1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

IE Pops up and will not stay closed

Discussion in 'Internet Explorer & Microsoft Edge' started by G8R098, 2008/03/11.

Thread Status:
Not open for further replies.
  1. 2008/03/11
    G8R098

    G8R098 Banned Thread Starter

    Joined:
    2008/03/10
    Messages:
    3
    Likes Received:
    0
    Im sorry if this is a doiuble post but I cant find it if its there

    Ive seen this subject come up before but I wanted some specific advice

    here is the hijackthis log file

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:37:34 PM, on 3/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Program Files\Greg's Stuff\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\DOCUME~1\GREGSC~1\LOCALS~1\Temp\clclean.0001
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    c:\program files\common files\installshield\updateservice\isuspm.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Greg Schreiber\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pitchforkmedia.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0EF38B85-63BB-4A3C-B96D-43D8D6C42DBD} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {71DC761C-58BD-4f3d-99F7-7C1B54B5BBCB} - C:\WINDOWS\system32\crypt32r.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
    O2 - BHO: (no name) - {E2278F85-4584-4BEE-928C-600B38C385C1} - (no file)
    O2 - BHO: (no name) - {F6E20ADE-8CE8-492c-BCBA-ABF3EF2DE4E8} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O3 - Toolbar: (no name) - {73959F2B-EB03-41D1-8F69-694B7B80D699} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
    O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKUS\S-1-5-21-373276819-1685232502-3626967868-1005\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Richard Schreiber')
    O4 - HKUS\S-1-5-21-373276819-1685232502-3626967868-1005\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (User 'Richard Schreiber')
    O4 - HKUS\S-1-5-21-373276819-1685232502-3626967868-1005\..\Run: [apod] C:\PROGRA~1\APOD\apod.exe (User 'Richard Schreiber')
    O4 - HKUS\S-1-5-21-373276819-1685232502-3626967868-1005\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Richard Schreiber')
    O4 - HKUS\S-1-5-21-373276819-1685232502-3626967868-1005\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'Richard Schreiber')
    O4 - HKUS\S-1-5-21-373276819-1685232502-3626967868-1007\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Mommy McMommerton')
    O4 - HKUS\S-1-5-18\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'Default user')
    O4 - S-1-5-21-373276819-1685232502-3626967868-1005 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Richard Schreiber')
    O4 - S-1-5-21-373276819-1685232502-3626967868-1005 User Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Richard Schreiber')
    O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
    O4 - Global Startup: APC UPS Status.lnk = ?
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://corp.harrisview.com/XTSAC.cab
    O16 - DPF: {4912ED81-BD9F-485E-86CA-BD62EC957435} (Soarian Frame Tools for Internet Explorer) - https://ipssrv1.pinnaclehealth.org/....com/020530319_P0MB_p_htm//sframe/IETools.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O20 - Winlogon Notify: crypt32 - C:\WINDOWS\SYSTEM32\crypt32r.dll
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\Greg's Stuff\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 14610 bytes

    And the ewido log file.... when its done
     
    G8R098,
    #1
  2. 2008/03/11
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    G8R098 - Welcome to the Board :)

    As a new member with less than 10 posts any post you make which contains a URL requires approval (moderation) before it is visible. There was a message to this effect when you signed up.

    BTW - I don't see another post from you :)
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2008/03/13
    G8R098

    G8R098 Banned Thread Starter

    Joined:
    2008/03/10
    Messages:
    3
    Likes Received:
    0
    Hello?
     
    G8R098,
    #3
  5. 2008/03/14
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Please do not post logs that are not requested in .....

    http://www.windowsbbs.com/announcement.php?f=41 which you should have read before posting. Logs of the length you posted would put anyone off :)

    Everything listed in that report are tracking cookies which are basically harmless although they may be considered to be an invsaion of your privacy.

    They are either in your Norton Protected Recycle bin - empty it or in System Restore where they are harmless, but will be restored should you invoke System Restore. At this stage you should not clear the System Restore points until directed to.

    I have removed those logs and no doubt one of our trained analyists will look at your HJT log in due course - they are extremely busy as a glance down the forum listing will show.

    In the meantime I would suggest you install IE 7 - IE 6 is insecure.
     
    PeteC,
    #4
  6. 2008/04/03
    G8R098

    G8R098 Banned Thread Starter

    Joined:
    2008/03/10
    Messages:
    3
    Likes Received:
    0
    hello?

    are you guys done giving advice? Switching to IE 7 will not remove the hijacker from my system. I downloaded hijackthis, all I need is your advice on what to fix. I realize this isn't your main job, but I just want some help.
     
    G8R098,
    #5
  7. 2008/04/04
    Steve R Jones

    Steve R Jones SuperGeek Staff

    Joined:
    2001/12/30
    Messages:
    12,321
    Likes Received:
    253
    Steve R Jones,
    #6
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...