Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE windows opening and directing me to ad sites...


  • Please log in to reply

#1
Birdienumnums

Birdienumnums

    New Member

  • Member
  • Pip
  • 2 posts
hi!

I have followed the instructions in the intro page and have successfully used the following tools:
AdAware
CWShredder
Spybot
Tds

I have also scanned for viruses using my virus program: eTrust EZarmor
and I have also used the follwoing web-based virus scanners:
Panda Scan
and
Trend Micro housecall

I have run all of these applications at least twice, and I have yet to get a clean bill from them all. TDS, EZarmor, AdAware, and Spybit have given clean bills of health... but not after I reboot. Every single one of the programs came up with SOMETHING, and they were usually all different. Needless to say, as a relative novice, I am freaking out!

Any help you can offer would be greatly appreciated! Thanks a million in advance!

Here is the Hijack This logfile:

Logfile of HijackThis v1.99.1
Scan saved at 4:21:37 AM, on 4/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\WINDOWS\system32\CTsvcCDA.EXE
D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\GetRight\GETRIGHT.EXE
D:\Program Files\GetRight\GETRIGHT.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Tom.BIRDIENUMNUMS\Desktop\backups\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f138.mail....d=71j3ql7ssk7v8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CaAvTray] "D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [AudioHQ] D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Geek Superhero] D:\Program Files\Geek Superhero\GeekSuperhero.exe
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Bug Swatter Options - {99FEA1A2-7881-11D1-A9E2-00403320FCF2} - D:\Program Files\Geek Superhero\GeekSuperheroX.dll
O9 - Extra button: Popup Slapdown Options - {A1100DDB-B277-4CAA-A640-B299D79FE25E} - D:\Program Files\Geek Superhero\GeekSuperheroX.dll
O9 - Extra button: Phishing Net Options - {B1100DDB-B277-4CAA-A640-B299D79FE25E} - D:\Program Files\Geek Superhero\GeekSuperheroX.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://211.79.170.21...sCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00CC0CBB-4FCB-4C1B-B0EF-E4443EE6E70B}: NameServer = 168.95.192.1 168.95.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 168.95.192.1 168.95.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{00CC0CBB-4FCB-4C1B-B0EF-E4443EE6E70B}: NameServer = 168.95.192.1 168.95.1.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 168.95.192.1 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 168.95.192.1 168.95.1.1
O20 - Winlogon Notify: BITS - D:\WINDOWS\system32\j2n20c5oef.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe





I have no idea how to get rid of the problem.

The problem, simply put, is that whenever I am on-line, Internet Explorer windows pop-up spontaneously and direct themselves to one of several advertising websites (I also got Lycos search a couple of times). This happens even when I am not actually using IE at the moment and when I have no IE windows open.

My windows Messenger service is turned off. I am running Windows XP with SP2 installed.
  • 0

Advertisements


#2
Birdienumnums

Birdienumnums

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
;) Looks like the problem is fixed! I ran all the sufggested programs again, this time WITHOUT rebooting between any of them, and the problem has not re-occured! :tazz:

...cool!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP