Help; Ie Opens On Its Own - Suggest A Fix PC Support Forums

Help; Ie Opens On Its Own

rew	Dec 11 2006, 07:20 AM Post #1
Group: Members Posts: 11 Joined: 11-December 06 Member No.: 17,626	Hi all, this is my hjt log. The problem is that internet explorer opens on its own and goes to some random pages. I tried adaware, spybot, nod32, panda and nothings seems to help. Cookies that seem to reappear all the time are from adbrite and yieldmanager... Hope you can help... Tibor Logfile of HijackThis v1.99.1 Scan saved at 15:12:48, on 11.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\NetLimiter\NetLimiter.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Eset\nod32krn.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: http://www.adobe.com O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164374054250 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {EBE67253-D4EA-11D3-845A-00500483D287} (ImageViewer Class) - file://G:\vwr_data\dcm_vwr.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Replies

Ironbender	Dec 11 2006, 03:09 PM Post #2
Reality is just an illusion due to a lack of alcohol. Group: SAF Moderator Posts: 15,699 Joined: 16-March 05 From: Jacarei, SP - Brazil Member No.: 10,092	Go to Control Panel > Add/Remove Programs and uninstall the following if found: SweetIM For Internet Explorer WhenUSearch Follow all the prompts, then restart the computer. If you can't find it, you'll need to search this in your registry. Your winpfind log also shows SIMBAR: QUOTE This is not a virus or trojan. It is a direct-marketing adware application. This application generates extra pop-up ads while using Internet Explorer. This kind of application generally comes bundled with another program, which usually discloses the fact that it is ad-supported. Users agree to have the Adware installed in the license agreement, although they may not realise at first that this file was packaged with the product they installed. McAfee antivirus may deal with this... please perform an online virus scan from http://us.mcafee.com/root/mfs/default.asp If this does not works, <start/Run> type regedit (enter) Navigate to this key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] delete any SIMBAR related entry: \\SIMBAR Enabled - \\SIMBAR={F0E1E54A-0A9C-4e07-BC87-66A59740857A} - Do a registry backup before doing this Your HJT log still shows nothing. Also, as I'm not yet familiar with IE7, are you sure there is not some enabled plugin to display ads on it ? Chris -------------------- My Roots ~ My Nephew's band ~ My Online Newspaper It sounds like English, but I can't understand a word you are saying Men have become the tools of their tools. - H. D. Thoreau

Posts in this topic

rew Help; Ie Opens On Its Own Dec 11 2006, 07:20 AM

Ironbender Hi Tibor, welcome to SAF Nothing bad showing ther... Dec 11 2006, 07:59 AM

rew Hi Chris, thanks for replying Ok, I did what you s... Dec 11 2006, 09:11 AM

Ironbender Go to Control Panel > Add/Remove Programs and u... Dec 11 2006, 03:09 PM

rew Hi Chris, I did what you said and cleaned everyth... Dec 11 2006, 04:53 PM

HKEd Hi rew...the ACMRU key shows that you've searc... Dec 11 2006, 08:09 PM

rew Hi HKEd... Ok, I learned something about registry... Dec 12 2006, 05:15 AM

Ironbender Very strange issue... :eek5: Well, if McAfee doe... Dec 12 2006, 06:18 AM

rew I did the scan with panda, only one thing found, h... Dec 12 2006, 07:41 AM

Ironbender Yep ! It is. Hit Ctrl Alt Del to enter task m... Dec 12 2006, 03:12 PM

rew Unfortunately, I cannot find those files, not even... Dec 12 2006, 07:44 PM

Ironbender Please don't touch the winlogon process... :ee... Dec 13 2006, 02:40 AM

rew Ok, hope you'll think of something, and thank... Dec 13 2006, 09:21 AM

Ironbender Please start HijackThis and click on the "Ope... Dec 13 2006, 12:32 PM

rew here's the log... StartupList report, 13.12.2... Dec 13 2006, 01:24 PM

Ironbender Well, nothing bad showing. I'm almost thinking... Dec 13 2006, 06:27 PM

rew No, problem started before IE7 install, and I... Dec 14 2006, 03:21 AM

Ironbender Well, although there is no hosts redirection showi... Dec 14 2006, 05:54 AM

rew here are the new logs, but the problem still remai... Dec 14 2006, 06:53 AM

Ironbender It was a shot in the dark. I can't believe we ... Dec 15 2006, 01:39 AM

rew I have sent you my registry, and yes, it seems a b... Dec 15 2006, 02:49 AM

Ironbender I replied to your mail. Need to send it again... :... Dec 15 2006, 04:19 AM

« Next Oldest · Malicious Code: Viruses, Trojans, Spyware and Browser HiJacking · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members: