Hello All,

As a new member of TecSpot, inevitably I've a PC problem and really hope someone can help. Everything slowed to a near stop and things point to iexplore.exe snatching all available resources. This is possibly malware or some other program conflict but I don't see what. Would really appreciate some help.

I tried to include my hijackthis log but your site software says there are links included which I can't see so don't understand.

That's because they must be attached

Have a look at:

UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

Many thanks. Hijackthis log and start list attached.

Attached Files

	2008nov03startuplist.txt (34.4 KB, 3 views)
	2008nov03hijackthislog.txt (9.3 KB, 4 views)

Thanks, I haven't read them though
Best to follow the guide
Oh and best to remove those old attachments

By the way, I may not be able to check the logs when you finish
Usually one of the Malware support will pick this up, but the scans are a lengthy process, do not do any further browsing when they are being run

Good luck

End SearchProtocolHost.exe with taskmgr

Then while off

Browse here C:\WINDOWS\system32\SearchProtocolHost.exe and rt click and rename SearchProtocolHost.exe to SearchProtocolHost.ex_

Reboot and test.

Mike

I haven't check the HiackThis logs, but did the Startup:

You don't need ant of these to start on boot:
Printer:
Java:
Adobe
Search Index:
C:\WINDOWS\system32\SearchProtocolHost.exe> another high CPU user.
Protocol handlers give the Windows Search Indexer access to data stores,[/quote]
Also UNCHECK on Startup:
Understand: this does not mean you won't be able to use the software. It just means it won't start on boot and be running the the background, slowing you down. The more you have on start up, the longer it takes to Start up and the slower your surf speed. Then it all has to close, so the shutdown is slower.

For instance, the first 2 processes are for the printer. why start the printer when you boot? Maybe you won't even use it today, but if you do want to, just open the printer program and go.

Those log attachments are 1 month old
Who knows what the system is like now
That's why I said "Best to follow the guide
Oh and best to remove those old attachments"

Thanks Kim- I missed that. The startup logs is actually 6 months old! AND IE8 is being used. Wonder if that's part of the problem.

northstar, both the HijackThis log and the Startup list is over 6 months old. If you want help, please post current information. IF you have saved either of those logs, delete them.

And since IE8 is still in beta testing, unless you are a beta tester, I suggest you remove it and go back to IE7. That could be part of your problem.

I am really grateful to you both for all your help and will try all your suggestions. One point on the date of the logs though. I only downloaded Hijackthis yesterday Wed 3 December 2008 and I ran the log and start list then. I think the issue is not the age of the log itself but the date format. The date format is given in the European way i.e. 3/12/2008 = 3 December 2008 and not 12 March 2008. Hope this helps.

I also think that the version of IExplorer could very well be a problem as well as perhaps the windows search indexing tool.

I'll check all of this out and get back.

Thank you very much again.

First, indexing is likely not the issue here.

Go into Services and disable it.

IE8 is the problem. uninstall it. It should drop you back to IE7 if not or you still have issues reinstall IE7.

Others that have had this problem have also had malware.

So after the above Do the Techspot 8 Steps and post the logs.

Mike

Thank you northstar- I should have realized that!

So follow the guide I left for the Startups.

This is the executable for Internet Explorer-although malware can disguise itself as almost any process. Your problem with it is most likely due to it still being in beta testing. Beta means 'bugs'. Qualified testers try products before they are released to the general public to try and find and remove as many 'bugs' as possible. But the average user is not a beta tester and should wait for full release- and the some!

Please uninstall IE8 and see if it improves the system performance. If you still have problems and suspect malware, follow the guide for programs and logs.

I can't really thank you all enough for all of your very kind help and assistance. I've followed all of the advice given and the 8 step plan and my PC is back working again at a reasonable speed. The only part I was not able to change was to stop the Lexbces.exe and Lexpps.exe loading at startup.

The main culprit seems to have been the iexplorer8 beta closely followed by a piece of malware taskmagr.exe (not the real windows taskmgr.exe) plus assorted adware not previously picked up by my Zonealarm security suite.

I have attached the:
1) Malwarebytes Anti Malware log
2) SuperAntiSpyware log
3) Hijackthis log
4) Hijackthis startup list
Many thanks again

Attached Files

	mbam-log-2008-12-05 (11-44-07).txt (851 Bytes, 4 views)
	SUPERAntiSpyware Scan Log - 12-05-2008 - 13-09-13.log (2.6 KB, 4 views)
	2008.12.05hijackthis.txt (8.4 KB, 1 views)
	2008Dec05startuplist.txt (34.0 KB, 1 views)

Okay, looking good. Mbam show clean.

1. Have SAS remove the Tracking cookies. Click on image on lower left here to enlarge the screen shot. It shows where to check to have SAS remove them: http://superantispyware.en.softonic.com/images

2. Reset Cookies:
3. Update Adobe:
4. Remove site from Trusted Zone:
Internet options> Security tab> Trusted Sites> Sites> remove:
You don't need ANY site in the Trusted Zone. Putting a site there removes some of the browser security and using the * wild card means anything with the domain name is trusted. Not safe.

5. Now for taskmagr.exe.
While still in Safe Mode:
6. Start> Run> services.msc> right click on LexBce Server (LexBceS) > set Startup Type to Manual
Check the Dependency tab. Make sure that any of the Services in the top box are set to at least Manual.

7. Start> Run> msconfig> Selective Startup> Startup menu> UNCHECK the following:
8. Control Panel> Add/Remove Programs> UNINSTALL the following if present:
Reboot the computer into Normal Mode. NOTE: You will get a nag message that you can ignore after checking 'don't show this message again.' Stay in Selective Startup.

When finished, let me know how you're running. If okay, we'll remove the cleaning tools.
(Note: any of the programs and processes in #7 can be started as needed. They don't need to start on boot)

All actions done now and the pc is working like a dream. Best for a long time now. Re the cleaning tools, I think I'll keep them and run them from time to time to give the system a good wash and brush up.

Thank you for absolutely all of your brilliant help. You guys really do have capes and live in Gotham City. If I ever have any trouble again, watch for the searchlight bat sign in the sky.

It's been an absolute pleasure working with you all. Thank you all again for your patience, dilligence and above all expert help.

Keep the tools if you want or remove, then load when you want to run. Here's how in case you change your mind:

Download OTCleanIt (http://download.bleepingcomputer.com.../OTCleanIt.exe) Click the CleanUp! button.
It will go through the list and remove all of the tools it finds and then delete itself (requiring a reboot).

You do need to remove the old restore point though:

Clear your existing system restore points and establish a new clean restore point:
1. Go to Start > All Programs > Accessories > System Tools > System Restore
2. Select Create a restore point, and OK it.
3. Next, go to Start > Run and type in cleanmgr
4. Select the More options tab
5. Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.

It was a pleasure to work with you. 3 days and 14 posts is a good time span. Let us know if you need more help.