943,989 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Multiple Internet Explorer 6 - opens automatically. but why?
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Oct 6th, 2004
0

Multiple Internet Explorer 6 - opens automatically. but why?

Expand Post »
Internet Explorer 6 - opens automatically. but why?

I'm running Windows XP Home Edition on my laptop.

When I boot up, Internet Explorer opens once with my home page. I've checked out the start up file, but it isn't requested to open at start up.

When the computer is left untouched for 30 mins, Internet Explorer opens again unprompted (to my home page), 2 seconds later another window opens, followed by another and another until 43 Internet Explorer windows are open and the system comes to a grinding halt. I then close the Internet Explorer windows but every 2 seconds another opens and another and another. I eventually switch the computer off and boot up again.

I've tried to rectify by putting pop up killer software on but to no avail.
My Norton Antivirus doesn't detect anything.
I use Adaware - it still does it.
I used a Trogan Scanner - it still does it.
I've done a system restore but it still does it.


Coincidently when i switch from battery to mains, IE opens unprompted (once only) - don't know if this is relevant.

I hope somebody can help me because it's driving me mad!

I've issued my hijackthis log below if it makes any sense to anybody! Please help. Cheers Matt


Logfile of HijackThis v1.97.7
Scan saved at 23:39:12, on 05/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\sys32snd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sres32.exe
C:\WINDOWS\System32\winsysi.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\vpc32.exe C:\WINDOWS\System32\sygs.exe C:\WINDOWS\System32\MSupdate32.exe
C:\Program Files\Company\Quick Start Button\QSB.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\BT Broadband\Help\bin\mpbtn.exe C:\Program Files\Soulseek\slsk.exe C:\Program Files\Common Files\Symantec Shared\NMain.exe C:\Documents and Settings\Matt Lockett\Desktop\HijackThis.exe C:\Program Files\SlimBrowser\sbrowser.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Automatic Updates] dvldr.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Task manager] TikTo.exe
O4 - HKLM\..\Run: [System Services] connection.exe
O4 - HKLM\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Media Player] wmplayer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check]
C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Services] C:\winset.exe
O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe
O4 - HKLM\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\Run: [msconfig service] MSupdate32.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan
Remover\Trjscan.exe
O4 - HKLM\..\RunServices: [Windows Automatic Updates] dvldr.exe O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe O4 - HKLM\..\RunServices: [Task manager] TikTo.exe O4 - HKLM\..\RunServices: [System Services] connection.exe O4 - HKLM\..\RunServices: [WindowsRegKeys update] winsysi.exe O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe O4 - HKLM\..\RunServices: [Win32 USB2 Driver] sys32snd.exe O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe O4 - HKLM\..\RunServices: [Sygates Personal Firewall] sygs.exe O4 - HKLM\..\RunServices: [msconfig service] MSupdate32.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [QSB] C:\Program Files\Company\Quick Start Button\QSB.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [System Services] connection.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [Task manager] TikTo.exe
O4 - HKCU\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT
Broadband\Help\bin\matcli.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone
Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.co...?1096203988160
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/get...sh/swflash.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}:
NameServer = 194.74.65.87 194.72.9.39
O17 -
HKLM\System\CS1\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}:
NameServer = 194.74.65.87 194.72.9.39
O17 -
HKLM\System\CS2\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}:
NameServer = 194.74.65.87 194.72.9.39
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Mattx is offline Offline
8 posts
since Sep 2004
Permalink
Oct 6th, 2004
0

Re: Multiple Internet Explorer 6 - opens automatically. but why?

Hi Matt, you need to update your version of HJT, there is an Update feature within it you can use or go here:
http://www.softpedia.com/progDownloa...load-5034.html
Also, you're running it from your desktop, it should be put into it's own folder so backups can be stored safely (like c:\hjt\hijackthis.exe).

After you do that, close all windows, scan with hjt, and post a new log.
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Oct 6th, 2004
0

Re: Multiple Internet Explorer 6 - opens automatically. but why?

Have you updated your virus definitions? You appear to have a worm.

You might want to try an online scan from http://www.pandasoftware.com/activescan/ and/or http://housecall.trendmicro.com/

edit: 2 worms!
Reputation Points: 54
Solved Threads: 20
Master Poster
DaveSW is offline Offline
765 posts
since Jul 2004
Permalink
Oct 6th, 2004
0

Re: Multiple Internet Explorer 6 - opens automatically. but why?

Ok. So i've updated the HJT and here's my new log :

Logfile of HijackThis v1.98.2
Scan saved at 21:00:33, on 06/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\sys32snd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sres32.exe
C:\WINDOWS\System32\winsysi.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\vpc32.exe
C:\WINDOWS\System32\sygs.exe
C:\WINDOWS\System32\MSupdate32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Company\Quick Start Button\QSB.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Hijackthis\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Automatic Updates] dvldr.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Task manager] TikTo.exe
O4 - HKLM\..\Run: [System Services] connection.exe
O4 - HKLM\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Media Player] wmplayer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Services] C:\winset.exe
O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe
O4 - HKLM\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\Run: [msconfig service] MSupdate32.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunServices: [Windows Automatic Updates] dvldr.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [Task manager] TikTo.exe
O4 - HKLM\..\RunServices: [System Services] connection.exe
O4 - HKLM\..\RunServices: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
O4 - HKLM\..\RunServices: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\RunServices: [msconfig service] MSupdate32.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [QSB] C:\Program Files\Company\Quick Start Button\QSB.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [System Services] connection.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [Task manager] TikTo.exe
O4 - HKCU\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096203988160
O17 - HKLM\System\CCS\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}: NameServer = 194.74.65.87 194.72.9.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}: NameServer = 194.74.65.87 194.72.9.39
O17 - HKLM\System\CS2\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}: NameServer = 194.74.65.87 194.72.9.39
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Mattx is offline Offline
8 posts
since Sep 2004
Permalink
Oct 8th, 2004
0

Re: Multiple Internet Explorer 6 - opens automatically. but why?

Latest log file. Dave, How do I get rid of the worms?!

Logfile of HijackThis v1.98.2
Scan saved at 17:45:42, on 08/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\sys32snd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sres32.exe
C:\WINDOWS\System32\winsysi.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\sygs.exe
C:\WINDOWS\System32\MSupdate32.exe
C:\Program Files\Company\Quick Start Button\QSB.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\WINDOWS\System32\vpc32.exe
C:\Hijackthis\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Automatic Updates] dvldr.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Task manager] TikTo.exe
O4 - HKLM\..\Run: [System Services] connection.exe
O4 - HKLM\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Media Player] wmplayer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Services] C:\winset.exe
O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe
O4 - HKLM\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\Run: [msconfig service] MSupdate32.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunServices: [Windows Automatic Updates] dvldr.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [Task manager] TikTo.exe
O4 - HKLM\..\RunServices: [System Services] connection.exe
O4 - HKLM\..\RunServices: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
O4 - HKLM\..\RunServices: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\RunServices: [msconfig service] MSupdate32.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [QSB] C:\Program Files\Company\Quick Start Button\QSB.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [System Services] connection.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [Task manager] TikTo.exe
O4 - HKCU\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096203988160
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}: NameServer = 194.74.65.87 194.72.9.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}: NameServer = 194.74.65.87 194.72.9.39
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Mattx is offline Offline
8 posts
since Sep 2004
Permalink
Oct 8th, 2004
0

Re: Multiple Internet Explorer 6 - opens automatically. but why?

Have you tried updating Norton? and the two online scans?
If none of them can fix your problem we'll have to do it by hand, in which case hopefully one of our more senior members will drop in and tell you exactly which ones to delete...

Other than that maybe I'll post a list of what I consider you should be deleting and ask someone to check it.
Reputation Points: 54
Solved Threads: 20
Master Poster
DaveSW is offline Offline
765 posts
since Jul 2004
Permalink
Oct 11th, 2004
0

Re: Multiple Internet Explorer 6 - opens automatically. but why?

Dave,

I've got nothing to lose. I'm at the point of re-installing Windows Xp.. Fire away with your proposed deletions, fixes etc. If you get it wrong I won't hold it against you.

Matt
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Mattx is offline Offline
8 posts
since Sep 2004
Permalink
Oct 11th, 2004
0

Re: Multiple Internet Explorer 6 - opens automatically. but why?

Open Task Manager & end process on the following:
sys32snd.exe
sres32.exe
winsysi.exe
sygs.exe
MSupdate32.exe
vpc32.exe
Go to C:\WINDOWS\System32 & delete those files manually when you are certain you have ended process on them.

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':

O4 - HKLM\..\Run: [Windows Automatic Updates] dvldr.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Task manager] TikTo.exe
O4 - HKLM\..\Run: [System Services] connection.exe
O4 - HKLM\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\Run: [Media Player] wmplayer.exe
O4 - HKLM\..\Run: [Services] C:\winset.exe
O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe
O4 - HKLM\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\Run: [msconfig service] MSupdate32.exe
O4 - HKLM\..\RunServices: [Windows Automatic Updates] dvldr.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [Task manager] TikTo.exe
O4 - HKLM\..\RunServices: [System Services] connection.exe
O4 - HKLM\..\RunServices: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
O4 - HKLM\..\RunServices: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\RunServices: [msconfig service] MSupdate32.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [System Services] connection.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [Task manager] TikTo.exe
O4 - HKCU\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe

Reboot into safe mode following the instructions here & search for & delete any & all of the above files.

Reboot normally after doing the above, rescan with hijackthis making certain that all instances of Internet Explorer are closed, then post that log here please.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,165 posts
since Feb 2004
Permalink
Oct 11th, 2004
0

Re: Multiple Internet Explorer 6 - opens automatically. but why?

Cheers for the help Crunchie. I really appreciate it.

Ok done all that and here is the new HJT log file :

Logfile of HijackThis v1.98.2
Scan saved at 19:18:29, on 11/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\crsss.exe
C:\WINDOWS\System32\wvsvc.exe
C:\WINDOWS\System32\msnmesengers.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Company\Quick Start Button\QSB.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hijackthis\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\Run: [Windows Sound Manager] SndMon32.exe
O4 - HKLM\..\Run: [wvsvc] wvsvc.exe
O4 - HKLM\..\Run: [MSN] msnmesengers.exe
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Windows Sound Manager] SndMon32.exe
O4 - HKLM\..\RunServices: [wvsvc] wvsvc.exe
O4 - HKLM\..\RunServices: [MSN] msnmesengers.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [QSB] C:\Program Files\Company\Quick Start Button\QSB.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wvsvc] wvsvc.exe
O4 - HKCU\..\Run: [MSN] msnmesengers.exe
O4 - HKCU\..\RunServices: [MSN] msnmesengers.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096203988160
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}: NameServer = 194.74.65.87 194.72.9.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{01A830A8-71D3-4FDF-9127-664F03A98430}: NameServer = 194.74.65.87 194.72.9.39
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Mattx is offline Offline
8 posts
since Sep 2004
Permalink
Nov 2nd, 2004
0

Re: Multiple Internet Explorer 6 - opens automatically. but why?

Help! Help! Please! Anybody! Help!
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Mattx is offline Offline
8 posts
since Sep 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Please Help - Server Busy Problem - Vlaminator
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: malware help





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC