Computer Hope

Software => Computer viruses and spyware => Topic started by: thegirlsrock99 on May 16, 2004, 12:35:01 PM

Title: PLEASE Help Me!  
Post by: thegirlsrock99 on May 16, 2004, 12:35:01 PM

 :o
Ok, I'll start at the beg./ (well, condensed anyway!)
I've downloaded the updates, I run Norton on Windows XP/ I ALSO have spyboy and adaware.  Plus run a firewall.  
The problem is:
Windows explorer keeps popping up every 30 seconds or so.  EVERY time I put  an address in the search - it comes up search evertying.  It is so gosh@#$  frustrating!
"Windows explorer has encountered a problem and needs to close.  We are sorry for t he Inconvenience!"

I downloaded the missing )or corrupt, dll.  And then saw the list!!   OMIGosh.  
OK  the error says
error signature explorer.exe.  APP ver 6.02600.0 Modname: crtdll.dll   Mod Ver 4.0.1183.1

file to be included:
C:\Docum^1Owner\Locals^1\temp\wer17E.dir00.appcompat.txt  I have been trying everything suggested and I am about four hot dogs shy of a bbq right now.  
I would appreciate any feedback.

Title: Re: PLEASE Help Me!  
Post by: dl65 on May 16, 2004, 01:13:59 PM

thegirlsrock99......when did all these things start happening?
Please let us know

dl65  ???

Title: Re: PLEASE Help Me!  
Post by: thegirlsrock99 on May 16, 2004, 08:40:47 PM

About two/three days ago the explorer starting
displaying error messages - the search bar has been coming up over a week.  thanks for your time.

Title: Re: PLEASE Help Me!  
Post by: dl65 on May 16, 2004, 09:13:12 PM

thegirlsrock99....It almost sounds like it may be a trojan as opposed to a virus.  Is Your Norton current as of today and your Ad-Aware V.6 build 181( latest one)

You might also try running trojan remover
http://www.simplysup.com/tremover/download.html

The other thing is .......do you have a firewall ? If not try Zone Labs ( free version )
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=zadb_zadown

Have a look at your task manager ....Ctrl/Alt/Del and have a look at whats running ......if anything looks odd do a search for it in google and see what it says.
Depending on what programs you have running you could expect to see 20 to 30 running items .

hope this helps
dl65  ???

Title: Re: PLEASE Help Me!  
Post by: thegirlsrock99 on May 17, 2004, 12:10:54 AM

Thanks for the advice.  downloaded the trojan remover and I'm going to go check it now.  I will let you know if it worked.

Title: Re: PLEASE Help Me!  
Post by: dl65 on May 18, 2004, 01:09:42 PM

Yvonne....snmp....is SIMPLE NETWORK MANAGEMENT PROTOCAL......the other thing is exactly what in your
"documents owner local folder" was changed ?

Are you trying to modify or monitor a network ?


dl65  ???

Title: Re: PLEASE Help Me!  
Post by: merlin on May 19, 2004, 01:05:36 PM

control panel admin tools /services disabled it..download shredder>http://www.spywareinfo.com/~merijn/downloads.html and this as well>http://www.wilderssecurity.net/bhblaster.html

Title: Re: PLEASE Help Me!  
Post by: yvonne on May 20, 2004, 12:59:33 AM

Thanks for all your help.  I really hated to - but, I finally lost my files and had to refomat.  The funny thing was - when I read the "details" of the error report, on the right hand side half way down about a thousand miles down the sidebar - it said "appy new year" amongst other things!  It frustrates me to no end that some people have nothing better to do than destroy little ol 'me's dinky little home computer.  
But still. I thank each of you for taking the time to answer my questions.

Title: Re: PLEASE Help Me!  
Post by: yvonne on May 20, 2004, 09:59:42 AM

Ok here is a copy of the stuff.  Could someone please tell me what I should delete?


Logfile of HijackThis v1.97.7
Scan saved at 8:54:53 AM, on 5/20/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\S3apphk.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Owner\Desktop\STUFF\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: customize__IE.lnk = C:\hp\REGION\customizeIe.wsf
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: MsnFixer.lnk = ?
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll