Double IE in Task manager processes, 8 steps completed

[Kovou]

Hello,
This problem has been accuring for about a week now when I start up IE8 it opens 2 process. At frist I did not think anything of it when I frist saw it but lately it has been running adds in the background as well as clocking up to 725k in memory useage so I know there is a problem when im viewing a pure text site.

I have AVG paid version. Have no P2P file shareing on computer. This is also a Toshiba laptop.

On a side note my mothers Emachine did the same thing and resently the hlc.dll (I think is name its close to that thou) file from window's Root was deleted ( unsure if these two are related or not).

Thank you for your time and assistance with my problem.
Adam

also when ever im on any web page certin words are highlighted in blue and double underlined with an add if you bring mouse over them...unsure if this was related so wanted to give the info as well just in case

 

[Bobbye]

It is normal to have 2 or more iexplore.exe processes running with IE8. I wish Microsoft has notified people of this when they updated it! It is very common to be concerned. We still need to weed out malware.

Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  
  Important! Save the renamed download to your desktop.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls.
  Also disable your internet connection.
• Double click on the setup file on the desktop to run
• If you are prompted to download and install the Recovery Console, please allow it.
  (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
• If you are prompted to update, please do so.
• Click on Yes, to continue scanning for malware.
• When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings.,
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.

When that has finished, please Run Eset NOD32 Online AntiVirus Scanner HERE

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

 

[Kovou]

I have done both here are the files still hearing adds in the background on pure text pages

 

[Bobbye]

You had many files infected with the MyWebSearch alware. There was also numerous files with the popcap adware- this would be game related. I also note that it appears the program Datel was either downloaded or used on 2010-02-07 22:33 . 2010-02-10 20:54 -------- d-----w- c:\program files\Datel.

The company is best known for making available apps such as the Wii Freeloader, which allows users to circumvent regional lockout on the Wii video game console. There are Tracking Cookies from Collective Media which is an ad network.

So I'm thinking the problems you are having are related to content related to these programs or sites.

certin words are highlighted in blue and double underlined with an add if you bring mouse over them.

Combofix deleted one entry and there is one entry I can have you move.:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the code below into it:

File::
c:\windows\system32\drivers\dsiarhwprog.sys
Folder::

Registry::

Driver::
dsiarhwprog

FCopy::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.

Can you please give me a more clear description of what a 'pure text' page is? I assume you are referring to ad you aren't seeing- that doesn't mean there aren't any.

I'd like you to add the following to your system and see if it makes any difference:

• Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
• IE/Spyad This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
• MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
• Google Toolbar Get the free google toolbar to help stop pop up windows.

 

[Kovou]

What I mean are sites that are just displayed as plain text and sites that are suppose to be devoid of ad's and the like. I am told that the biggest time they hear ad's over anything is when listening to music, watching shows on hulu as well as on various animie sites, and when just sitting on desktop if the computer has been on for a few hours. Below is the log you requested. also I checked out the file... c:\program files\Datel ....and found out it is for my Nintendo DS action replay so I can and will remove it just in case. Also since running combo fix the blue text double underlined seems to have gotten worse. If you can think of anything that is needed to get rid of htis most annoying problem it would be most apprated.

Again Thank you for all your help I really apprate it.
Adam

 

[Bobbye]

You have an incredible number of programs and processes loading on startup. I'd like you to stop everything from starting on boot except for the antivirus, firewall, touchpad if on laptop and network process is using network like Network Magic.

You do this as follows: Click on Start> Run> Type in msconfig> enter> Selective Startup> Startup tab> Uncheck all except progress as named above. When finished> click on Apply> OK

Reboot the computer. Close the nag message after checking 'don't show this message again. Stay in Selective Startup.

Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Click on Start> Run> type in services.msc> scroll down to the following and set as instructed:

• Ati HotKey Poller> Manual ( may disable later if you don't use hotkeys)
• CFSvcs> Manual
• ISWSVC> Manual.
• JavaQuickStarter- jqs> Disable> Stop Service
• NMSAccessU> Manual
• Swupdtmr> Disable> Stop Service
• TAPPSRV> Manual)
• YahooAUService> Disable Startup type, Stop Service.

Let me know your status regarding ads and sounds after doing the above.