Author Topic: pop-up madness(IExplorer.exe prob) (Read 1654 times)

whitewolf187 · « **on:** October 07, 2005, 04:43:20 PM »

hey im having trouble with pop-ups lately and i notice the IExplorer.exe in my windows task manager. I figure im havin the same problem as a couple people so i will post my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 5:42:24 PM, on 10/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\etb\pokapoka75.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HTJ\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.24-7searching-and-more.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.24-7searching-and-more.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.24-7searching-and-more.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\hincmaa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.24-7searching-and-more.com/sp2.php
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuchess.com/activex/web665.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

thx in advance for your help

guestolo · « **Reply #1 on:** October 08, 2005, 07:48:18 PM »

Sorry for the delay

Can you do the following please

Download LQfix.exe from one of the following locations:

http://www.downloads.subratam.org/LQfix.exe
http://miekiemoes.geekstogo.com/tools/LQfix.exe

Save it to your desktop.

Double-Click LQfix.exe and click Next > Next > Install.
Leave the default settings, if you change them, the fix will Fail!
You need an active Internet connection, so make sure your connection is enabled.
Now make sure the "Launch LQfix" box is checked.
Click the Finish button, after clicking the Finish button the fix will start.
Follow the on-screen prompts.
Your system will reboot afterwards.
Please be patient after the reboot, there is a script running in the background that needs to

Back in Windows
Download and Install Ad-Aware SE Personal 1.06

Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates

After updating, close down all browser windows

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.24-7searching-and-more.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.24-7searching-and-more.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.24-7searching-and-more.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\hincmaa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.24-7searching-and-more.com/sp2.php
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Access your add/remove programs and remove Viewpoint
If you didn't purposely install it
May be more than one instance

Open Ad-Aware
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop

Restart your computer again

Back in Windows
Your way behind on Windows updates
You should at minimum for now
Visit Windows updates and download and install Service Pack 1a
You can install SP2 when we're sure your all clean

Post back a fresh hijackthis log
and include the report from Ewido's

whitewolf187 · « **Reply #2 on:** October 09, 2005, 12:41:38 AM »

hey quest, its cool atleast you replied so thats good enough. oh yea i kno im behind on the window, i was wondering about the part where it says to archive. is that a good thing to do when installin sp1a
heres my hjt log and ewido

Logfile of HijackThis v1.99.1
Scan saved at 1:32:34 AM, on 10/9/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\HTJ\hijackthis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuchess.com/activex/web665.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         1:29:09 AM, 10/9/2005
+ Report-Checksum:      B4C31724

+ Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5}\TypeLib\\ -> Spyware.SafeSurfing : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0}\TypeLib\\ -> Spyware.SafeSurfing : Cleaned with backup
   HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bridge.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bridge.dll\\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -> Spyware.WinFavorites : Cleaned with backup
   HKU\S-1-5-21-790525478-1580436667-854245398-1003\Software\DNS -> Adware.Shorty : Cleaned with backup
   HKU\S-1-5-21-790525478-1580436667-854245398-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
   HKU\S-1-5-21-790525478-1580436667-854245398-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
   :mozilla.12:C:\Documents and Settings\Shin Hajime\Application Data\Mozilla\Firefox\Profiles\xi05tyvj.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.17:C:\Documents and Settings\Shin Hajime\Application Data\Mozilla\Firefox\Profiles\xi05tyvj.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.23:C:\Documents and Settings\Shin Hajime\Application Data\Mozilla\Firefox\Profiles\xi05tyvj.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.24:C:\Documents and Settings\Shin Hajime\Application Data\Mozilla\Firefox\Profiles\xi05tyvj.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\Shin Hajime\Application Data\Mozilla\Firefox\Profiles\xi05tyvj.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.26:C:\Documents and Settings\Shin Hajime\Application Data\Mozilla\Firefox\Profiles\xi05tyvj.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.27:C:\Documents and Settings\Shin Hajime\Application Data\Mozilla\Firefox\Profiles\xi05tyvj.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Shin Hajime\Application Data\Mozilla\Firefox\Profiles\xi05tyvj.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\Shin Hajime\Application Data\Mozilla\Firefox\Profiles\xi05tyvj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\Shin Hajime\Application Data\Mozilla\Firefox\Profiles\xi05tyvj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.34:C:\Documents and Settings\Shin Hajime\Application Data\Mozilla\Firefox\Profiles\xi05tyvj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.35:C:\Documents and Settings\Shin Hajime\Application Data\Mozilla\Firefox\Profiles\xi05tyvj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.39:C:\Documents and Settings\Shin Hajime\Application Data\Mozilla\Firefox\Profiles\xi05tyvj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.40:C:\Documents and Settings\Shin Hajime\Application Data\Mozilla\Firefox\Profiles\xi05tyvj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.41:C:\Documents and Settings\Shin Hajime\Application Data\Mozilla\Firefox\Profiles\xi05tyvj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Shin Hajime\Application Data\Phoenix\Profiles\default\ocpur51t.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Shin Hajime\Application Data\Phoenix\Profiles\default\ocpur51t.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
   C:\Documents and Settings\Shin Hajime\Cookies\shin [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Shin Hajime\Cookies\shin [email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   C:\Documents and Settings\Shin Hajime\Cookies\shin [email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\Shin Hajime\Cookies\shin hajime@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Shin Hajime\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
   C:\Documents and Settings\Shin Hajime\Local Settings\Temp\res1E1.tmp -> Spyware.180Solutions : Cleaned with backup
   C:\Documents and Settings\Shin Hajime\Local Settings\Temp\sahagent.exe -> Adware.SAHA : Cleaned with backup
   C:\Documents and Settings\Shin Hajime\Local Settings\Temporary Internet Files\Content.IE5\JIV9L1VJ\silent_setup[1].exe -> Spyware.EliteBar : Cleaned with backup
   C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
   C:\Program Files\Common Files\services.exe -> Spyware.Maxifiles : Cleaned with backup
   C:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
   C:\Program Files\Common Files\Windows\services32.exe -> Spyware.Maxifiles : Cleaned with backup
   C:\Program Files\filesubmit\mce.zip\NNEZTA388.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\Program Files\filesubmit\mce.zip\TBEZA127Q.exe -> Spyware.Quick : Cleaned with backup
   C:\Program Files\IncrediFind -> Spyware.Incredifind : Cleaned with backup
   C:\Program Files\IncrediFind\BHO -> Spyware.Incredifind : Cleaned with backup
   C:\Program Files\InetGet\Adperform180safull.exe -> Spyware.WinAD : Cleaned with backup
   C:\Program Files\Opera75\Plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
   C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\WINDOWS\system32\SHAgentNew.dll -> Spyware.BargainBuddy : Cleaned with backup

::Report End

guestolo · « **Reply #3 on:** October 09, 2005, 01:48:44 AM »

It's been a while since I installed SP1a
It's give you the option of removing Service pack 1a from add/remove programs

But I wouldn't worry about it

Your log looks good, but you need to get your updates

If everything is running better, please do the following
You should disable system restore and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature

Once System Restore is reenabled
Go and create yourself a new restore point
START>>Programs>>Accessories>>System Tools>>System restore
Click create new restore point
Name it and then click create

When that's done
Get over to Windows updates and you should be fine installing SP2
This can take awhile, 30 minutes or so on cable or dsl
Let it run uninterrupted

Restart when prompted

You should set up protection against future attacks
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"
IE-Spyad is compatible with SP2

Let me know how everything is running

NOTE: Before installing SP2
If you are running an old version of Style XP
I would opt to uninstall beforehand then install SP2
Afterwards, you can go back and reinstall Style XP, make sure it's the latest version

whitewolf187 · « **Reply #4 on:** October 10, 2005, 05:34:54 AM »

Can i still get sp2 with my friends burnt winxp pro disc. i kno stuff about the comp i was just never use to touch the service packs >,<. But yes everything is running smoother, i played my WoW and went on lineage no problems. i will post another hjt log for u to look over, and thx again quest. im lucky i found this site when i was researchin my problems. Soon i'll have my new comp built and i'll do better with the viruses, cause i cant let that one get messed

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' />(goin to be my gamin machine lol)

Logfile of HijackThis v1.99.1
Scan saved at 6:33:45 AM, on 10/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\HTJ\hijackthis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuchess.com/activex/web665.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

here it is and thx again

guestolo · « **Reply #5 on:** October 10, 2005, 11:43:47 AM »

You won't have much luck getting the Service pack with an illegal copy of Windows
Sorry

But make sure you install those protections I recommended
You may opt to get yourself a legal version on your new system
Without windows updates you can pick up malware within minutes on an unprotected system

At minimum, you should be able to install
Internet explorer SP1
http://www.microsoft.com/windows/ie/downlo...p1/default.mspx

Make sure you have XP's firewall enabled if you don't have it on or not running thru a Nat Router
Better yet get a better firewall and disable XP's

I like Sygate's
Others prefer Zonealarm
Take a look at the following link
You only need one firewall running on your system!!!
Click Here
If you decide to install a software firewall, make sure you disable XP's
If you don't decide to install one, make sure XP's is enabled

Also, the Java updater never seems too work that well
Access your control panel and Double click on the Java icon
Under the cache tab clear the cache
Under the update tab, you can uncheck the updater
Then manually check for an update by clicking the check now

Stay safe

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: pop-up madness(IExplorer.exe prob) (Read 1654 times)

whitewolf187

pop-up madness(IExplorer.exe prob)

guestolo

pop-up madness(IExplorer.exe prob)

whitewolf187

pop-up madness(IExplorer.exe prob)

guestolo

pop-up madness(IExplorer.exe prob)

whitewolf187

pop-up madness(IExplorer.exe prob)

guestolo

pop-up madness(IExplorer.exe prob)