Browser automatically restores

StewMonkey13

Beta member
Messages
4
Yo,

So, I worked at my college's helpdesk for 4 years and have done a lot of for hire computer work. So, I'm not completely lost on most things. However, right now I'm having trouble with a client's web pages that is really annoying and I'm as so far stumped. What happens is that they'll go to a page, and minimize the browser, and then go on with something else till they want to come back. However, recently the browser, both IE and netscape, will automatically restore themselves when the page is done loading. This is really if they're doing something else when it happens. Looked through obth IE's internet options and netsacpe's preferences to no avail. Not sure if some seting got messed up somewhere, or if it's spyware of some sort. However, I have run both adaware and spy-bot several times and think it's pretty clean. Oh, and running windows XP, no SP 1 or 2, and please don't tell me I need to get them these, they're not too sure they want the SP's. Any suggestions would be great, thanks.

Peace,
Stew
 
why wouldn't you want service packs? this is probably why they have the problem in the first place, no security updates were done. And if no updates were done there are probably viruses as well, I wonder when people will learn.
Download HJT and post your log. While your here grab CWShredder..
http://www.spywareinfo.com/~merijn/downloads.html
 
Logfile of HijackThis v1.98.2
Scan saved at 9:11:00 PM, on 12/13/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Loafy\loafy.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Abyss Web Server\abyssws.exe
C:\Program Files\Gaim\gaim.exe
C:\Program Files\Abyss Web Server\abyssws.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\TypeItIn\TypeItIn.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG6\avgse.exe
C:\Documents and Settings\Stew\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.kingsofchaos.com/"); (C:\Documents and Settings\Stew\Application Data\Mozilla\Profiles\default\ian9s7gt.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Stew\Application Data\Mozilla\Profiles\default\ian9s7gt.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [AbyssWebServer] C:\Program Files\Abyss Web Server\abyssws.exe
O4 - HKCU\..\Run: [Gaim] C:\Program Files\Gaim\gaim.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

that's the hijack this log, and will try firefox, but i doubt it, just cuz it's almost exactly like netscape. I don't see anything too bad in there, though, so, I'm wondering if it's just a preferences thing. I've also run avg anti-virus and not found anything.
 
try getting rid of these

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.kingsofchaos.com/"); (C:\Documents and Settings\Stew\Application Data\Mozilla\Profiles\default\ian9s7gt.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Stew\Application Data\Mozilla\Profiles\default\ian9s7gt.slt\prefs.js)
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
---- Done

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.kingsofchaos.com/"); (C:\Documents and Settings\Stew\Application Data\Mozilla\Profiles\default\ian9s7gt.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Stew\Application Data\Mozilla\Profiles\default\ian9s7gt.slt\prefs.js)

on these I think that it's juts a preferences in netscape/mozilla about what happens when you go to the search option or the homepage

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll

done, but it's just an ftp program

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

also done

To be more specific about the problem. When a page web page is minimized, it will automatically be restored when it is finished loading. If the page is loading in the background, it is automatically brought to the front when done loading.
 
LOLOLOLOLOL, FireFox 1.o is nothing like Netscape, LOLOLOL, LMAO!!! They use completely different codes. That is like saying Linux is like Windows, they may look alike, but have nothing really in common. Don't insult FireFox by saying it is anything like Netscape. Download FireFox, and learn what a true internet browser's power can do.
 
still doesn't fix his problem
I am not familiar with all of those entries above, so if I told you to remove something and it didn't need to be, worse case scenario you reinstall it. Also, some exploits attach themselves to other programs so what seems safe like AIM, may in truth be a problem. have you tried to do a windows repair from the xp disk?
 
Format, get behind a good firewall, install Mozilla, and go from there (also get SpySweeper or SPybot, and AdawareSE)
 
i've got spybot and adaware, and the reason i use netscape 7.* is because it works much better with my logitech keyboard software (I'm very lazy and don't like to type in websites) than any versions of mozilla I've tried, and I'm also cheap, so opra is out. Honestly my favorite browser is Safari, but as it's mac, I'm SOL. I think I've found a decent work around that'll work till it's format time which is only about a month or 2 away (every 6 months). If you ever think of something, please post here.
 
Back
Top Bottom