Solve : iexplore going haywire....?

1.	Solve : iexplore going haywire....?
Answer» I am using win Xp home, fairly fresh install 1 week old. I have been having soundcard issues, but I just ran into another problem. I noticed my system was running incredibly SLOOoooOOw. I ctrl/alt/del and noticed that "iexplore.exe" was running in process, exactly 19 different listings of it. Each one using anywhere from 4000k to 25000k. As I would end the process another would start up, then another etc. I ran spybot, adaware, norton, xoftspy and nothing was found. I am completely befuddled. :-/ First do an online scan http://www.pandasoftware.com/activescan/ Then download and run Hijackthis and post your log in here.I found what was causing it. I found an .exe program in c:/windows... three files, iau.exe, msiau.dll, and IAU.EXE-2A6931C4.pf. I removed these files, isolated them just in case theyw ere important, and the problem ceased. If these were important files, I can PUT them back where they were, but if they are malevolent, I'l destroy them.Here's the log fileyou requested.... ******************** Logfile of HijackThis v1.99.1 Scan saved at 10:38:14 PM, on 8/10/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\wavplay.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\MSN\MSNCoreFiles\msn6.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\iau.exe D:\My Downloads\HijackThis1991.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://balabolka.biz/start.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://balabolka.biz/start.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://balabolka.biz/start.html R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://thequicklink.com/remove.php R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80 R3 - URLSearchHook: (no name) - {A0352AC6-960E-0529-3B16-1A70536215F0} - sysconf16.dll (file missing) O1 - Hosts: localhost 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\uroms.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\uroms.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NSYSCPLSTR] NSYSCPLSTR.exe O4 - HKLM\..\Run: [SearchAssistant] "C:\Q92194.exe " O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] C:\WINDOWS\iau.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NSYSCPLSTR] prgsys0984.exe O4 - HKCU\..\Run: [Floppy MASTER] C:\WINDOWS\wavplay.exe O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] C:\WINDOWS\iau.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{439C25B6-2DB4-4397-8724-52C598D5F771}: NameServer = 69.50.176.198,85.255.112.12 O17 - HKLM\System\CCS\Services\Tcpip\..\{B43376F2-A34D-47F3-AE77-2B580844C157}: NameServer = 69.50.176.198,85.255.112.12 O17 - HKLM\System\CCS\Services\Tcpip\..\{DF0BF4C6-816A-44AA-90BE-8073CD93A477}: NameServer = 69.50.176.198,85.255.112.12 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe It LOOKS like you picked the right bugs, did the online scan find them? Paste your logfile here http://www.hijackthis.de/index.php?langselect=english and it will show you where to delete the registry entries. Quote iexplore going haywire.... Why doesn't that surprise me. Use Mozilla Firefox instead. Also, make use of the following scanners: Virus scanners AVG Free -- Anti virus scanner Trend Micro Housecall -- Online anti virus scanner. Anti spy/malware Microsoft Antispyware -- Anti spyware scanner. Windows XP Home and Professional only. Spybot Search & Destroy -- Anti spyware scanner Adaware SE Personal -- Anti spyware scanner Firewalls Use both a hardware and software firewall. Be advised as dual software firewalls may cause problems ZoneAlarm Free -- Free firewall - more user friendly Sygate Personal -- Free firewall - more configuration options Removal tools The following files are not substitutes for the ones described above. They are either diagnostic tools or removal tools for malware of a certain kind HijackThis -- Manual malware remover. Post the HijackThis log generated only if requested! McAfee Stinger -- Virus removal tool. No substitute for a fully functional virus scanner! CWshredder -- CoolWebSearch removal tool. Widely known and persistant Hijacker.Firebird does not solve all...spysweeper might.. Quote Firebird does not solve all...spysweeper might.. That is most likely because one is a browser and the other a scanner. Raptor, I do use Firefox as my browser. Thats why I couldn't figure out the problem with i expolore, I occaisionally get on with my MSN browser, but thats mostly just at work. Anyways, I ended up formatting and installing win xp pro64. I still cannot get my csoundcard to work, I am giving up and going onboard sound. Oh could someone please advise to the best anti virus FREEware? Quote Oh could someone please advise to the best anti virus FREEware? Virus scanners** AVG Free -- Anti virus scanner Trend Micro Housecall -- Online anti virus scanner.timidbull...... RE your hijackthis log ...... Mark for removal the following ....: R3 - URLSearchHook: (no name) - {A0352AC6-960E-0529-3B16-1A70536215F0} - sysconf16.dll (file missing) O1 - Hosts: localhost 127.0.0.1 O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] C:\WINDOWS\iau.exe O4 - HKCU\..\Run: [Ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Floppy Master] C:\WINDOWS\wavplay.exe O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] C:\WINDOWS\iau.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\APACHE.EXE" -k runservice O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe I also notice you do not have SP2 installed ..........is there any reason you don't have it .....as there are many very good added security features . Once you have SP2 installed you should be able to D/L and install Antispyware Beta .......... which is a very good anti - PEST app. http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en let us know how you make out . dl65

Answer»

I am using win Xp home, fairly fresh install 1 week old. I have been having soundcard issues, but I just ran into another problem. I noticed my system was running incredibly SLOOoooOOw. I ctrl/alt/del and noticed that "iexplore.exe" was running in process, exactly 19 different listings of it. Each one using anywhere from 4000k to 25000k. As I would end the process another would start up, then another etc. I ran spybot, adaware, norton, xoftspy and nothing was found. I am completely befuddled. :-/ First do an online scan
http://www.pandasoftware.com/activescan/
Then download and run Hijackthis and post your log in here.I found what was causing it. I found an .exe program in c:/windows... three files, iau.exe, msiau.dll, and IAU.EXE-2A6931C4.pf. I removed these files, isolated them just in case theyw ere important, and the problem ceased. If these were important files, I can PUT them back where they were, but if they are malevolent, I'l destroy them.Here's the log fileyou requested....

**********************
Logfile of HijackThis v1.99.1
Scan saved at 10:38:14 PM, on 8/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\wavplay.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\iau.exe
D:\My Downloads\HijackThis1991.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://balabolka.biz/start.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://balabolka.biz/start.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://balabolka.biz/start.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://thequicklink.com/remove.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80
R3 - URLSearchHook: (no name) - {A0352AC6-960E-0529-3B16-1A70536215F0} - sysconf16.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\uroms.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\uroms.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NSYSCPLSTR] NSYSCPLSTR.exe
O4 - HKLM\..\Run: [SearchAssistant] "C:\Q92194.exe "
O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] C:\WINDOWS\iau.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NSYSCPLSTR] prgsys0984.exe
O4 - HKCU\..\Run: [Floppy MASTER] C:\WINDOWS\wavplay.exe
O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] C:\WINDOWS\iau.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{439C25B6-2DB4-4397-8724-52C598D5F771}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{B43376F2-A34D-47F3-AE77-2B580844C157}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF0BF4C6-816A-44AA-90BE-8073CD93A477}: NameServer = 69.50.176.198,85.255.112.12
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe

It LOOKS like you picked the right bugs, did the online scan find them?

Paste your logfile here http://www.hijackthis.de/index.php?langselect=english and it will show you where to delete the registry entries. Quote

iexplore going haywire....

Why doesn't that surprise me. Use Mozilla Firefox instead.

Also, make use of the following scanners:

Virus scanners
AVG Free
-- Anti virus scanner
Trend Micro Housecall
-- Online anti virus scanner.

Anti spy/malware
Microsoft Antispyware
-- Anti spyware scanner. Windows XP Home and Professional only.
Spybot Search & Destroy
-- Anti spyware scanner
Adaware SE Personal
-- Anti spyware scanner

Firewalls
Use both a hardware and software firewall.
Be advised as dual software firewalls may cause problems

ZoneAlarm Free
-- Free firewall - more user friendly
Sygate Personal
-- Free firewall - more configuration options

Removal tools
The following files are not substitutes for the ones described above.
They are either diagnostic tools or removal tools for malware of a certain kind

HijackThis
-- Manual malware remover. Post the HijackThis log generated only if requested!
McAfee Stinger
-- Virus removal tool. No substitute for a fully functional virus scanner!
CWshredder
-- CoolWebSearch removal tool. Widely known and persistant Hijacker.Firebird does not solve all...spysweeper might.. Quote

Firebird does not solve all...spysweeper might..

That is most likely because one is a browser and the other a scanner. Raptor, I do use Firefox as my browser. Thats why I couldn't figure out the problem with i expolore, I occaisionally get on with my MSN browser, but thats mostly just at work. Anyways, I ended up formatting and installing win xp pro64. I still cannot get my csoundcard to work, I am giving up and going onboard sound.

Oh could someone please advise to the best anti virus FREEware? Quote

Oh could someone please advise to the best anti virus FREEware?

Virus scanners
AVG Free
-- Anti virus scanner
Trend Micro Housecall
-- Online anti virus scanner.timidbull...... RE your hijackthis log ......

Mark for removal the following ....:

R3 - URLSearchHook: (no name) - {A0352AC6-960E-0529-3B16-1A70536215F0} - sysconf16.dll (file missing)

O1 - Hosts: localhost 127.0.0.1

O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] C:\WINDOWS\iau.exe

O4 - HKCU\..\Run: [Ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Floppy Master] C:\WINDOWS\wavplay.exe

O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] C:\WINDOWS\iau.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\APACHE.EXE" -k runservice

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner -
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe

I also notice you do not have SP2 installed ..........is there any reason you don't have it .....as there are many very good added security features .

Once you have SP2 installed you should be able to D/L and install Antispyware Beta .......... which is a very good anti - PEST app. http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en

let us know how you make out .

dl65

Solve : iexplore going haywire....?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment