MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Pop up IE pages of different websites
December 10, 2019, 05:22:00 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 10, 2019, 05:22:00 AM

Login with username, password and session length
 Featured Sites:
News
New  Looking for cheap hardware and/or software?
Visit our new Online Store where you will be able to purchase from a reputable vendor by country.
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Pop up IE pages of different websites  (Read 1881 times)
Fredrico
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« on: March 08, 2005, 01:29:41 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:Windows 2X
Problem Application Name & Version:Pop up IE pages of different websites
Problem Hardware Make & Model:
Error Messages:


Please help, I seem to get pop windows opening continously of differtent search websites and this closes the main page I am browsing.
The Hijackthis log is as below:

Logfile of HijackThis v1.99.1
Scan saved at 8:26:26 AM, on 03/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\Explorer.EXE
C:\WINNT\system32\NWTRAY.EXE
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Innovative Solutions\Innovative StartUp Firewall version 2\FirewallStartup.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\WINNT\msagent\AgentSvr.exe
C:\Program Files\Common Files\Network Associates\On Demand Scanner\Scan32\scan32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT Program\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINNT\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wphweb.westpark.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wphweb.westpark.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.123:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.westpark.org*;wph*;intranet;<local>
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINNT\system32\boln.dll
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKCU\..\Run: [Innovative StartUp Firewall] "C:\Program Files\Innovative Solutions\Innovative StartUp Firewall version 2\FirewallStartup.exe" /AUTOSTART
O15 - Trusted Zone: *.westpark.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = westpark.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = westpark.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = westpark.org
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Big Brother SNM Client 1.08b (BigBrotherClient) - Unknown owner - C:\BB\BBNT\1.08b\bin\bbnt.exe (file missing)
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe


Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #1 on: March 09, 2005, 12:24:46 AM »

Hi Fredrico .. Smiley

Set Windows to show Hidden files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.



**(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders. This is where it will save the backup files needed if there's a problem.)**



Close all other open Windows and have HiJackThis Fix:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINNT\blank.htm

O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINNT\system32\boln.dll

O23 - Service: Big Brother SNM Client 1.08b (BigBrotherClient) - Unknown owner - C:\BB\BBNT\1.08b\bin\bbnt.exe (file missing)


Now delete these Folders or Files that are Highlighted: (You may need enable "Show all Files" and disable "Hide System Files" in Windows Explorer / Tools / Folder Options / View Tab) (You may have to boot to "Safe Mode" in order to delete some Files/Folders)

C:\WINNT\system32\boln.dll


Now, empty all your TEMP Folders / Temporary Internet Files Folder and then empty your "Recycle Bin" and Reboot.


In Xp, here are some locations of Temp files

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Username\Local Settings\Temporary Internet Files
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files


Before opening your browser goto START>CONTROL PANEL>INTERNET OPTIONS and make sure your Homepage is correct,if not ,type the URL you would like in the HomePage box.


Now re-run HJT and post a new logfile back here.


NOTE:

C:\WINNT\SYSTEM32\DNTUS26.EXE
DNTUS26.exe program is part of DameWare Mini Remote Control. A lightweight remote control intended primarily for administrators and help desks for quick and easy deployment without external dependencies and machine reboot. It is entirely possible that this program was installed on your machine without your knowledge. If so, it is imperative that you change all your passwords for the administrator level user. If you do not have any passwords set for your computer, then it is not necessary to change any passwords. I recommend removing this, unless you, as administrator, use it daily. It can be used to remotely control your computer.

Removal instructions
CNTL+ALT+DEL | Task Manager | Process tab | select DNTUS26.exe | <End Process>

Please note that if the DWRCS.exe and/or DNTUS26.exe files are not located in the system32 folder, then please search for them and perform the following steps from that folder instead of the system32 folder.
Start | Programs | Accesories | Command Prompt
Type cd %systemroot%\system32 and press Enter.
Type DWRCS.exe -remove and press Enter.
Type DNTUS26.exe -remove and press Enter.
After the service removal you can delete the following files, however this may require a re-boot before you can delete them.
DNTUS26.EXE
DWRCS.EXE
DWRCS.INI
DWRCK.DLL
DWRCSET.DLL (v 3.6x and later)
DWRCSHELL.DLL (v 3.6x and later)
If you cannot delete the DWRCShell.dll, then more than likely the Windows Explorer Shell must have already loaded it. Reboot the machine and do not right-click on anything. Start | Run | Type CMD | <ENTER>
Once you have the DOS prompt, type: CD %systemroot%\system32 and press Enter. Now delete the DWRCShell.dll file.


Cactus  
« Last Edit: March 09, 2005, 12:25:39 AM by Cactus » Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 02, 2019, 03:27:09 AM