Internet explorer keeps popping up even after I close it in task manager

By fishoil
Sep 7, 2011
  1. I know it's a virus because when I click on any link on google (with Firefox), I am always redirected to another website. I don't even use Internet Explorer or have it installed on my computer. My computer is a basic vista. I have used Malwarebytes Anti-Malware and some other anti-virus programs, but my problem remains.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Welcome to TechSpot! I'll help you find the source of the redirect.

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
  3. fishoil

    fishoil TS Rookie Topic Starter

    Part 1

    Malwarebytes' Anti-Malware 1.46

    Database version: 4590

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.19048

    9/7/2011 3:57:59 PM
    mbam-log-2011-09-07 (15-57-59).txt

    Scan type: Quick scan
    Objects scanned: 131751
    Time elapsed: 6 minute(s), 27 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Part 2

    GMER -
    Rootkit scan 2011-09-07 16:51:38
    Windows 6.0.6001 Service Pack 1
    Running: r84nrtck.exe; Driver: C:\Users\Bron\AppData\Local\Temp\pxldqpog.sys

    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore@Count 167

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\$NtUninstallKB34127$\1652168906 0 bytes
    File C:\Windows\$NtUninstallKB34127$\168156092 0 bytes

    ---- EOF - GMER 1.0.15 ----

    Part 3

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_26
    Run by Bron at 16:52:41 on 2011-09-07
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2012.809 [GMT -4:00]
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ============== Running Processes ===============
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    ============== Pseudo HJT Report ===============
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    mRun: [TaskTray]
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRunOnce: [AvgUninstallURL] cmd.exe /c start"&"inst=NzYtOTE0MjQ1NTA2LUZMMTArMS1YTzEwKzExLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=94"&"ver=2012.0.1796"&"mid=3a480e8ebaa247d183d8d16c2262c233-f529332e0689391059bcd1e14c2d3789174b4192
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://
    TCP: DhcpNameServer =
    TCP: Interfaces\{4BC80F2B-05CF-4ACA-996F-C2A6BDCE6D42} : DhcpNameServer =
    TCP: Interfaces\{7FDD580C-C6C9-4AF4-9B95-194898B13416} : DhcpNameServer =
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    ================= FIREFOX ===================
    FF - ProfilePath - c:\users\bron\appdata\roaming\mozilla\firefox\profiles\q8vhbpbo.default\
    FF - prefs.js: - hxxp://{searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
    FF - prefs.js: -
    FF - prefs.js: browser.startup.homepage - hxxp://
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: vShare Plugin: vshareus@toolbar - %profile%\extensions\vshareus@toolbar
    FF - Ext: XUL Cache: {19997655-9109-49ad-9a84-d8d002f824dc} - %profile%\extensions\{19997655-9109-49ad-9a84-d8d002f824dc}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    FF - Ext: Memory Fox: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} - %profile%\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
    FF - Ext: XUL Cache: {f4b2414f-e82a-47e6-b30b-5decc36999d2} - %profile%\extensions\{f4b2414f-e82a-47e6-b30b-5decc36999d2}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============
    R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-2-23 81920]
    R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-4-4 20376]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
    R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2010-2-23 656624]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-2-23 112640]
    R3 pxldqpog;pxldqpog;c:\users\bron\appdata\local\temp\pxldqpog.sys [2011-9-7 100864]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2008-2-13 618112]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    =============== Created Last 30 ================
    2011-09-06 17:09:25 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{632bc027-495c-48eb-9005-8e4a57b8438f}\mpengine.dll
    2011-09-05 02:48:29 -------- d-----w- c:\users\bron\appdata\roaming\AVG2012
    2011-09-05 02:46:33 -------- d-----w- c:\programdata\AVG2012
    2011-09-05 01:20:45 23512 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
    2011-09-05 01:20:45 138712 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    2011-09-05 01:20:42 64984 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
    2011-09-05 01:20:40 467928 ----a-w- c:\program files\mozilla firefox\sqlite3.dll
    2011-09-05 01:20:40 1015768 ----a-w- c:\program files\mozilla firefox\js3250.dll
    2011-09-04 05:26:02 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    2011-09-04 05:18:30 -------- d-----w- c:\users\bron\appdata\local\PackageAware
    2011-09-04 05:06:08 -------- d-----w- c:\users\bron\appdata\local\Microsoft Games
    2011-09-03 22:51:17 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    ==================== Find3M ====================
    2011-09-05 02:28:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    ============= FINISH: 16:58:53.95 ===============

    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    DivX Setup
    Download Updater (AOL LLC)
    Driver Performer
    Free Audio CD Burner version 1.4
    Free YouTube to MP3 Converter version 3.9
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HTC Driver Installer
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    Java Auto Updater
    Java(TM) 6 Update 26
    Junk Mail filter update
    LaserJet 1020 series
    Malwarebytes' Anti-Malware
    ManyCam 2.6.25 (remove only)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Default Manager
    Microsoft Halo
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox (3.6.8)
    MSXML 4.0 SP2 Parser and SDK
    Need For Speed III
    Network Magic
    Norton Security Scan
    Octoshape add-in for Adobe Flash Player 3.2
    OrderReminder HP LaserJet 1020
    Pasco USB Driver
    PC Camera
    PowerDVD DX
    Pure Networks Platform
    Realtek High Definition Audio Driver
    Roxio Burn
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Skype™ 5.3
    Super Mario Bros. X version 1.3
    Test Drive 5
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 1.0.5
    WebEx Support Manager for Internet Explorer
    Windows Driver Package - PASCO Scientific (PASCO) USB (01/17/2004
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Writer
    WinRAR archiver
    Xfire (remove only)
    YouTube Downloader 2.5.5
    ==== Event Viewer Messages From Past Week ========
    9/5/2011 11:27:10 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 spldr Wanarpv6
    9/4/2011 9:49:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
    9/4/2011 9:15:05 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.111.1045.0 Loading engine version: 1.1.7104.0
    9/4/2011 2:11:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
    9/4/2011 2:11:35 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    9/4/2011 2:10:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/4/2011 2:10:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/4/2011 2:10:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/4/2011 2:10:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/4/2011 10:20:12 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    8/31/2011 2:47:35 AM, Error: Service Control Manager [7000] - The eamonm service failed to start due to the following error: The system cannot find the file specified.
    ==== End Of File ===========================
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You ran an outdated version of Malwarebytes. It's important that you use the links we give you:
    Malwarebytes' Anti-Malware 1.46 Database version: 4590 is not current.

    Please remove the version above and run this:
    Malwarebytes' Anti-Malware
    • Please download Malwarebytes' Anti-Malware from from HERE
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      [o] Update Malwarebytes' Anti-Malware
      [o] and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
      * When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      Note: on opening Notepad, click on Format> make sure Word Wrap is unchecked.
      [o] If you accidentally close it, the log file is saved here and will be named like this:
      [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    The logs you left are not complete:
    1. DDS.txt, in the Pseudo HJT Report begins with TB (toolbars)
    There is no home page or search page, no BHOs> Browser Helper Objects

    2. Attach.txt log from DDS, is missing the entire heading and {b]Installed Programs[/b]before the letter D.
    Example follows> Your system information would be in place of the XXXXXX

    DDS (Ver_2011-08-26.01)
    Microsoft Windows xxxx
    Boot Device: xxxxxx\
    Install Date: xxxx
    System Uptime: xxxx
    Motherboard: xxxx
    Processor: xxxxAMD

    ==== Disk Partitions =========================
    C: is FIXED (NTFS) - xxx GiB total, xxx GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) -
    F: is Removable

    ==== Disabled Device Manager Items =============
    Class GUID: xxx
    Description: xxx
    Device ID: xxxx
    Name: xxx
    PNP Device ID: xxx
    Service: xxxx
    ==== System Restore Points ===================
    ==== Installed Programs ======================
    List below would include your installed programs

    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.0)
    Adobe Shockwave Player 11.5
    Apple Software Update
    Bing Bar
    CyberLink PowerDVD 9:
    Above is example only of some entries that should appear before Dell
    If I am to help you, the logs you leave need to be complete so that I can identify all that is running and have you handle it appropriately. So do this please:
    1. Uninstall old Mbam and log> reinstall new, current Mbam and scan. Leave log in next reply
    2. Repost both of the DDS logs with complete entries. If you don't have them, please run the program again and post the new logs.
    3. Explain this further:
    What does the 'popping up' mean? Is a Window from IE opening randomly? What is in the Address bar?
    Or are you bothered by seeing the iexplore.exe entry or entries in the Task Manager?
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...