Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Multiple Internet Explorer 6 - opens automatically. but why?

Reply
1 2

Join Date: Sep 2004
Posts: 8
Reputation: Mattx is an unknown quantity at this point 
Solved Threads: 0
Mattx Mattx is offline Offline
Newbie Poster

Multiple Internet Explorer 6 - opens automatically. but why?

 
0
  #1
Oct 6th, 2004
Internet Explorer 6 - opens automatically. but why?

I'm running Windows XP Home Edition on my laptop.

When I boot up, Internet Explorer opens once with my home page. I've checked out the start up file, but it isn't requested to open at start up.

When the computer is left untouched for 30 mins, Internet Explorer opens again unprompted (to my home page), 2 seconds later another window opens, followed by another and another until 43 Internet Explorer windows are open and the system comes to a grinding halt. I then close the Internet Explorer windows but every 2 seconds another opens and another and another. I eventually switch the computer off and boot up again.

I've tried to rectify by putting pop up killer software on but to no avail.
My Norton Antivirus doesn't detect anything.
I use Adaware - it still does it.
I used a Trogan Scanner - it still does it.
I've done a system restore but it still does it.


Coincidently when i switch from battery to mains, IE opens unprompted (once only) - don't know if this is relevant.

I hope somebody can help me because it's driving me mad!

I've issued my hijackthis log below if it makes any sense to anybody! Please help. Cheers Matt


Logfile of HijackThis v1.97.7
Scan saved at 23:39:12, on 05/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\sys32snd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sres32.exe
C:\WINDOWS\System32\winsysi.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\vpc32.exe C:\WINDOWS\System32\sygs.exe C:\WINDOWS\System32\MSupdate32.exe
C:\Program Files\Company\Quick Start Button\QSB.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\BT Broadband\Help\bin\mpbtn.exe C:\Program Files\Soulseek\slsk.exe C:\Program Files\Common Files\Symantec Shared\NMain.exe C:\Documents and Settings\Matt Lockett\Desktop\HijackThis.exe C:\Program Files\SlimBrowser\sbrowser.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Automatic Updates] dvldr.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Task manager] TikTo.exe
O4 - HKLM\..\Run: [System Services] connection.exe
O4 - HKLM\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Media Player] wmplayer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check]
C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Services] C:\winset.exe
O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe
O4 - HKLM\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\Run: [msconfig service] MSupdate32.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan
Remover\Trjscan.exe
O4 - HKLM\..\RunServices: [Windows Automatic Updates] dvldr.exe O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe O4 - HKLM\..\RunServices: [Task manager] TikTo.exe O4 - HKLM\..\RunServices: [System Services] connection.exe O4 - HKLM\..\RunServices: [WindowsRegKeys update] winsysi.exe O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe O4 - HKLM\..\RunServices: [Win32 USB2 Driver] sys32snd.exe O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe O4 - HKLM\..\RunServices: [Sygates Personal Firewall] sygs.exe O4 - HKLM\..\RunServices: [msconfig service] MSupdate32.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [QSB] C:\Program Files\Company\Quick Start Button\QSB.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [System Services] connection.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [Task manager] TikTo.exe
O4 - HKCU\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT
Broadband\Help\bin\matcli.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone
Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.co...?1096203988160
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/get...sh/swflash.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}:
NameServer = 194.74.65.87 194.72.9.39
O17 -
HKLM\System\CS1\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}:
NameServer = 194.74.65.87 194.72.9.39
O17 -
HKLM\System\CS2\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}:
NameServer = 194.74.65.87 194.72.9.39
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 209
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Multiple Internet Explorer 6 - opens automatically. but why?

 
0
  #2
Oct 6th, 2004
Hi Matt, you need to update your version of HJT, there is an Update feature within it you can use or go here:
http://www.softpedia.com/progDownloa...load-5034.html
Also, you're running it from your desktop, it should be put into it's own folder so backups can be stored safely (like c:\hjt\hijackthis.exe).

After you do that, close all windows, scan with hjt, and post a new log.
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 764
Reputation: DaveSW is on a distinguished road 
Solved Threads: 17
DaveSW's Avatar
DaveSW DaveSW is offline Offline
Master Poster

Re: Multiple Internet Explorer 6 - opens automatically. but why?

 
0
  #3
Oct 6th, 2004
Have you updated your virus definitions? You appear to have a worm.

You might want to try an online scan from http://www.pandasoftware.com/activescan/ and/or http://housecall.trendmicro.com/

edit: 2 worms!
emdevelopments - accessible web design | HiJackThis

Portfolio: Fire Equipment, Conveyors, Tools | Whitworth Spanner | Alarm Installers Bath | Physical Security Solutions | Surveyor | Pine Range | Unique Air Charter | Apollo Tiling in Bridgend
Reply With Quote Quick reply to this message  
Join Date: Sep 2004
Posts: 8
Reputation: Mattx is an unknown quantity at this point 
Solved Threads: 0
Mattx Mattx is offline Offline
Newbie Poster

Re: Multiple Internet Explorer 6 - opens automatically. but why?

 
0
  #4
Oct 6th, 2004
Ok. So i've updated the HJT and here's my new log :

Logfile of HijackThis v1.98.2
Scan saved at 21:00:33, on 06/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\sys32snd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sres32.exe
C:\WINDOWS\System32\winsysi.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\vpc32.exe
C:\WINDOWS\System32\sygs.exe
C:\WINDOWS\System32\MSupdate32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Company\Quick Start Button\QSB.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Hijackthis\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Automatic Updates] dvldr.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Task manager] TikTo.exe
O4 - HKLM\..\Run: [System Services] connection.exe
O4 - HKLM\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Media Player] wmplayer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Services] C:\winset.exe
O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe
O4 - HKLM\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\Run: [msconfig service] MSupdate32.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunServices: [Windows Automatic Updates] dvldr.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [Task manager] TikTo.exe
O4 - HKLM\..\RunServices: [System Services] connection.exe
O4 - HKLM\..\RunServices: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
O4 - HKLM\..\RunServices: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\RunServices: [msconfig service] MSupdate32.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [QSB] C:\Program Files\Company\Quick Start Button\QSB.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [System Services] connection.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [Task manager] TikTo.exe
O4 - HKCU\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096203988160
O17 - HKLM\System\CCS\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}: NameServer = 194.74.65.87 194.72.9.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}: NameServer = 194.74.65.87 194.72.9.39
O17 - HKLM\System\CS2\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}: NameServer = 194.74.65.87 194.72.9.39
Reply With Quote Quick reply to this message  
Join Date: Sep 2004
Posts: 8
Reputation: Mattx is an unknown quantity at this point 
Solved Threads: 0
Mattx Mattx is offline Offline
Newbie Poster

Re: Multiple Internet Explorer 6 - opens automatically. but why?

 
0
  #5
Oct 8th, 2004
Latest log file. Dave, How do I get rid of the worms?!

Logfile of HijackThis v1.98.2
Scan saved at 17:45:42, on 08/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\sys32snd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sres32.exe
C:\WINDOWS\System32\winsysi.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\sygs.exe
C:\WINDOWS\System32\MSupdate32.exe
C:\Program Files\Company\Quick Start Button\QSB.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\WINDOWS\System32\vpc32.exe
C:\Hijackthis\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Automatic Updates] dvldr.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Task manager] TikTo.exe
O4 - HKLM\..\Run: [System Services] connection.exe
O4 - HKLM\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Media Player] wmplayer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Services] C:\winset.exe
O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe
O4 - HKLM\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\Run: [msconfig service] MSupdate32.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunServices: [Windows Automatic Updates] dvldr.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [Task manager] TikTo.exe
O4 - HKLM\..\RunServices: [System Services] connection.exe
O4 - HKLM\..\RunServices: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
O4 - HKLM\..\RunServices: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\RunServices: [msconfig service] MSupdate32.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [QSB] C:\Program Files\Company\Quick Start Button\QSB.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [System Services] connection.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [Task manager] TikTo.exe
O4 - HKCU\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096203988160
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}: NameServer = 194.74.65.87 194.72.9.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}: NameServer = 194.74.65.87 194.72.9.39
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 764
Reputation: DaveSW is on a distinguished road 
Solved Threads: 17
DaveSW's Avatar
DaveSW DaveSW is offline Offline
Master Poster

Re: Multiple Internet Explorer 6 - opens automatically. but why?

 
0
  #6
Oct 8th, 2004
Have you tried updating Norton? and the two online scans?
If none of them can fix your problem we'll have to do it by hand, in which case hopefully one of our more senior members will drop in and tell you exactly which ones to delete...

Other than that maybe I'll post a list of what I consider you should be deleting and ask someone to check it.
emdevelopments - accessible web design | HiJackThis

Portfolio: Fire Equipment, Conveyors, Tools | Whitworth Spanner | Alarm Installers Bath | Physical Security Solutions | Surveyor | Pine Range | Unique Air Charter | Apollo Tiling in Bridgend
Reply With Quote Quick reply to this message  
Join Date: Sep 2004
Posts: 8
Reputation: Mattx is an unknown quantity at this point 
Solved Threads: 0
Mattx Mattx is offline Offline
Newbie Poster

Re: Multiple Internet Explorer 6 - opens automatically. but why?

 
0
  #7
Oct 11th, 2004
Dave,

I've got nothing to lose. I'm at the point of re-installing Windows Xp.. Fire away with your proposed deletions, fixes etc. If you get it wrong I won't hold it against you.

Matt
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 9,982
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 754
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Multiple Internet Explorer 6 - opens automatically. but why?

 
0
  #8
Oct 11th, 2004
Open Task Manager & end process on the following:
sys32snd.exe
sres32.exe
winsysi.exe
sygs.exe
MSupdate32.exe
vpc32.exe
Go to C:\WINDOWS\System32 & delete those files manually when you are certain you have ended process on them.

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':

O4 - HKLM\..\Run: [Windows Automatic Updates] dvldr.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Task manager] TikTo.exe
O4 - HKLM\..\Run: [System Services] connection.exe
O4 - HKLM\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\Run: [Media Player] wmplayer.exe
O4 - HKLM\..\Run: [Services] C:\winset.exe
O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe
O4 - HKLM\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\Run: [msconfig service] MSupdate32.exe
O4 - HKLM\..\RunServices: [Windows Automatic Updates] dvldr.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [Task manager] TikTo.exe
O4 - HKLM\..\RunServices: [System Services] connection.exe
O4 - HKLM\..\RunServices: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
O4 - HKLM\..\RunServices: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\RunServices: [msconfig service] MSupdate32.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [System Services] connection.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [Task manager] TikTo.exe
O4 - HKCU\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe

Reboot into safe mode following the instructions here & search for & delete any & all of the above files.

Reboot normally after doing the above, rescan with hijackthis making certain that all instances of Internet Explorer are closed, then post that log here please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Sep 2004
Posts: 8
Reputation: Mattx is an unknown quantity at this point 
Solved Threads: 0
Mattx Mattx is offline Offline
Newbie Poster

Re: Multiple Internet Explorer 6 - opens automatically. but why?

 
0
  #9
Oct 11th, 2004
Cheers for the help Crunchie. I really appreciate it.

Ok done all that and here is the new HJT log file :

Logfile of HijackThis v1.98.2
Scan saved at 19:18:29, on 11/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\crsss.exe
C:\WINDOWS\System32\wvsvc.exe
C:\WINDOWS\System32\msnmesengers.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Company\Quick Start Button\QSB.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hijackthis\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\Run: [Windows Sound Manager] SndMon32.exe
O4 - HKLM\..\Run: [wvsvc] wvsvc.exe
O4 - HKLM\..\Run: [MSN] msnmesengers.exe
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Windows Sound Manager] SndMon32.exe
O4 - HKLM\..\RunServices: [wvsvc] wvsvc.exe
O4 - HKLM\..\RunServices: [MSN] msnmesengers.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [QSB] C:\Program Files\Company\Quick Start Button\QSB.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wvsvc] wvsvc.exe
O4 - HKCU\..\Run: [MSN] msnmesengers.exe
O4 - HKCU\..\RunServices: [MSN] msnmesengers.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096203988160
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}: NameServer = 194.74.65.87 194.72.9.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}: NameServer = 194.74.65.87 194.72.9.39
Reply With Quote Quick reply to this message  
Join Date: Sep 2004
Posts: 8
Reputation: Mattx is an unknown quantity at this point 
Solved Threads: 0
Mattx Mattx is offline Offline
Newbie Poster

Re: Multiple Internet Explorer 6 - opens automatically. but why?

 
0
  #10
Nov 2nd, 2004
Help! Help! Please! Anybody! Help!
Reply With Quote Quick reply to this message  
Reply
1 2

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos domains education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting report research risk rogueantivirus samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC