Can someone please help me????

Firewalls, routers, servers, switches, SANs, PBXes, security and related topics
Locked
Anonymous

Can someone please help me????

Post by Anonymous »

Whenever I start my computer, a internet window opens that says "U" on the address bar. The link is:

res://C:WINDOWSsystem32shdoclc.dll/dnserror.htm#http:///U

Archived topic from Iceteks, old topic ID:2915, old post ID:23761
sintekk
Posts: 4994
Joined: Mon Feb 16, 2004 10:38 pm

Can someone please help me????

Post by sintekk »

Franchize3 wrote: Whenever I start my computer, a internet window opens that says "U" on the address bar. The link is:

res://C:WINDOWSsystem32shdoclc.dll/dnserror.htm#http:///U
Have you scanned your computer for spyware?

Archived topic from Iceteks, old topic ID:2915, old post ID:23762
Anonymous

Can someone please help me????

Post by Anonymous »

Yea, I ran it and it still comes up when I start my comp.

Archived topic from Iceteks, old topic ID:2915, old post ID:23763
User avatar
Red Squirrel
Posts: 29209
Joined: Wed Dec 18, 2002 12:14 am
Location: Northern Ontario
Contact:

Can someone please help me????

Post by Red Squirrel »

Looks like a hijack of some sort. Run hijackthis to see if there's anything suspicious.

Archived topic from Iceteks, old topic ID:2915, old post ID:23764
Honk if you love Jesus, text if you want to meet Him!
Anonymous

Can someone please help me????

Post by Anonymous »

please hijack this:

Logfile of HijackThis v1.97.7
Scan saved at 12:48:55 PM, on 12/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesNorton SystemWorksNorton AntiVirus
avapsvc.exe
C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:WINDOWSSystem32
vsvc32.exe
C:Program FilesSoftexOmniPassOmniserv.exe
C:PROGRA~1NORTON~1SPEEDD~1
opdb.exe
C:Program FilesSoftexOmniPassOPXPApp.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSonicUpdate Managersgtray.exe
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
C:WINDOWSsystem32wuauclt.exe
c:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf.exe
C:HPKBDKBD.EXE
C:windowssystemhpsysdrv.exe
C:Program FilesHewlett-PackardDigital ImagingUnloadhpqcmon.exe
C:Program FilesJavaj2re1.4.2_05injusched.exe
C:WINDOWSALCXMNTR.EXE
C:Program FilesQuickTimeqttask.exe
C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe
C:Program FilesWinampwinampa.exe
C:Program FilesCommon FilesRealUpdate_OB
nathchk.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSsystem32
undll32.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32ctfmon.exe
C:Documents and SettingsOwnerDesktopHijackThis.exe
C:Program FilesWindows NTAccessorieswordpad.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:Program FilesAIM ToolbarAIMBar.dll
O4 - HKLM..Run: [StorageGuard] "C:Program FilesCommon FilesSonicUpdate Managersgtray.exe" /r
O4 - HKLM..Run: [Share-to-Web Namespace Daemon] c:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRECGUARD.EXE
O4 - HKLM..Run: [PS2] C:WINDOWSsystem32ps2.exe
O4 - HKLM..Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [KBD] C:HPKBDKBD.EXE
O4 - HKLM..Run: [hpsysdrv] c:windowssystemhpsysdrv.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe
O4 - HKLM..Run: [CamMonitor] c:Program FilesHewlett-PackardDigital ImagingUnloadhpqcmon.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_05injusched.exe
O4 - HKLM..Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe" -osboot
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKLM..Run: [IEDriver] C:Program FilesInternet Exploreriexplore.exe /U
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [ccRegVfy] "C:Program FilesCommon FilesSymantec SharedccRegVfy.exe"
O4 - HKCU..Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [JavaUpdate0.07] C:WINDOWSSystem32
pct.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 - Extra context menu item: &AIM Search - res://C:Program FilesAIM ToolbarAIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:program filesgoogleGoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:program filesgoogleGoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:program filesgoogleGoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:program filesgoogleGoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:program filesgoogleGoogleToolbar3.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yahoo.com/m_box/component/mbox.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl401.daum.net/hanmail-ax/HM_fileupload.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/SetGlb.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - http://map.daum.net/activex/CongnamulMap4AspV16.cab



Archived topic from Iceteks, old topic ID:2915, old post ID:23765
User avatar
Red Squirrel
Posts: 29209
Joined: Wed Dec 18, 2002 12:14 am
Location: Northern Ontario
Contact:

Can someone please help me????

Post by Red Squirrel »

I would remove these and see if it fixes anything, do a backup first though!

C:WINDOWSALCXMNTR.EXE
C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe
C:Program FilesWinampwinampa.exe
C:Program FilesCommon FilesRealUpdate_OB
nathchk.exe
C:WINDOWSsystem32ctfmon.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O4 - HKLM..Run: [AlcxMonitor] ALCXMNTR.EXE
O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yahoo.com/m_box/component/mbox.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/SetGlb.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - http://map.daum.net/activex/CongnamulMap4AspV16.cab


This is stuff that seems suspicious to me, also if you want to go a step further kill all that HP crap but that's not what's causing your problem, but it uses resources for nothing. Just remember to use the backup feature if I mistaked about those items.

Archived topic from Iceteks, old topic ID:2915, old post ID:23766
Honk if you love Jesus, text if you want to meet Him!
sintekk
Posts: 4994
Joined: Mon Feb 16, 2004 10:38 pm

Can someone please help me????

Post by sintekk »

C:Program FilesWinampwinampa.exe

This is the winamp agent. Unless you don't want it to waste memory it's safe to keep
'
C:WINDOWSALCXMNTR.EXE
C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe
C:Program FilesCommon FilesRealUpdate_OB
nathchk.exe
C:WINDOWSsystem32ctfmon.exe

CTFMon is supposedly a part of Microsoft Office, but it's safe to disable.
As for alcxmntr.exe: http://www.2-spyware.com/file-alcxmntr-exe.html
The Real files aren't causing this problem I'd imagine, but Real Player is considered spyware anyways.

Archived topic from Iceteks, old topic ID:2915, old post ID:23767
User avatar
Death
Posts: 7919
Joined: Thu Sep 30, 2004 10:12 pm

Can someone please help me????

Post by Death »

Well, that was fun to filter through. From the looks of it, you got some kind of toolbar. If it's something that pops up and you don't need it, I personally would get rid of it. As for the HP junk, get rid of it. They load your comp with at least 5 gigs worth of junk (and some of them leech off your RAM too if they are active). All the rest of the stuff seems to be standard (like cftmon and rundll32) I wouldn't touch those. The toolbar seems to be the only thing that may pose a threat. You never know with toolbars.

Archived topic from Iceteks, old topic ID:2915, old post ID:23770
User avatar
Wren
Posts: 2881
Joined: Sat Jan 25, 2003 7:36 pm

Can someone please help me????

Post by Wren »

More than likely your Aim toolbar came loaded with spyware. :unsure:

Archived topic from Iceteks, old topic ID:2915, old post ID:23774
User avatar
rovingcowboy
Posts: 1504
Joined: Wed Dec 18, 2002 10:14 pm

Can someone please help me????

Post by rovingcowboy »

if you have it already great.

but get the " xteq set up pro version 6 " from major geeks dot com or from another freeware site. it says pro version but ver 6 is the free one

in that there is a plug in under one of the folders in the explorer tree it uses.

i think it is the system folder in its folder tree.

but the plug in will repair or clean your code pages that the computer uses for error codes. if you have one of them code pages messed up you can get some strange things popping up.

after you do that

if your on win xp or other system that has the system restore program then turn off the system restore program, reboot the computer, turn on the system restore program again.

that will get rid of all the old back ups of the bad code pages. and start making new backups for you.

then get spyware blaster, ad aware, and avg free version 7 or buy it. but you want to get rid of all the other spyware and or virus that might be on your computer becuase of the error might have opened the door for them to get in.


good luck.


Archived topic from Iceteks, old topic ID:2915, old post ID:23809
roving cowboy/ keith
Locked