Internet explorer error pop ups

Posted 4/2/2006 4:48 PM
#29441
User avatar

AznKidd86b Member

Date Joined Nov 2016
Total Posts: 6
i do not use internet explorer as my browser. but this program continues to give pop ups staying "internet explorer has encountered a problem and needs to close. <br/> <br/>error signature: <br/>appname: iexplorer.exe <br/>appver: 6.0.2900.2180 <br/>modname: mfc42.dll <br/>modver: 6.2.4131.0 <br/>offset: 000019e9 <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 12:46:41 PM, on 4/2/2006 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Windows Defender\MsMpEng.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Winamp\winampa.exe <br/>C:\WINDOWS\ugcoqizA.exe <br/>C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe <br/>C:\Program Files\AIM\aim.exe <br/>C:\Program Files\ewido\security suite\ewidoctrl.exe <br/>C:\WINDOWS\system32\LxrJD31s.exe <br/>C:\WINDOWS\ugcoqiz.exe <br/>C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe <br/>C:\Program Files\Windows Defender\MSASCui.exe <br/>C:\Program Files\Winamp\winamp.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\Program Files\Netscape\Netscape Browser\netscape.exe <br/>C:\DOCUME~1\TUANPH~1\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\WINDOWS\explorer.exe <br/>C:\WINDOWS\system32\drwtsn32.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://search.brainfox.com/search.php?cat=realestate&partner=sa_tk <br/>R3 - Default URLSearchHook is missing <br/>F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\kcyan.exe <br/>F2 - REG:system.ini: UserInit=userinit.exe,uwgexqx.exe <br/>N3 - Netscape 7: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Documents and Settings\Tuan Pham\Application Data\Mozilla\Profiles\default\7ynu37no.slt\prefs.js) <br/>N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tuan Pham\Application Data\Mozilla\Profiles\default\7ynu37no.slt\prefs.js) <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll <br/>O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) <br/>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe <br/>O4 - HKLM\..\Run: [ugcoqizA] C:\WINDOWS\ugcoqizA.exe <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide <br/>O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" <br/>O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl <br/>O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll <br/>O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) <br/>O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll <br/>O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll <br/>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 <br/>O18 - Filter: text/html - (no CLSID) - (no file) <br/>O20 - AppInit_DLLs: Runner.dll <br/>O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\jtl2073oe.dll (file missing) <br/>O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) <br/>O21 - SSODL: IEFilter - {DA7F560C-A39D-47BA-8538-0A1D20CC4523} - C:\WINDOWS\system32\IEFilter.dll <br/>O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe <br/>O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VHVhbiBQaGFt\command.exe (file missing) <br/>O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe <br/>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe <br/>O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe <br/>O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe <br/>O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe <br/>O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ugcoqiz.exe <br/> <br/>i appriciate any help.
Posted 4/4/2006 3:26 AM
#29490
User avatar

Andrei Ionescu Advanced member

Date Joined Nov 2016
Total Posts: 43
Hi there, <br/> <br/>It seems that you have several infections on your computer, that even if you do not use IE, are starting the application themselves in order to submit personal information over the internet. Please follow these steps in order to remove the infections: <br/> <br/>1. First of all, please run HijackThis again and put a check in front of the following entries: <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://search.brainfox.com/search.php?cat=realestate&partner=sa_tk <br/>R3 - Default URLSearchHook is missing <br/>F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\kcyan.exe <br/>F2 - REG:system.ini: UserInit=userinit.exe,uwgexqx.exe <br/>O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) <br/>O4 - HKLM\..\Run: [ugcoqizA] C:\WINDOWS\ugcoqizA.exe <br/>O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) <br/>O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll <br/>O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll <br/>O18 - Filter: text/html - (no CLSID) - (no file) <br/>O20 - AppInit_DLLs: Runner.dll <br/>O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\jtl2073oe.dll (file missing) <br/>O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) <br/>O21 - SSODL: IEFilter - {DA7F560C-A39D-47BA-8538-0A1D20CC4523} - C:\WINDOWS\system32\IEFilter.dll <br/>O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VHVhbiBQaGFt\command.exe (file missing) <br/>O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ugcoqiz.exe <br/> <br/>2. Then please press the FIX CHECKED button in HijackThis. <br/> <br/>3. Download Killbox from this link: http://www.bleepingcomputer.com/files/killbox.php <br/> <br/>4. Start the Killbox application, press the File button-> Paste from Clipboard, and paste these files in the application: <br/> <br/>C:\WINDOWS\system32\IEFilter.dll <br/>C:\WINDOWS\ugcoqiz.exe <br/>C:\WINDOWS\ugcoqizA.exe <br/>C:\WINDOWS\system32\kcyan.exe <br/>C:\WINDOWS\system32\dmonwv.dll <br/> <br/>5. Then press the Delete Files button (the one with the red X). <br/> <br/>6. Restart your computer. <br/> <br/>7. Use Regedit to remove these entries if they are still present on your computer: <br/> <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell --->>> Explorer.exe, <System>\jaicg.exe <br/> <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit ---->>> <System>\userinit.exe,uupgqem.exe <br/> <br/>HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\(4ABF810A-F11D-4169-9D5F-7D274F2270A1) <br/> <br/>HKCR\CLSID\(CE3A44D8-BC88-4D62-A890-42D96245F8D6 <br/> <br/>HKCR\Folder\shellex\ColumnHandlers\(CE3A44D8-BC88-4D62-A890-42D96245F8D6) (default) <br/> <br/>HKLM\SOFTWARE\qstat <br/> <br/>HKLM\SOFTWARE\Microsoft\wwdqoq <br/> <br/>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webnexus <br/> <br/>8. Also please remove this entry from the Control Panel-> Add/Remove programs list if it is present: "Web Nexus Network" <br/> <br/>After all these steps make a fresh HijackThis log and post it as a reply to this thread.

<?xml:namespace prefix = v /><?xml:namespace prefix = w />User image



















Andrei Cristian Ionescu<?xml:namespace prefix = o />

QA Team Member

BullGuard Software Ltd.

Cell phone: +40 724.276.719

[3] [/3]
[color=red>[/b]

Do not PM me with logfiles. They will be deleted
Posted 4/5/2006 12:12 AM
#29514
User avatar

AznKidd86b Member

Date Joined Nov 2016
Total Posts: 6
hey, i haven't seen an IE pop up since. thanx dude. <br/> <br/>however <br/> <br/>C:\WINDOWS\system32\kcyan.exe was unable to delete using killbox <br/>C:\WINDOWS\system32\dmonwv.dll was also unable to delete killbox <br/> <br/>new log: <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 8:11:15 PM, on 4/4/2006 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Windows Defender\MsMpEng.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\ewido\security suite\ewidoctrl.exe <br/>C:\WINDOWS\system32\LxrJD31s.exe <br/>C:\WINDOWS\system32\Service.exe <br/>C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Winamp\winampa.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\Program Files\Windows Defender\MSASCui.exe <br/>C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe <br/>C:\Program Files\AIM\aim.exe <br/>C:\Program Files\Netscape\Netscape Browser\netscape.exe <br/>C:\PROGRA~1\NORTON~1\QServer.exe <br/>C:\DOCUME~1\TUANPH~1\LOCALS~1\Temp\Temporary Directory 8 for hijackthis.zip\HijackThis.exe <br/> <br/>F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\kcyan.exe <br/>F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,uwgexqx.exe <br/>N3 - Netscape 7: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Documents and Settings\Tuan Pham\Application Data\Mozilla\Profiles\default\7ynu37no.slt\prefs.js) <br/>N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tuan Pham\Application Data\Mozilla\Profiles\default\7ynu37no.slt\prefs.js) <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll <br/>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide <br/>O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" <br/>O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl <br/>O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll <br/>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 <br/>O21 - SSODL: IEFilter - {5777C3C0-782E-44E7-B704-283E4A8FBCA0} - C:\WINDOWS\system32\IEFilter.dll (file missing) <br/>O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe <br/>O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VHVhbiBQaGFt\command.exe (file missing) <br/>O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe <br/>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe <br/>O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe <br/>O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe <br/>O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, December 5, 2016, 5:51 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 2 new threads and 3 reply posts.

Who's online

This forum has 37,965 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.