Jump to content


Photo

POP UP CRAZY / EXPLORER ERRORS


  • This topic is locked This topic is locked
54 replies to this topic

#51 DDAY

DDAY

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 07 June 2004 - 11:59 AM

PG,

Please accept my applogies for any prblems I may have caused. I appreciate your help.
Could AIM be the source of any of these problems? My daughter uses it daily. But says she has not been on any sites. Everyone is banned from this computer until this is straightened out!

I should note that 3 trojans were found by Trend Micro and 7 by Trojan Hunter. The following trojans were "uncleanable" but I did deleate them using the deleate button. Is that okay?
small.ct
agent.br
reop.a

I followed your other directions precisely with the exception of:

C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files (all contents) <=This will delete all your cached internet content including cookies. This is recommended and strongly suggested.
C:\Documents and Settings\<Your Profile>\Local Settings\Temp (all contents)
C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files(all contents)
C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp (all contents)

I did deleate all of the temp internet stuff through the control panel (while in safe mode) including off line content and cookies. Because I was unable to find the exact directories you posted using explore.
Thanks


Logfile of HijackThis v1.97.7
Scan saved at 12:15:27 PM, on 06/07/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 SP1 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\IBM\CLIENT ACCESS\CWBBS.EXE
C:\PROGRAM FILES\IBM\CLIENT ACCESS\CWBNPRED.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\PCAMGT.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\IBM\CLIENT ACCESS\CWBUITSK.EXE
C:\PROGRAM FILES\IBM\CLIENT ACCESS\CWBSVD.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\CwbSvStr.Exe"
O4 - HKLM\..\Run: [Client Access Taskbar] "C:\Program Files\IBM\Client Access\cwbuitsk.exe"
O4 - HKLM\..\Run: [Client Access API Daemon] "C:\Program Files\IBM\Client Access\cwbappcd.exe"
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE"
O4 - HKLM\..\RunServices: [Client Access Start Incoming RC] ###C:\WINDOWS\command\start.exe /MINIMIZED C:\WINDOWS\cwbrxd.exe
O4 - HKLM\..\RunServices: [Client Access Network Drive] C:\Program Files\IBM\Client Access\cwbbs.exe
O4 - HKLM\..\RunServices: [Client Access Network Print] C:\Program Files\IBM\Client Access\cwbnpred.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [pcAnywhere Agent] C:\Program Files\Symantec\pcAnywhere\pcamgt.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .com/servlet/AVQSDisplayPdf?rbVal=Dec 2001~195955120: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

#52 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 07 June 2004 - 12:44 PM

Your log is actually looking pretty clean. The last thing that I would like you to do ...

Please go to Microsoft Windows Update and download all critical updates for your system. This is imperative, expecially upgrade IE to version 6 SP1.

Let me know if you are still having any problems.

#53 DDAY

DDAY

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 07 June 2004 - 03:10 PM

Thank you for all of your help. I am CURED!!!!!

You are awesome. I don't know why you do what you do but I am glad you take the time. :hyper:

#54 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 07 June 2004 - 04:12 PM

MY pleasure - I am glad you stuck in there with me :)

If you have any more problems - You know where to come ... :D

#55 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 07 June 2004 - 06:46 PM

Glad we could help. :)

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button