I E keeps opening itself

littlemissfrugal

aliEnRIK wrote: »

I think there will be. But if you left click once, wait then press again, it will turn blue for you to rename

it is blue but wont let me do anything - have i broke it?

Trin it does it everyday at the same time then is fine

aliEnRIK

When its blue, simply TYPE on the keyboard

littlemissfrugal

it doesnt do anything and all my downloads are blue ?? it actually goes red when i left click

Trinitrotoluene

Can you run this and see if it returns anything?

*Google and download "hitman pro", it won't let me paste links here as I have too few posts.

I have seen periodic corruption of Internet Explorer that does what you are suggesting but we need to rule out Malware/Spyware before that.

littlemissfrugal

right was at cross purposes I was trying to rename it on the download tab in google but have now found the folder and renamed it !!! hoorah now what do I just run it ?

littlemissfrugal

have just got a message that my machine does not have Windows recovery console installed - do I click yes or no

littlemissfrugal

Rik I have done it
heres the log


ComboFix 10-07-31.04 - Toni 01/08/2010 14:10:49.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.501 [GMT 1:00]
Running from: c:\documents and settings\Toni\My Documents\Downloads\qwerty.exe.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
.

2010-07-30 22:02 . 2010-07-30 22:02 388096 ----a-r- c:\documents and settings\Toni\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-30 22:02 . 2010-07-30 22:02

---

d

---

w- c:\program files\Trend Micro
2010-07-30 21:14 . 2010-07-30 21:14

---

d

---

w- c:\documents and settings\Toni\Application Data\Malwarebytes
2010-07-30 21:14 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 21:14 . 2010-07-30 21:14

---

d

---

w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-30 21:14 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 21:13 . 2010-07-30 21:57

---

d

---

w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 15:16 . 2010-07-20 15:16 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-20 15:16 . 2010-07-20 15:16 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-20 15:16 . 2010-07-20 15:16 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-20 15:16 . 2010-07-20 15:16 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-16 09:20 . 2010-07-16 09:20 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-16 09:20 . 2010-07-16 09:20 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-16 09:20 . 2010-07-16 09:20 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 09:18 . 2010-07-16 09:18 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-16 09:18 . 2010-07-16 09:18 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-16 09:18 . 2010-07-16 09:18 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-16 09:18 . 2010-07-16 09:18 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-03 11:55 . 2010-07-03 11:55 61440 ----a-w- c:\documents and settings\Moo\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2e2f6dcb-n\decora-sse.dll
2010-07-03 11:55 . 2010-07-03 11:55 503808 ----a-w- c:\documents and settings\Moo\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7699e85f-n\msvcp71.dll
2010-07-03 11:55 . 2010-07-03 11:55 499712 ----a-w- c:\documents and settings\Moo\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7699e85f-n\jmc.dll
2010-07-03 11:55 . 2010-07-03 11:55 348160 ----a-w- c:\documents and settings\Moo\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7699e85f-n\msvcr71.dll
2010-07-03 11:55 . 2010-07-03 11:55 12800 ----a-w- c:\documents and settings\Moo\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2e2f6dcb-n\decora-d3d.dll
2010-07-03 10:37 . 2010-07-03 10:37

---

d

---

w- c:\documents and settings\Moo\Local Settings\Application Data\Temp
2010-07-03 09:48 . 2010-07-03 09:48

---

d

---

w- c:\documents and settings\Moo\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 12:54 . 2010-04-10 09:46

---

d

---

w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-07-16 09:20 . 2010-03-06 15:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 09:19 . 2010-03-06 15:52 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-13 17:50 . 2010-04-13 10:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-03 11:55 . 2010-07-03 11:55 664 ----a-w- c:\documents and settings\Moo\Local Settings\Application Data\d3d9caps.tmp
2010-06-26 13:31 . 2010-06-26 13:31 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb1F.tmp.exe
2010-06-18 15:40 . 2010-06-18 15:40

---

d

---

w- c:\program files\Windows Media Connect 2
2010-06-14 14:30 . 2010-03-06 13:29 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-03 07:45 . 2010-03-06 15:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-25 10:50 . 2010-05-25 10:50 503808 ----a-w- c:\documents and settings\Toni\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-68f8649d-n\msvcp71.dll
2010-05-25 10:50 . 2010-05-25 10:50 499712 ----a-w- c:\documents and settings\Toni\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-68f8649d-n\jmc.dll
2010-05-25 10:50 . 2010-05-25 10:50 61440 ----a-w- c:\documents and settings\Toni\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f80c81a-n\decora-sse.dll
2010-05-25 10:50 . 2010-05-25 10:50 348160 ----a-w- c:\documents and settings\Toni\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-68f8649d-n\msvcr71.dll
2010-05-25 10:50 . 2010-05-25 10:50 12800 ----a-w- c:\documents and settings\Toni\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f80c81a-n\decora-d3d.dll
2010-05-22 09:13 . 2010-05-22 09:13 23656 ----a-w- c:\documents and settings\Moo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Toni\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-23 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-14 344064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"CTHelper"="CTHELPER.EXE" [2008-02-20 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 19968]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-16 127037]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 09:20 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [06/03/2010 16:52 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [06/03/2010 16:52 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/04/2010 08:50 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/07/2010 10:20 308136]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/04/2010 15:43 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [11/04/2010 08:51 430152]

--- Other Services/Drivers In Memory ---

*Deregistered* - MBAMSwissArmy
.
Contents of the 'Scheduled Tasks' folder

2010-08-01 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 14:03]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 14:43]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 14:43]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-616249376-1801674531-1004Core.job
- c:\documents and settings\Toni\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-02 14:43]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-616249376-1801674531-1004UA.job
- c:\documents and settings\Toni\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-02 14:43]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-616249376-1801674531-1005Core.job
- c:\documents and settings\Moo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-03 14:43]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-616249376-1801674531-1005UA.job
- c:\documents and settings\Moo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-03 14:43]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://forums.mantaclub.org/index.php?app=core&module=search&do=active
uSearch Page = hxxp://www.google.com
uSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 14:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'explorer.exe'(2888)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-01 14:21:11
ComboFix-quarantined-files.txt 2010-08-01 13:21

Pre-Run: 227,910,139,904 bytes free
Post-Run: 229,646,094,336 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 628F77EE5ADC21DA1DE1B4BDF5F381F3

do I reactivate avg now

aliEnRIK

Cant see anything wrong in the log

With AVG still turned off, update malwarebytes and run another FULL scan

littlemissfrugal

will do - have managed to update windows to SP3 and IE7

thanks

littlemissfrugal

deleted I'm a dimwit