TechSpot

Can someone please check my logs?

By satoodles
Sep 29, 2008
  1. Sometimes when I click on the internet to open it...it causes 2 cases of IE to be running in task manager.
     
  2. tw0rld

    tw0rld TS Maniac Posts: 572   +6

    RunHJT again and remove the following:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

    Uninstall Google web accelerator, yahoo Toolbar and Idabar Toolbar (Control Panel > Add/Remove Programs)

    You have five instances of IE running which may be related to iespell.dll. It is best to Uninstall IE8. It is Beta verison, which means it is not the final product, thus may be very buggy.

    Also follow the Instructions found here; http://www.techspot.com/vb/topic109461.html

    Post Logs when done.
     
  3. swilllx2p

    swilllx2p TS Rookie Posts: 127

  4. SpiritWind

    SpiritWind TS Rookie Posts: 164

    Hi Satoodles :

    In addition, you have the malware-prone Adobe Reader . Recently, Researchers found a new hackertoolkit that uses nothing but Adobe securityleaks in order to infect systems. "PDF Xploit Pack" ( http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits )adds all kind of exploits to PDF-files. When a certain exploit has successfully infected the OS, the IP address is sent to the attackers, so they need to try again. This to reduce the time it takes to manage the bots.

    Use of PDF-files is becoming more and more popular among malcreants, this because other toolkits also have PDF exploits now. A year ago only 3% of the exploits were PDF directed.

    Based on this Info, I recommend you uninstall Adobe & get the safer
    "Foxit Reader" .
     
  5. satoodles

    satoodles TS Rookie Topic Starter

    yahoo and Idabar weren't located in add/remove programs
     
  6. satoodles

    satoodles TS Rookie Topic Starter

  7. swilllx2p

    swilllx2p TS Rookie Posts: 127

    Still though...the original problem...multiple instances of IE running, its a IE 8 bug...and will remain regardless of what you do.
     
  8. tw0rld

    tw0rld TS Maniac Posts: 572   +6

    You need to rollback IE to IE 7, by removing it from Control Panel =>Add/Remove Programs

    After you have rolledback IE do the following

    To use RIES in Internet Explorer 7, follow these steps:
    1. Click the Tools menu, and then click Internet Options.
    2. On the Advanced tab, click Reset.
    3. In the Reset Internet Explorer Settings dialog box, click Reset.
    4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
    5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.
    Note If you cannot start Internet Explorer 7 for some reason, use RIES from Internet Options in Control Panel.
     
  9. tw0rld

    tw0rld TS Maniac Posts: 572   +6

    Run HJT again and remove the following;
    Do not remove the ida.dll file. After looking it up again I found that it is associated with HP. Apparently it is linked to their download accelerator.

    When done post new logs.
     
  10. satoodles

    satoodles TS Rookie Topic Starter

  11. tw0rld

    tw0rld TS Maniac Posts: 572   +6

    Did you do this scan with IE running? You need to in order for me to see if the issue has been resolved. If yes...the problem is fixed.
    Remove the following with HJT:
    You need to do the IE reset procedure below

    To use RIES in Internet Explorer 7, follow these steps:
    1. Click the Tools menu, and then click Internet Options.
    2. On the Advanced tab, click Reset.
    3. In the Reset Internet Explorer Settings dialog box, click Reset.
    4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
    5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.
    Note If you cannot start Internet Explorer 7 for some reason, use RIES from Internet Options in Control Panel.

    post new log when done
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...