[HotlikeFire]

can someone anyone help me out my Internet explorer opens itself and my automatic update is not working

here's the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:04, on 2008-06-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32WgaTray.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSExplorer.EXE
C:WINDOWSRTHDCPL.EXE
C:Program FilesCanonMyPrinterBJMyPrt.exe
C:Program FilesScanSoftOmniPageSE4.0OpwareSE4.exe
C:Program FilesJavajre1.6.0_01binjusched.exe
C:Program FilesATI TechnologiesATI.ACECLI.EXE
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Documents and Settingsmarlonlsass.exe
C:WINDOWSSystem32Rundll32.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32Rundll32.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesAliasAlias SketchBook Pro 1.1AliasSketchSnap.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesJavajre1.6.0_01binjucheck.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,DefaultPageURL = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft Internet Explorer
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 168.94.74.68:8080
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:Program FilesAOLAOL Toolbar 5.0aoltb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:Program FilesCanonEasy-WebPrintToolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAOL Toolbar 5.0aoltb.dll
O4 - HKLM..Run: ATICCC] "C:Program FilesATI TechnologiesATI.ACECLIStart.exe"
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [SkyTel] SkyTel.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe /logon
O4 - HKLM..Run: [SSBkgdUpdate] "C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot
O4 - HKLM..Run: [OpwareSE4] "C:Program FilesScanSoftOmniPageSE4.0OpwareSE4.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [ISUSPM] "C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe" -scheduler
O4 - HKLM..Run: [LSA Shellu] C:Documents and Settingsmarlonlsass.exe
O4 - HKLM..Run: [{8535cedf-cc77-b9d8-71d8-d3a8066fa5e6}] C:WINDOWSSystem32Rundll32.exe "C:WINDOWSsystem32{436b082b-95b7-002e-9dc5-906353685c2f}.dll" DllStart
O4 - HKLM..Run: [1c8b8a5f] rundll32.exe "C:WINDOWSsystem32pmynwovx.dll",b
O4 - HKLM..Run: [BM1fb8b9c3] Rundll32.exe "C:WINDOWSsystem32jgdbucul.dll",s
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [CDriver] c:Backup_Driverssvchost.exe
O4 - HKCU..Run: [DDriver] c:Backup_Driverssvchost.exe
O4 - HKCU..Run: [alpha] c:Backup_Driverssvchost.exe
O4 - HKCU..Run: [beta] c:Backup_Driverssvchost.exe
O4 - HKCU..Run: [gamma] c:Backup_Driverssvchost.exe
O4 - HKCU..Run: [RegistryCleanFixMFC] C:Program FilesRegistryCleanerregistrycleaner.exe
O4 - HKCU..Run: [http://ctfmon.exe C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [BlazeServoTool] "C:Program FilesBlazeVideoBlazeDVD 5 ProfessionalMediaDetector.exe"
O4 - HKUSS-1-5-19..RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [SystemDriverLoad] (User 'SYSTEM')
O4 - HKUSS-1-5-18..RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [SystemDriverLoad] (User 'Default user')
O4 - HKUS.DEFAULT..RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Alias SketchBook Snapshot.lnk = C:Program FilesAliasAlias SketchBook Pro 1.1AliasSketchSnap.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - C:Documents and SettingsAll UsersApplication DataAOLieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:Program FilesCanonEasy-WebPrintToolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:Program FilesCanonEasy-WebPrintToolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:Program FilesCanonEasy-WebPrintToolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:Program FilesCanonEasy-WebPrintToolband.dll/RC_Print.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:DOCUME~1marlonLOCALS~1Tempdnlsvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:WINDOWSwinself.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe
--
End of file - 9452 bytes

[Flashorn]

Hey hotlikeFire!!





Welcome to PCWorld Community!





Now, we don't have a dedicated HijackThis log forum but, we do have a member who will most likely


help.


If SpiritWind can log in , he will be the one most likely to help with your log .





In the mean time , why don't you up-load a hijackthis log to VirusTotal .





There will be 32 different AntiVirus engines analyzing your log and will determine if you need further help.





I'm no expert but, this entry among others do not belong here.





O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:WINDOWSwinself.exe (file missing).





So, go to VirusTotal and have your log analyzed and come back to this thread


with your results.


I'm sure SpiritWind will then direct you to the proper resources.





FLASHORN.

[AuroraDizon]

Looks like you probably have a lot of items running when you start your
computer up that don't really need to be there. Personally I would
start with those items at least so you can clear our the gunk. I'm refering to real players background updater, etc etc. If you get win patrol or ccleaner you can see start up items and remove them if you don't want them to start up with your computer. Do you have any other anti-spyware on your system besides spybot search and destroy? (Sorry I didn't go over every entry)



Also make sure that IE is not allowed internet access if it is acting up. I like to keep it as an ask basis with restrictions all the way up since I never use IE. In the meantime use Firefox or Opera. Also, have you tried physically downloading the windows updates yourself from Microsofts website?

[HotlikeFire]

i went to go upload my log but nothing was found so far. i don't know what's next

[SpiritWind]

Hi "Hot" :


Your "Situation" is beyond my Experience; however, I noticed that


"O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} " belongs to


McAfee Virus Scan and you should have the HijackThis program "fix ( Delete ) " this since


it causes a "Conflict" with Avast Antivirus . In addition, your Adobe Reader program is way


out-of-date and a serious Security Risk; Best to uninstall it and use the FREE "Foxit Reader".


And your Sun Java program is 4 "Updates/Versions" behind, a serious security risk. Should


uninstall ALL Versions of this program; then get the latest "Version" at www.java.com .

[Flashorn]

Hey HotlikeFire!!



Well, I will recommend you visit a forum that has a dedicated HijackThis section.

Please visit either of these sites. They are both very qualified and if there is something

to do with your log , they will find it.



Malwarebytes .

This is their HijackThis forum. Like here you will have to register. Make sure to read the Pre- HJT Post Instructions.



Castlecops .

Again if you choose this one , you will also have to register before posting.

They too have a Be ready section which should be read before posting. Hijackthis Guidelines - Read Before Posting..



I hope this will help you HotlikeFire. We just don't have any forum to which you could up-load your HjT log.



If you have any questions on preparing your submission to either of those forums, come back to

this thread and we will be happy to assist you.





FLASHORN.