Originally Posted by Juliet
That's Dell protected Workspace. As far as I'm aware, it loads on boot.
That's Dell protected Workspace. As far as I'm aware, it loads on boot.
There is an excessive amount of toolbars, do you want or use all these?
O2 - BHO: Invincea Web Redirector - {1C52FA7C-51B7-4621-9D5A-11101BA13134} - C:\Program Files (x86)\Invincea\Enterprise\InvRedirHostIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll
Typically, these entries are infrequently used tasks that can be started manually, if necessary.
Removing/disabling these items from statup will help with system resources.
Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NetSetMan] "C:\Program Files (x86)\NetSetMan\netsetman.exe" -h
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
Typically, the below entries are infrequently used tasks that can be started manually, if necessary.
O4 - HKLM\..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe
O4 - HKLM\..\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe
Reboot the computer to set the registry.
This might be the last file associated with Reimage
C:\Windows\Reimage.ini
After you reboot the computer tell me what issues remain.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
I didn't even know I had those toolbars. They're gone now. I did keep NetSetMan and Slysoft, both are licensed packages that I've used for a long time on severral computers.
But, I still have my rogue Iexplore processes...
from the photo
www.rtl.be/belrtl/
Bel RTL Radio?, for your your iPhone?
as an experiment, Disconnect Bluetooth devices
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
I don't know why you have more then one IE process running but, it's not pointing to malware.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
My phone is Android. My son and grand daughters have Iphones, but they don't use any of my computers. The way these processes run, after they get started (usually within a minute or two of starting a web browser) the web address changes about once every 2 seconds. After a while, they settle on one address and stay there. After I kill the processes, it takes between 15 minutes and 3 hours, and they're back.
The bluetooth is 'out of the box', I never set up bluetooth after getting the laptop. Do I need to disable the connection, or kill the processes in task manager?
The attached files are a sample of how these processes work. This forum had a database connection problem earlier, which gave me a good opportunity to catch a couple of screen captures. I couldn't catch each one because they were happening too quickly. But the screen captures, starting with 04, show how this progresses. I can only attach 5 per post, so I will continue with the next message.
Notice with this set of captures, I end up with 3 pages open, and 4 processes running. It started with 1 page and 3 processes, then went to 2 pages and 3 processes, and now I have 3 pages and 4 processes.
it's like cookies running after you close a page?
Clear Browser Cache in IE11
- Close all Internet Explorer and Windows Explorer windows that are currently open.
- Open Internet Explorer.
- Click the Tools button
, and then select theGeneral tab, then select Browsing history select the Delete button.
- Select the check box next to each of the following categories.
- Temporary Internet files and website files
- Cookies and website data
- History
- Click Delete
~~~~~
Add-ons - Enable or Disable Add-On Manager
http://www.sevenforums.com/tutorials...d-manager.html
See if a browser add-on is preventing the additional IE processes from closing.
Start Internet Explorer without add-ons by right-clicking the IE icon on the desktop. Choose Start without add-ons.
or
from Start> Programs> Accessories> System tools> Internet Explorer (no add-ons)
If the problem goes away, an add-on is causing it.
Since version 8, Internet Explorer uses a tab-per-process model. That means there is a "iexplore.exe" for the user interface, then each tab you have open is another "iexplore.exe" This is done for security reasons and increases stability of the browser.
http://answers.microsoft.com/en-us/i...5-e0277ec4b08b
~~~~~
Also please download Windows Repair (all in one) from here
Install the program then go to step 4 and create a new system restore point and new registry backup.
Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
NEXT
On the the Start Repairs tab => Click the Start
Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
Click on box next to the Restart System when Finished. Then click on Start.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
I don't think so... all I need to do is open Firefox and wait. IExplore magically appears in the process list. Internet Explorer is *not* running, but task manager says it is. It's not available on the task bar, and I can't Alt-Tab to it. It's not running, it isn't there. That's how I found this rogue process - I don't use Internet Explorer. For anything. Ever. Period. If I could uninstall it, I would, but Redmond Washington has different ideas about that.
When these rogue processes are running, I can open Internet Explorer, and I see the page that I'm navigating to in the task list along with the rogue processes. I can close the instance of Internet Explorer that I opened, and the processes associated with it drop out of the task list. But the rogue processes continue.
Think of it as a case of identity theft. This process has stolen Internet Explorer's credentials, and is presenting them to Task Manager.
Let's see if we can remove IE plugin in Firefox and see if it makes a differnece. If it's there.
Disable FireFox plug-in
- At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
- In the Add-ons Manager tab, select the Extensions or Appearance panel.
- Select the add-on Internet Explorer
- Click the Disable button.
- Click Restart now if it pops up. Your tabs will be saved and restored after the restart.
IE is an integral part of Windows (used by Core Windows services such as Windows Update). If the machine appears clean, it's unlikely caused by malware.
I would like to Check MD5's of each copy of Explorer.exe
http://windows.microsoft.com/en-us/w...mode=windows-7
Boot your computer into safe mode insructions if needed.
Open FRST
Click Search button and post the log (Search.txt) it makes to your reply.
Please copy and paste this in the search box
iexplorer.exe
After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Search.txt). Please post it to your reply.
Last edited by Juliet; 2015-03-01 at 01:06. Reason: typo
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Posting Permissions
