MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Explorer closes down by itself!
December 06, 2019, 06:00:29 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 06, 2019, 06:00:29 AM

Login with username, password and session length
 Featured Sites:
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Explorer closes down by itself!  (Read 2645 times)
risha
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 6


Bookmark and Share

View Profile
« on: October 23, 2004, 08:13:33 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows 2000
Problem Application Name & Version: Internet Explorer 6
Problem Hardware Make & Model:
Error Messages:



Hey, i really hope you can help me with this. Everytime im trying to view films in explorer which open in a pop-up window, the explorer closes down all the windows by itself. I have looked at the similar topic in the forum and tried to follow the advice there, but still nothing have changed. So i hope i will get help here, here's my Hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 22:14:50, on 23.10.2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NTS\WANADO~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.23.0\gnotify.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\internat.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\cidaemon.exe
C:\PROGRA~1\NTS\WANADO~1\app\EnterNet.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 5.0 CE\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\notepad.exe
C:\Downloads\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aorswedaooytqob.info/UNMocE/iTwgkmBGuolKWTkhCGxFdWs1aKVreIq/qkvloZms4QaipL/6PcXugWjF4.jpg
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\JCCATCH.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.23.0\gnotify.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [gramcity] C:\PROGRA~1\Gpl Platform\Metaforksave.exe
O4 - HKLM\..\Run: [data trust dent site] C:\Documents and Settings\All Users\Application Data\LiveInsideDataTrust\Cash Corn.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item:
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: October 24, 2004, 01:54:02 AM »

Because of the Installation of Messenger Plus3 with Sponsor, it has also installed it's bundled spyware called LOP

I very much recommend that you uninstall MSN PLUS3
Could you also Access your Add/Remove Programs and Remove any of these if found
Window Search, Window Searching, Lop.com, LOP Search, Browser Enhancer, Ultimate Browser Enhancer . If you are given a code to insert, do so.

RESTART your computer if all or any removed

After restart
Download and Install the free version of Ad-Aware  SE Personal 1.05
Ensure you have this version or later
If your running an older version, uninstall it and install this version
After installation-CHECK FOR UPDATES
Do a Full system scan----Remove All Critical objects
RESTART your computer to finish the cleaning process

After Restart
Update your version of hijackthis to 1.98.2
Open Hijackthis>>Config>>Misc Tools>>>Check for updates online
If for some reason it won't update you can redownload the latest version from HERE
Save to a permanent folder

Post back with a fresh hijackthis log after you have done all the above
Logged

 
risha
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 6


Bookmark and Share

View Profile
« Reply #2 on: October 24, 2004, 01:25:49 PM »

Alright, i've done everything, here's the fresh hijackthis log:

Logfile of HijackThis v1.98.2
Scan saved at 15:24:58, on 24.10.2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NTS\WANADO~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\internat.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\NTS\WANADO~1\app\EnterNet.exe
C:\WINNT\System32\cidaemon.exe
C:\Documents and Settings\Irina Fetisova\My Documents\HijackThis logs\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aorswedaooytqob.info/UNMocE/iTwgkmBGuolKWTkhCGxFdWs1aKVreIq/qkvloZms4QaipL/6PcXugWjF4.jpg
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\JCCATCH.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.23.0\gnotify.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [gramcity] C:\PROGRA~1\Gpl Platform\Metaforksave.exe
O4 - HKLM\..\Run: [data trust dent site] C:\Documents and Settings\All Users\Application Data\LiveInsideDataTrust\Cash Corn.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item:
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: October 24, 2004, 06:25:12 PM »

Set Windows to Show Hidden Files and Folders

Download and save to desktop this Lop Uninstaller
double click to run it, follow the prompts

RESTART your Computer in SAFE MODE

Find and delete these files or folders if they exist
C:\Documents and Settings\All Users\Application Data\LiveInsideDataTrust <--folder
C:\PROGRAM FILES\Gpl Platform <--folder

C:\Program Files\Messenger Plus <--folder, if MSN PLUS was uninstalled

Stay in safe mode
Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aorswedaooytqob.info/UNMocE/iTwgkmBGuolKWTkhCGxFdWs1aKVreIq/qkvloZms4QaipL/6PcXugWjF4.jpg

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [gramcity] C:\PROGRA~1\Gpl Platform\Metaforksave.exe
O4 - HKLM\..\Run: [data trust dent site] C:\Documents and Settings\All Users\Application Data\LiveInsideDataTrust\Cash Corn.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Optionally, fix the next ones too, they are not threats, but considered resource hog, not needed on startup, programs work fine without them
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


If you chose to fix realsched.exe with hijackthis
Navigate to this file in safe mode,
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
RENAME realsched.exe>>realsched.old
This will ensure it won't startup and Realplayer works fine without it.

RESTART back into Normal mode
Access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Post back with a fresh hijackthis log and let me know if your problems are resolved
Logged

 
risha
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 6


Bookmark and Share

View Profile
« Reply #4 on: October 24, 2004, 08:29:54 PM »

hey benditup,
Thanx for your help, it sems to be working now, no problems.
I did not however find these folders
C:\Documents and Settings\All Users\Application Data\LiveInsideDataTrust <--folder
C:\PROGRAM FILES\Gpl Platform <--folder

and here's the fresh log

Logfile of HijackThis v1.98.2
Scan saved at 22:30:28, on 24.10.2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NTS\WANADO~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINNT\system32\stisvc.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.23.0\gnotify.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\NTS\WANADO~1\app\EnterNet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\system32\integator.exe


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aorswedaooytqob.info/UNMocE/iTwgkmBGuolKWTkhCGxFdWs1aKVreIq/qkvloZms4QaipL/6PcXugWjF4.jpg
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\JCCATCH.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.23.0\gnotify.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [gramcity] C:\PROGRA~1\Gpl Platform\Metaforksave.exe
O4 - HKLM\..\Run: [data trust dent site] C:\Documents and Settings\All Users\Application Data\LiveInsideDataTrust\Cash Corn.exe
O4 - HKLM\..\Run: [Windows Fix] integator.exe
O4 - HKLM\..\RunServices: [Windows Fix] integator.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item:
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #5 on: October 24, 2004, 08:49:34 PM »

It doesn't look like you fixed any of the entries I asked you to fix with  Hijackthis?
Did you set Windows to show hidden files and folders when looking for those folders to delete?

I need you to follow these instructions closely
Print this out if you have to

Disconnect completely from the Internet
Shut down ALL browser windows, including this one
Close down all other open window

Open Hijackthis>>Config>>Misc Tools>>Open Process Manager
Kill this process
C:\WINNT\system32\integator.exe


Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aorswedaooytqob.info/UNMocE/iTwgkmBGuolKWTkhCGxFdWs1aKVreIq/qkvloZms4QaipL/6PcXugWjF4.jpg

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [gramcity] C:\PROGRA~1\Gpl Platform\Metaforksave.exe
O4 - HKLM\..\Run: [data trust dent site] C:\Documents and Settings\All Users\Application Data\LiveInsideDataTrust\Cash Corn.exe

O4 - HKLM\..\Run: [Windows Fix] integator.exe
O4 - HKLM\..\RunServices: [Windows Fix] integator.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart


RESTART your computer into safe mode
Find and delete this file if it exists
C:\WINNT\system32\integator.exe

RESTART back into Normal Mode and post back a fresh hijackthis log
Logged

 
risha
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 6


Bookmark and Share

View Profile
« Reply #6 on: October 24, 2004, 09:45:58 PM »

ok, first of all, i did follow everything you said before, and i did print out your reply, and have run the HijackThis in the safe mode and then fixed those entries already...but yeah, they seem to be there still, gonna try it again then! hope this time it will work...
Oh, and i did check the show hidden files and folders as well...but i still cannot find those folders
« Last Edit: October 24, 2004, 09:48:11 PM by risha » Logged

 
risha
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 6


Bookmark and Share

View Profile
« Reply #7 on: October 25, 2004, 01:49:34 PM »

Alright, i did about 100 attempts to 'fix checked' but as i scan again, after restart or before, it doesnt mater, i still get exactly the same log. Nothing seems to be fixed at all. But at least IE seems to be working alright now...
Any ideas what might be  wrong here?
Thanx for the help anyways!
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #8 on: October 25, 2004, 10:07:14 PM »

I missed this entry in your log risha
This may be preventing any fix to the registry
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

Can you please disable Ad-Watch completely and then try the fixes again
and post a fresh hijackthis log, thanx
Logged

 
risha
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 6


Bookmark and Share

View Profile
« Reply #9 on: October 25, 2004, 10:52:06 PM »

Here's the fresh Hijackthis log, thanx a lot for your help!

Logfile of HijackThis v1.98.2
Scan saved at 0:51:46, on 26.10.2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\PROGRA~1\NTS\WANADO~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.23.0\gnotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\JCCATCH.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.23.0\gnotify.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item:
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #10 on: October 25, 2004, 11:13:34 PM »

That looks better risha.
This entry
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank
Tells me that you may normally have you startpage set to about:blank
So I won't consider it bad

Any 015 entry you didn't manually add to you trusted site can be fixed with hijackthis
All are related to amazon or ebay

I'll lock this topic shortly as your problems seem resolved, if you need it reopened please PM a Mod and supply a link to this thread
Stay Safe Smiley

P.S. Don't forget to reenable Ad-Watch
« Last Edit: October 25, 2004, 11:14:48 PM by benditup » Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 18, 2018, 04:45:59 AM