Team Chevelle banner
Cancel
Create thread New Garage Forums

help with more spyware (sigh) please

Jump to Latest
1 - 20 of 23 Posts
T

tireburner396

· Premium Member
Joined
·
794 Posts
Discussion starter · #1 ·
I've got some more annoying spyware on my computer, This one is a real pain. I'll be on a site, and suddenly this full page will pop up. It is a ad to get rid of spyware!! How ironic, they are trying to get you to download their stuff that they have stuck on your computer. Anyways, then the Microsoft Windows Security Warning box pops up saying Error#317, and they have discovered spyware on my computer in ports -8080, and-3128. And they say to click here to download antispyware. I hate these things, because when they pop up, it causes the page I was looking at to disappear. Also, a couple other things I found were C:\windows\ibs.exe and the same only ibz.exe. My virus search found them, but could not delete them. My girl friend let her 18 year old son on the computer, and he must have gone to a lot worst sites than me. grrrrrrrrrrrrrrrrrrrr. When that page shows up, the web site at the top is terra.es/personal6/dames5/nger. I don't know if that matters or not. Anyone got any ideas???
 
#3 ·
download hijack this, boot into safe mode start unchecking wierd crap. MAke sure to get 1.99.1. Then run adaware, should be pretty cleared up after that.
 
Save
Reply Quote Like Like
Discussion starter · #5 ·
well, i have adaware, and also spyware blaster that I have downloaded. I've run them both, plus my norton anti virus. I ran the Norton, then the adaware. The Norton found about 22 of them, but could not delete them all. I still had 10. I then ran the adaware, it found like 54 things, so I then deleted them, rebooted and ran my Norton again. It came up clean, but I'm still getting this stupid thing that pops up, plus every time I move my mouse, my AOL screen is waiting for me to sign in without me even hitting the button. Is that an autodialer? Anyways, I go to check it this morning and my Norton runs overnight, I again had a bunch it found. How are they getting back on if I never even went on the internet again? I'm really beginning to hate computers
 
#6 ·
tireburner396 said:
well, i have adaware, and also spyware blaster that I have downloaded. I've run them both, plus my norton anti virus. I ran the Norton, then the adaware. The Norton found about 22 of them, but could not delete them all. I still had 10. I then ran the adaware, it found like 54 things, so I then deleted them, rebooted and ran my Norton again. It came up clean, but I'm still getting this stupid thing that pops up, plus every time I move my mouse, my AOL screen is waiting for me to sign in without me even hitting the button. Is that an autodialer? Anyways, I go to check it this morning and my Norton runs overnight, I again had a bunch it found. How are they getting back on if I never even went on the internet again? I'm really beginning to hate computers
Click to expand...
Do you have DSL or cable internet?
 
#8 ·
Viruses and spyware are two different animals. Norton Anti-Virus is for viruses unless you have a version that includes spyware protection like the dreaded Norton Internet Security bloatware. Ad-Aware is a spyware detection program as is Microsoft's AntiSpyware. Microsoft's product runs in realtime like an anti-virus program. You should download and install it to help prevent future problems. I use Spybot, HijackThis, Ad-Aware, SpySweeper and MS Anti-Spyware to detect and remove spyware from severely infected systems. Sometimes it take them all do do the job and it takes multiple scans and reboots with each. Before attempting to clean your system you should disable System Restore , delete all temporary internet files and cookies, empty the recycle bin and clear out the windows\temp folder. Some spyware can be extremely difficult to remove because as soon as you remove it it reinstalls itself. Some spyware requires special tools and procedures to remove. Some of the worst I've seen is desktop.exe, wintools (wtoolsa), ibis and nail.exe to name a few. Get all the tools I mentioned and run them all. Good luck!
 
#9 ·
tireburner396 said:
cable internet, with firewall.
Click to expand...
Are you referring to win XP's software firewall? If so you need to buy a router/hardware firewall to stop infiltration such as you are speaking about. You can get a 4 port router with the built in firewall for next to nothing after a rebate. If you need one let me know and I'll locate a deal for you.
 
Discussion starter · #10 ·
I've got the mcafee firewall, and the Norton antivirus program. Sometimes my Norton will find adware. I have also installed the ad-aware, spyware blaster, spybot, and hijack this. My problem is I'm not that computer savvy, so when I run hijack this I don't know if there is a problem or not. I've tried to install the microsoft spyware, but can't seem to find it. I've gone to their site, and it says you have to be validated, then it sends you to some german site that I can't even read the language. I think this is the type of spyware that keeps reinstalling itself. My norton has found something that says nger.[1]cab, but can't delete it. Adaware finds two things, but when I delete them, and then run it again they are back. They are hihack things I think, and have a 7 TAC rating on adaware.
 
#11 ·
When MS says u have to be validated there is an option to proceed without validation.

Copy and paste your HijackThis log here so we can try to help.

You could install and run Firefox as an alternative to IE.

A ".cab" file typically contains many files. If your infected file is inside the cab file then the problem file can't be deleted. Manually delete the whole cab file.
 
Discussion starter · #12 ·
here is the log of the hijack this

Logfile of HijackThis v1.99.1
Scan saved at 9:09:19 AM, on 7/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\PROGRA~1\COMMON~1\AOL\110469~1\EE\AOLHOS~1.EXE
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\PROGRA~1\COMMON~1\AOL\110469~1\EE\AOLServiceHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\AMERIC~1.0\waol.exe
C:\PROGRA~1\AMERIC~1.0\shellmon.exe
C:\PROGRA~1\AMERIC~1.0\aolwbspd.exe
C:\Documents and Settings\Owner\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.speed-search.biz/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.speed-search.biz/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jimbutt.com/stuffs/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.speed-search.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.speed-search.biz/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.speed-search.biz/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.speed-search.biz/index.html
R3 - Default URLSearchHook is missing
O1 - Hosts: 60.50.170.0
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104696984\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe
 
Discussion starter · #13 ·
here is the rest, it was too long to fit in one post

O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} (WildTangent Active Launcher) - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/CDA_AL.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA91F82E-1979-4DD5-A4E6-921A6B73346E}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: h2ngehtko6j2.dll.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

I've tried doing a search for that file that says nger.[1].cab, but nothing comes up. My Norton antivirus is also finding two others. one is ibs.exe, and the other is 39.exe.

I also just downloaded the spybot search and destroy, but that did not seem to help. It must be something that keeps coming back, as the only sites I have gone on since I got this are Nascar and this site. My adaware finds the 2 hijack ones, I delete them but they keep coming back.

I'll try and download the MS spyware and see what happens
 
#14 · (Edited)
O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe is a trojan horse.

Optional processes. I'd fix them:
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe

These are Internet Explorer settings you should fix:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.speed-search.biz/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.speed-search.biz/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jimbutt.com/stuffs/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.speed-search.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.speed-search.biz/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.speed-search.biz/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.speed-search.biz/index.html
R3 - Default URLSearchHook is missing

This should be fixed.
O1 - Hosts: 60.50.170.0

These toolbars are add-ons to your IE browser. Would hate to see how the browser looks with all of these toolbars. Fix them as you see fit. I'd probably leave the green ones.
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5 _7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5 _7_0.dll

Optional processes. I'd fix them:
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

VIRUS!!!: FIX!
O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe

Spyware. You should fix this:
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Optional processes. I'd fix them:
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

VIRUS!!!: FIX!
O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe

Spyware (manufacturer update program). I'd fix it.
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

Safe to fix startup items not needed:
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

More unneeded toolbar crap for IE:
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

These are extra buttons and menus in IE you don't really need.
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

More toolbar crap for IE:
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

More menu crap for IE:
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

Another stupid button for IE:
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

I've never seen this plugin for IE before but if appears in a lot of HJT logs apparently. I'm guessing it has to do with QuickTime:
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

I believe the are added by spyware to you IE security settings. Windupdates is a trojan downloader. Fix them.
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone

Microsoft Antispyware can help you with these. Check one of them then select "info on selected item" in HJT to see what they do.:
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.co...v45/yacscom.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/act...l_v1-0-3-24.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

This one needs to go:
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} (WildTangent Active Launcher) - http://install.wildtangent.com/cda/...cher/CDA_AL.cab

I have no idea what this is:
O20 - AppInit_DLLs: h2ngehtko6j2.dll.dll

If this file is truly not found on your system them this should be fixed:
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)

If you do not use AOL you should uninstall it. Uninstall of AOL allows you to pick versions to uninstall. I believe I saw references to AOL 1.0 in here!

Uninstall any printers or other software you no longer use. This would help clean up your logs a little.

I've seen McAfee and Norton have conflicts before. I'd humbly suggest you choose one or the other product for your security. Windows XP with SP2 has a built-in firewall and popup blocker. You can use the built-in features with MS Anti-Spyware then an anti-virus product of your choice.

Since you appear to have MS Office, version 2003 has decent spam filters for MS Outlook.

Hope this helps.
 
#15 ·
microsoft, adware and spybot. This combo should kill anything with the exception of a few I have ran into. Yours sounds mild so install all three of these free items and run them. They all tend to find things the others don't so it is worth it to me to have all 3.
 
Save
Reply Quote Like Like
Discussion starter · #16 ·
Robert, by fixing the items you mention, do you mean deleting them or checking them off on the hijack this list?? I run the AOL, and I think I might have two versions of that installed. I will uninstall one of them. I'll wait for your answer before I start deleting things. By the way, after downloading the microsoft antispyware, I seem to have gotten rid of that annoying nger thing. but after running the MS, I ran the adaware, and still got the two critical items. they are called IEHIJACKER.HOTOFFERS,and one is located in REGVALUE, and the other in REGKEY. Is that the registry? And is that why they keep coming back after deleting them??
 
#17 ·
Check them off in HJT and select fix selected items. Yes, regvalue is the registry. After you fix items in HJT try to delete that explorer32.exe file if it still exists on your system. If you cannot delete the file in normal startup mode then start in safe mode and do it.
 
Discussion starter · #18 ·
Ok, thanks for all the advice and help Robert. I will do those things and see if it does anything. I think I have gotten rid of the IEHIJACKER thing just by running the MS spyware, because now none of my programs find it anymore, and that annoying pop up is gone..........Tom
 
Discussion starter · #20 ·
I ran the hijack this, to get rid of the things you mentioned, and that win32explorer thing that you said was a virus was already gone. I don't know what program got rid of it, but one of them must have. Thanks once again for all the advice...........Tom
 
1 - 20 of 23 Posts
About this Discussion
22 Replies
7 Participants
Last post:
slowtalker
Team Chevelle
posts
5.3M
members
131K
Since
1998
A forum community dedicated to Chevrolet Chevelle owners and enthusiasts. Come join the discussion about restorations, builds, performance, modifications, classifieds, troubleshooting, maintenance, and more!
Full Forum Listing
Explore Our Forums
Bench Racing Performance Engine Chevelle Tech Body Shop