BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Internet explorer error pop ups
   
BullGuard Antivirus Forum > General Security > Computer and Mobile Security > Internet explorer error pop ups  
Forum Quick Jump
 
New Topic Post reply to : Internet explorer error pop ups Printable version of : Internet explorer error pop ups
[ << Previous Thread | Next Thread >> ]

AznKidd86b
New Member


Date Joined Jan 2006
Total Posts : 8
 
   Posted 4/2/2006 6:48 PM (GMT +2)    Quote: Internet explorer error pop upsAlert an admin about: Internet explorer error pop ups
i do not use internet explorer as my browser. but this program continues to give pop ups staying "internet explorer has encountered a problem and needs to close.

error signature:
appname: iexplorer.exe
appver: 6.0.2900.2180
modname: mfc42.dll
modver: 6.2.4131.0
offset: 000019e9

Logfile of HijackThis v1.99.1
Scan saved at 12:46:41 PM, on 4/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\ugcoqizA.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\ugcoqiz.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\DOCUME~1\TUANPH~1\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\drwtsn32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://search.brainfox.com/search.php?cat=realestate&partner=sa_tk
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\kcyan.exe
F2 - REG:system.ini: UserInit=userinit.exe,uwgexqx.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Documents and Settings\Tuan Pham\Application Data\Mozilla\Profiles\default\7ynu37no.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tuan Pham\Application Data\Mozilla\Profiles\default\7ynu37no.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ugcoqizA] C:\WINDOWS\ugcoqizA.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: Runner.dll
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\jtl2073oe.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: IEFilter - {DA7F560C-A39D-47BA-8538-0A1D20CC4523} - C:\WINDOWS\system32\IEFilter.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VHVhbiBQaGFt\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ugcoqiz.exe

i appriciate any help.
Back to Top
 

Andrei Ionescu
Junior Member




Date Joined Dec 2005
Total Posts : 58
 
   Posted 4/4/2006 5:26 AM (GMT +2)    Quote: Internet explorer error pop upsAlert an admin about: Internet explorer error pop ups
Hi there,

It seems that you have several infections on your computer, that even if you do not use IE, are starting the application themselves in order to submit personal information over the internet. Please follow these steps in order to remove the infections:

1. First of all, please run HijackThis again and put a check in front of the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://search.brainfox.com/search.php?cat=realestate&partner=sa_tk
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\kcyan.exe
F2 - REG:system.ini: UserInit=userinit.exe,uwgexqx.exe
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O4 - HKLM\..\Run: [ugcoqizA] C:\WINDOWS\ugcoqizA.exe
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: Runner.dll
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\jtl2073oe.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: IEFilter - {DA7F560C-A39D-47BA-8538-0A1D20CC4523} - C:\WINDOWS\system32\IEFilter.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VHVhbiBQaGFt\command.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ugcoqiz.exe

2. Then please press the FIX CHECKED button in HijackThis.

3. Download Killbox from this link: http://www.bleepingcomputer.com/files/killbox.php

4. Start the Killbox application, press the File button-> Paste from Clipboard, and paste these files in the application:

C:\WINDOWS\system32\IEFilter.dll
C:\WINDOWS\ugcoqiz.exe
C:\WINDOWS\ugcoqizA.exe
C:\WINDOWS\system32\kcyan.exe
C:\WINDOWS\system32\dmonwv.dll

5. Then press the Delete Files button (the one with the red X).

6. Restart your computer.

7. Use Regedit to remove these entries if they are still present on your computer:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell --->>> Explorer.exe, <System>\jaicg.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit ---->>> <System>\userinit.exe,uupgqem.exe

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\(4ABF810A-F11D-4169-9D5F-7D274F2270A1)

HKCR\CLSID\(CE3A44D8-BC88-4D62-A890-42D96245F8D6

HKCR\Folder\shellex\ColumnHandlers\(CE3A44D8-BC88-4D62-A890-42D96245F8D6) (default)

HKLM\SOFTWARE\qstat

HKLM\SOFTWARE\Microsoft\wwdqoq

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webnexus

8. Also please remove this entry from the Control Panel-> Add/Remove programs list if it is present: "Web Nexus Network"

After all these steps make a fresh HijackThis log and post it as a reply to this thread.


 
 
 
 
 
 
 
 
 
 
Andrei Cristian Ionescu
Support Team Member
BullGuard Software Ltd.
Cell phone: +40 724.276.719
YM!: ionescu1982 ; Skype: ionesan
 
 
Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted

Back to Top
 

AznKidd86b
New Member


Date Joined Jan 2006
Total Posts : 8
 
   Posted 4/5/2006 2:12 AM (GMT +2)    Quote: Internet explorer error pop upsAlert an admin about: Internet explorer error pop ups
hey, i haven't seen an IE pop up since. thanx dude.

however

C:\WINDOWS\system32\kcyan.exe was unable to delete using killbox
C:\WINDOWS\system32\dmonwv.dll was also unable to delete killbox

new log:
Logfile of HijackThis v1.99.1
Scan saved at 8:11:15 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\Service.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\PROGRA~1\NORTON~1\QServer.exe
C:\DOCUME~1\TUANPH~1\LOCALS~1\Temp\Temporary Directory 8 for hijackthis.zip\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\kcyan.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,uwgexqx.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Documents and Settings\Tuan Pham\Application Data\Mozilla\Profiles\default\7ynu37no.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tuan Pham\Application Data\Mozilla\Profiles\default\7ynu37no.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O21 - SSODL: IEFilter - {5777C3C0-782E-44E7-B704-283E4A8FBCA0} - C:\WINDOWS\system32\IEFilter.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VHVhbiBQaGFt\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Back to Top
 
New Topic Post reply to : Internet explorer error pop ups Printable version of : Internet explorer error pop ups
 
Forum Information
Currently it is Friday, December 19, 2014 3:36 AM (GMT +2)
There are a total of 60,831 posts in 13,365 threads.
In the last 3 days there were 5 new threads and 5 reply posts. View Active Threads
Who's Online
This forum has 36991 registered members. Please welcome our newest member, nomgowez.
7 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Discount Kitchens UK (0)12/19/2014 1:15:59 AM (nomgowez)
Ex Display Kitchens For Sale (0)12/18/2014 3:41:50 PM (Penipuhati)
IS BULLGUARD BLOCKING WEBS.COM? (3)12/18/2014 11:12:18 AM (bobashabiniu)
Computer Attacks (hacks) on the increase??? (4)12/18/2014 11:11:43 AM (bobashabiniu)
Please help me in choosing web hosting (4)12/18/2014 11:11:21 AM (bobashabiniu)