I am working on a Windows XP, SP2 box that I can't stop popups from appearing. Using DefenderPro antispy, firewall, and virus protection. Loaded Windows Defender, Ad-Aware SE, and hijackthis on computer. Original problem was identified as armgb.exe and hkafuh files. Each time protection software tried to delete files, would get "access denied" result. Same result trying to delete manually (safe mode with command prompt). Could not see system32 under windows folder. Ran attrib command with switches and options, finally able to see system32 folder. Navigated to system 32 folder and was able to delete armgb.exe and hkafuh files. Loaded Firefox, deleted IE. Popups stopped; problem appeared fixed. Enabled wireless connection and popups backs. Hijack file shows below:
Logfile of HijackThis v1.99.1
Scan saved at 9:28:37 AM, on 5/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\svchos
t.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\system32\spools
v.exe
C:\WINDOWS\System32\Packet
hSvc.exe
C:\PROGRA~1\Iomega\System3
2\AppServi
ces.exe
C:\WINDOWS\system32\pctspk
.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wuaucl
t.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_06\bin
\jusched.e
xe
C:\WINDOWS\system32\Smtray
.exe
C:\Program Files\Real\RealPlayer\Real
Play.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\spool\
DRIVERS\W3
2X86\3\LMP
DPSRV.EXE
C:\Program Files\Iomega HotBurn\Autolaunch.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Defender Pro Anti Spam\admin.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\COMPAQ\CPQINET\CPQInet.
exe
C:\PROGRA~1\DEFEND~1\DEFEN
D~3\PopUpK
iller.exe
C:\Compaq\EAKDRV\EAUSBKBD.
EXE
C:\PROGRA~1\Compaq\EASYAC~
1\BttnServ
.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.
exe
C:\hijackthis\HijackThis.e
xe
R0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Start Page =
www.comcast.netR0 - HKLM\Software\Microsoft\In
ternet Explorer\Search,SearchAssi
stant =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system
32\userini
t.exe,jpxn
fns.exe
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C
1AFB9F5AE5
3} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\Popup
Blocker.dl
l
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
090271D4F8
8} - C:\Program Files\Yahoo!\Companion\Ins
talls\cpn\
yt.dll
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\colo
real.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin
\jusched.e
xe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real
Play.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\
DRIVERS\W3
2X86\3\LMP
DPSRV.EXE
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files\DefenderPro AntiSpy\DPASAutoUpdate.exe
"
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
" /background
O4 - HKCU\..\Run: [MoneyStartUp] c:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~1\DEFEN
D~3\PopUpK
iller.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\Program Files\Java\jre1.5.0_06\bin
\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\Program Files\Java\jre1.5.0_06\bin
\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-A
AC0DF79438
A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\Popup
Blocker.dl
l
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-A
AC0DF79438
A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\Popup
Blocker.dl
l
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
0C0F0318AF
E} - C:\WINDOWS\System32\Shdocv
w.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {EB2A4EB5-906A-4FF7-98FC-1
017F782C59
9} - C:\Program Files\Internet Explorer\SIGNUP\Presario.h
tm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C
7C580BBF70
0} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6414512B-B978-451D-A0D8-F
CFDF33E833
C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144413774901O17 - HKLM\System\CCS\Services\T
cpip\..\{1
0A4F7CA-E1
E9-40B2-9D
26-902420B
5D09A}: NameServer = 12.127.17.71,12.127.16.67
O17 - HKLM\System\CCS\Services\T
cpip\..\{6
3B54B54-73
39-4233-A6
D1-8699ACD
BD36E}: NameServer = 10.9.8.146,10.9.8.110
O17 - HKLM\System\CS1\Services\T
cpip\..\{1
0A4F7CA-E1
E9-40B2-9D
26-902420B
5D09A}: NameServer = 12.127.17.71,12.127.16.67
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\guard.
tmp (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System3
2\AppServi
ces.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\Packet
hSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk
.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
Any help on this would be greatly appreciated.
Thanks
Start Free Trial
