Windows 7: IE9 opening random instances, possibly triggered by Java?

Hi all,

First post on these forums. I have a really weird issue I am trying to diagnose for a few months now.... at random times I will get flooded with IE windows opening up. It could be while browsing or even if the computer is idle. Sometimes it has gotten to the point it floods my system until it screeches to a halt. And now I am certain it is NOT spyware because I have done the following things:

- Scanned with 5 different antivirus and anti-malware packages
- Checked hijack this for suspicious activity
- Ran numerous memory checks
- Ran the system with minimal applications
- I've built a new computer and this reoccurs!


On my new machine, I finally installed Java for an application that required it and this issue reoccured while I was asleep. I had no issues since the system has been up and running. Only when I installed Java. However, I noticed the issue occurs if IE is open, so the browser does not open by itself but opens more Windows. I scramble to stop it, usually task manager will let me kill all processes and it might stop it. The behavior is very malware like, but I've ruled it out at this point.

My solution to this problem was disabling Java, but it should be enabled. What is the cause of this issue or what can I do to fix it?

you very possibly have malware.

Before I continue, your specs do not indicate Win 7 SP1.

Do you have sp 1 installed? Yes or No.

Yep, all the latest updates to this week for all drivers and software. This issue has been persisting for a while.

Please carry out the following:

# **********************INSTRUCTIONS**************************
# STEP 1 ** RUN POWERSHELL AS ADMINISTRATOR ******************
# ************************************************************
#
# WIN key | type POWERSHELL | do NOT hit ENTER |
# in the PROGRAMS list, right-click on WINDOWS POWERSHELL |
# choose "Run as administrator" |
# Click on the YES button (if such appears)
#
# WIN key = key with Microsoft log on top
#
# for the guru:
# WIN | type POWERSHELL | CTRL+SHIFT+ENTER key combo | ALT+Y keycombo
# ************************************************************
# STEP 2 ** COPY AND PASTE ***********************************
# ************************************************************
#
# COPY the script using CTRL+C,
# COPY every line of script down thru both EXIT statements
#
# PASTE into Powershell
#----Right-Click at the PowerShell Prompt
#----(Ctrl+V does not work)
#
# Start copying with first script line without a # at start of the line
# Note: Actually, you can paste the entire file if you rather
#-------Lines starting with a # are ignored by PowerShell
# ************************************************************
# STEP 3 ** SCRIPT OUTPUT & SCRIPT PURPOSE *******************
# ************************************************************
# --The script output and purpose is given at the very front of the script
#
# --The script output and purpose is given at the very front of the script
#
# ************************************************************
# ***************** NOTE - POWERSHELL VERSION*****************
# if you receive this error msg:
#--The system can not find the path specified
# you may need to update your PowerShell
# you must be using Powershell 2.0 or later.
#
# To determine your Powershell version:
#---Run PowerShell
#---enter $host.version
#---you should see at least:
# Major Minor Build Revision
# ----- ----- ----- --------
# 2......0......-1.....-1
#
# If you do not see the above, update your Vista/Win 7.
# ************************************************************
# *************** NOTE - EXECUTION POLICY*********************
# If you haven't set the execution policy, you may need to:
#---Run PowerShell
#---enter SET-EXECUTIONPOLICY -EXECUTIONPOLICY REMOTESIGNED
# ************************************************************


==================================================
Select all of that script then use Ctrl + C to copy. Then you can just right-click in Powershell to paste it in.

As I said before, I have run numerous scans on every single drive with 5 different pieces of software such as Nod32, MSE, Combofix, Malwarebytes, Superantispyare, Spybot. Not one threat came up, so I am PRETTY sure there is no malware. I have also monitored abnormal processes when it occurs, and it's only iexplore.exe with multiple instances, and maybe a few conhost.exe instances (nothing abnormal). Again, I stress since Java has been disabled this is not occuring.

Here's my powershell script output


###################### BIOS ####################### : ****************************************************************
***************
BIOS Name : BIOS Date: 05/24/12 14:37:18 Ver: 12.03
BIOS Manufacturer : American Megatrends Inc.
BIOS Release Date : 23/05/2012 8:00:00 PM
BIOS Serial Number : System Serial Number
################# COMPUTER SYSTEM ################## : ****************************************************************
***************
COMPUTER SYSTEM Manufacturer : System manufacturer
COMPUTER SYSTEM Model : System Product Name
COMPUTER SYSTEM Primary Owner : Summet
COMPUTER SYSTEM Type : x64-based PC
COMPUTER SYSTEM Total Memory : 32 GB
COMPUTER SYSTEM User Name : Summet-PC\Summet
COMPUTER SYSTEM Product Name : System Product Name
COMPUTER SYSTEM Version : System Version
COMPUTER SYSTEM Identifying Number : System Serial Number
COMPUTER SYSTEM Vendor : System manufacturer
OS BUILD Build version : 7601.17514
BOOT CONFIGURATION Boot Directory : C:\Windows
BOOT CONFIGURATION Last Drive : I:
MOTHERBOARD Manufacturer : ASUSTeK COMPUTER INC.
MOTHERBOARD Product Type : P9X79 DELUXE
MOTHERBOARD Serial Number :
WIN Build Number : 7601
WIN OS Version : Microsoft Windows 7 Ultimate
WIN Country Code : 2
WIN Install Date : 07/07/2012 10:35:52 PM
WIN Computer System Name : SUMMET-PC
WIN Last Bootup : 18/07/2012 7:14:07 PM
WIN OS Architecture : 64-bit
WIN Registered User : Summet
WIN Product ID :
WIN Service Pack Version : 1
CPU Current Core Speed : 3201 MHz
CPU Current Voltage : 10
CPU External Clock : 100
CPU Max. Clock Speed : 3201 MHz
CPU Manufacturer : GenuineIntel
CPU Name : Intel(R) Core(TM) i7-3930K CPU @ 3.20GHz
CPU Description : Intel64 Family 6 Model 45 Stepping 7
CPU version :
CPU Number of Cores per CPU : 6
CPU Number of Logical Processors : 12
CPU Socket Designation : LGA2011
###################### DISK 1 ###################### : ****************************************************************
***************
DISK 1 Model : ST3640323AS ATA Device
DISK 1 Size : 596 GB
DISK 1 Status : OK
DISK 1 Capabilities : {Random Access, Supports Writing}
DISK 1 Interface Type : IDE
DISK 1 Partitions : 1
DISK 1 Bytespersector : 512
DISK 1 Sectors per track : 63
DISK 1 Firmware revision : SD13
DISK 1 Device ID : \\.\PHYSICALDRIVE0
DISK 1 PNP Device ID : IDE\DISKST3640323AS_____________________________SD13____\6&39FFB
3C8&0&0.0.0
###################### DISK 2 ###################### : ****************************************************************
***************
DISK 2 Model : ATA INTEL SSDSC2CW18 SCSI Disk Device
DISK 2 Size : 168 GB
DISK 2 Status : OK
DISK 2 Capabilities : {Random Access, Supports Writing}
DISK 2 Interface Type : SCSI
DISK 2 Partitions : 2
DISK 2 Bytespersector : 512
DISK 2 Sectors per track : 63
DISK 2 Firmware revision : 400i
DISK 2 Device ID : \\.\PHYSICALDRIVE1
DISK 2 PNP Device ID : SCSI\DISK&VEN_ATA&PROD_INTEL_SSDSC2CW18\4&2A9518A8&0&000000
###################### DISK 3 ###################### : ****************************************************************
***************
DISK 3 Model : ATA ST3640323AS SCSI Disk Device
DISK 3 Size : 596 GB
DISK 3 Status : OK
DISK 3 Capabilities : {Random Access, Supports Writing}
DISK 3 Interface Type : SCSI
DISK 3 Partitions : 1
DISK 3 Bytespersector : 512
DISK 3 Sectors per track : 63
DISK 3 Firmware revision : SD13
DISK 3 Device ID : \\.\PHYSICALDRIVE2
DISK 3 PNP Device ID : SCSI\DISK&VEN_ATA&PROD_ST3640323AS\4&2A9518A8&0&010000
################## DISK VOLUME 1 ################### : ****************************************************************
***************
DISK VOLUME 1 Caption : D:\
DISK VOLUME 1 Drive Letter : D:
DISK VOLUME 1 Label : Local Disk (Data)
DISK VOLUME 1 Capacity : 596 GB
DISK VOLUME 1 Free Space : 249 GB
DISK VOLUME 1 Volume Type : Partition
DISK VOLUME 1 Boot Volume : False
DISK VOLUME 1 System Volume : False
DISK VOLUME 1 Compressed : False
DISK VOLUME 1 Serial Number : 3730156393
DISK VOLUME 1 File System : NTFS
DISK VOLUME 1 Block Size : 4096
DISK VOLUME 1 Indexing Enabled : True
DISK VOLUME 1 Auto Mount : True
DISK VOLUME 1 Dirty Bit Set :
################## DISK VOLUME 2 ################### : ****************************************************************
***************
DISK VOLUME 2 Caption : C:\
DISK VOLUME 2 Drive Letter : C:
DISK VOLUME 2 Label :
DISK VOLUME 2 Capacity : 167 GB
DISK VOLUME 2 Free Space : 48 GB
DISK VOLUME 2 Volume Type : Partition
DISK VOLUME 2 Boot Volume : True
DISK VOLUME 2 System Volume : False
DISK VOLUME 2 Compressed : False
DISK VOLUME 2 Serial Number :
DISK VOLUME 2 File System : NTFS
DISK VOLUME 2 Block Size : 4096
DISK VOLUME 2 Indexing Enabled : True
DISK VOLUME 2 Auto Mount : True
DISK VOLUME 2 Dirty Bit Set :
################## DISK VOLUME 3 ################### : ****************************************************************
***************
DISK VOLUME 3 Caption : E:\
DISK VOLUME 3 Drive Letter : E:
DISK VOLUME 3 Label : Local Disk (Media)
DISK VOLUME 3 Capacity : 596 GB
DISK VOLUME 3 Free Space : 124 GB
DISK VOLUME 3 Volume Type : Partition
DISK VOLUME 3 Boot Volume : False
DISK VOLUME 3 System Volume : False
DISK VOLUME 3 Compressed : False
DISK VOLUME 3 Serial Number :
DISK VOLUME 3 File System : NTFS
DISK VOLUME 3 Block Size : 4096
DISK VOLUME 3 Indexing Enabled : True
DISK VOLUME 3 Auto Mount : True
DISK VOLUME 3 Dirty Bit Set :
################## DISK VOLUME 4 ################### : ****************************************************************
***************
DISK VOLUME 4 Caption : H:\
DISK VOLUME 4 Drive Letter : H:
DISK VOLUME 4 Label :
DISK VOLUME 4 Capacity : 0 GB
DISK VOLUME 4 Free Space : 0 GB
DISK VOLUME 4 Volume Type : CDROM
DISK VOLUME 4 Boot Volume :
DISK VOLUME 4 System Volume :
DISK VOLUME 4 Compressed :
DISK VOLUME 4 Serial Number :
DISK VOLUME 4 File System :
DISK VOLUME 4 Block Size :
DISK VOLUME 4 Indexing Enabled :
DISK VOLUME 4 Auto Mount : True
DISK VOLUME 4 Dirty Bit Set :
################## DISK VOLUME 5 ################### : ****************************************************************
***************
DISK VOLUME 5 Caption : I:\
DISK VOLUME 5 Drive Letter : I:
DISK VOLUME 5 Label :
DISK VOLUME 5 Capacity : 0 GB
DISK VOLUME 5 Free Space : 0 GB
DISK VOLUME 5 Volume Type : CDROM
DISK VOLUME 5 Boot Volume :
DISK VOLUME 5 System Volume :
DISK VOLUME 5 Compressed :
DISK VOLUME 5 Serial Number :
DISK VOLUME 5 File System :
DISK VOLUME 5 Block Size :
DISK VOLUME 5 Indexing Enabled :
DISK VOLUME 5 Auto Mount : True
DISK VOLUME 5 Dirty Bit Set :
################## DISK VOLUME 6 ################### : ****************************************************************
***************
DISK VOLUME 6 Caption : F:\
DISK VOLUME 6 Drive Letter : F:
DISK VOLUME 6 Label : Sonic Generation
DISK VOLUME 6 Capacity : 8 GB
DISK VOLUME 6 Free Space : 0 GB
DISK VOLUME 6 Volume Type : CDROM
DISK VOLUME 6 Boot Volume : False
DISK VOLUME 6 System Volume : False
DISK VOLUME 6 Compressed :
DISK VOLUME 6 Serial Number :
DISK VOLUME 6 File System : CDFS
DISK VOLUME 6 Block Size : 2048
DISK VOLUME 6 Indexing Enabled :
DISK VOLUME 6 Auto Mount : True
DISK VOLUME 6 Dirty Bit Set : False
############## PHYSICAL MEMORY ARRAY ############### : ****************************************************************
***************
Maximum Memory Capacity : 512 GB
Number of Memory Devices : 8
################ PHYSICAL MEMORY 1 ################# : ****************************************************************
***************
PHYSICAL MEMORY 1 Bank Label : ChannelA
PHYSICAL MEMORY 1 Capacity : 8 GB
PHYSICAL MEMORY 1 Data Width : 64
PHYSICAL MEMORY 1 Speed : 1600
PHYSICAL MEMORY 1 Description : Physical Memory
PHYSICAL MEMORY 1 Tag : Physical Memory 0
PHYSICAL MEMORY 1 Device Locator : ChannelA_Dimm1
PHYSICAL MEMORY 1 Manufacturer : Corsair
PHYSICAL MEMORY 1 Part Number : CML16GX3M2A1600C1
PHYSICAL MEMORY 1 Serial Number : 00000000
################ PHYSICAL MEMORY 2 ################# : ****************************************************************
***************
PHYSICAL MEMORY 2 Bank Label : ChannelB
PHYSICAL MEMORY 2 Capacity : 8 GB
PHYSICAL MEMORY 2 Data Width : 64
PHYSICAL MEMORY 2 Speed : 1600
PHYSICAL MEMORY 2 Description : Physical Memory
PHYSICAL MEMORY 2 Tag : Physical Memory 2
PHYSICAL MEMORY 2 Device Locator : ChannelB_Dimm1
PHYSICAL MEMORY 2 Manufacturer : Corsair
PHYSICAL MEMORY 2 Part Number : CML16GX3M2A1600C1
PHYSICAL MEMORY 2 Serial Number : 00000000
################ PHYSICAL MEMORY 3 ################# : ****************************************************************
***************
PHYSICAL MEMORY 3 Bank Label : ChannelC
PHYSICAL MEMORY 3 Capacity : 8 GB
PHYSICAL MEMORY 3 Data Width : 64
PHYSICAL MEMORY 3 Speed : 1600
PHYSICAL MEMORY 3 Description : Physical Memory
PHYSICAL MEMORY 3 Tag : Physical Memory 4
PHYSICAL MEMORY 3 Device Locator : ChannelC_Dimm1
PHYSICAL MEMORY 3 Manufacturer : Corsair
PHYSICAL MEMORY 3 Part Number : CML16GX3M2A1600C1
PHYSICAL MEMORY 3 Serial Number : 00000000
################ PHYSICAL MEMORY 4 ################# : ****************************************************************
***************
PHYSICAL MEMORY 4 Bank Label : ChannelD
PHYSICAL MEMORY 4 Capacity : 8 GB
PHYSICAL MEMORY 4 Data Width : 64
PHYSICAL MEMORY 4 Speed : 1600
PHYSICAL MEMORY 4 Description : Physical Memory
PHYSICAL MEMORY 4 Tag : Physical Memory 6
PHYSICAL MEMORY 4 Device Locator : ChannelD_Dimm1
PHYSICAL MEMORY 4 Manufacturer : Corsair
PHYSICAL MEMORY 4 Part Number : CML16GX3M2A1600C1
PHYSICAL MEMORY 4 Serial Number : 00000000
################## CACHE MEMORY 1 ################## : ****************************************************************
***************
CACHE MEMORY 1 Name : Cache Memory
CACHE MEMORY 1 Device ID : Cache Memory 0
CACHE MEMORY 1 Purpose : L1-Cache
CACHE MEMORY 1 Block Size : 1024
CACHE MEMORY 1 Installed Size : 32
CACHE MEMORY 1 Max Cache Size : 32
CACHE MEMORY 1 Number of Blocks : 32
CACHE MEMORY 1 Status : OK
################## CACHE MEMORY 2 ################## : ****************************************************************
***************
CACHE MEMORY 2 Name : Cache Memory
CACHE MEMORY 2 Device ID : Cache Memory 1
CACHE MEMORY 2 Purpose : L2-Cache
CACHE MEMORY 2 Block Size : 1024
CACHE MEMORY 2 Installed Size : 256
CACHE MEMORY 2 Max Cache Size : 256
CACHE MEMORY 2 Number of Blocks : 256
CACHE MEMORY 2 Status : OK
################## CACHE MEMORY 3 ################## : ****************************************************************
***************
CACHE MEMORY 3 Name : Cache Memory
CACHE MEMORY 3 Device ID : Cache Memory 2
CACHE MEMORY 3 Purpose : L3-Cache
CACHE MEMORY 3 Block Size : 1024
CACHE MEMORY 3 Installed Size : 12288
CACHE MEMORY 3 Max Cache Size : 12288
CACHE MEMORY 3 Number of Blocks : 12288
CACHE MEMORY 3 Status : OK
################## MEMORY ARRAY ################### : ****************************************************************
***************
MEMORY ARRAY Description : Memory Array
MEMORY ARRAY Device ID : Memory Array 0
MEMORY ARRAY Starting Address : 0
MEMORY ARRAY Ending Address : 33554431
################# MEMORY DEVICE 1 ################## : ****************************************************************
***************
MEMORY DEVICE 1 Description : Memory Device
MEMORY DEVICE 1 Device ID : Memory Device 0
MEMORY DEVICE 1 Starting Address : 0
MEMORY DEVICE 1 Ending Address : 8388607
################# MEMORY DEVICE 2 ################## : ****************************************************************
***************
MEMORY DEVICE 2 Description : Memory Device
MEMORY DEVICE 2 Device ID : Memory Device 1
MEMORY DEVICE 2 Starting Address : 8388608
MEMORY DEVICE 2 Ending Address : 16777215
################# MEMORY DEVICE 3 ################## : ****************************************************************
***************
MEMORY DEVICE 3 Description : Memory Device
MEMORY DEVICE 3 Device ID : Memory Device 2
MEMORY DEVICE 3 Starting Address : 16777216
MEMORY DEVICE 3 Ending Address : 25165823
################# MEMORY DEVICE 4 ################## : ****************************************************************
***************
MEMORY DEVICE 4 Description : Memory Device
MEMORY DEVICE 4 Device ID : Memory Device 3
MEMORY DEVICE 4 Starting Address : 25165824
MEMORY DEVICE 4 Ending Address : 33554431

Now I'm not going to make you happy, but all of that anti-malware software of yours can be avoided very easily by some very malicious software.

With that said, I need you to carry out this procedure and be sure that each and everyone of your drives are scanned.

WDO, from Microsoft, is an offline program which means that your Win 7 is never fired up, thus not allowing the bad guys to take advantage of the massive number of win 7 components that they hook into.

When you complete this procedure, let me know and I've got another script which gives me info about what wdo did and found. If WDO finds something, then delete it.

HOW TO USE WINDOWS DEFENDER OFFLINE ON A USB STICK
Windows Defender Offline
· is a free standalone, bootable malware and virus remover from Microsoft.
· performs an offline scan of an infected PC to remove viruses, rootkits and other advanced malware.

Download Windows Defender Offline (about 764 kB)

You will have the choice of downloading the 32bit version (x86) or the 64 bit version (x64).
The link will help you determine whether you are running a 32 bit version or 64 bit version of Windows

NOTE!! You can download and prepare a 32 bit version using a 64 bit version of Windows
NOTE!! You can download and prepare a 64 bit version using a 32bit version of Windows.

You run the 32 bit version on a 32 bit version of Windows.
You run the 64 bit version on a 64 bit version of Windows.

The 32 bit download file name is: mssstool32.exe
The 64 bit download file name is: mssstool64.exe

For the curious, this program was originally name Microsoft Standalone System Sweeper.


INSTALLATION:
You will need an Internet Connection.
Insert 512 mB (Microsoft’s 256 mB is no longer accurate) or larger USB stick into a usb port.
Run the downloaded program--mssstool64.exe or mssstool32.exe
NEXT button
Choose the option On a USB flash drive that is not password protected
NEXT button
NEXT button
.
The install program will format the usb stick using the NTFS format.
The install program will download about 210 mB.
The install program will name the USB stick WDO_Media32 or WDO_Media64
The WDO_Media32 usb stick will have used space of 255 mB (268,140,544 bytes)
The WDO_Media64 usb stick will have used space of 282 mB (296,165,376 bytes)
You can expect the number of mB to increase as more malware appears.

UPDATE Windows Defender Offline USB stick:
· reinsert the usb stick
· run the installation program, mssstool64.exe or mssstool32.exe, again.
· the update will download about 66 mB (mssstool32.exe) and 68 mB (mssstool64.exe).

Since the malware database is sometimes updated several times in a day, always update before running.

PERFORM AN OFFLINE SCAN
Bootup your computer from the USB stick
Windows Defender Offline will automatically perform a quick scan.
After the quick scan finishes, Choose Full Scan
Select all of your drives

The initial, full scan can easily take several hours, but
Remember, your computer is being very thoroughly checked for all types of malware.

I'll give this one a shot, and I'm familiar it can skip all of those pieces of software. The issue has also occured to let you know with neither of my drives plugged in where the virus could be. Anyways, I'll try this one later and get back at you and know it takes it a while.

I'll await the report that you have run a full scan by wdo over all of your drives.