41
Topics33,840
Posts68,858
Average Daily Posts1
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Where and how do you torrent?
by danni75 - 03/01/24 05:58 AM
Animation,
by JohanKaariainen - 08/15/19 01:18 AM
Blackbeard.....
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Cyrez 1
Girlie 1
unreal 1
Crime 1
Powered by UBB.threads™ PHP Forum Software 7.7.5