Windows Vista What's going on?

  • Thread starter Thread starter Just.some.guy
  • Start date Start date


Every time I use Internet Explorer OR Firefox and go to a website, another
page will open up as well. It can be something touting car insurance, life get my drift...someone trying to sell something. I haven't
opened up any executible files recently, I don't even use this computer that
often, it is my laptop and I usually use my desktop. It is a Gateway,
running Premium SP1. I have Mcafee Security suite, spybot,(just added AFTER
problem) and Windows Defender. I was wondering if this is a case of
hijacking? I downloaded *Hijack this* and this is the logfile, although it
might as well be written in martian to me...I don't understand a thing!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:08 AM, on 6/6/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\\Agent\mcagent.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector -
{CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare
Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program
Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network
Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program
Files\\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom
HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [iolo Startup] "C:\Program
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
O4 - HKCU\..\Run: [cdloader]
"C:\Users\Lyle\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [zgbnsvin] c:\users\lyle\appdata\local\zgbnsvin.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
O8 - Extra context menu item: E&xport to Microsoft Excel -
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere
Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program
Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel
Corporation - C:\Program Files\Intel\Intel Matrix Storage
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown
owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner -
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. -
C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program
Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. -
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee,
Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks,
Inc. - C:\Program Files\Pure Networks\Network
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks,
Inc. - C:\Program Files\Common Files\Pure Networks
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer
Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

End of file - 10303 bytes
Re: What's going on?

Your start/.../system tools has an icon for 'Internet Explorer(No Add ons)'
See if it happens then.
You may have one installed that does that. (see IE, Tools menu, "Manage
click the Ratings button. Voting helps the web interface. see ''rate a post''
Mark L. Ferguson

"Just.some.guy" <> wrote in message
> Every time I use Internet Explorer OR Firefox and go to a website, another
> page will open up as well. It can be something touting car insurance, life
> get my drift...someone trying to sell something. I haven't
> opened up any executible files recently, I don't even use this computer
> that often, it is my laptop and I usually use my desktop. It is a Gateway,
> running Premium SP1. I have Mcafee Security suite, spybot,(just added
> AFTER problem) and Windows Defender. I was wondering if this is a case of
> hijacking? I downloaded *Hijack this* and this is the logfile, although it
> might as well be written in martian to me...I don't understand a thing!
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 7:19:08 AM, on 6/6/2008
> Platform: Windows Vista SP1 (WinNT 6.00.1905)
> MSIE: Internet Explorer v7.00 (7.00.6001.18000)
> Boot mode: Normal
> Running processes:
> C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
> C:\Windows\system32\taskeng.exe
> C:\Windows\Explorer.EXE
> C:\Windows\system32\Dwm.exe
> C:\Program Files\Windows Defender\MSASCui.exe
> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
> C:\Program Files\Windows Media Player\wmpnscfg.exe
> C:\Windows\system32\wbem\unsecapp.exe
> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
> C:\Program Files\Spare Backup\SpareBackup.exe
> C:\Windows\ZSSnp211.exe
> C:\Windows\Domino.exe
> C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
> C:\Program Files\Logitech\QuickCam\Quickcam.exe
> C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
> C:\Program Files\Pure Networks\Network Magic\nmapp.exe
> C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
> C:\Windows\System32\igfxtray.exe
> C:\Windows\System32\hkcmd.exe
> C:\Windows\System32\igfxpers.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\Logitech\SetPoint\LBTWiz.exe
> C:\Program Files\\Agent\mcagent.exe
> C:\Program Files\TomTom HOME\TomTomHOME.exe
> C:\Windows\system32\igfxsrvc.exe
> C:\Windows\ehome\ehtray.exe
> C:\Users\Lyle\AppData\Local\zgbnsvin.exe
> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
> C:\Program Files\Logitech\SetPoint\SetPoint.exe
> C:\Program Files\YPOPs\YPOPs.exe
> C:\Windows\ehome\ehmsas.exe
> C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
> C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
> C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
> C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
> C:\Program Files\Windows Mail\WinMail.exe
> c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
> C:\Program Files\Windows Mail\WinMail.exe
> C:\Program Files\Mozilla Firefox\firefox.exe
> C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
> O2 - BHO: Adobe PDF Reader Link Helper -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
> Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
> O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
> {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
> Files\Real\RealPlayer\rpbrowserrecordplugin.dll
> O2 - BHO: Spybot-S&D IE Protection -
> {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
> O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
> C:\Program Files\McAfee\VirusScan\scriptsn.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> c:\program files\google\googletoolbar1.dll
> O2 - BHO: Browser Address Error Redirector -
> {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program files\google\googletoolbar1.dll
> O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
> Defender\MSASCui.exe -hide
> O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage
> Manager\Iaanotif.exe"
> O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
> O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
> Desktop Search\GoogleDesktop.exe" /startup
> O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare
> Backup\SpareBackup.exe" /silent
> O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
> O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
> O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common
> Files\LogiShrd\LComMgr\Communications_Helper.exe"
> O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program
> Files\Logitech\QuickCam\Quickcam.exe" /hide
> O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
> O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks
> Shared\Platform\nmctxth.exe"
> O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network
> Magic\nmapp.exe" -autorun -nosplash
> O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
> O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
> O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
> O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
> O4 - HKLM\..\Run: [mcagent_exe] C:\Program
> Files\\Agent\mcagent.exe /runkey
> O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom
> HOME\TomTomHOME.exe" -s
> O4 - HKLM\..\Run: [iolo Startup] "C:\Program
> Files\iolo\Common\Lib\ioloLManager.exe"
> O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
> O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
> Player\WMPNSCFG.exe
> O4 - HKCU\..\Run: [cdloader]
> "C:\Users\Lyle\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
> O4 - HKCU\..\Run: [zgbnsvin] c:\users\lyle\appdata\local\zgbnsvin.exe
> zgbnsvin
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
> Destroy\TeaTimer.exe
> O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows
> Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
> O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
> oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
> O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows
> Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
> O4 - Startup: YPOPs.lnk = ?
> O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
> Files\Logitech\SetPoint\SetPoint.exe
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office\OSA9.EXE
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\jre1.6.0_05\bin\ssv.dll
> O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
> {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O13 - Gopher Prefix:
> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
> Object) -
> O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
> O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere
> Systems - C:\Windows\system32\agrsmsvc.exe
> O23 - Service: GoogleDesktopManager - Google - C:\Program
> Files\Google\Google Desktop Search\GoogleDesktopManager.exe
> O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
> Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel
> Corporation - C:\Program Files\Intel\Intel Matrix Storage
> Manager\Iaantmon.exe
> O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown
> owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
> O23 - Service: iolo System Service (ioloSystemService) - Unknown owner -
> C:\Program Files\iolo\common\lib\ioloServiceManager.exe
> O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. -
> C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
> O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common
> Files\LogiShrd\LVCOMSER\LVComSer.exe
> O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program
> Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
> O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common
> Files\LogiShrd\SrvLnch\SrvLnch.exe
> O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -
> C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
> O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. -
> c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
> O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -
> C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
> O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -
> c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
> O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -
> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
> O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -
> C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
> O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee,
> Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
> O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks,
> Inc. - C:\Program Files\Pure Networks\Network
> Magic\WebServer\bin\nmraapache.exe
> O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks,
> Inc. - C:\Program Files\Common Files\Pure Networks
> Shared\Platform\nmsrvc.exe
> O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer
> Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
> --
> End of file - 10303 bytes
Re: What's going on?

Just.some.guy wrote:

> Every time I use Internet Explorer OR Firefox and go to a website, another
> page will open up as well. It can be something touting car insurance, life
> get my drift...someone trying to sell something. I haven't
> opened up any executible files recently, I don't even use this computer
> that often, it is my laptop and I usually use my desktop. It is a Gateway,
> running Premium SP1. I have Mcafee Security suite, spybot,(just added
> AFTER problem) and Windows Defender. I was wondering if this is a case of
> hijacking? I downloaded *Hijack this* and this is the logfile, although it
> might as well be written in martian to me...I don't understand a thing!

(snip HJT log)

You apparently have picked up some malware, but we don't analyze HijackThis
logs here in the MS newsgroups. It takes a great deal of time and expertise
to do that and you won't get the attention you need here. I'll give you
some general malware removal steps to go through and also links to
specialty forums where you can post your HJT log and get guided help.

Go through these general malware removal steps systematically -

Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista. - instructions - download link and more instructions

When all else fails, get guided help. Choose one of the specialty forums
listed at the end of this post (in no particular order). Register and read
its posting FAQ. DO NOT POST LOGS IN THE MS NEWSGROUPS. - HijackThis tutorial by Merijn - another
tutorial - Click on the HijackThis forum. Read the announcement and
the stickies *first*.

If you can't do the work yourself (and there is no shame in admitting this
isn't your cup of tea), take the machine to a professional computer repair
shop (not your local equivalent of BigComputerStore/GeekSquad). Please be
aware that not all local shops are skilled at removing malware and even if
they are, your computer may be so infested that Windows will need to be
clean-installed. If possible, have all your data backed up before you take
the machine into a shop.

Elephant Boy Computers
Don't Panic!
Re: What's going on?

I always recommend to save the data you need on your computer and wipe and
reinstall. Sometimes cleaning it out can damage certain system files. I know
that's not the answer your looking for. It has a guaranteed result. Cleaning
it out does not.

"Just.some.guy" <> wrote in message
> Every time I use Internet Explorer OR Firefox and go to a website, another
> page will open up as well. It can be something touting car insurance, life
> get my drift...someone trying to sell something. I haven't
> opened up any executible files recently, I don't even use this computer
> that often, it is my laptop and I usually use my desktop. It is a Gateway,
> running Premium SP1. I have Mcafee Security suite, spybot,(just added
> AFTER problem) and Windows Defender. I was wondering if this is a case of
> hijacking? I downloaded *Hijack this* and this is the logfile, although it
> might as well be written in martian to me...I don't understand a thing!
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 7:19:08 AM, on 6/6/2008
> Platform: Windows Vista SP1 (WinNT 6.00.1905)
> MSIE: Internet Explorer v7.00 (7.00.6001.18000)
> Boot mode: Normal
> Running processes:
> C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
> C:\Windows\system32\taskeng.exe
> C:\Windows\Explorer.EXE
> C:\Windows\system32\Dwm.exe
> C:\Program Files\Windows Defender\MSASCui.exe
> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
> C:\Program Files\Windows Media Player\wmpnscfg.exe
> C:\Windows\system32\wbem\unsecapp.exe
> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
> C:\Program Files\Spare Backup\SpareBackup.exe
> C:\Windows\ZSSnp211.exe
> C:\Windows\Domino.exe
> C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
> C:\Program Files\Logitech\QuickCam\Quickcam.exe
> C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
> C:\Program Files\Pure Networks\Network Magic\nmapp.exe
> C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
> C:\Windows\System32\igfxtray.exe
> C:\Windows\System32\hkcmd.exe
> C:\Windows\System32\igfxpers.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\Logitech\SetPoint\LBTWiz.exe
> C:\Program Files\\Agent\mcagent.exe
> C:\Program Files\TomTom HOME\TomTomHOME.exe
> C:\Windows\system32\igfxsrvc.exe
> C:\Windows\ehome\ehtray.exe
> C:\Users\Lyle\AppData\Local\zgbnsvin.exe
> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
> C:\Program Files\Logitech\SetPoint\SetPoint.exe
> C:\Program Files\YPOPs\YPOPs.exe
> C:\Windows\ehome\ehmsas.exe
> C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
> C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
> C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
> C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
> C:\Program Files\Windows Mail\WinMail.exe
> c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
> C:\Program Files\Windows Mail\WinMail.exe
> C:\Program Files\Mozilla Firefox\firefox.exe
> C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
> O2 - BHO: Adobe PDF Reader Link Helper -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
> Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
> O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
> {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
> Files\Real\RealPlayer\rpbrowserrecordplugin.dll
> O2 - BHO: Spybot-S&D IE Protection -
> {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
> O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
> C:\Program Files\McAfee\VirusScan\scriptsn.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> c:\program files\google\googletoolbar1.dll
> O2 - BHO: Browser Address Error Redirector -
> {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program files\google\googletoolbar1.dll
> O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
> Defender\MSASCui.exe -hide
> O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage
> Manager\Iaanotif.exe"
> O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
> O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
> Desktop Search\GoogleDesktop.exe" /startup
> O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare
> Backup\SpareBackup.exe" /silent
> O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
> O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
> O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common
> Files\LogiShrd\LComMgr\Communications_Helper.exe"
> O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program
> Files\Logitech\QuickCam\Quickcam.exe" /hide
> O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
> O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks
> Shared\Platform\nmctxth.exe"
> O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network
> Magic\nmapp.exe" -autorun -nosplash
> O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
> O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
> O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
> O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
> O4 - HKLM\..\Run: [mcagent_exe] C:\Program
> Files\\Agent\mcagent.exe /runkey
> O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom
> HOME\TomTomHOME.exe" -s
> O4 - HKLM\..\Run: [iolo Startup] "C:\Program
> Files\iolo\Common\Lib\ioloLManager.exe"
> O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
> O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
> Player\WMPNSCFG.exe
> O4 - HKCU\..\Run: [cdloader]
> "C:\Users\Lyle\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
> O4 - HKCU\..\Run: [zgbnsvin] c:\users\lyle\appdata\local\zgbnsvin.exe
> zgbnsvin
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
> Destroy\TeaTimer.exe
> O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows
> Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
> O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
> oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
> O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows
> Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
> O4 - Startup: YPOPs.lnk = ?
> O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
> Files\Logitech\SetPoint\SetPoint.exe
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office\OSA9.EXE
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\jre1.6.0_05\bin\ssv.dll
> O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
> {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O13 - Gopher Prefix:
> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
> Object) -
> O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
> O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere
> Systems - C:\Windows\system32\agrsmsvc.exe
> O23 - Service: GoogleDesktopManager - Google - C:\Program
> Files\Google\Google Desktop Search\GoogleDesktopManager.exe
> O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
> Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel
> Corporation - C:\Program Files\Intel\Intel Matrix Storage
> Manager\Iaantmon.exe
> O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown
> owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
> O23 - Service: iolo System Service (ioloSystemService) - Unknown owner -
> C:\Program Files\iolo\common\lib\ioloServiceManager.exe
> O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. -
> C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
> O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common
> Files\LogiShrd\LVCOMSER\LVComSer.exe
> O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program
> Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
> O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common
> Files\LogiShrd\SrvLnch\SrvLnch.exe
> O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -
> C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
> O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. -
> c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
> O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -
> C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
> O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -
> c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
> O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -
> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
> O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -
> C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
> O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee,
> Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
> O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks,
> Inc. - C:\Program Files\Pure Networks\Network
> Magic\WebServer\bin\nmraapache.exe
> O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks,
> Inc. - C:\Program Files\Common Files\Pure Networks
> Shared\Platform\nmsrvc.exe
> O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer
> Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
> --
> End of file - 10303 bytes
Re: What's going on?

"Just.some.guy" <> wrote:

>Every time I use Internet Explorer OR Firefox and go to a website, another
>page will open up as well. It can be something touting car insurance, life
> get my drift...someone trying to sell something.

In your long list, you didn't mention the popup blocker in both IE and
Firefox. Have you turned that option on? In IE it's Tools|Options,
"Privacy" tab. I don't have FF in front of me (employer doesn't allow
anything but IE6), but it will be in the options settings someplace.

Tim Slattery
MS MVP(Shell/User)
Re: What's going on?

Just.some.guy wrote:
> Every time I use Internet Explorer OR Firefox and go to a website,
> another page will open up as well. It can be something touting car
> insurance, life get my drift...someone trying to sell
> something.

Try posting your HJT logs into this forum.

When you get over to the HijackThis! forum, you might want to ask more
this entry in your registry:

O4 - HKCU\..\Run: [zgbnsvin] c:\users\lyle\appdata\local\zgbnsvin.exe
Re: What's going on?

"Tim Slattery" <> wrote in message
> "Just.some.guy" <> wrote:
>>Every time I use Internet Explorer OR Firefox and go to a website, another
>>page will open up as well. It can be something touting car insurance, life
>> get my drift...someone trying to sell something.

> In your long list, you didn't mention the popup blocker in both IE and
> Firefox. Have you turned that option on? In IE it's Tools|Options,
> "Privacy" tab. I don't have FF in front of me (employer doesn't allow
> anything but IE6), but it will be in the options settings someplace.
> --
> Tim Slattery
> MS MVP(Shell/User)

I have IE 7, and popup blocker is on.Whatever this is it's driving me crazy.
Thanks to all for trying to help:-)
System Junked Up

System Junked Up

I think Shawn Skonberg is right. Clean install is unusually the way to go. I would add get a 'disk imager' ( I use Acronis' True Image)and when you get the new cleaned system to the state you want copy the entire system drive (C:\)to an external drive (or other external storage). So if this happens again you can restore your systme to a clean one. The only drawback is that you may have to install software or devices installed after the first disk copy. Also I noticed that you seem to have a lot of junk in your hijack log. Like Google Desktop?? Use Copernic and uncheck "Start application when computer starts" so it will start up when YOU want it to start.