Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE opens unwanted windows to unwanted sites

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: IE opens unwanted windows to unwanted sites

Unread postby Shaba » December 9th, 2008, 12:51 pm

Then please see here

Method 1: Use Recovery Console to restore the User32.dll file.

After that, please re-scan user32.dll and post back fresh results.
User avatar
Admin/Teacher Emeritus
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Register to Remove

Re: IE opens unwanted windows to unwanted sites

Unread postby Dp31959 » December 10th, 2008, 12:49 pm

It didn't work. I got the new user32.dll from the windows cd ok. When I rebooted into windows I got the BSD with this error:

Stop: c000135 (unable to locate component).
This application failed to start because winsrv was not found. Reinstalling the application may fix this problem

The error happens after the windows logo screen. The computer then reboots and I get the same error & reboot over and over.

I do have the winsrv.dll in C:\WINDOWS\system32.

I did a little research on winsrv and this is what i found:

I am running XP sp 3.
I do not see any programs called Speed Blaster or Memory Meter on my computer, but Speed Blaster sounds familiar.
I did not do any of the recommended fixes because I didn't want to mess up what you are doing.

Thanks again

P.S. I don't know if you need these but here is the a scan of winsrv.dll by virustotal and a new Hijackthis log

File winsrv.dll received on 12.10.2008 17:39:37 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/38 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Antivirus Version Last Update Result
AhnLab-V3 2999.99.99.3 2008.12.10 -
AntiVir 2008.12.10 -
Authentium 2008.12.10 -
Avast 4.8.1281.0 2008.12.10 -
AVG 2008.12.10 -
BitDefender 7.2 2008.12.10 -
CAT-QuickHeal 10.00 2008.12.10 -
ClamAV 0.94.1 2008.12.10 -
Comodo 718 2008.12.10 -
DrWeb 2008.12.10 -
eSafe 2008.12.10 -
eTrust-Vet 31.6.6254 2008.12.10 -
Ewido 4.0 2008.12.10 -
F-Prot 2008.12.10 -
F-Secure 8.0.14332.0 2008.12.10 -
Fortinet 2008.12.10 -
GData 19 2008.12.10 -
Ikarus T3. 2008.12.10 -
K7AntiVirus 7.10.550 2008.12.10 -
Kaspersky 2008.12.10 -
McAfee 5459 2008.12.09 -
McAfee+Artemis 5459 2008.12.09 -
Microsoft 1.4205 2008.12.10 -
NOD32 3682 2008.12.10 -
Norman 5.80.02 2008.12.10 -
Panda 2008.12.09 -
PCTools 2008.12.10 -
Prevx1 V2 2008.12.10 -
Rising 2008.12.10 -
SecureWeb-Gateway 6.7.6 2008.12.10 -
Sophos 4.36.0 2008.12.10 -
Sunbelt 3.2.1801.2 2008.12.10 -
Symantec 10 2008.12.10 -
TheHacker 2008.12.10 -
TrendMicro 8.700.0.1004 2008.12.10 -
VBA32 2008.12.09 -
ViRobot 2008.12.10.1511 2008.12.10 -
VirusBuster 2008.12.10 -
Additional information
File size: 293376 bytes
MD5...: 1618f36d4f7f6ccceb3ee44ba95be85c
SHA1..: b7a9d09c9d154cba6cbd9bbc5039612ca9185b95
SHA256: 1ed920e475221228ef215708701ec166a0b1bbcbd236e5b047420ebd0ff1371a
SHA512: b24f24f0860ac32942ad0a918a99a5a0f1e0f34501c403498774c39c93356b69

ssdeep: 6144:cnZPwB/lqSCo0hNAR4Xefxg5n6ussTVBZqmUn1I:cnZ4BNo9NARYYgMuLTV

PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x75b673b3
timedatestamp.....: 0x4802a128 (Mon Apr 14 00:11:20 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3522f 0x35400 6.61 6b7744fb26751bf9dea0260bf0d5bf53
FE_TEXT 0x37000 0x5695 0x5800 6.45 df024fd3ff31bfd2364a5af7b5f76bf2
.data 0x3d000 0xf18 0xe00 1.74 6354f3d54cabba0f8744f7b9810f51d4
.rsrc 0x3e000 0x9830 0x9a00 4.67 6e5b0b5555868090041ead768137ef4c
.reloc 0x48000 0x20d0 0x2200 6.68 0f91a904cd955233dfb761e2a7c2d395

( 6 imports )
> BASESRV.dll: BaseSrvNlsUpdateRegistryCache, BaseSrvNlsLogon, BaseSetProcessCreateNotify
> CSRSRV.dll: CsrSetForegroundPriority, CsrSetBackgroundPriority, CsrCreateWait, CsrMoveSatisfiedWait, CsrDereferenceWait, CsrNotifyWait, CsrValidateMessageBuffer, CsrPopulateDosDevices, CsrDereferenceProcess, CsrReferenceThread, CsrShutdownProcesses, CsrLockThreadByClientId, CsrUnlockThread, CsrAddStaticServerThread, CsrLockProcessByClientId, CsrUnlockProcess, CsrExecServerThread, CsrConnectToUser, CsrDereferenceThread, CsrImpersonateClient, CsrRevertToSelf, CsrQueryApiPort, CsrGetProcessLuid
> GDI32.dll: CreateSolidBrush, DeleteObject, DeleteDC, GdiTransparentBlt, SelectObject, CreateCompatibleDC, GdiGetSpoolMessage, GdiInitSpool, bMakePathNameW, SetBitmapBits, CreateCompatibleBitmap, StretchDIBits, CombineRgn, InvertRgn, CreateDIBitmap, GetDIBits, PolyPatBlt, StretchBlt, GetBitmapBits, SetFontEnumeration, GetTextFaceW, EnumFontFamiliesExW, GetTextExtentPoint32W, CreateFontIndirectW, GdiAddFontResourceW, CreateBitmap, BitBlt, GetTextMetricsW, GetCharWidth32W, SetBkMode, GetStockObject, ExtTextOutW, PatBlt, GetRgnBox, GetCurrentObject, GdiConsoleTextOut, GdiFlush, GetRegionData, CreateRectRgn, CreateDCW, GetDeviceCaps, SetDIBitsToDevice, GetNearestColor, SetDCBrushColor, SetTextColor, SetBkColor, TranslateCharsetInfo, GetStringBitmapW, GdiFullscreenControl, SelectPalette, SetSystemPaletteUse, RealizePalette, GetLayout, SetLayout, GetObjectW
> KERNEL32.dll: InitializeCriticalSection, LocalReAlloc, LoadLibraryW, LeaveCriticalSection, EnterCriticalSection, RaiseException, GetModuleFileNameW, TerminateProcess, UnhandledExceptionFilter, CreateFileW, GlobalAlloc, GlobalSize, WTSGetActiveConsoleSessionId, GetCPInfo, WideCharToMultiByte, OpenProfileUserMapping, GetPrivateProfileStringW, CloseProfileUserMapping, GlobalAddAtomA, GlobalLock, lstrcpynW, GlobalUnlock, GlobalFree, SetProcessWorkingSetSize, GetStringTypeW, MultiByteToWideChar, InterlockedIncrement, InterlockedDecrement, FindResourceExW, LoadResource, LockResource, lstrlenA, Beep, TlsSetValue, TlsGetValue, GetExitCodeThread, GetExitCodeProcess, SetFilePointer, GetSystemDirectoryA, CreateFileA, GetOEMCP, GetACP, TlsAlloc, IsValidCodePage, lstrlenW, DuplicateHandle, ReadFile, CreateThread, GetCurrentThread, GetCurrentProcess, SetUnhandledExceptionFilter, SetNamedPipeHandleState, TransactNamedPipe, WaitForSingleObject, GetOverlappedResult, WaitNamedPipeW, OpenEventW, SetEvent, SetClientTimeZoneInformation, LoadLibraryExA, SetLastError, CreateRemoteThread, WaitForMultipleObjects, OpenProcess, CreateEventW, GetLastError, Sleep, CloseHandle, GetModuleHandleW, LocalAlloc, LocalFree, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, DisableThreadLibraryCalls, LoadLibraryA, InterlockedCompareExchange, FreeLibrary, GetProcAddress, DelayLoadFailureHook
> ntdll.dll: NtNotifyChangeKey, NtSetSystemInformation, NtQueryValueKey, RtlInitUnicodeString, NtOpenKey, NtQueryInformationProcess, RtlFreeSid, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, RtlAllocateAndInitializeSid, NtResetEvent, NtWaitForMultipleObjects, NtCreateEvent, swprintf, NtSetInformationThread, RtlUnicodeStringToInteger, NtClose, RtlOpenCurrentUser, NtSetEvent, LdrFlushAlternateResourceModules, RtlCreateUserThread, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlInitializeCriticalSection, NtQueryInformationToken, NtAlertThread, DbgUiIssueRemoteBreakin, DbgBreakPoint, _ltow, NtOpenProcessToken, RtlNtStatusToDosError, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, wcsncmp, NtClearEvent, NtWaitForSingleObject, NtTerminateProcess, NtQueryInformationThread, NtReplyPort, _vsnwprintf, RtlEqualUnicodeString, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, RtlFreeUnicodeString, wcslen, RtlFindMessage, NtResumeThread, RtlFreeHeap, memmove, RtlCreateUnicodeString, _strnicmp, RtlFreeAnsiString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, strstr, RtlUnicodeStringToAnsiString, NtReadVirtualMemory, NtDeviceIoControlFile, NtMakeTemporaryObject, wcscmp, NtQueryDirectoryObject, NtOpenDirectoryObject, _chkstk, NtRequestWaitReplyPort, NtConnectPort, wcscpy, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlCopySid, _alloca_probe, RtlGetDaclSecurityDescriptor, RtlGetOwnerSecurityDescriptor, NtRequestPort, RtlCreateTagHeap, RtlCreateHeap, RtlAllocateHeap, NtEnumerateValueKey, wcsncpy, NtQueryKey, RtlDosSearchPath_U, NtDuplicateObject, NtOpenProcess, RtlInitializeCriticalSectionAndSpinCount, RtlSizeHeap, NtMapViewOfSection, NtCreateSection, NtUnmapViewOfSection, NtVdmControl, NtTerminateThread, RtlCompareUnicodeString, atoi, _itoa, NtReleaseMutant, NtCreateMutant, NtQueryVirtualMemory, RtlUnwind, RtlPrefixUnicodeString, RtlIntegerToUnicodeString, RtlMultiByteToUnicodeN, RtlOemToUnicodeN, RtlUnicodeToMultiByteSize, RtlUnicodeToOemN, RtlInitCodePageTable, RtlUnicodeToMultiByteN, RtlCustomCPToUnicodeN, wcschr, wcsrchr, wcsstr, _wcsupr, NtProtectVirtualMemory, RtlImageDirectoryEntryToData, RtlReAllocateHeap, RtlConsoleMultiByteToUnicodeN, RtlDeleteCriticalSection
> USER32.dll: RegisterWindowMessageW, GetWindow, PostMessageW, DialogBoxParamW, EndDialog, GetDlgItemTextW, IsDlgButtonChecked, SendDlgItemMessageW, CheckRadioButton, GetWindowPlacement, SetWindowPlacement, EnableMenuItem, LoadMenuW, AppendMenuW, SetMenuItemInfoW, PtInRect, EmptyClipboard, SetClipboardData, OpenClipboard, GetClipboardData, CloseClipboard, GetForegroundWindow, CreateWindowExW, GetSystemMenu, GetLastActivePopup, GetCursorPos, WindowFromPoint, DefWindowProcW, SetCursor, TrackPopupMenuEx, UnpackDDElParam, CreateIconFromResourceEx, ReuseDDElParam, ShowWindowAsync, ReplyMessage, ScrollDC, SetScrollInfo, GetKeyboardLayout, IsWinEventHookInstalled, NotifyWinEvent, SetActiveWindow, MonitorFromRect, GetMonitorInfoW, AdjustWindowRectEx, GetCaretBlinkTime, VkKeyScanW, IsIconic, ClientToScreen, ScreenToClient, ActivateKeyboardLayout, GetKeyboardLayoutNameA, GetKeyboardLayoutNameW, CopyIcon, DestroyIcon, ShowWindow, LoadStringW, ReleaseCapture, SetCapture, GetKeyboardState, ToUnicodeEx, SetThreadDesktop, SetWindowsHookExW, GetMessageW, UnhookWindowsHookEx, TranslateMessageEx, GetKeyState, SetConsoleReserveKeys, MapVirtualKeyW, CloseWindowStation, GetUserObjectInformationW, CloseDesktop, PrivateExtractIconExW, wsprintfW, LoadCursorW, LoadImageW, RegisterClassExW, SendMessageTimeoutW, IsWindow, IsWindowEnabled, GetWindowTextW, MsgWaitForMultipleObjects, PeekMessageW, DispatchMessageW, TranslateMessage, GetWindowRect, GetSysColor, MapWindowPoints, OffsetRect, InflateRect, GetSystemMetrics, GetClientRect, SetForegroundWindow, InvalidateRect, KillTimer, SetWindowPos, SetFocus, SendMessageW, GetDlgItem, SetTimer, SetDlgItemTextW, EndPaint, LoadBitmapW, DrawEdge, DrawIcon, BeginPaint, LoadIconW, GetClassLongW, GetPropW, SetWindowTextW, SetWindowLongW, DestroyWindow, ReleaseDC, FillRect, GetDC, GetWindowLongW, GetClassNameW, RecordShutdownReason, GetGUIThreadInfo, SendInput, GetLastInputInfo, SystemParametersInfoW, CtxInitUser32, GetWindowTextLengthW, PostThreadMessageW, WCSToMBEx, MB_GetString, SoftModalMessageBox, MessageBoxTimeoutW, GetTaskmanWindow, BroadcastSystemMessageW, GetWindowThreadProcessId, MessageBoxExW, EnumThreadWindows, SendNotifyMessageW, SendMessageCallbackW, CreateDialogParamW, IsDialogMessageW, CallMsgFilterW

( 4 exports )
ConServerDllInitialization, UserServerDllInitialization, _UserSoundSentry, _UserTestTokenForInteractive
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:26 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\American Systems\Print Screen Deluxe\psdeluxe.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Autodesk Land Desktop 2007\acad.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\Greenbrier Graphics\Program\Map98.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
E:\Program Files\Trend Micro\HijackThis\HjScan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=c:\windows\explorer.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Print Screen Deluxe] C:\Program Files\American Systems\Print Screen Deluxe\psdeluxe.exe /m
O4 - HKLM\..\Run: [Opware14] "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0BCADE60-1E93-11D8-ABDA-0004759647B3} (FastBid1 Class) - http://www.bxwa.com/fastbid/fastbidx1.cab
O16 - DPF: {2513AB48-1AEF-4E55-8329-927FF97C9DCE} (ExpressView Class) - http://www.lizardtech.com/plugin/MrSID_BPI.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-3494b6720f59624c.spaces.live ... nPUpld.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Dwf Viewer Control) - http://www.ads-pipe.com/dwf/DwfViewerSetup.cab
O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Machine Debug Manager (MDM) - Logitech, Inc. - (no file)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

End of file - 8446 bytes
Active Member
Posts: 12
Joined: November 26th, 2008, 4:50 pm

Re: IE opens unwanted windows to unwanted sites

Unread postby Shaba » December 10th, 2008, 1:39 pm

I think that SP version might be problem here.

Which SP you have in CD?
User avatar
Admin/Teacher Emeritus
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: IE opens unwanted windows to unwanted sites

Unread postby Dp31959 » December 10th, 2008, 2:03 pm

The package says "Includes Service Pack 1a". I seem to recall there being another cd with sp 2 on it, that came with it.
Active Member
Posts: 12
Joined: November 26th, 2008, 4:50 pm

Re: IE opens unwanted windows to unwanted sites

Unread postby Shaba » December 10th, 2008, 2:36 pm

So that is likely the reason as version of user32.dll is wrong.

I suggest that you either transfer user32.dll from another SP3 computer or uninstall SP3 and try again that recovery console procedure.
User avatar
Admin/Teacher Emeritus
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: IE opens unwanted windows to unwanted sites

Unread postby Dp31959 » December 11th, 2008, 11:42 am

Ok got the file here is the new scan:
File user32.dll received on 12.11.2008 16:37:42 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/38 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 43 and 62 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Antivirus Version Last Update Result
AhnLab-V3 2008.12.10.2 2008.12.11 -
AntiVir 2008.12.11 -
Authentium 2008.12.11 -
Avast 4.8.1281.0 2008.12.10 -
AVG 2008.12.11 -
BitDefender 7.2 2008.12.11 -
CAT-QuickHeal 10.00 2008.12.11 -
ClamAV 0.94.1 2008.12.11 -
Comodo 733 2008.12.11 -
DrWeb 2008.12.11 -
eSafe 2008.12.10 -
eTrust-Vet 31.6.6256 2008.12.11 -
Ewido 4.0 2008.12.11 -
F-Prot 2008.12.10 -
F-Secure 8.0.14332.0 2008.12.11 -
Fortinet 2008.12.11 -
GData 19 2008.12.11 -
Ikarus T3. 2008.12.11 -
K7AntiVirus 7.10.551 2008.12.11 -
Kaspersky 2008.12.11 -
McAfee 5460 2008.12.10 -
McAfee+Artemis 5460 2008.12.10 -
Microsoft 1.4205 2008.12.10 -
NOD32 3683 2008.12.11 -
Norman 5.80.02 2008.12.11 -
Panda 2008.12.10 -
PCTools 2008.12.11 -
Prevx1 V2 2008.12.11 -
Rising 2008.12.11 -
SecureWeb-Gateway 6.7.6 2008.12.11 -
Sophos 4.36.0 2008.12.11 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.11 -
TheHacker 2008.12.11 -
TrendMicro 8.700.0.1004 2008.12.11 -
VBA32 2008.12.11 -
ViRobot 2008.12.11.1513 2008.12.11 -
VirusBuster 2008.12.11 -
Additional information
File size: 578560 bytes
MD5...: b26b135ff1b9f60c9388b4a7d16f600b
SHA1..: 08fe9ff1fe9b8fd237adedb10d65fb0447b91fe5
SHA256: acd0ae7b4d5f871e148276c6cc4ae3a216e33f67fc78d827c16986e1f945438c
SHA512: 06205444bbc9773fdea5c3ad949dfa8347d0248b87f8a0e43ede8758466fc087

ssdeep: 6144:Q7ML7NoIlCGJPY2Z2AlptXbgz0+Q4odCGfTnpbEdd/fudqsa0jucQgBMacC

PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7e41b217
timedatestamp.....: 0x4802a11b (Mon Apr 14 00:11:07 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5f283 0x5f400 6.65 25051dc5344bd71f517de4813f1397ed
.data 0x61000 0x1180 0xc00 2.38 28fc1d764bf4ed37bb349bca5991a1ff
.rsrc 0x63000 0x2a088 0x2a200 4.97 818c69d1407c2f66058a8171086b2fba
.reloc 0x8e000 0x2de4 0x2e00 6.77 68ebe5a2d822be0663a3e935b39d0bae

( 3 imports )
> GDI32.dll: GetClipRgn, ExtSelectClipRgn, GetHFONT, GetMapMode, SetGraphicsMode, GetClipBox, CreateRectRgn, CreateRectRgnIndirect, SetLayout, GetBoundsRect, ExcludeClipRect, PlayEnhMetaFile, GdiGetBitmapBitsSize, CreatePen, Ellipse, CreateEllipticRgn, GdiFixUpHandle, GetTextCharacterExtra, SetTextCharacterExtra, GetCurrentObject, GetViewportOrgEx, SetViewportOrgEx, PolyPatBlt, CreateBrushIndirect, SetBoundsRect, CopyEnhMetaFileW, CopyMetaFileW, GetPaletteEntries, CreatePalette, SetPaletteEntries, bInitSystemAndFontsDirectoriesW, bMakePathNameW, cGetTTFFromFOT, GetPixel, ExtTextOutA, GetTextCharsetInfo, QueryFontAssocStatus, GetCharWidthInfo, GetCharWidthA, GetTextFaceW, GetCharABCWidthsA, GetCharABCWidthsW, SetBrushOrgEx, CreateFontIndirectW, EnumFontsW, GetTextFaceAliasW, GetTextMetricsW, GetTextColor, GetBkMode, GetViewportExtEx, GetWindowExtEx, GdiGetCharDimensions, GdiGetCodePage, GetTextCharset, GdiPrinterThunk, GdiAddFontResourceW, TranslateCharsetInfo, SaveDC, OffsetWindowOrgEx, RestoreDC, ExtTextOutW, GetObjectType, GetDIBits, CreateDIBSection, SetStretchBltMode, SelectPalette, RealizePalette, SetDIBits, CreateDCW, CreateDIBitmap, CreateCompatibleBitmap, SetBitmapBits, DeleteDC, GdiValidateHandle, GdiDllInitialize, CreateSolidBrush, GetStockObject, CreateCompatibleDC, GdiConvertBitmapV5, GdiCreateLocalEnhMetaFile, GdiCreateLocalMetaFilePict, GetRgnBox, CombineRgn, OffsetRgn, MirrorRgn, EnableEUDC, GdiConvertToDevmodeW, GetTextExtentPointA, GetTextExtentPointW, CreateBitmap, SetLayoutWidth, PatBlt, TextOutA, TextOutW, BitBlt, GdiConvertAndCheckDC, StretchBlt, SetRectRgn, GdiReleaseDC, GdiConvertEnhMetaFile, GdiConvertMetaFilePict, DeleteEnhMetaFile, DeleteMetaFile, DeleteObject, GetDIBColorTable, GetDeviceCaps, StretchDIBits, GetLayout, SetBkColor, SetTextColor, GetObjectW, GetBkColor, SetBkMode, SelectObject, IntersectClipRect, GetTextAlign, SetTextAlign, GdiProcessSetup
> KERNEL32.dll: LocalSize, SizeofResource, LoadResource, FindResourceExW, FindResourceExA, GetModuleHandleW, DisableThreadLibraryCalls, GetCurrentThreadId, IsDBCSLeadByteEx, SearchPathW, ExpandEnvironmentStringsW, LoadLibraryExW, GlobalAddAtomW, GetSystemDirectoryW, GetComputerNameW, GetCurrentProcess, GetCurrentThread, ExitThread, GetExitCodeThread, CreateThread, HeapReAlloc, GlobalHandle, FoldStringW, Sleep, GetStringTypeW, GetStringTypeA, GetCPInfo, HeapSize, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, GetFileSize, ReadFile, SetFileTime, GetFileTime, GetSystemWindowsDirectoryW, CopyFileW, MoveFileW, DeleteFileW, CreateProcessW, AddAtomA, AddAtomW, GetAtomNameW, GetAtomNameA, IsValidLocale, ConvertDefaultLocale, CompareStringW, GetCurrentDirectoryW, SetCurrentDirectoryW, lstrlenW, GetLogicalDrives, FindClose, FindNextFileW, FindFirstFileW, GetThreadLocale, ProcessIdToSessionId, GetCurrentProcessId, InterlockedCompareExchange, IsDBCSLeadByte, LCMapStringW, QueryPerformanceCounter, QueryPerformanceFrequency, GetTickCount, lstrlenA, GlobalFindAtomA, GetModuleFileNameA, GetModuleHandleA, GlobalAddAtomA, DelayLoadFailureHook, LoadLibraryA, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, LocalUnlock, LocalLock, LocalReAlloc, GetACP, GetOEMCP, InterlockedIncrement, InterlockedDecrement, SetLastError, GlobalFindAtomW, GlobalAlloc, MultiByteToWideChar, GlobalReAlloc, GetLastError, GetProcAddress, LoadLibraryW, FreeLibrary, lstrcpynW, CreateFileW, WritePrivateProfileStringW, lstrcmpiW, SetEvent, WaitForMultipleObjectsEx, WideCharToMultiByte, GlobalFlags, GetLocaleInfoW, GlobalFree, GetModuleFileNameW, GlobalGetAtomNameW, GlobalGetAtomNameA, InterlockedExchange, DeleteAtom, LocalAlloc, GlobalDeleteAtom, LocalFree, GlobalSize, GlobalLock, GlobalUnlock, GetUserDefaultLCID, HeapAlloc, HeapFree, lstrcpyW, lstrcatW, GetPrivateProfileStringW, RegisterWaitForInputIdle
> ntdll.dll: NtQueryVirtualMemory, RtlUnwind, RtlNtStatusToDosError, NlsAnsiCodePage, RtlAllocateHeap, qsort, RtlMultiByteToUnicodeSize, LdrFlushAlternateResourceModules, RtlPcToFileHeader, wcsrchr, NtRaiseHardError, RtlIsNameLegalDOS8Dot3, strrchr, sscanf, NtQueryKey, NtEnumerateValueKey, RtlRunEncodeUnicodeString, RtlRunDecodeUnicodeString, _wcsicmp, CsrAllocateCaptureBuffer, CsrCaptureMessageBuffer, CsrFreeCaptureBuffer, NtOpenThreadToken, NtOpenProcessToken, NtQueryInformationToken, CsrClientCallServer, memmove, NtCallbackReturn, RtlUnicodeToMultiByteSize, RtlActivateActivationContextUnsafeFast, RtlDeactivateActivationContextUnsafeFast, RtlInitializeCriticalSection, NtQuerySystemInformation, swprintf, RtlDeleteCriticalSection, RtlImageNtHeader, CsrClientConnectToServer, NtYieldExecution, NtCreateKey, NtSetValueKey, NtDeleteValueKey, RtlQueryInformationActiveActivationContext, RtlReleaseActivationContext, RtlFreeHeap, wcsncpy, wcscmp, wcstoul, wcscat, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlCreateUnicodeStringFromAsciiz, RtlFreeUnicodeString, NtOpenDirectoryObject, _chkstk, wcscpy, wcsncat, NtSetSecurityObject, NtQuerySecurityObject, NtQueryInformationProcess, wcstol, wcslen, RtlFindActivationContextSectionString, RtlMultiByteToUnicodeN, RtlUnicodeToMultiByteN, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlOpenCurrentUser, NtEnumerateKey, NtOpenKey, NtClose, NtQueryValueKey, RtlInitUnicodeString, RtlUnicodeStringToInteger

( 732 exports )
ActivateKeyboardLayout, AdjustWindowRect, AdjustWindowRectEx, AlignRects, AllowForegroundActivation, AllowSetForegroundWindow, AnimateWindow, AnyPopup, AppendMenuA, AppendMenuW, ArrangeIconicWindows, AttachThreadInput, BeginDeferWindowPos, BeginPaint, BlockInput, BringWindowToTop, BroadcastSystemMessage, BroadcastSystemMessageA, BroadcastSystemMessageExA, BroadcastSystemMessageExW, BroadcastSystemMessageW, BuildReasonArray, CalcMenuBar, CallMsgFilter, CallMsgFilterA, CallMsgFilterW, CallNextHookEx, CallWindowProcA, CallWindowProcW, CascadeChildWindows, CascadeWindows, ChangeClipboardChain, ChangeDisplaySettingsA, ChangeDisplaySettingsExA, ChangeDisplaySettingsExW, ChangeDisplaySettingsW, ChangeMenuA, ChangeMenuW, CharLowerA, CharLowerBuffA, CharLowerBuffW, CharLowerW, CharNextA, CharNextExA, CharNextW, CharPrevA, CharPrevExA, CharPrevW, CharToOemA, CharToOemBuffA, CharToOemBuffW, CharToOemW, CharUpperA, CharUpperBuffA, CharUpperBuffW, CharUpperW, CheckDlgButton, CheckMenuItem, CheckMenuRadioItem, CheckRadioButton, ChildWindowFromPoint, ChildWindowFromPointEx, CliImmSetHotKey, ClientThreadSetup, ClientToScreen, ClipCursor, CloseClipboard, CloseDesktop, CloseWindow, CloseWindowStation, CopyAcceleratorTableA, CopyAcceleratorTableW, CopyIcon, CopyImage, CopyRect, CountClipboardFormats, CreateAcceleratorTableA, CreateAcceleratorTableW, CreateCaret, CreateCursor, CreateDesktopA, CreateDesktopW, CreateDialogIndirectParamA, CreateDialogIndirectParamAorW, CreateDialogIndirectParamW, CreateDialogParamA, CreateDialogParamW, CreateIcon, CreateIconFromResource, CreateIconFromResourceEx, CreateIconIndirect, CreateMDIWindowA, CreateMDIWindowW, CreateMenu, CreatePopupMenu, CreateSystemThreads, CreateWindowExA, CreateWindowExW, CreateWindowStationA, CreateWindowStationW, CsrBroadcastSystemMessageExW, CtxInitUser32, DdeAbandonTransaction, DdeAccessData, DdeAddData, DdeClientTransaction, DdeCmpStringHandles, DdeConnect, DdeConnectList, DdeCreateDataHandle, DdeCreateStringHandleA, DdeCreateStringHandleW, DdeDisconnect, DdeDisconnectList, DdeEnableCallback, DdeFreeDataHandle, DdeFreeStringHandle, DdeGetData, DdeGetLastError, DdeGetQualityOfService, DdeImpersonateClient, DdeInitializeA, DdeInitializeW, DdeKeepStringHandle, DdeNameService, DdePostAdvise, DdeQueryConvInfo, DdeQueryNextServer, DdeQueryStringA, DdeQueryStringW, DdeReconnect, DdeSetQualityOfService, DdeSetUserHandle, DdeUnaccessData, DdeUninitialize, DefDlgProcA, DefDlgProcW, DefFrameProcA, DefFrameProcW, DefMDIChildProcA, DefMDIChildProcW, DefRawInputProc, DefWindowProcA, DefWindowProcW, DeferWindowPos, DeleteMenu, DeregisterShellHookWindow, DestroyAcceleratorTable, DestroyCaret, DestroyCursor, DestroyIcon, DestroyMenu, DestroyReasons, DestroyWindow, DeviceEventWorker, DialogBoxIndirectParamA, DialogBoxIndirectParamAorW, DialogBoxIndirectParamW, DialogBoxParamA, DialogBoxParamW, DisableProcessWindowsGhosting, DispatchMessageA, DispatchMessageW, DisplayExitWindowsWarnings, DlgDirListA, DlgDirListComboBoxA, DlgDirListComboBoxW, DlgDirListW, DlgDirSelectComboBoxExA, DlgDirSelectComboBoxExW, DlgDirSelectExA, DlgDirSelectExW, DragDetect, DragObject, DrawAnimatedRects, DrawCaption, DrawCaptionTempA, DrawCaptionTempW, DrawEdge, DrawFocusRect, DrawFrame, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawMenuBarTemp, DrawStateA, DrawStateW, DrawTextA, DrawTextExA, DrawTextExW, DrawTextW, EditWndProc, EmptyClipboard, EnableMenuItem, EnableScrollBar, EnableWindow, EndDeferWindowPos, EndDialog, EndMenu, EndPaint, EndTask, EnterReaderModeHelper, EnumChildWindows, EnumClipboardFormats, EnumDesktopWindows, EnumDesktopsA, EnumDesktopsW, EnumDisplayDevicesA, EnumDisplayDevicesW, EnumDisplayMonitors, EnumDisplaySettingsA, EnumDisplaySettingsExA, EnumDisplaySettingsExW, EnumDisplaySettingsW, EnumPropsA, EnumPropsExA, EnumPropsExW, EnumPropsW, EnumThreadWindows, EnumWindowStationsA, EnumWindowStationsW, EnumWindows, EqualRect, ExcludeUpdateRgn, ExitWindowsEx, FillRect, FindWindowA, FindWindowExA, FindWindowExW, FindWindowW, FlashWindow, FlashWindowEx, FrameRect, FreeDDElParam, GetActiveWindow, GetAltTabInfo, GetAltTabInfoA, GetAltTabInfoW, GetAncestor, GetAppCompatFlags, GetAppCompatFlags2, GetAsyncKeyState, GetCapture, GetCaretBlinkTime, GetCaretPos, GetClassInfoA, GetClassInfoExA, GetClassInfoExW, GetClassInfoW, GetClassLongA, GetClassLongW, GetClassNameA, GetClassNameW, GetClassWord, GetClientRect, GetClipCursor, GetClipboardData, GetClipboardFormatNameA, GetClipboardFormatNameW, GetClipboardOwner, GetClipboardSequenceNumber, GetClipboardViewer, GetComboBoxInfo, GetCursor, GetCursorFrameInfo, GetCursorInfo, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetDialogBaseUnits, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetDlgItemTextA, GetDlgItemTextW, GetDoubleClickTime, GetFocus, GetForegroundWindow, GetGUIThreadInfo, GetGuiResources, GetIconInfo, GetInputDesktop, GetInputState, GetInternalWindowPos, GetKBCodePage, GetKeyNameTextA, GetKeyNameTextW, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardLayoutNameA, GetKeyboardLayoutNameW, GetKeyboardState, GetKeyboardType, GetLastActivePopup, GetLastInputInfo, GetLayeredWindowAttributes, GetListBoxInfo, GetMenu, GetMenuBarInfo, GetMenuCheckMarkDimensions, GetMenuContextHelpId, GetMenuDefaultItem, GetMenuInfo, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuItemInfoW, GetMenuItemRect, GetMenuState, GetMenuStringA, GetMenuStringW, GetMessageA, GetMessageExtraInfo, GetMessagePos, GetMessageTime, GetMessageW, GetMonitorInfoA, GetMonitorInfoW, GetMouseMovePointsEx, GetNextDlgGroupItem, GetNextDlgTabItem, GetOpenClipboardWindow, GetParent, GetPriorityClipboardFormat, GetProcessDefaultLayout, GetProcessWindowStation, GetProgmanWindow, GetPropA, GetPropW, GetQueueStatus, GetRawInputBuffer, GetRawInputData, GetRawInputDeviceInfoA, GetRawInputDeviceInfoW, GetRawInputDeviceList, GetReasonTitleFromReasonCode, GetRegisteredRawInputDevices, GetScrollBarInfo, GetScrollInfo, GetScrollPos, GetScrollRange, GetShellWindow, GetSubMenu, GetSysColor, GetSysColorBrush, GetSystemMenu, GetSystemMetrics, GetTabbedTextExtentA, GetTabbedTextExtentW, GetTaskmanWindow, GetThreadDesktop, GetTitleBarInfo, GetTopWindow, GetUpdateRect, GetUpdateRgn, GetUserObjectInformationA, GetUserObjectInformationW, GetUserObjectSecurity, GetWinStationInfo, GetWindow, GetWindowContextHelpId, GetWindowDC, GetWindowInfo, GetWindowLongA, GetWindowLongW, GetWindowModuleFileName, GetWindowModuleFileNameA, GetWindowModuleFileNameW, GetWindowPlacement, GetWindowRect, GetWindowRgn, GetWindowRgnBox, GetWindowTextA, GetWindowTextLengthA, GetWindowTextLengthW, GetWindowTextW, GetWindowThreadProcessId, GetWindowWord, GrayStringA, GrayStringW, HideCaret, HiliteMenuItem, IMPGetIMEA, IMPGetIMEW, IMPQueryIMEA, IMPQueryIMEW, IMPSetIMEA, IMPSetIMEW, ImpersonateDdeClientWindow, InSendMessage, InSendMessageEx, InflateRect, InitializeLpkHooks, InitializeWin32EntryTable, InsertMenuA, InsertMenuItemA, InsertMenuItemW, InsertMenuW, InternalGetWindowText, IntersectRect, InvalidateRect, InvalidateRgn, InvertRect, IsCharAlphaA, IsCharAlphaNumericA, IsCharAlphaNumericW, IsCharAlphaW, IsCharLowerA, IsCharLowerW, IsCharUpperA, IsCharUpperW, IsChild, IsClipboardFormatAvailable, IsDialogMessage, IsDialogMessageA, IsDialogMessageW, IsDlgButtonChecked, IsGUIThread, IsHungAppWindow, IsIconic, IsMenu, IsRectEmpty, IsServerSideWindow, IsWinEventHookInstalled, IsWindow, IsWindowEnabled, IsWindowInDestroy, IsWindowUnicode, IsWindowVisible, IsZoomed, KillSystemTimer, KillTimer, LoadAcceleratorsA, LoadAcceleratorsW, LoadBitmapA, LoadBitmapW, LoadCursorA, LoadCursorFromFileA, LoadCursorFromFileW, LoadCursorW, LoadIconA, LoadIconW, LoadImageA, LoadImageW, LoadKeyboardLayoutA, LoadKeyboardLayoutEx, LoadKeyboardLayoutW, LoadLocalFonts, LoadMenuA, LoadMenuIndirectA, LoadMenuIndirectW, LoadMenuW, LoadRemoteFonts, LoadStringA, LoadStringW, LockSetForegroundWindow, LockWindowStation, LockWindowUpdate, LockWorkStation, LookupIconIdFromDirectory, LookupIconIdFromDirectoryEx, MBToWCSEx, MB_GetString, MapDialogRect, MapVirtualKeyA, MapVirtualKeyExA, MapVirtualKeyExW, MapVirtualKeyW, MapWindowPoints, MenuItemFromPoint, MenuWindowProcA, MenuWindowProcW, MessageBeep, MessageBoxA, MessageBoxExA, MessageBoxExW, MessageBoxIndirectA, MessageBoxIndirectW, MessageBoxTimeoutA, MessageBoxTimeoutW, MessageBoxW, ModifyMenuA, ModifyMenuW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow, MoveWindow, MsgWaitForMultipleObjects, MsgWaitForMultipleObjectsEx, NotifyWinEvent, OemKeyScan, OemToCharA, OemToCharBuffA, OemToCharBuffW, OemToCharW, OffsetRect, OpenClipboard, OpenDesktopA, OpenDesktopW, OpenIcon, OpenInputDesktop, OpenWindowStationA, OpenWindowStationW, PackDDElParam, PaintDesktop, PaintMenuBar, PeekMessageA, PeekMessageW, PostMessageA, PostMessageW, PostQuitMessage, PostThreadMessageA, PostThreadMessageW, PrintWindow, PrivateExtractIconExA, PrivateExtractIconExW, PrivateExtractIconsA, PrivateExtractIconsW, PrivateSetDbgTag, PrivateSetRipFlags, PtInRect, QuerySendMessage, QueryUserCounters, RealChildWindowFromPoint, RealGetWindowClass, RealGetWindowClassA, RealGetWindowClassW, ReasonCodeNeedsBugID, ReasonCodeNeedsComment, RecordShutdownReason, RedrawWindow, RegisterClassA, RegisterClassExA, RegisterClassExW, RegisterClassW, RegisterClipboardFormatA, RegisterClipboardFormatW, RegisterDeviceNotificationA, RegisterDeviceNotificationW, RegisterHotKey, RegisterLogonProcess, RegisterMessagePumpHook, RegisterRawInputDevices, RegisterServicesProcess, RegisterShellHookWindow, RegisterSystemThread, RegisterTasklist, RegisterUserApiHook, RegisterWindowMessageA, RegisterWindowMessageW, ReleaseCapture, ReleaseDC, RemoveMenu, RemovePropA, RemovePropW, ReplyMessage, ResolveDesktopForWOW, ReuseDDElParam, ScreenToClient, ScrollChildren, ScrollDC, ScrollWindow, ScrollWindowEx, SendDlgItemMessageA, SendDlgItemMessageW, SendIMEMessageExA, SendIMEMessageExW, SendInput, SendMessageA, SendMessageCallbackA, SendMessageCallbackW, SendMessageTimeoutA, SendMessageTimeoutW, SendMessageW, SendNotifyMessageA, SendNotifyMessageW, SetActiveWindow, SetCapture, SetCaretBlinkTime, SetCaretPos, SetClassLongA, SetClassLongW, SetClassWord, SetClipboardData, SetClipboardViewer, SetConsoleReserveKeys, SetCursor, SetCursorContents, SetCursorPos, SetDebugErrorLevel, SetDeskWallpaper, SetDlgItemInt, SetDlgItemTextA, SetDlgItemTextW, SetDoubleClickTime, SetFocus, SetForegroundWindow, SetInternalWindowPos, SetKeyboardState, SetLastErrorEx, SetLayeredWindowAttributes, SetLogonNotifyWindow, SetMenu, SetMenuContextHelpId, SetMenuDefaultItem, SetMenuInfo, SetMenuItemBitmaps, SetMenuItemInfoA, SetMenuItemInfoW, SetMessageExtraInfo, SetMessageQueue, SetParent, SetProcessDefaultLayout, SetProcessWindowStation, SetProgmanWindow, SetPropA, SetPropW, SetRect, SetRectEmpty, SetScrollInfo, SetScrollPos, SetScrollRange, SetShellWindow, SetShellWindowEx, SetSysColors, SetSysColorsTemp, SetSystemCursor, SetSystemMenu, SetSystemTimer, SetTaskmanWindow, SetThreadDesktop, SetTimer, SetUserObjectInformationA, SetUserObjectInformationW, SetUserObjectSecurity, SetWinEventHook, SetWindowContextHelpId, SetWindowLongA, SetWindowLongW, SetWindowPlacement, SetWindowPos, SetWindowRgn, SetWindowStationUser, SetWindowTextA, SetWindowTextW, SetWindowWord, SetWindowsHookA, SetWindowsHookExA, SetWindowsHookExW, SetWindowsHookW, ShowCaret, ShowCursor, ShowOwnedPopups, ShowScrollBar, ShowStartGlass, ShowWindow, ShowWindowAsync, SoftModalMessageBox, SubtractRect, SwapMouseButton, SwitchDesktop, SwitchToThisWindow, SystemParametersInfoA, SystemParametersInfoW, TabbedTextOutA, TabbedTextOutW, TileChildWindows, TileWindows, ToAscii, ToAsciiEx, ToUnicode, ToUnicodeEx, TrackMouseEvent, TrackPopupMenu, TrackPopupMenuEx, TranslateAccelerator, TranslateAcceleratorA, TranslateAcceleratorW, TranslateMDISysAccel, TranslateMessage, TranslateMessageEx, UnhookWinEvent, UnhookWindowsHook, UnhookWindowsHookEx, UnionRect, UnloadKeyboardLayout, UnlockWindowStation, UnpackDDElParam, UnregisterClassA, UnregisterClassW, UnregisterDeviceNotification, UnregisterHotKey, UnregisterMessagePumpHook, UnregisterUserApiHook, UpdateLayeredWindow, UpdatePerUserSystemParameters, UpdateWindow, User32InitializeImmEntryTable, UserClientDllInitialize, UserHandleGrantAccess, UserLpkPSMTextOut, UserLpkTabbedTextOut, UserRealizePalette, UserRegisterWowHandlers, VRipOutput, VTagOutput, ValidateRect, ValidateRgn, VkKeyScanA, VkKeyScanExA, VkKeyScanExW, VkKeyScanW, WCSToMBEx, WINNLSEnableIME, WINNLSGetEnableStatus, WINNLSGetIMEHotkey, WaitForInputIdle, WaitMessage, Win32PoolAllocationStats, WinHelpA, WinHelpW, WindowFromDC, WindowFromPoint, keybd_event, mouse_event, wsprintfA, wsprintfW, wvsprintfA, wvsprintfW
Active Member
Posts: 12
Joined: November 26th, 2008, 4:50 pm

Re: IE opens unwanted windows to unwanted sites

Unread postby Shaba » December 11th, 2008, 11:48 am

OK, that is clean now :)

Empty these folders:

C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache
c:\Documents and Settings\Steve\Local Settings\temp

Delete these:

C:\Documents and Settings\Steve\Application Data\Twain\trz60.tmp

Empty Recycle Bin.

Still problems?
User avatar
Admin/Teacher Emeritus
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: IE opens unwanted windows to unwanted sites

Unread postby Dp31959 » December 11th, 2008, 12:58 pm

Everything seems to be working fine.
Thank you very much!!
Active Member
Posts: 12
Joined: November 26th, 2008, 4:50 pm

Re: IE opens unwanted windows to unwanted sites

Unread postby Shaba » December 11th, 2008, 1:45 pm

Great :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Now lets uninstall ComboFix:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
    You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

    Malwarebytes' Anti-Malware Setup Guide

    Malwarebytes' Anti-Malware Scanning Guide

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :)
User avatar
Admin/Teacher Emeritus
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: IE opens unwanted windows to unwanted sites

Unread postby Shaba » December 12th, 2008, 4:38 am

Dp31959 this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Admin/Teacher Emeritus
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Register to Remove


  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware