IE won't stop opening
Results 1 to 2 of 2

Thread: IE won't stop opening

  1. October 10th, 2008, 01:35 PM #1
    bellallisa
    bellallisa is offline Virtual Med Student
    Join Date
    Oct 2008
    Posts
    1

    IE won't stop opening

    Hello,

    I am using Windows XP and I think I have a virus. I have run all the required programs and antivirus programs and Windows updates. Sometimes when I click on my IE 6.0 icon, I get a continuous streem of IE windows opening. They only way I can get it to stop is to actually unplug my computer. Is anyone able to help?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:30:07 AM, on 10/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\borland\interbase\Bin\IBGuard.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\mnmsrvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trams\Common Files\tlmgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\Fast.exe
    C:\Program Files\borland\interbase\Bin\IBServer.exe
    C:\Program Files\Trams\Common Files\tlmgrconsole.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\CA\eTrust Antivirus\realmon.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spark\Spark.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\lhandley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\ActiveWords\AWMonitor.exe
    C:\wspan\swgw\FilterAgent.exe
    C:\Program Files\ActiveWords\AWMonitor.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ActiveWords\AWApps\L&T\AWLearnTrain.exe
    C:\Program Files\ActiveWords\AWFeedback.exe
    C:\PROGRA~1\ACTIVE~1\nahuatl.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...rel&channel=us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...rel&channel=us
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: 208.44.169.188 homeport
    O1 - Hosts: 127.0.0.34 ofep34.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.23 ofep23.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.36 fos.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.8 ofep08.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.21 ofep21.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.32 ofep32.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.36 frt.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.28 ofep28.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.30 ofep30.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.6 ofep06.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.26 ofep26.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.4 ofep04.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.35 ofep35.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.24 ofep24.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.37 lb1.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.39 tsts.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.39 access.tsts.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.33 ofep33.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.9 ofep09.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.22 ofep22.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.29 ofep29.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.40 cert.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.31 ofep31.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.7 ofep07.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.40 access.cert.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.20 ofep20.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.27 ofep27.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.5 ofep05.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.36 decs.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.25 ofep25.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.38 lb2.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.3 ofep03.sabre.com # Nortel SSL-VPN
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [TRAMSLicenseManagerConsole] "C:\Program Files\Trams\Common Files\tlmgrconsole.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust Antivirus\realmon.exe" -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKCU\..\Run: [Spark] C:\Program Files\Spark\Spark.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\lhandley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-21-2724283253-2555344298-1605498885-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
    O4 - HKUS\S-1-5-21-876009990-2883842707-2453782441-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'mmadmin')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: ActiveWords.lnk = C:\Program Files\ActiveWords\AWMonitor.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
    O8 - Extra context menu item: &Search - ?p=ZUxdm265NYUS
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O15 - Trusted Zone: http://*.worldspan.com
    O15 - Trusted Zone: http://*.wspan.com
    O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wspan.com/secure/DL...nformation.cab
    O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.winkflash.com/photo/loade...eUploader5.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1204146660736
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1204146652595
    O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - https://gopublic.wspan.com/secure/DLLs/WSFileIO3.cab
    O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go2f.wspan.com//Secure/DLLs/WSFileIO2.cab
    O16 - DPF: {8E27C92B-1264-101C-8A2F-040224009C02} (Calendar Control 8.0) - http://gopublic.wspan.com/secure/DLLs/mscal.cab
    O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://gopublic.wspan.com/Secure/DL...wserConfig.cab
    O16 - DPF: {CE7C3CF0-4B15-11D1-ABED-709549C10000} - https://gopublic.wspan.com/Secure/DLLs/IEHelper.cab
    O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - https://gopublic.wspan.com/scripts/us/bin/WSCAL.CAB
    O16 - DPF: {E99BF99C-5D95-11D4-A0EC-00500489A32D} (WSFileIO Class) - http://gopublic.wspan.com/Scripts/us/DLLs/WSFileIO.cab
    O16 - DPF: {F2C74EB6-1E7C-44A1-8EBA-CEDB52D47108} - https://gopublic.wspan.com/Secure/Dlls/WSClient.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MM.com
    O17 - HKLM\Software\..\Telephony: DomainName = MM.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MM.com
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
    O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: Interbase Guardian (InterbaseGuardian) - Borland Software Corporation - C:\Program Files\borland\interbase\Bin\IBGuard.EXE
    O23 - Service: Interbase Server (InterbaseServer) - Borland Software Corporation - C:\Program Files\borland\interbase\Bin\IBServer.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: TRAMS License Manager (TRAMSLicenseManager) - TRAMS, Inc. - C:\Program Files\Trams\Common Files\tlmgr.exe

    Wordspan and Sabre are programs I need to do my job.

    Thank you so much in advance!

    Lisa
    Reply With Quote Reply With Quote
  2. October 10th, 2008, 02:13 PM #2
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    *** Download HostsXpert ( http://www.majorgeeks.com/Hoster_d4626.html ) and then follow the steps below:

    * Unzip HostsXpert.zip
    * It will create a folder named HostsXpert in whatever folder you extract it to.
    * Run HostsXpert.exe by double clicking on it.
    * click Restore MS Hosts File and then click OK.
    * Click the X to exit the program


    Print these instructions out.

    1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under Configuration and Preferences, click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Scan for tracking cookies.
    - Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * Back on the main screen, under Scan for Harmful Software click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under Complete Scan, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.
    NOTE: Tracking cookies can be omitted from the log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use. Only, if you want to use realtime protection, scheduled scanning, and scheduled updating, you have to pay one-time fee)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    3. Post new HijackThis log.


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
    My Home Page
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules