Can't stop explorer pop ups

Discussion in 'System Security & Infection Support' started by Dani257, Aug 28, 2004.

  1. Dani257

    Dani257

    Joined:
    Aug 28, 2004
    Messages:
    5
    Likes Received:
    0
    Location:
    Louisiana
    Last night, my computer just kept bringing up pop up ads advertizing a free ipod mini. They come up even when the browser is closed. A dozen at a time, until the toolbar is filled with them. They're internet explorer pop ups, so I unistalled ie (I'm using Netscape now) but they still come and I can't get rid of them. Is there any way to stop this without having to reinstall windows and delete all my files? I've got a pop up blocker, but that still doesn't work. Thanks.
     
    Dani257, Aug 28, 2004
    #1
    1. Advertisements

  2. Dani257

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    What OS are you have this issue on? You can never completley uninstall IE. It's built into the OS (Explorer, etc). First, do you have all of the updates for your OS? It's always very important to keep your system up to date.

    You must of installed something for this to keep poping up. Maybe some trial software or a P2P application? I would remove this software to see if it helps. Also, install Ad-Aware SE, which is found in our Handy Tools, update it and do a full scan. If that doesn't help. post your HijackThis Log here.
     
    James, Aug 28, 2004
    #2
    1. Advertisements

  3. Dani257

    Dani257

    Joined:
    Aug 28, 2004
    Messages:
    5
    Likes Received:
    0
    Location:
    Louisiana
    Is OS operating system? Do you mean what Windows program I'm in? I didn't deliberately download any software, but I did find something with dlsmgr in the name that somehow got downloaded without my knowledge and installed a daily horoscope and time synchronizer, but I uninstalled and deleted that. That's the only thing that was installed before the pop ups started. I don't know what else could have been downloaded to make this happen. Is there a way to find out which software it is? I ran the Ad aware scan and got rid of ads, but they still pop up. Also, what is a hijackthis log?
     
    Dani257, Aug 29, 2004
    #3
  4. Dani257

    Phil VIP Member

    Joined:
    Dec 20, 2003
    Messages:
    959
    Likes Received:
    14
    Location:
    Ontario, Canada
    HijackThis is a program found here in the Handy Tools section. Run it, save the log and copy and paste it into this thread.
     
    Phil, Aug 29, 2004
    #4
  5. Dani257

    Dani257

    Joined:
    Aug 28, 2004
    Messages:
    5
    Likes Received:
    0
    Location:
    Louisiana
    Logfile of HijackThis v1.98.2
    Scan saved at 2:21:54 AM, on 8/29/2004
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINNT\System32\P2P Networking\P2P Networking.exe
    C:\program files\altnet\points manager\points manager.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINNT\SOUNDMAN.EXE
    C:\WINNT\System32\rundll32.exe
    C:\WINNT\System32\rundll32.exe
    C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\System32\qcut.exe
    C:\Program Files\Spyware Doctor\spydoctor.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\WINNT\dhsvr.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\svbvm60m.exe
    C:\PROGRA~1\Netscape\Netscape\Netscp.exe
    C:\WINNT\System32\acctres.exe
    C:\Documents and Settings\Angela1.ANGELA\My Documents\hjt\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jkwvojlssrnmnakbpeww.com...nkzuBR/W0vSvjXQzrISL0NvUKb3P5gVRCj91Sa73Z.php
    O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINNT\System32\ATPART~1.DLL
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
    O2 - BHO: MyQuickSearch Search Assistant BHO - {04011C11-2F3B-44ed-977C-270CA669C6B2} - C:\Program Files\MyQuickSearch\SrchAstt\1.bin\MQSSRCAS.DLL (file missing)
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
    O2 - BHO: Zedd4Proj.clsUnoOne - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - C:\WINNT\System32\AAARZX.dll
    O2 - BHO: mqsBar BHO - {0E677221-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
    O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINNT\System32\stlb2.dll
    O2 - BHO: PowerSearch - {4E7BD74F-2B8D-469E-A3FA-F161A787AD2D} - C:\PROGRA~1\POWERS~1\Toolbar\pwrsmnd1\pwrsmnd1.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6C2B1284-772B-6540-9156-DD17D4AE63E8} - C:\PROGRA~1\MAPIDO~1\Camp Base.exe
    O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Pribi\Pribi.dll
    O2 - BHO: Xbrowse Class - {83DC91DB-7896-43E3-B34D-A7D043F16BB1} - C:\Documents and Settings\All Users.WINNT\Application Data\RDSA\rdsa.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} - (no file)
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Xbrowse Class - {CE7EF827-47CC-48EB-B570-C367F1E1277E} - C:\Documents and Settings\All Users.WINNT\Application Data\x1ff\x1ff.dll
    O2 - BHO: routqext - {DBDC9D5E-CCE2-DAE5-67E1-345615DC712B} - C:\WINNT\System32\routqext. (file missing)
    O2 - BHO: (no name) - {DE433183-0226-4165-85A7-3CDE8526E125} - C:\WINNT\system32\afat.dll
    O2 - BHO: FavoriteMan Class - {EBBD88E5-C372-469D-B4C5-1FE00352AB9B} - C:\WINNT\System32\mmviewer1112.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
    O3 - Toolbar: My &Quick Search - {0E677229-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-A3FA-F161A787AD2D} - C:\PROGRA~1\POWERS~1\Toolbar\pwrsmnd1\pwrsmnd1.dll
    O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINNT\System32\stlb2.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [drive soap] C:\PROGRA~1\CAKEFI~1\GreatAdmin.exe
    O4 - HKLM\..\Run: [AUDIO BODY MESS TRAY] C:\Documents and Settings\All Users.WINNT\Application Data\DrvAdminAudioBody\dale dent.exe
    O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\ANGELA~1.ANG\LOCALS~1\Temp\tb_setup.exe /dcheck
    O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINNT\DHUpdt.exe
    O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINNT\dhbrwsr.exe
    O4 - HKLM\..\Run: [svbvm60m] C:\WINNT\System32\svbvm60m.exe
    O4 - HKLM\..\RunOnce: [uiiha.exe] C:\WINNT\System32\uiiha.exe /k
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
    O4 - HKCU\..\Run: [irmon] C:\WINNT\System32\irmon.exe
    O4 - HKCU\..\Run: [shimgvw] C:\WINNT\System32\shimgvw.exe
    O4 - HKCU\..\Run: [qcut] C:\WINNT\System32\qcut.exe
    O4 - HKCU\..\Run: [atiupdate] C:\DOCUME~1\ANGELA~1.ANG\LOCALS~1\TEMP\SEARCH~1.EXE
    O4 - HKCU\..\Run: [acctres] C:\WINNT\System32\acctres.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: SirSearch - file://C:\Program Files\PWRSMND1\Cache\SelectedContextSearch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0874246a9ac506880f02/netzip/RdxIE601.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
     
    Dani257, Aug 29, 2004
    #5
  6. Dani257

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    Check all this stuff, then reboot.
    C:\WINNT\System32\P2P Networking\P2P Networking.exe
    C:\program files\altnet\points manager\points manager.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\WINNT\System32\qcut.exe
    C:\Program Files\Spyware Doctor\spydoctor.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\WINNT\System32\acctres.exe
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jkwvojlssrnmnakbpeww.com...VRCj91Sa73Z.php
    O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINNT\System32\ATPART~1.DLL
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_ 12_0.dll
    O2 - BHO: MyQuickSearch Search Assistant BHO - {04011C11-2F3B-44ed-977C-270CA669C6B2} - C:\Program Files\MyQuickSearch\SrchAstt\1.bin\MQSSRCAS.DLL (file missing)
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
    O2 - BHO: Zedd4Proj.clsUnoOne - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - C:\WINNT\System32\AAARZX.dll
    O2 - BHO: mqsBar BHO - {0E677221-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
    O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINNT\System32\stlb2.dll
    O2 - BHO: PowerSearch - {4E7BD74F-2B8D-469E-A3FA-F161A787AD2D} - C:\PROGRA~1\POWERS~1\Toolbar\pwrsmnd1\pwrsmnd1.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6C2B1284-772B-6540-9156-DD17D4AE63E8} - C:\PROGRA~1\MAPIDO~1\Camp Base.exe
    O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Pribi\Pribi.dll
    O2 - BHO: Xbrowse Class - {83DC91DB-7896-43E3-B34D-A7D043F16BB1} - C:\Documents and Settings\All Users.WINNT\Application Data\RDSA\rdsa.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} - (no file)
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Xbrowse Class - {CE7EF827-47CC-48EB-B570-C367F1E1277E} - C:\Documents and Settings\All Users.WINNT\Application Data\x1ff\x1ff.dll
    O2 - BHO: routqext - {DBDC9D5E-CCE2-DAE5-67E1-345615DC712B} - C:\WINNT\System32\routqext. (file missing)
    O2 - BHO: (no name) - {DE433183-0226-4165-85A7-3CDE8526E125} - C:\WINNT\system32\afat.dll
    O2 - BHO: FavoriteMan Class - {EBBD88E5-C372-469D-B4C5-1FE00352AB9B} - C:\WINNT\System32\mmviewer1112.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_ 12_0.dll
    O3 - Toolbar: My &Quick Search - {0E677229-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-A3FA-F161A787AD2D} - C:\PROGRA~1\POWERS~1\Toolbar\pwrsmnd1\pwrsmnd1.dll
    O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINNT\System32\stlb2.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [drive soap] C:\PROGRA~1\CAKEFI~1\GreatAdmin.exe
    O4 - HKLM\..\Run: [AUDIO BODY MESS TRAY] C:\Documents and Settings\All Users.WINNT\Application Data\DrvAdminAudioBody\dale dent.exe
    O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\ANGELA~1.ANG\LOCALS~1\Temp\tb_setup.ex e /dcheck
    O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINNT\DHUpdt.exe
    O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINNT\dhbrwsr.exe
    O4 - HKLM\..\Run: [svbvm60m] C:\WINNT\System32\svbvm60m.exe
    O4 - HKLM\..\RunOnce: [uiiha.exe] C:\WINNT\System32\uiiha.exe /k
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
    O4 - HKCU\..\Run: [irmon] C:\WINNT\System32\irmon.exe
    O4 - HKCU\..\Run: [shimgvw] C:\WINNT\System32\shimgvw.exe
    O4 - HKCU\..\Run: [qcut] C:\WINNT\System32\qcut.exe
    O4 - HKCU\..\Run: [atiupdate] C:\DOCUME~1\ANGELA~1.ANG\LOCALS~1\TEMP\SEARCH~1.EX E
    O4 - HKCU\..\Run: [acctres] C:\WINNT\System32\acctres.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: SirSearch - file://C:\Program Files\PWRSMND1\Cache\SelectedContextSearch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.co...t/c381/chat.cab
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0874246...ip/RdxIE601.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yah...utocomplete.cab
     
    Fenis-Wolf, Aug 29, 2004
    #6
  7. Dani257

    Dani257

    Joined:
    Aug 28, 2004
    Messages:
    5
    Likes Received:
    0
    Location:
    Louisiana
    Hey, so far, so good. Now if I want to reinstall IE, will that be a problem?
     
    Dani257, Aug 29, 2004
    #7
  8. Dani257

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    No, I don't think so. However, instead of reinstalling IE, why don't you try out some alternative browsers? Such as Opera or Mozilla or if you want something very light weight, but that is still feature rich try Firefox
     
    Fenis-Wolf, Aug 29, 2004
    #8
  9. Dani257

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Nope. If you do not already have the latest version of IE and the patches. I would recommend installing them.
     
    James, Aug 29, 2004
    #9
  10. Dani257

    Dani257

    Joined:
    Aug 28, 2004
    Messages:
    5
    Likes Received:
    0
    Location:
    Louisiana
    It was working fine for awhile, and then the popups started again! Here's what I downloaded after fixing the problem. Opera, Mozilla Firefox, and a java program, which i since unistalled.

    Here's my log.

    Logfile of HijackThis v1.98.2
    Scan saved at 11:11:27 PM, on 8/29/2004
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\SOUNDMAN.EXE
    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\WINNT\System32\P2P Networking\P2P Networking.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\System32\d_clintc.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Documents and Settings\Angela1.ANGELA\My Documents\hjt\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wkovqbzoucxbje.net/eeSwSFzHnxpvtPqX2AYIVdwnkzuBR/W0vSvjXQzrISLlfQZRu9Jx2VRCj91Sa73Z.html
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [drive soap] C:\PROGRA~1\CAKEFI~1\GreatAdmin.exe
    O4 - HKLM\..\Run: [d_clintc] C:\WINNT\System32\d_clintc.exe
     
    Dani257, Aug 30, 2004
    #10
  11. Dani257

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    Check all of these, and then reboot. When you reboot, tap F8 to enter safemode, and go to c:\program files\common files\ and delete the WinTools folder. Then go to C:\WINNT\System32\ and delete the P2P folder. Don't delete anything else in the System32 folder.
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\WINNT\System32\P2P Networking\P2P Networking.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wkovqbzoucxbje.net/eeSwS...RCj91Sa73Z.html
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
     
    Fenis-Wolf, Aug 30, 2004
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.