iexplore going haywire....

[timidbull]

I am using win Xp home, fairly fresh install 1 week old.  I have been having soundcard issues, but I just ran into another problem.  I noticed my system was running incredibly SLOOoooOOw.  I ctrl/alt/del and noticed that "iexplore.exe" was running in process,  exactly 19 different listings of it. Each one using anywhere from 4000k to 25000k.  As I would end the process another would start up, then another etc.  I ran spybot, adaware, norton, xoftspy and nothing was found.  I am completely befuddled.    :-/  

[Fed]

First do an online scan
http://www.pandasoftware.com/activescan/
Then download and run Hijackthis and post your log in here.

[timidbull]

I found what was causing it.  I found an .exe program in c:/windows... three files, iau.exe, msiau.dll, and IAU.EXE-2A6931C4.pf.  I removed these files, isolated them just in case theyw ere important, and the problem ceased.   If these were important files, I can put them back where they were, but if they are malevolent, I'l destroy them.

[timidbull]

Here's the log fileyou requested....

**********************
Logfile of HijackThis v1.99.1
Scan saved at 10:38:14 PM, on 8/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\wavplay.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\iau.exe
D:\My Downloads\HijackThis1991.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://balabolka.biz/start.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://balabolka.biz/start.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://balabolka.biz/start.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://thequicklink.com/remove.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80
R3 - URLSearchHook: (no name) - {A0352AC6-960E-0529-3B16-1A70536215F0} - sysconf16.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\uroms.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\uroms.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NSYSCPLSTR] NSYSCPLSTR.exe
O4 - HKLM\..\Run: [SearchAssistant] "C:\Q92194.exe "
O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] C:\WINDOWS\iau.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NSYSCPLSTR] prgsys0984.exe
O4 - HKCU\..\Run: [Floppy Master] C:\WINDOWS\wavplay.exe
O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] C:\WINDOWS\iau.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{439C25B6-2DB4-4397-8724-52C598D5F771}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{B43376F2-A34D-47F3-AE77-2B580844C157}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF0BF4C6-816A-44AA-90BE-8073CD93A477}: NameServer = 69.50.176.198,85.255.112.12
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe

[Fed]

It looks like you picked the right bugs, did the online scan find them?

Paste your logfile here http://www.hijackthis.de/index.php?langselect=english and it will show you where to delete the registry entries.

[Raptor]

       iexplore going haywire....

Why doesn't that surprise me. Use Mozilla Firefox instead.

Also, make use of the following scanners:

Virus scanners
AVG Free
-- Anti virus scanner
Trend Micro Housecall
-- Online anti virus scanner.

Anti spy/malware
Microsoft Antispyware
-- Anti spyware scanner. Windows XP Home and Professional only.
Spybot Search & Destroy
-- Anti spyware scanner
Adaware SE Personal
-- Anti spyware scanner

Firewalls
Use both a hardware and software firewall.
Be advised as dual software firewalls may cause problems

ZoneAlarm Free
-- Free firewall - more user friendly
Sygate Personal
-- Free firewall - more configuration options

Removal tools
The following files are not substitutes for the ones described above.
They are either diagnostic tools or removal tools for malware of a certain kind

HijackThis
-- Manual malware remover. Post the HijackThis log generated only if requested!
McAfee Stinger
-- Virus removal tool. No substitute for a fully functional virus scanner!
CWshredder
-- CoolWebSearch removal tool. Widely known and persistant Hijacker.

[merlin_2]

Firebird does not solve all...spysweeper might..

[Raptor]

Firebird does not solve all...spysweeper might..

That is most likely because one is a browser and the other a scanner.  

[timidbull]

Raptor, I do use Firefox as my browser.  Thats why I couldn't figure out the problem with i expolore, I occaisionally get on with my MSN browser, but thats mostly just at work.  Anyways, I ended up formatting and installing win xp pro64.  I still cannot get my csoundcard to work, I am giving up and going onboard sound.  

Oh could someone please advise to the best anti virus FREEware?

[Raptor]

Oh could someone please advise to the best anti virus FREEware?

Virus scanners
AVG Free
-- Anti virus scanner
Trend Micro Housecall
-- Online anti virus scanner.

[dl65]

timidbull......  RE your hijackthis log ......

Mark for removal the following ....:

R3 - URLSearchHook: (no name) - {A0352AC6-960E-0529-3B16-1A70536215F0} - sysconf16.dll (file missing)

O1 - Hosts: localhost 127.0.0.1

O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] C:\WINDOWS\iau.exe

O4 - HKCU\..\Run: [Ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Floppy Master] C:\WINDOWS\wavplay.exe

O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] C:\WINDOWS\iau.exe  

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\APACHE.EXE" -k runservice

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner -
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe


I also notice you do not have SP2 installed ..........is there any reason you don't have it .....as there are many very good added security features .

Once you have SP2 installed you should be able to D/L and install Antispyware Beta .......... which is a very good anti - pest app.   http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en

let us know how you make out .

dl65