--Rob
Logfile of HijackThis v1.99.1
Scan saved at 12:19:56 PM, on 9/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL
Server\MSSQL$PROFXENGAGEMENT\Binn\sqlservr.exe
C:\PFXENG~1\Common\PFXEngDesktopService.exe
C:\PFXENG~1\Common\PFXSYNPFTService.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Altigen\AltiView\AltiView.exe
C:\Pfx Engagement\WM\PfxPDFConvertService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Doc-It\Doc-ItAgent.Exe
C:\Program Files\Doc-It\Doc-ItViewer.exe
C:\Program Files\CCH\perform plus II 2004\engine.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\system32\msiexec.exe
Y:\rmitchell\data\downloads\HiJack This 20050919 1221\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEEvent Class - {157F70D2-49E8-11D3-B094-005004116944} -
C:\Program Files\Altigen\Shared Files\IEEventView.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe"
/auto
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AltiView.lnk = C:\Program
Files\Altigen\AltiView\AltiView.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: PfxPDFConvertService.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {009F119F-8723-11D3-8791-00A0C9EF9624} (RSFTreeView Class) -
https://eformrs.com/FormOpen/RSFormsTV.cab
O16 - DPF: {13F71666-05F2-11D2-B2F6-00A0C9A08B64} (CommonBridge Class) -
https://gosystemrs.fasttax.com/OCX/comconv.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage
Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {187728C3-71FD-11D3-878E-00A0C9EF9624} (RSFCalculating Class) -
https://eformrs.com/FormOpen/Dll/RSFCalc.cab
O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} (CLRMachineInfoCtl
Class)
-
https://gosystemrs.fasttax.com/OCX/RSLoginModule.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} (InstallShield Setup
Player 2K2) -
https://gosystemrs.fasttax.com/OCX/GRSClient2004/setup.exe
O16 - DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} (CLRTabbedList Class) -
https://gosystemrs.fasttax.com/OCX/RSTabbedList.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb
ActiveX
Control) -
https://gosystemrs.fasttax.com/OCX/iftwclix.cab
O16 - DPF: {7279DAF9-31ED-45D6-8CDA-E11A0D24956C} (WebForm Launch
Server) -
http://files.stf.com/Downloads/WebFormServer_v3.cab
O16 - DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} (WebAttachObj Class) -
https://gosystemrs.fasttax.com/OCX/WebAttachments.cab
O16 - DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} (GRSNotifierCtrl
Class) -
https://gosystemrs.fasttax.com/OCX/webnotifier.cab
O16 - DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} (MultiDownload Class) -
https://gosystemrs.fasttax.com/OCX/Downloader.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
https://gosystemrs.fasttax.com/OCX/msxml4.cab
O16 - DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} (IParseCSV Class) -
https://gosystemrs.fasttax.com/OCX/DCParse.cab
O16 - DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} (FrmSrcCt Control) -
https://gosystemrs.fasttax.com/OCX/frmsrc.cab
O16 - DPF: {99140A4E-88C5-11D3-8793-00A0C9EF9624} (RSFDisplay Class) -
https://eformrs.com/FormOpen/RSFormsDP.cab
O16 - DPF: {BFDF0737-E4C4-4150-95BD-0A8AE9B372C3} (RSFConvert.MDB) -
https://eformrs.com/RSFConvert.cab
O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072}
-) VideoSoft FlexGrid
7.0 (OLEDB)) -
https://gosystemrs.fasttax.com/OCX/vsflex7.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mrdcpa.com
O17 - HKLM\Software\..\Telephony: DomainName = mrdcpa.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mrdcpa.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mrdcpa.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec
Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. -
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: PFXEngDesktopService - Unknown owner -
C:\PFXENG~1\Common\PFXEngDesktopService.exe
O23 - Service: PFXSYNPFTService - Unknown owner -
C:\PFXENG~1\Common\PFXSYNPFTService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec
AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program
Files\Symantec AntiVirus\Rtvscan.exe
Jan Il said:
Hi Rob
If you have tried all the suggestions, and run the scans for scumware,
and
are sure your system if totally clean, and there are no 3rd party
programs
running in the bacground, then try the following:
IE Fix
http://windowsxp.mvps.org/IEFIX.htm
Also, if you posted your HiJackLog on one for the recommended forums, or
any
other of your choice, please post a link here to your post at the forum
so
that we might review it for perhaps other clues to the problem. If you
have
not done this, please do so, as it is a very helpful tool in seeing what
underlying issues could be causing the problem.
Hope this helps.
Jan
MS MVP - IE/OE
Smiles are meant to be shared,
that's why they're so contagious.
Replies posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
Thx for the help Jan. I'm running Windows XP sp2.
I tried the procedures you mention, but they didn't seem to help.
Specifically, my problem is that every time I open a new link, it
closes
the
previous window. So, I don't have problems opening new links, but I do
have
problems having multiple windows of IE 6 open at the same time.
Any other ideas?
:
Hi Rob
You don't mentin the version of Windows you are using, so I will have
to
take a guess at answering. Try the following and see if it helps.
This is often caused by third-party browser add-ons. Disable all
Pop-up
blockers if installed any. Here is a detailed note from Don Varnau,
MS-MVP
Internet Explorer.
<quote>
You probably have a program running which is blocking pop-up windows-
something like Yahoo Companion, Google toolbar, MSN toolbar, a
firewall,
Earthlink (or another) pop-up blocker, MyIE2 (or another shell for IE)
etc.
You'll have to turn off the feature that's blocking new windows or,
perhaps,
uninstall the program.
also...
From IE> Tools> Internet Options> Advanced> Browsing> uncheck "Reuse
windows
for launching shortcuts."
<end quote>
and…...
How to open Multiple Browser Windows
http://navigators.com/multiple_browsers.html
also.....................
Courtesy of Venkatesh
Try these steps:
Open IE>Tools>Internet Options.
Select Advanced tab and click the [restore defaults] button.
Later, select the Programs and click the [reset web settings] button.
Click OK.
or.................
You Cannot Open New Internet Explorer Window or Nothing Happens After
You
Click a Link
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q281679
and...
It could be caused by some scumware that has infected your system:
Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
Courtesy of PA Bear
Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/data/tshoot.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com
Dealing with an infected PC
http://www.microsoft.com/windowsxp/using/security/expert/russel_infectedpc.mspx
Hope this helps.
Jan
MS MVP - IE/OE
Smiles are meant to be shared,
that's why they're so contagious.
Replies posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
my IE 6 has changed recently causing it to open every link in a new
window,
and close the previous window. in effect, IE 6 will only open in
one
window
at a time. multiple instances of IE 6 no longer work. can anyone
shed
some
light on this? thx
