Internet Explorer 6.0 Opens upon CPU start up

I have completed the READ THIS FIRST first section.

I have done all the scans except
* do an online scan at Symantec Security Check <- unable to get scan to work

Before completing your READ THIS FIRST I was infected with the about:blank, I think styre variants, and the virus that puts the unfotunate wallpaper on your desktop with an icon for Antivirus gold. I ran out and bought McAffee and installed. It found 30 virus'. They were all removed successfully. Wallpaper still remained ,my home page was the blank screen and IE starts up when I start my computer. I then went out on the web to look for assistance and found your site. This is the first time I have asked for help on the web but what the heck. A little blind faith and hopefully some good karma are to follow. All has been fixed by doing the READ THIS FIRST SECTION but IE starting upon my CPU starting. I completed all the downloads and ran all the recommended steps in safe mode and not in safe mode.

Please help. I have downloaded Hijack this and put it in program files\HJT as requested from the posts. I have also run it to see if I could see anything abnormal but I do not have the expertise in this area.

Thank you in advance!

 

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Wow

Quick response. Thank you!

I have attached the Hijack log as requested

 

One last note. I just found a program called Start Up Inspector and it identified that Program Files\Internet Explorer\iexplorer.exe was added as a result of the Boxer Virus! This has not been identified by any of the scans. It also says that the start up location is LM RUN. I had it disable this. Should I delete this .exe to solve my problem? Do you think I need to do something else? I am trying to continue to do research too and not leave it all up to your kindness.

Thanks

 

Lets start by running the below online scans:

Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan
Panda Online Scan

After you complete the above online scans REBOOT and post a fresh HJT log.

 

I have completed the scans. The first scan received an error. I have attached a document with screen shots of the results of all the scans as well as the HJT. The Panda scan found one. RAV found nothing. Trojan scan found 13 malware.

Please advise.

Thank you again for all the help.
See attached

 

Sorry.

Other document

 

Tried Zip. Failed. Trying Txt file

 

Bit Defender Error Message

This website is not authorized to host this ActiveX control. Please contact the webmaster of this website, or report to BitDefender at the e-mail address:scanonline@bitdefender.com


Inline logs attached!

 

Attach a current HJT log as an attachment to your post.

 

Current HJT

 

Scan with HijackThis and Check the Boxes for the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

O4 - Global Startup: VTAgentReboot.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Your HJT log is fairly clean, after you remove the entries above reboot and let me know if any problems remain.

 

All looks good. I have attached my hijack log again. Only new stuff is some yahoo garbage that came when I downloaded acrobate reader for Mozilla Firefox (which I have switched to).

Please advise.
If all is well, Thank you in advance.
Were do I contribute to the site?

 

Your HJT log looks clean to me, about the Yahoo! garbage, you can remove this thru Add/Remove Programs. Things such as Yahoo! Toolbar, Yahoo! Companion, etc;

If your not having any further problems, I would recommend following the steps in the thread on How to Protect yourself from malware!

 

All looks good.

Thank you for everything. I am using everything recommended by the site.

Thank you again!

Let me know if I can help you or this site in anyway

 

You're welcome! If you want to support this site you can buy a Majorgeeks t-shirt or sweatshirt. Also, an email of appreciation to the owners (see there names and email addresses here: http://www.majorgeeks.com/page.php?id=2 ) is always appreciated. Also send your friends here.

 

I will definetly buy a shirt. One more question. I have been using Mozilla for a week now and I receive a pop up about every minute that says Alert:The operation timed out when attempting to contact view.atdmt.com

I have run ALL the suggested cleaners(Spybot, CCleaner, Adware,Panda, RAV etc) and nothing is found. I looked at my hijack log using your guide and the only thing I found is O4 - Global Startup: VTAgentReboot.exe as before. I tired to fix but it says it is in use.

Please advise.

Hijack log attched

 

Reboot into Safe Mode with the viewing of hidden files and folders enabled per the tutorial!

Navigate to the following directory and delete the file manually!

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

VTAgentReboot.exe

Once you have removed the file, reboot into normal windows, scan with HJT and attach the new log.

 

I will do this as soon as I get home from work.

Thank you!

 

You're Welcome!

Will be awaiting results!

 

I have completed the request.

Hijack log attached

Thanks!

 

Your HJT log is clean, are you having any further issues?

 

Still having the same issue with the pop up that says Alert:The operation timed out when attempting to contact view.atdmt.com

I searched the internet for this and there are a few posts. Seems as though it is some cookie from a financial website. I know that this site is on the restricted sites for Internet Explorer from my research

 

Please download DelDomains and unzip it to your desktop. Do not run it yet.

Find the files from deldomains.zip on your Desktop and RightClick on the deldomains.inf file and select Install.

After you complete the above, reboot and see if problem remains.

 

Problem still exists. Do I need to do the previous process in safe mode? My wifes user profile has the same problem too.

 

Each user account must be cleaned separately, this case I wouldnt think so if it didnt work for you.

Since this is mainly a Software problem and not malware related I am going to recommend your posting this in the Software Forum.

Good Luck!

 

I will post in the software forum then. I do have one final question. I am unclear by what you mean about my wife's profile. Are you saying that everything I do on my profile I should repeat on her profile? If this is the case, I guess I should get rid of her profile to make life easier. I can just use Outlook Express to set up different accounts for us. Finally, when I post to the Software forum, should I refer to this thread. If so how do I post a link to this thread so the other people assisting can see what processes I have done already?