Multiple IE windows popups

Hi, all. First let me start off by saying this is an awesome forum. The problem I am experiencing is that on occasion while closing out an accessed webpage on AOL multiple IE6 windows (70+) pop up and freezes my system. It doesn't happen all the time, but it as been very frustrating. I ran several different updated virus scans and Trojan scans and they all came back clean. I also ran Spybot and got rid of all the spyware that showed up. If anyone can give my some info I would really appreciate it. TIA

PS- If I posted this in the wrong section I apoligize.

 

Hi chip718,

Are these windows all connecting to the same website and if so, which one?

Secondly: do you have a file called stcloader.exe on your computer?

Regards,

Pieter

 

Thanks for reply. I did a search for stcloader.exe and nothing came up. I am unable to see what sites all those windows are from because when they appear the whole PC freezes.

 

Hi Chip,

Could you follow the instructions posted here: http://www.wilderssecurity.com/showthread.php?t=15913
Since you already scanned with Spybot, you can skip that step of course.

But I would like to have a look at your HijackThis log.

Regards,

Pieter

 

Thanks alot Pieter. I really appreciate your help.

Logfile of HijackThis v1.97.7
Scan saved at 5:02:35 PM, on 1/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\CTHELPER.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\gearsec.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Owner\Desktop\Chip's Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINNT\System32\oobe\msoobe.exe
O4 - Global Startup: Event Reminder.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Real.com (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF566226-E715-4B94-9045-89809A3E392E}: NameServer = 205.188.146.146

 

Hi Chip,

Your log was analyzed here:
http://www.wilderssecurity.com/showthread.php?t=19514

Regards,

Pieter