-
Multiple Iexplore.exe
Recently found multiple iexplore.exe running on my laptop whenever I open internet explore. I was hoping I could get some help to clean up this mess. Thank you.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by thisguy at 23:23:38 on 2011-10-12
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3070.1796 [GMT -3:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\NT Registry Optimizer\NTREGOPT.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ca.yahoo.com/?p=us
uDefault_Page_URL = hxxp://www.asus.com
mDefault_Page_URL = hxxp://www.asus.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: PhotoJoy Bar Toolbar: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - c:\program files\photojoy_bar\prxtbPhot.dll
mURLSearchHooks: PhotoJoy Bar Toolbar: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - c:\program files\photojoy_bar\prxtbPhot.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
BHO: PhotoJoy Bar Toolbar: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - c:\program files\photojoy_bar\prxtbPhot.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
TB: !{30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: !{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: !{cf45c54f-801c-41b5-ac77-57f2bf418edc} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [PhotoJoy] c:\program files\photojoy\bin\PhotoJoy.exe /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10m_ActiveX.exe -update activex
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Zshutdown1] c:\preload\patch\sysprep1.cmd
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\thisguy\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\thisguy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\common files\microsoft shared\virtualization handler\CVH.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bitmet~1.lnk - c:\program files\codebox\bitmeter\BitMeter2.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://aic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E26C4B84-41B0-40CE-AEBB-C8404DF73111} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
AppInit_DLLs:
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\thisguy\appdata\roaming\mozilla\firefox\profiles\3oujgx2w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - PhotoJoy Bar Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2966884&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\users\thisguy\appdata\roaming\mozilla\firefox\profiles\3oujgx2w.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\thisguy\appdata\roaming\mozilla\firefox\profiles\3oujgx2w.default\extensions\{cf45c54f-801c-41b5-ac77-57f2bf418edc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\thisguy\appdata\roaming\mozilla\firefox\profiles\3oujgx2w.default\extensions\{cf45c54f-801c-41b5-ac77-57f2bf418edc}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\thisguy\appdata\roaming\mozilla\firefox\profiles\3oujgx2w.default\extensions\{cf45c54f-801c-41b5-ac77-57f2bf418edc}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\thisguy\appdata\roaming\mozilla\firefox\profiles\3oujgx2w.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: PhotoJoy Bar Community Toolbar: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - %profile%\extensions\{cf45c54f-801c-41b5-ac77-57f2bf418edc}
.
============= SERVICES / DRIVERS ===============
.
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2011-8-11 158000]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2011-8-11 93488]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-11 366640]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-7-22 690472]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-11 22712]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2011-2-11 48128]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2011-7-19 116016]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-11 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-11 136176]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2011-7-19 104752]
.
=============== Created Last 30 ================
.
2011-10-13 02:21:43 -------- d-----w- c:\program files\NT Registry Optimizer
2011-10-13 01:59:45 -------- d-----w- c:\users\thisguy\appdata\roaming\Uniblue
2011-10-13 01:59:40 -------- dc-h--w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-13 01:59:40 -------- d-----w- c:\program files\Uniblue
2011-10-13 01:31:56 -------- d-----w- c:\users\thisguy\appdata\roaming\.minecraft
2011-10-12 23:40:56 -------- d-----w- c:\program files\Amnesia - The Dark Descent Demo
2011-10-12 02:41:46 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fb6b431e-d00e-40ef-b030-4d7f83ec8f8f}\offreg.dll
2011-10-12 02:41:27 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fb6b431e-d00e-40ef-b030-4d7f83ec8f8f}\mpengine.dll
2011-10-04 04:13:21 -------- d-----w- C:\5450EF8FF77B48bfAABC50CBC159964C
2011-10-04 03:18:01 -------- d-----w- c:\users\thisguy\appdata\local\Nero_AG
2011-10-04 03:17:24 -------- d-----w- c:\users\thisguy\appdata\local\Nero
2011-10-04 03:12:36 -------- d-----w- c:\program files\Nero
2011-10-04 03:09:49 -------- d-----w- c:\programdata\Nero
2011-10-04 02:57:09 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-10-04 02:49:16 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-10-04 02:41:03 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-10-04 02:32:52 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-10-04 02:32:06 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-10-04 00:13:16 -------- d-----w- c:\users\thisguy\appdata\local\Apple Computer
2011-10-04 00:12:45 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-04 00:12:45 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-10-04 00:11:29 -------- d-----w- c:\program files\iPod
2011-10-04 00:11:27 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-10-04 00:11:27 -------- d-----w- c:\program files\iTunes
2011-10-04 00:08:18 -------- d-----w- c:\users\thisguy\appdata\local\Apple
2011-10-04 00:03:05 -------- d-----w- c:\program files\Bonjour
2011-10-03 01:34:13 -------- d-----w- c:\users\thisguy\.thumbnails
2011-10-03 01:32:21 -------- d-----w- c:\users\thisguy\.gimp-2.6
2011-10-03 01:31:52 -------- d-----w- c:\program files\GIMP-2.0
2011-09-30 20:14:18 -------- d-----w- c:\windows\system32\appmgmt
2011-09-15 03:23:02 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-09-15 00:09:26 -------- d-----w- c:\program files\vGrabber
2011-09-15 00:08:33 -------- d-----w- c:\users\thisguy\appdata\local\PhotoJoy
2011-09-15 00:05:49 -------- d-----w- c:\users\thisguy\appdata\local\Conduit
2011-09-15 00:05:48 -------- d-----w- c:\program files\PhotoJoy_Bar
.
==================== Find3M ====================
.
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-19 16:18:42 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-07-19 16:18:40 93488 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-07-19 16:18:40 158000 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-07-19 16:18:40 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-07-19 16:18:38 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-07-18 03:46:58 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-18 03:46:58 11776 ----a-w- c:\windows\system32\mshta.exe
2011-07-18 03:46:58 101888 ----a-w- c:\windows\system32\admparse.dll
2011-07-18 03:46:57 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-07-18 03:46:56 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
.
============= FINISH: 23:24:23.35 ===============
-
-
Due to inactivity, this thread will now be closed.
If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
