Sign in with
Sign up | Sign in
Your question

IE problems

Last response: in Windows XP
Share
Anonymous
May 17, 2005 12:27:25 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have a user that is using WindowsXP SP2 with the newest version of IE. The
problem is whenever the user clicks any e-mail link within IE; about 60 IE
windows open. The user is using Outlook 2003 as his e-mail program and is
set as the default e-mail program. I have run adware and spam programs and
they find nothing. I have also ran anti-virus programs (Trend Micro &
Norton) they also come up with nothing. Anyone with any idea what is causing
this.
The users HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:16:01 AM, on 5/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Castelle\FaxPress\FaxTray.Exe
C:\Program Files\Castelle\FaxPress\ExCnvt.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\jwilkins\Desktop\HiJackThis\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper -
{601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP

Pro\wsbho2k0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program
Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [CstlFaxTray] C:\Program
Files\Castelle\FaxPress\FaxTray.Exe /s
O4 - HKLM\..\Run: [FPEXCNVT] C:\Program Files\Castelle\FaxPress\ExCnvt.exe
O4 - HKLM\..\Run: [Webroot Spy Sweeper, Enterprise Edition] c:\Program
Files\Webroot\Enterprise\Spy

Sweeper\SpySweeperTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program

Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = companyname.com
O17 - HKLM\Software\..\Telephony: DomainName = companyname.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = companyname.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) -
Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec
Corporation - C:\Program Files\Symantec

AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Inc - C:\Program
Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec
AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program
Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot
Software, Inc. - C:\Program

Files\Webroot\Enterprise\CommAgent\CommAgent.exe
O23 - Service: Webroot SpySweeper Service (WebrootSpySweeperService) -
Webroot Software, Inc. - C:\Program

Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe

Anyone with any idea???
Thanks for any help!

Zagman13

More about : problems

Anonymous
May 17, 2005 1:43:05 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

For Internet Explorer assistance:

Please visit the Internet Explorer newsgroup experts:
news://msnews.microsoft.com/microsoft.public.windows.inetexplorer.ie6.browser

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/window...

-------------------------------------------------------------------------------------------

"Zagman13" wrote:

| I have a user that is using WindowsXP SP2 with the newest version of IE. The
| problem is whenever the user clicks any e-mail link within IE; about 60 IE
| windows open. The user is using Outlook 2003 as his e-mail program and is
| set as the default e-mail program. I have run adware and spam programs and
| they find nothing. I have also ran anti-virus programs (Trend Micro &
| Norton) they also come up with nothing. Anyone with any idea what is causing
| this.
| The users HijackThis log:
|
| Logfile of HijackThis v1.99.1
| Scan saved at 7:16:01 AM, on 5/12/2005
| Platform: Windows XP SP2 (WinNT 5.01.2600)
| MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
|
| Running processes:
| C:\WINDOWS\System32\smss.exe
| C:\WINDOWS\system32\winlogon.exe
| C:\WINDOWS\system32\services.exe
| C:\WINDOWS\system32\lsass.exe
| C:\WINDOWS\system32\svchost.exe
| C:\WINDOWS\System32\svchost.exe
| C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
| C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
| C:\WINDOWS\system32\spoolsv.exe
| C:\WINDOWS\system32\basfipm.exe
| C:\Program Files\Symantec AntiVirus\DefWatch.exe
| C:\Program Files\Dell\OpenManage\Client\Iap.exe
| C:\Program Files\Symantec AntiVirus\Rtvscan.exe
| C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe
| C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe
| C:\WINDOWS\Explorer.EXE
| C:\WINDOWS\system32\hkcmd.exe
| C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
| C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
| C:\Program Files\Common Files\Symantec Shared\ccApp.exe
| C:\PROGRA~1\SYMANT~1\VPTray.exe
| C:\Program Files\Castelle\FaxPress\FaxTray.Exe
| C:\Program Files\Castelle\FaxPress\ExCnvt.exe
| C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe
| C:\WINDOWS\system32\msiexec.exe
| C:\Documents and Settings\jwilkins\Desktop\HiJackThis\HijackThis1991.exe
|
| R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
| http://www.dell.com
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
| http://www.yahoo.com/
| R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
| http://www.dell.com
| R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
| http://www.dell.com
| R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
| http://windowsupdate.microsoft.com/
| O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
| C:\Program Files\Adobe\Acrobat
|
| 7.0\ActiveX\AcroIEHelper.dll
| O2 - BHO: Ipswitch.WsftpBrowserHelper -
| {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP
|
| Pro\wsbho2k0.dll
| O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
| O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
| O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
| Files\Java\j2re1.4.2_03\bin\jusched.exe
| O4 - HKLM\..\Run: [DVDLauncher] "C:\Program
| Files\CyberLink\PowerDVD\DVDLauncher.exe"
| O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
| Shared\ccApp.exe"
| O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
| O4 - HKLM\..\Run: [CstlFaxTray] C:\Program
| Files\Castelle\FaxPress\FaxTray.Exe /s
| O4 - HKLM\..\Run: [FPEXCNVT] C:\Program Files\Castelle\FaxPress\ExCnvt.exe
| O4 - HKLM\..\Run: [Webroot Spy Sweeper, Enterprise Edition] c:\Program
| Files\Webroot\Enterprise\Spy
|
| Sweeper\SpySweeperTray.exe
| O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
| Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
| O8 - Extra context menu item: E&xport to Microsoft Excel -
| res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
| O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
| C:\Program
|
| Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
| O9 - Extra 'Tools' menuitem: Sun Java Console -
| {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
|
| Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
| O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
| C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
| O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
| C:\Program Files\Messenger\msmsgs.exe
| O9 - Extra 'Tools' menuitem: Windows Messenger -
| {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
|
| Files\Messenger\msmsgs.exe
| O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
|
| http://a840.g.akamai.net/7/840/537/2004061001/housecall...
| O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = companyname.com
| O17 - HKLM\Software\..\Telephony: DomainName = companyname.com
| O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = companyname.com
| O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
| O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
| O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) -
| Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
| O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
| C:\Program Files\Common Files\Symantec
|
| Shared\ccEvtMgr.exe
| O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
| Corporation - C:\Program Files\Common Files\Symantec
|
| Shared\ccPwdSvc.exe
| O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
| C:\Program Files\Common Files\Symantec
|
| Shared\ccSetMgr.exe
| O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec
| Corporation - C:\Program Files\Symantec
|
| AntiVirus\DefWatch.exe
| O23 - Service: Iap - Dell Inc - C:\Program
| Files\Dell\OpenManage\Client\Iap.exe
| O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec
| AntiVirus\SavRoam.exe
| O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
| Corporation - C:\Program Files\Common
|
| Files\Symantec Shared\SNDSrvc.exe
| O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program
| Files\Symantec AntiVirus\Rtvscan.exe
| O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot
| Software, Inc. - C:\Program
|
| Files\Webroot\Enterprise\CommAgent\CommAgent.exe
| O23 - Service: Webroot SpySweeper Service (WebrootSpySweeperService) -
| Webroot Software, Inc. - C:\Program
|
| Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe
|
| Anyone with any idea???
| Thanks for any help!
|
| Zagman13
May 17, 2005 3:17:04 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In news:%23HZvOyuWFHA.2080@TK2MSFTNGP15.phx.gbl,
Zagman13 <zagman13@hotmail.com> had this to say:

My reply is at the bottom of your sent message:

> I have a user that is using WindowsXP SP2 with the newest version of
> IE. The problem is whenever the user clicks any e-mail link within
> IE; about 60 IE windows open. The user is using Outlook 2003 as his
> e-mail program and is set as the default e-mail program. I have run
> adware and spam programs and they find nothing. I have also ran
> anti-virus programs (Trend Micro & Norton) they also come up with
> nothing. Anyone with any idea what is causing this.
> The users HijackThis log:
<snip>

AumHa Forums:
http://forum.aumha.org/viewforum.php?f=30

That'd be where you'd want to post the HJT log.

Galen
--

"And that recommendation, with the exaggerated estimate of my ability
with which he prefaced it, was, if you will believe me, Watson, the
very first thing which ever made me feel that a profession might be
made out of what had up to that time been the merest hobby."

Sherlock Holmes
!