Still no joy and I'm not sure how to proceed. I am grateful for your
interest and effort. Here's a copy of my HiJack This Log:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:50:07 AM, on 5/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C
WINDOWS\System32\smss.exe
C
WINDOWS\system32\winlogon.exe
C
WINDOWS\system32\services.exe
C
WINDOWS\system32\lsass.exe
C
WINDOWS\system32\svchost.exe
C
WINDOWS\System32\svchost.exe
C
WINDOWS\Explorer.EXE
C
WINDOWS\system32\spoolsv.exe
C
WINDOWS\system32\hkcmd.exe
C
WINDOWS\system32\igfxpers.exe
C
WINDOWS\stsystra.exe
C
Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C
Program Files\Common Files\InstallShield\UpdateService\issch.exe
C
Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C
Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C
Program Files\Dell Support Center\bin\sprtcmd.exe
C
Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C
Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C
Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C
WINDOWS\system32\ctfmon.exe
C
Program Files\Digital Line Detect\DLG.exe
C
Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C
Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C
WINDOWS\system32\HPZipm12.exe
C
WINDOWS\system32\PSIService.exe
C
Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C
Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C
Program Files\Dell Support Center\bin\sprtsvc.exe
C
WINDOWS\system32\svchost.exe
C
Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C
WINDOWS\system32\wuauclt.exe
C
Program Files\Trend Micro\BM\TMBMSRV.exe
C
WINDOWS\System32\svchost.exe
C
PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C
Program Files\Trend Micro\Internet Security\TmProxy.exe
C
WINDOWS\system32\msiexec.exe
C
Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080214
O4 - HKLM\..\Run: [IgfxTray] C
WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C
WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C
WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C
Program Files\Intel\Intel Matrix Storage
Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup]
C
PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C
Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C
Program Files\Trend Micro\Internet
Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C
Program Files\WordPerfect
Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C
Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C
Program Files\Dell Support
Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C
Program
Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C
Program
Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C
Program Files\Common
Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C
WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Open with WordPerfect - C
Program
Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C
Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C
Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C
WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C
WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C
Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C
Program
Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C
WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C
WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis -
C
Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: DSBrokerService - Unknown owner - C
Program
Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C
Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company -
C
WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company -
C
WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel
Corporation - C
Program Files\Intel\Intel Matrix Storage
Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C
Program Files\Common Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C
WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner -
C
WINDOWS\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C
Program Files\Common
Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions -
C
Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend
Micro Inc. - C
Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter)
(sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C
Program Files\Dell
Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C
Program
Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service
(TMBMServer) - Trend Micro Inc. - C
Program Files\Trend
Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. -
C
PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -
C
Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) -
Unknown owner - C
Program Files\Common
Files\Acronis\Fomatik\TrueImageTryStartService.exe
--
End of file - 7553 bytes
---
Dave
"PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
news:uG8pDuN$KHA.5292@TK2MSFTNGP06.phx.gbl...
> That Windows Update page error is not good news, I'm afraid.
>
> First read these two KB articles:
>
> Error message when you try to install updates from the Windows Update Web
> site on a Windows XP-based computer: "Windows Update has encountered an
> error and cannot display the requested page":
> http://support.microsoft.com/kb/914226
>
> You receive a "Windows Update has encountered an error and cannot display
> the requested page" error message when you try to install an update
> http://support.microsoft.com/kb/883614
>
> The Fix It in the following KB automagically performs all of the
> Resolutions/Troubleshooting in both of the above KBs:
>
> How do I reset Windows Update components?
> [Access KB971058 via Internet Explorer (32-bit) only; Run the Fix It in
> DEFAULT and AGGRESSIVE modes, then reboot]
> http://support.microsoft.com/kb/971058
>
> If still no joy, chances are you've got a hijackware infection on your
> hands.
>
> NB: Do NOT reinstall IE8 or install IE7 with the computer in its current
> state!
> --
> ~PA Bear
>
> Dave wrote:
>> When I uninstalled IE8 my system was returned to ver. 6.0.2900.5512. The
>> problem did NOT persist when browsing in this version.
>>
>> When I tried to open http://windowsupdate.microsoft.com the "Page could
>> not
>> be displayed." I will try later and follow the balance of your
>> instructions.
>>
>>> 1. Temporarily disable all Trend Micro components (i.e., anti-virus;
>>> anti-spyware; firewall) and then enable the Windows Firewall.
>>>
>>> 2. Now uninstall IE8 & reboot twice.
>>>
>>> . How to uninstall or remove Internet Explorer 8
>>> http://support.microsoft.com/kb/957700
>>>
>>> 3. Open Internet Explorer (only) to http://windowsupdate.microsoft.com |
>>> Select CUSTOM and scan | Install any Critical Security Updates offered
>>> (e.g., KB980182). If a Root Certificates update is listed in the
>>> Optional
>>> Software updates category on the left-hand side of the scan results
>>> window, install it to take full advantage of IE7's enhanced security.
>>>
>>> NB: Do NOT reinstall IE8! Uncheck it & hide it ("Don't show me this
>>> update again").
>>>
>>> 4. Reset IE7's Advanced settings per
>>> http://support.microsoft.com/kb/923737
>>>
>>> 5. Test: Does the behavior persist now?
>>>
>>>
>>> Dave wrote:
>>>> Not positive, but I think the sequence would have been IE 7, then SP3,
>>>> and
>>>> later upgraded to IE 8. IE 7 was installed on the computer when I
>>>> bought
>>>> it.
>>>>
>>>>> Which was installed first, IE8 (or IE7) or SP3?
>>>>>
>>>>> Dave wrote:
>>>>>> I do not have any third party tool bars.
>>>>>>
>>>>>> Trend Micro was running when IE 8 and SP3 were installed. However, I
>>>>>> don't
>>>>>> see how that could be an issue because that was done over a year ago
>>>>>> and
>>>>>> my
>>>>>> current problem just began three days ago.
>>>>>>
>>>>>> Neither Norton nor McAfee were installed on the computer. I ordered
>>>>>> it
>>>>>> with
>>>>>> the Trend Micro installed.
>>>>>>
>>>>>> I have not done a Repair Install.
>>>>>>
>>>>>>> What third-party tool bars are installed?
>>>>>>>
>>>>>>> Were all Trend Micro Internet Security processes running in the
>>>>>>> background
>>>>>>> when you installed IE8 and/or SP3?
>>>>>>>
>>>>>>> Are you absolutely certain that a Norton or McAfee free-trial wasn't
>>>>>>> preinstalled on the computer when you bought it? (Doesn't matter if
>>>>>>> you
>>>>>>> never used or Activated it.)
>>>>>>>
>>>>>>> Have you ever had occasion to do a Repair Install of WinXP?
>>>>>>>
>>>>>>>> 1. System is already running in No Add-ons mode
>>>>>>>>
>>>>>>>> 2. behavior persists after resetting.
>>>>>>>>
>>>>>>>> 3. Trend Micro Internet Security 16.120.1004 . . . subscription is
>>>>>>>> current
>>>>>>>> and updates are run daily.
>>>>>>>>
>>>>>>>> 4. No . . . Trend Micro was installed when the computer was
>>>>>>>> purchased.
>>>>>>>>
>>>>>>>>> 1. Does the behavior persist if start IE in No Add-ons mode?
>>>>>>>>>
>>>>>>>>> => Start | (All) Programs | Accessories | System Tools |
>>>>>>>>> Internet
>>>>>>>>> Explorer (No add-ons).
>>>>>>>>>
>>>>>>>>> Troubleshooting and Internet Explorer's (No Add-ons) Mode [Applies
>>>>>>>>> to
>>>>>>>>> IE7
>>>>>>>>> & IE8 in all OSS]
>>>>>>>>> http://blogs.msdn.com/ie/archive/2006/07/25/678113.aspx
>>>>>>>>>
>>>>>>>>> 2. Does the behavior persist if you Reset IE Advanced settings
>>>>>>>>> (RIES)?
>>>>>>>>> http://support.microsoft.com/kb/923737
>>>>>>>>>
>>>>>>>>> 3. What anti-virus application or security suite is installed and
>>>>>>>>> is
>>>>>>>>> your
>>>>>>>>> subscription current? What anti-spyware applications (other than
>>>>>>>>> Defender)? What third-party firewall (if any)? Were any of these
>>>>>>>>> applications running in the background when you installed IE8?
>>>>>>>>>
>>>>>>>>> 4. Has a(nother) Norton or McAfee application ever been installed
>>>>>>>>> on
>>>>>>>>> this
>>>>>>>>> machine (e.g., a free-trial version that came preinstalled when
>>>>>>>>> you
>>>>>>>>> bought
>>>>>>>>> it)?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Dave wrote:
>>>>>>>>>> I am using:
>>>>>>>>>> Windows XP Home, ver 2002, SP3;
>>>>>>>>>> IE 8.0.6001.18702
>>>>>>>>>>
>>>>>>>>>> From my Home Page, when I click on a Link, the Link opens and
>>>>>>>>>> then
>>>>>>>>>> my
>>>>>>>>>> Home
>>>>>>>>>> page immediately re-opens. I would like to know how to prevent
>>>>>>>>>> the
>>>>>>>>>> Home
>>>>>>>>>> Page
>>>>>>>>>> from re-opening.
>>>>>>>>>>
>>>>>>>>>> Thanks
>