Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Persistent iexplore.exe annoyance [Solved]


  • This topic is locked This topic is locked

#31
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
From the earlier run isolation of Intel PROSet Wireless Event Log appeared to stop the problem. But then it started occuring again

The error code is also a tad weird as (as far as I can ascertain ) INVALID_PROCESS_DETACH_ATTEMPT has generally been known to occur in win2K and is exceedingly rare. There is no confirmed reason as to why this occurs

Could you next run a disc check and then follow up with SFC



Disc check step by step guide here

SFC : Go Start > Run and copy/paste the following command :

sfc /scannow
  • 0

Advertisements


#32
pivan

pivan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Ran chkdsk c: /r

The message after the boot screen said:

Cannot open volume for direct access

and the scan ended there. No results shown.

Ran SFC

took about two hours. It completed while I was away from the computer. No messages or errors apparent.


BSOD started after IE8 and Flash installation, but before OTL clean up. That's a pretty narrow window, but, as you say, the stop code seems particularly rare and tough to isolate. It's just so random.
  • 0

#33
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK roll back the IE8 install initially
From add/remove select installed updates
Then select IE8 to uninstall

That chck disc error is intriguing - I am running a few searches on that at the moment
  • 0

#34
pivan

pivan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Will perform IE8 rollback later today and report.

In meantime, it looks as if the reason for the Access error in msconfig was due to the avast self-defence module. Upon disabling it, I no longer get the error message, though avast isn't happy about it.

Still no closer to solving the chkdsk error, though this looks reasonable:

http://www.vistaforu...lem-t24645.html

I run XP, not Vista, but the principle seems the same. Any thoughts?
  • 0

#35
pivan

pivan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Okay, I've rolled back to IE7.

As soon as I did, I arrived back at square one with regard to the iexplore.exe issue. Once again it is constantly seeking connections, with one site in particular being blocked by avast every couple of minutes. Network Shield clocks up thousands of scans in no time, and TCPView is once again showing a lot of established connections (dozens) even when nothing else is running.

Here are some screengrabs, just for the record:

AVAST1.JPG

AVAST2.JPG

However, it's only been two hours or so, but the system has been running stably since the rollback with no BSOD. So square one it is (so far).

One peculiarity I've noticed is that when I use the Windows search function to find instances of the iexplore.exe file, it can not find version 7.0.6000.17108, even though it's plainly in the correct place. It does, however, find version 8.0.6001.18702, in a gobbledygook folder which I presume to be a leftover from the rollback.

Ultimately, the question appears to be how do we get the added security benefit of IE8 without triggering the BSOD? Or, alternatively, how do we find the root cause of the unwanted iexplore.exe activity in the first place?

Oh, and still no joy with chkdsk after the rollback.
  • 0

#36
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I have just finished one on the Avast forum with this site being the culprit. As Avast is blocking it, it is now just an annoyance rather than a danger

Although this one was caused by whistler MBR bootkit

As for disc check I am just trying out a few things on my XP VM ... So I should have an answer in a few hours

Could you run a fresh OTL scan please with this custom scan script and all users selected

netsvcs
HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • 0

#37
pivan

pivan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
New OTL logs:

Attached File  OTL.Txt   260.51KB   28 downloads

Attached File  Extras.Txt   45.25KB   28 downloads

Still no crashes since rollback. 7 hours now.

Thanks for persisting.
  • 0

#38
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There is an intriguing element attached to the end of the OTL extras, it is Chinese - I need to figure out where that came from

After you have run these could you retry the disc check and see if the same error occurs, I have included a small fix for it within OTL

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-2903581846-4258368876-1226996085-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80
    O3 - HKU\S-1-5-21-2903581846-4258368876-1226996085-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex File not found
    O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex File not found
    O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
    [2012/04/16 21:19:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

I would also like to run TDSSKiller to confirm that the MBR is clean

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#39
pivan

pivan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
How long is the OTL fix meant to take? It's been running an hour now, seems to be hanging on O34... I've no way of knowing if it's doing anything, and it's past my bedtime (am on another machine now). I may have to leave it overnight, but if it has frozen, is there anything else I should disable first? The avast warnings are still popping up regularly as it scans, etc. Cheers.
  • 0

#40
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Stop OTL as it is hanging on the fix bit I put in

i will try a few other fixes whilst you are asleep :)
  • 0

Advertisements


#41
pivan

pivan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Just a quick update to say not a single crash all day, so definitely related to the IE8 upgrade.

Cheers.
  • 0

#42
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thats good, I will check out the IE8 developer site for this problem

Next, is Avast still alerting ?

If so could you run TDSSKiller to check for the latest whistler variant
  • 0

#43
pivan

pivan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Will do now. Any luck with any of the OTL fixes?
  • 0

#44
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nearly there one more to try
  • 0

#45
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this worked on my system - it will require a shutdown and then a reboot. Not a restart

In the run Box type cmd
A black box will open
Copy/paste the following command followed by enter

CHKNTFS /X C:

Shut down the PC

Restart the PC
Once in windows run the command box again
Copy paste the following command followed by enter :

CHKDSK /f /r C:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP