2 IExplore.exe everytime

spanjam2002 · 07-29-2009, 04:18 PM

Hi all and thanks for taking the time to help. I have noticed that everytime that I open the MS Internet Explorer 2 IExplore.exe appear in my task manager.
Here is the information requested:

DDS (Ver_09-06-26.01) - NTFSx86
Run by PedroE at 15:52:39.96 on Wed 07/29/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.714 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Drive D\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
svchost.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
c:\Program Files\ArGo Software Design\FTP Server\ftpsrvnt.exe
C:\WINDOWS\System32\timesync.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\Program Files\Persits Software\AspEmail\BIN\EmailAgent.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CounterPath\eyeBeam\eyeBeam.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\PedroE\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\program files\virtual account numbers\BhoCitUS.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 9.0 Helper: {e31ce47f-c268-41ba-897b-b415e613947d} - c:\program files\microsoft visual studio 9.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll
TB: {E6AE90A4-1B01-47F0-AA78-E6B122E145E9} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Web Test Recorder 9.0: {3c7adade-d1e8-45d2-bdcd-7f8d8b99b2a2} - mscoree.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {8C84B9F5-3D9E-4204-BB0B-F85D46455868} - No File
uRun: [eyeBeam SIP Client] "c:\program files\counterpath\eyebeam\eyeBeam.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [vptray] c:\progra~1\symant~2\VPTray.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TPKBDLED] c:\windows\system32\TpScrLk.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [S3TRAY2] S3Tray2.exe
mRun: [PDFCreatorClient] c:\drive d\program files\jawssystems\jaws pdf creator\PDFClient.exe
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [ClocX] c:\program files\clocx\ClocX.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BLOG] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [Citi Virtual Account Numbers] c:\progra~1\virtua~1\CitiVAN.exe /lang=en_RG /dontopenmycards
mRun: [GLDStart] c:\program files\gldirect\gldirect.exe -filterstart
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [vmware-tray] c:\program files\vmware\vmware workstation\vmware-tray.exe
mRun: [VMware hqtray] "c:\program files\vmware\vmware workstation\hqtray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Lexmark 1200 Series] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\ibm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cit200.lnk - c:\program files\linksys\cit200\cit200.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\ibm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\ibm\bluetooth software\btsendto_ie.htm
IE: {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - c:\progra~1\virtua~1\CitiVAN.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: blank
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: Sametime MRC 651 - hxxp://hq4/sametime/stmeetingroomclient/STMeetingRoomClient.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxp://mail.ultimatesoftware.com/iNotes6W.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} - hxxp://hq4/sametime/stmeetingroomclient/STJNILoader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203427994566
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} - hxxp://middletier:1024/VirtualServer/activex/VMRCActiveXClient.cab
DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxp://localhost/ArWebSampleStdCs/arview2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxp://www.pedroestrada.com/tsweb/msrdp.cab
DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} - hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash8/cabs/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: QConGina - QConGina.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 pmfilt;pmfilt;c:\windows\system32\drivers\pmfilt.sys [2008-9-10 10112]
R0 pmhelp;pmhelp;c:\windows\system32\drivers\pmhelp.sys [2008-9-10 50464]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138780]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2008-5-20 15328]
R0 UdDrv;Executive Software Filter;c:\windows\system32\drivers\UdDrv.sys [2006-3-16 50176]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2007-4-13 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2007-4-13 2432]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46779]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2009-5-1 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2009-5-1 53896]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2003-12-27 16384]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-7-16 719392]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392]
R2 msFTPServerForm;ArGoSoft FTP Server;c:\program files\argo software design\ftp server\ftpsrvnt.exe [2004-5-17 729088]
R2 msTimeSync;ArGoSoft Time Synchronizer;c:\windows\system32\timesync.exe [2004-3-15 454656]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2008-8-6 216032]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2009-5-1 1715904]
R2 VPCAppSv;Virtual PC Application Services;c:\windows\system32\drivers\VPCAppSv.sys [2002-5-20 10374]
R2 vstor2-mntapi10;Vstor2 MntApi 1.0 Driver;c:\program files\vmware\vmware vcenter converter standalone\vstor2-mntapi10.sys [2009-2-5 22448]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090727.006\naveng.sys [2009-7-27 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090727.006\navex15.sys [2009-7-27 875728]
S3 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
S3 bmdrvr;Modified Clusters Tracking Driver;c:\windows\system32\drivers\bmdrvr.sys [2009-2-5 27312]
S3 Ca100v;PenCam SD, WDM Video Capture;c:\windows\system32\drivers\Ca100v.sys [2004-4-29 516635]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568]
S3 ne2000;Novell/Eagle NE2000 Adapter Driver;c:\windows\system32\drivers\ne2000.sys [2004-3-21 15872]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2008-7-8 31712]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2005-6-29 12288]
S3 SosSvrSvc.net;SourceOffSite 4 Server;c:\drive d\program files\sourceoffsite server\SosService.exe [2004-12-13 163840]
S3 USBCamera;DSC Still Image Capture (CA100);c:\windows\system32\drivers\Bulk100.sys [2004-4-29 10986]
S3 vmware-converter-agent;VMware vCenter Converter Agent;c:\program files\vmware\vmware vcenter converter standalone\vmware-converter-a.exe [2009-2-5 428592]
S3 vmware-converter-server;VMware vCenter Converter Server;c:\program files\vmware\vmware vcenter converter standalone\vmware-converter.exe [2009-2-5 428592]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-9-8 189792]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\microsoft visual studio 9.0\team tools\performance tools\VSPerfDrv90.sys [2007-9-4 55664]
S4 DBGVSVC;DBGVSVC; [x]
S4 FICCWeb;FICCWeb; [x]
S4 msServerForm;ArGoSoft Mail Server; [x]
S4 r_server;Remote Administrator Service;c:\windows\system32\r_server.exe [2005-8-17 241664]
S4 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2009-5-1 124608]
S4 UndeleteService;Executive Software Undelete;c:\program files\executive software\undelete\UdServe.exe [2006-3-16 483425]
S4 USGLockService;Ultipro Lock Service; [x]

============== File Associations ===============

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
piffile="%1" %*"

=============== Created Last 30 ================

2009-07-27 06:15 <DIR> --d----- c:\program files\Trend Micro
2009-07-25 17:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCDr
2009-07-25 17:06 <DIR> --d----- c:\program files\PCDR5
2009-07-25 17:04 110,592 a------- c:\windows\system32\SynTPCo4.dll
2009-07-25 16:09 <DIR> --d----- c:\program files\JetBrains
2009-07-17 09:20 229,224 a------- c:\windows\system32\drivers\VMM.sys
2009-07-16 14:24 <DIR> --d----- c:\program files\a-squared Free
2009-07-16 11:56 <DIR> --d----- C:\ConvertTemp
2009-07-15 10:30 110,274 a------- C:\SamsungStudio3.1.docx
2009-07-15 09:36 80,194 a------- C:\samsung.pdf
2009-07-14 13:17 <DIR> --d----- c:\program files\Linksys
2009-07-11 13:37 470,016 a------- C:\PORQUENOVOYALGIMNASIO.pps
2009-07-10 20:00 <DIR> --d----- C:\swshare
2009-07-07 13:02 23,270 a------- c:\windows\system32\pskill.rar
2009-07-07 06:37 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
2009-07-07 06:37 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-07-07 06:37 18,944 a------- c:\windows\system32\dllcache\xrxscnui.dll
2009-07-07 06:37 27,648 a------- c:\windows\system32\dllcache\xrxftplt.exe
2009-07-07 06:37 4,608 a------- c:\windows\system32\dllcache\xrxflnch.exe
2009-07-07 06:37 99,865 a------- c:\windows\system32\dllcache\xlog.exe
2009-07-07 06:37 28,288 a------- c:\windows\system32\dllcache\xjis.nls
2009-07-07 06:37 16,970 a------- c:\windows\system32\dllcache\xem336n5.sys
2009-07-07 06:37 19,455 a------- c:\windows\system32\dllcache\wvchntxx.sys
2009-07-07 06:37 12,063 a------- c:\windows\system32\dllcache\wsiintxx.sys
2009-07-07 06:35 69,632 a------- c:\windows\system32\dllcache\umaxu12.dll
2009-07-07 06:34 63,547 a------- c:\windows\system32\dllcache\sla30nd5.sys
2009-07-07 06:33 35,328 a------- c:\windows\system32\dllcache\psisload.dll
2009-07-07 06:32 49,024 a------- c:\windows\system32\dllcache\mstape.sys
2009-07-07 06:31 1,158,818 a------- c:\windows\system32\dllcache\korwbrkr.lex
2009-07-07 06:30 10,096,640 a------- c:\windows\system32\dllcache\hwxcht.dll
2009-07-07 06:29 595,647 a------- c:\windows\system32\dllcache\es56cvmp.sys
2009-07-07 06:28 44,032 a------- c:\windows\system32\dllcache\cnusd.dll
2009-07-07 06:27 11,008 a------- c:\windows\system32\dllcache\brusbmdm.sys
2009-07-07 06:26 36,224 a------- c:\windows\system32\dllcache\an983.sys
2009-07-07 06:25 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-07-04 00:02 55,296 -------- c:\windows\system32\TP98.CPL
2009-07-04 00:02 9,343 -------- c:\windows\system32\drivers\TDSMAPI.SYS
2009-07-04 00:02 14,848 -------- c:\windows\system32\drivers\SMAPINT.SYS
2009-07-03 23:17 <DIR> --d----- c:\program files\common files\Lenovo
2009-07-03 22:59 78,766 -------- C:\44.jpg
2009-07-01 02:07 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{074F82FA-511B-4ABB-91AE-95B853A5C920}
2009-07-01 01:18 <DIR> --d----- c:\program files\common files\Data Dynamics
2009-06-30 10:51 49,021 a------- C:\securedownload.gif

==================== Find3M ====================

2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-03 23:46 0 a---hr-- c:\windows\system32\drivers\IBM_2373_G5U_TP.MRK
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-19 08:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\dllcache\quartz.dll
2009-05-21 14:46 268,288 a------- c:\windows\system32\dllcache\httpext.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\dllcache\localspl.dll
2009-05-01 09:22 83,726 a------- C:\MountedDevice Key.reg
2009-05-01 09:21 83,958 a------- C:\MountedDevice1 Key.reg
2006-11-07 20:36 24,192 a------- c:\documents and settings\pedroe\usbsermptxp.sys
2006-11-07 20:36 22,768 a------- c:\documents and settings\pedroe\usbsermpt.sys
2005-09-17 10:19 36 a------- c:\documents and settings\pedroe\renew.bat
2005-01-20 11:06 88,976 a------- c:\docume~1\pedroe\applic~1\GDIPFONTCACHEV1.DAT
2006-05-03 05:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 06:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
1995-07-11 05:50 2,116 a--shr-- c:\windows\system32\MSJLCPL.BIN
2008-03-16 08:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2008-06-17 14:33 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008061720080618\index.dat
2008-10-02 06:34 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100220081003\index.dat

============= FINISH: 15:54:24.54 ===============

Thanks in advance for your help.

Span

tetonbob · 07-30-2009, 11:12 AM

Hello, and welcome.

As was mentioned in reply to your previous post....

Multiple instances of iexplore.exe appearing in Task Manager is normal, and expected, in IE8.

http://www.winhelponline.com/blog/mu...et-explorer-8/

spanjam2002 · 07-30-2009, 11:58 AM

Thanks for your answer, I did not pay attention to your last reply as I concentrated on properly submitting the thread.
Thanks again.
Span

tetonbob · 07-30-2009, 12:18 PM

Cheers, and we do appreciate that.

A couple things to mention

As mentioned in our preposting topic:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Quote:

3. Uninstall the following via Add or Remove Programs in Control Panel:

p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues.

P2P - I see you have P2P software ( BitTorrent, eMule, LimeWire 4.9.7) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing

I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):

J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 13
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1

These are all outdated, and security risks by having them installed still. Unfortunately, Java does not uninstall these older versions when you update, nor tell you that you should. Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Leave Java(TM) 6 Update 13 alone, as it has the most recent security updates.

---------------------------------------------------------------------------------------------

Is this a company machine? There is a commercial remote administrator utility installed, just want to be sure it was intentionally installed.

If there are no other possibly malware related concerns, we should be done here. I see no sign of active malware in the logs.

tetonbob · 08-04-2009, 08:01 PM

Since this issue appears to be resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

07-30-2009, 11:12 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,580 OS: 2000 Pro; XP Pro; XP Home	Re: 2 IExplore.exe everytime Hello, and welcome. As was mentioned in reply to your previous post.... Multiple instances of iexplore.exe appearing in Task Manager is normal, and expected, in IE8. http://www.winhelponline.com/blog/mu...et-explorer-8/ __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

07-30-2009, 11:58 AM	#3 (permalink)
spanjam2002 Registered User Join Date: Jul 2009 Posts: 3 OS: XP	Re: 2 IExplore.exe everytime Thanks for your answer, I did not pay attention to your last reply as I concentrated on properly submitting the thread. Thanks again. Span

08-04-2009, 08:01 PM	#5 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,580 OS: 2000 Pro; XP Pro; XP Home	Re: 2 IExplore.exe everytime Since this issue appears to be resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009