[RESOLVED] Multiple iexplore.exe
Page 1 of 13 12311 ... LastLast
Results 1 to 15 of 181

Thread: [RESOLVED] Multiple iexplore.exe

  1. #1
    Join Date
    May 1999
    Location
    Brisbane, Qld, Australia
    Posts
    235

    Resolved [RESOLVED] Multiple iexplore.exe

    I know the search engines are full of these problems and solutions. I thought I was on a winner untill I saw that IE8 has a "quirk" of opening 2 iexplore.exe files normally. Also people are advising if you are using IE8 with XP go back to IE7!!!

    My problem:
    two iexplorer.exe do open normally and all is well. However if I open another page or go to a link a third iexplore.exe opens AND the CPU goes up to 100% and stays there. All grinds to a halt. I often cannot close the 3rd page normally but if it does the CPU stays at 100% and have to close the 3rd exe in task manager.

    It looks like I have a virus or something though I have just done a scan and only found ASF/Wimad which I deleted.

    On another forum the advice said look for a file syml.dll. I have not found that yet.

    Also at another response it said search for iexplore.exe on the computer and delete all except the one in Program files/Explorer/
    I found many of them all over, but the only file in the explorer folder was iexplorer.exe.mui

    So I have not done anything about them.
    Would appreciate some sound advice and is there any benefit in going back to IE7 or maybe to IE9?

    Thanks,
    Rod

  2. #2
    Join Date
    Apr 2000
    Location
    Sheboygan, WI
    Posts
    53,392
    That is a Trojan, so first thing let us get you clean.
    Follow the instructions at
    http://discussions.virtualdr.com/sho...d.php?t=167915
    and post the logs in this thread. Please post them, as it makes for easier reading and some folks will not open attachments.

    Pleease note, I have moved the thread.

  3. #3
    Join Date
    May 1999
    Location
    Brisbane, Qld, Australia
    Posts
    235

    Further probs

    Hi,
    I am sending this on my other laptop..explanation below:

    I set aside today (Australia) to implement your procedures on the infected desktop. The computer was still functioning and not loading up the CPU as long as I only had one IE tab open. I shut it down last night.

    This morning during boot the message came up that because of significant hardware changes my copy of Windows had to be re registered. I had 3 days to do it. So I selected to not re-register for the time being. The system came up but I had no internet connection and as I have also found out no printers installed. Also as I use Norton Ghost as a backup, the icon had a slash across it and says"unable to retrieve information from the agent. Acess Denied". Anyway I shut it down and re-booted. This time I took up the option to re-register my Windows. As I had no internet connection I did it on the phone and was given another set of ID numbers. I entered them and as far as I am aware that is OK now.

    It boots up but I still have no internet connex, printers etc.

    I have just tried booting and used (F8) and selected to boot using "Last known good configuration". Which it has just done but all the above probs are still there.

    Would apreciate your assistance again.
    Thanks, Rod

  4. #4
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.


    ===========================================================

    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

  5. #5
    Join Date
    May 1999
    Location
    Brisbane, Qld, Australia
    Posts
    235

    Prob again

    I downloaded the Scanner onto a USB thumb drive on this laptop and tried transferring it across to the infected desktop. The desktop does not show the removable drive. I tried different USB ports and still nothing. I am just trying to boot with the thumb drive in to see if it appears.

  6. #6
    Join Date
    May 1999
    Location
    Brisbane, Qld, Australia
    Posts
    235

    Scan Log

    OK that worked, here is the log:

    Farbar Service Scanner Version: 30-04-2012 01
    Ran by Rod (administrator) on 03-05-2012 at 11:06:11
    Running from "K:\PC problems"
    Microsoft Windows XP Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is set to Disabled. The default start type is Auto.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.

    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is set to Disabled. The default start type is Auto.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.


    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error: Google IP is unreachable
    Attempt to access Yahoo IP returned error: Yahoo IP is unreachable


    Windows Firewall:
    =============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Disabled. The default start type is Auto.
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.

    netman Service is not running. Checking service configuration:
    The start type of netman service is set to Disabled. The default start type is 3.
    The ImagePath of netman service is OK.
    The ServiceDll of netman service is OK.

    winmgmt Service is not running. Checking service configuration:
    The start type of winmgmt service is set to Disabled. The default start type is Auto.
    The ImagePath of winmgmt service is OK.
    The ServiceDll of winmgmt service is OK.


    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is set to Disabled. The default start type is Auto.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.

    winmgmt Service is not running. Checking service configuration:
    The start type of winmgmt service is set to Disabled. The default start type is Auto.
    The ImagePath of winmgmt service is OK.
    The ServiceDll of winmgmt service is OK.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Disabled. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

    BITS Service is not running. Checking service configuration:
    The start type of BITS service is set to Disabled. The default start type is Auto.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".

    EventSystem Service is not running. Checking service configuration:
    The start type of EventSystem service is set to Disabled. The default start type is 3.
    The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
    The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".

    cryptsvc Service is not running. Checking service configuration:
    The start type of cryptsvc service is set to Disabled. The default start type is Auto.
    The ImagePath of cryptsvc service is OK.
    The ServiceDll of cryptsvc service is OK.


    Windows Autoupdate Disabled Policy:
    ============================

    PlugPlay Service is not running. Checking service configuration:
    The start type of PlugPlay service is set to Disabled. The default start type is Auto.
    The ImagePath of PlugPlay service is OK.


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(3) IPSec(5) NetBT(6) PSched(7) RFCOMM(8) Tcpip(4)
    0x080000000500000001000000020000000300000004000000060000000700000008000000
    IpSec Tag value is correct.

    **** End of log ****

  7. #7
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    You have number of services disabled.
    We'll see if this is due to some infection or to something else but for now let's see if you can enable them manually.

    Go Start>Run, type in:
    services.msc
    Click OK.

    Perform very same action to all services listed below.
    Right click on given service, click "Properties" and under "Startup type" select "Automatic" from drop down menu.

    Affected services:

    DNS Client
    DHCP Client
    Internet Connection Sharing (ICS)
    Network Connections
    Windows Management Instrumentation
    Windows Security Center
    Windows Update
    Background Intelligent Transfer Service
    COM+ Event System
    Cryptographic Services

    Restart computer, check internet connection and post new FSS log.

  8. #8
    Join Date
    May 1999
    Location
    Brisbane, Qld, Australia
    Posts
    235
    Just to let you know the following were intentionally disabled before:

    Windows Firewall...I use my CA firewall...albeit it did not stop my infection!!
    Windows update.....I manually update regularly
    Windows defender....Can't remember....think it was activated.

    Anyway will do as you suggest.

  9. #9
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    the following were intentionally disabled
    That's fine. Leave them alone.

  10. #10
    Join Date
    May 1999
    Location
    Brisbane, Qld, Australia
    Posts
    235
    The following 3 entries weren't there:

    Internet Connection Sharing (ICS)
    Windows Security Centre......BUT there is a Windows Firewall
    Windows update

    Shall I instate the Firewall?

    By the way at each item the following message appeared when I right clicked but was able to set to AUTO all except the 3 non-existant above...."Configuration Manager: The Plug & Play Service or another required service is not available"

  11. #11
    Join Date
    May 1999
    Location
    Brisbane, Qld, Australia
    Posts
    235
    I think the quick response above was cut short..I also said all are now set to AUTO except the 3 mentioned. Do I do Windows Firewall. Haven't rebooted and run log yet.

  12. #12
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Leave Windows firewall off if you use 3rd party firewall.

  13. #13
    Join Date
    May 1999
    Location
    Brisbane, Qld, Australia
    Posts
    235
    Also noted there are a lot of other things like Web Client, Universal plug and Play, Windows Audio, which sound important disabled.
    JUST FOUND "Securuty Centre" as opposed to Windows Security Centre"...shall I instate it

  14. #14
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    JUST FOUND "Securuty Centre" as opposed to Windows Security Centre"...shall I instate it
    Yes. Leave other alone for now.
    I want to see if we can get internet connection back first.

  15. #15
    Join Date
    May 1999
    Location
    Brisbane, Qld, Australia
    Posts
    235
    I've just rebooted with the ones I had set to AUTO, as is to make some progress.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •