Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

iexplore.exe running at start-up, won't stop

MugenmidgetMugenmidget Registered User regular
I can't kill "iexplore.exe", which is supposedly the real process but it won't end without restarting itself. And if I open a REAL version of Internet Explorer, another process is opened...

I can't find an alternate "iexplore.exe" any where. From a Google search I can see lots of people have similar problems to mine, but the ones that are the closest (and most recent) have no solution.

What's the deal here? Is there a better way to get a look at how processes are spawning? I'm trying just HijackThis at the moment and some registry digging, but nothing helpful has shown up...

Mugenmidget on
mtap.jpg

Posts

  • HenroidHenroid Gibberish Cold white sand!Registered User regular
    edited September 2008
    What OS are you using, specifically?

    "Ultima Online Pre-Trammel is the perfect example of why libertarians are full of shit." - @Ludious
    PA Lets Play Archive - Twitter - Blog
  • MugenmidgetMugenmidget Registered User regular
    edited September 2008
    Windows XP SP3 Pro.

    mtap.jpg
  • exoplasmexoplasm Registered User
    edited September 2008
    Try this:

    http://technet.microsoft.com/en-us/sysinternals/bb896683.aspx

    In Task Manager, go to View > Select Columns... and add PID. Find the PID of iexplore.exe and type pskill 1234 (where 1234 is the PID number) in a command prompt.

    You'll probably need to navigate to wherever you extract pskill at from the command prompt. Say for example you extract it to c:\pskill\

    Open a command prompt (start > run > cmd) and type cd c:\pskill and press enter. Then type pskill 1234

    1029386-1.png
    SC2 NA: exoplasm.519 | PA SC2 Mumble Server | My Website | My Stream
  • DritzDritz Registered User regular
    edited September 2008
    Isn't ieexporer just a fancy name for Windows in Windows XP? It's like the file manager or something one of the reasons XP had so much problems and that Internet Explorer got so much flack is because it was so intertwined in the operating system.

    There I was, 3DS: 2621-2671-9899 (Ekera), Wii U: LostCrescendo
  • exoplasmexoplasm Registered User
    edited September 2008
    Dritz wrote: »
    Isn't ieexporer just a fancy name for Windows in Windows XP? It's like the file manager or something one of the reasons XP had so much problems and that Internet Explorer got so much flack is because it was so intertwined in the operating system.

    iexplore is internet explorer
    explorer is windows explorer (including the start menu/taskbar/desktop)

    However they are both tightly integrated, but killing one won't (or shouldn't) kill the other.

    1029386-1.png
    SC2 NA: exoplasm.519 | PA SC2 Mumble Server | My Website | My Stream
  • GrimReaperGrimReaper Registered User regular
    edited September 2008
    Some viruses name themselves iexplore.exe and then set themselves to run at startup.

    I highly recommend you download hijackthis and post the log here. (ideally as a link to the text file rather than posting the output)

    Reading that I should be able to tell you what to delete from where.

    PSN | Steam
    ---
    I've got a spare copy of Portal, if anyone wants it message me.
  • MugenmidgetMugenmidget Registered User regular
    edited September 2008
    Logfile of HijackThis v1.99.1
    Scan saved at 11:08:45 AM, on 9/20/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\RUNDLL32.EXE
    F:\WINDOWS\system32\ctfmon.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\WINDOWS\system32\wuauclt.exe
    F:\Program Files\Mozilla Firefox\firefox.exe
    C:\Microsoft Image Composer\IMGCOMP.EXE
    C:\program files\FileZilla Client\filezilla.exe
    F:\WINDOWS\system32\taskmgr.exe
    F:\WINDOWS\system32\wuauclt.exe
    c:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/gs.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218256145917
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

    I don't like the sound of "MSIE: Unable to get Internet Explorer version!"...

    mtap.jpg
  • FremFrem Registered User regular
    edited September 2008
    Stupid question:
    You *have* run a full virus and spyware scan, yes?

  • GrimReaperGrimReaper Registered User regular
    edited September 2008
    Is it possible for you to post the entire hijackthis log Mugenmidget?

    If possible as a linked text file, for example: like this.

    PSN | Steam
    ---
    I've got a spare copy of Portal, if anyone wants it message me.
  • 1ddqd1ddqd Registered User regular
    edited September 2008
    Also seems like it could be a corrupted IE. If you have clean scans come up, I'd recommend a chkdsk /r and see if it corrects some errors.

    %5Biddqd%5D.png
  • MugenmidgetMugenmidget Registered User regular
    edited September 2008
    Checkdisk came out fine, here's the hijackthis.log file:

    http://underground.bananachan.net/hijackthis.log

    I re-installed IE7, so the version number is showing up at least.
    Frem wrote:
    Stupid question:
    You *have* run a full virus and spyware scan, yes?
    I only ran a scan with Avast, unfortunately. Anything better that's free?
    exoplasm wrote:
    Unfortunately, pskill in this instance functions the same as just ending the process. It'll end, but eventually it runs itself again...

    mtap.jpg
  • exoplasmexoplasm Registered User
    edited September 2008
    Checkdisk came out fine, here's the hijackthis.log file:

    http://underground.bananachan.net/hijackthis.log

    I re-installed IE7, so the version number is showing up at least.
    Frem wrote:
    Stupid question:
    You *have* run a full virus and spyware scan, yes?
    I only ran a scan with Avast, unfortunately. Anything better that's free?
    exoplasm wrote:
    Unfortunately, pskill in this instance functions the same as just ending the process. It'll end, but eventually it runs itself again...

    Try this to track down what is running at start up: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

    As for scanning, get some anti-spyware! Spybot S&D, Lavasoft Ad-Aware, Malwarebytes whateveritis. Also try free online scanners like http://www.pandasecurity.com/.

    1029386-1.png
    SC2 NA: exoplasm.519 | PA SC2 Mumble Server | My Website | My Stream
  • MugenmidgetMugenmidget Registered User regular
    edited September 2008
    At start-up I was getting a window about user initialization, referencing the line "F:\Windows\system32:winsock.exe".

    It was bizarre, but after I found it in the registry and got rid of it, the iexplore.exe process has failed to show up. And from my tests I've even fixed the issues I outlined in this thread:

    http://forums.penny-arcade.com/showthread.php?t=70527

    It sounds like I was hijacked by something bizarre, anyone know what's up?

    mtap.jpg
Sign In or Register to comment.