Hello My IE6 pops up by itself and goes to some web pages (advertising) I run ad-aware, but it did not help. I also run Hijackthis and here is results, can anybody help me to check is there anything that normally should not be there? Thanks4help! Logfile of HijackThis v1.99.1 Scan saved at 17:34:46, on 14.5.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Altiris\AClient\Aclient.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINNT\system32\PROT_SRV.EXE C:\WINNT\system32\pagents.exe C:\WINNT\system32\PSTARTSR.EXE C:\Program Files\TiFiC\TiFiC System Service\TiFiC System Service.exe C:\Program Files\UPHClean\uphclean.exe C:\WINNT\system32\CCM\CcmExec.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\hkcmd.exe C:\WINNT\system32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\WINNT\stsystra.exe C:\WINNT\system32\igfxsrvc.exe C:\WINNT\system32\rundll32.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Common Files\McAfee Inc\TalkBack\TBMon.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Altiris\AClient\AClntUsr.EXE C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Pointsec\P95tray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\PROGRA~1\MESSEN~1\Msmsgs.exe C:\Program Files\Power DVD Player\PowerDVDPlayer.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe C:\WINNT\system32\proquota.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\DATA\lataus\hijackthis_sfx.exe C:\Program Files\HijackThis\HijackThis.exe C:\WINNT\system32\NOTEPAD.EXE O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\McAfee Inc\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [PeregrineStart] wscript.exe "C:\WINNT\Script\PeregrineStart.vbs" O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE O4 - HKLM\..\Run: [startup_local] C:\Program Files\Startup_Local\startup_local.vbs O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Protect Tray] "C:\Program Files\Pointsec\P95tray.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background O4 - HKCU\..\Run: [Power DVD Player] "C:\Program Files\Power DVD Player\PowerDVDPlayer.exe" hmw O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader\reader_sl.exe O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ? O4 - Global Startup: VPN Client.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Highlight - C:\WINNT\Web\HIGHLI~1.HTM O8 - Extra context menu item: &Web Search - C:\WINNT\Web\SELSEA~1.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: I&mages List - C:\WINNT\Web\imglist.htm O8 - Extra context menu item: Open Frame in &New Window - C:\WINNT\Web\frm2new.htm O8 - Extra context menu item: View Partial So&urce - C:\WINNT\Web\source.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.Microsoft.com O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - ... O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http:// O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http:// O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http:// O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tcad.telia.se O17 - HKLM\Software\..\Telephony: DomainName = tcad.telia.se O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tcad.telia.se O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\Aclient.exe O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Pointsec - Unknown owner - C:\WINNT\system32\PROT_SRV.EXE O23 - Service: Pointsec update agent (Pointsec_agent) - Unknown owner - C:\WINNT\system32\pagents.exe O23 - Service: Pointsec service start (Pointsec_start) - Unknown owner - C:\WINNT\system32\PSTARTSR.EXE O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TiFiC System Service - TiFiC AB - C:\Program Files\TiFiC\TiFiC System Service\TiFiC System Service.exe
try the windows virus and spyware section, they can help you more. also switch to firefox, better for internet
Thank you, ddp; I'll take it from here In your HijackThis, do a scan only. Place checks beside the following: O4 - HKLM\..\Run: [startup_local] C:\Program Files\Startup_Local\startup_local.vbs O4 - HKCU\..\Run: [Power DVD Player] "C:\Program Files\Power DVD Player\PowerDVDPlayer.exe" hmw O8 - Extra context menu item: &Web Search - C:\WINNT\Web\SELSEA~1.HTM O8 - Extra context menu item: I&mages List - C:\WINNT\Web\imglist.htm O8 - Extra context menu item: Open Frame in &New Window - C:\WINNT\Web\frm2new.htm O8 - Extra context menu item: View Partial So&urce - C:\WINNT\Web\source.htm Take a look at all the O15 entries and all the O17 entries. Did you add them/Do you know them? If not, place checks beside them as well. Press "Fix Checked". There's no known virus that uses these files, as all websites say that they are being identified: C:\WINNT\system32\PROT_SRV.EXE C:\WINNT\system32\pagents.exe C:\WINNT\system32\PSTARTSR.EXE If you use Pointsec Hard Disk Encryption, those should be safe.
