Honda and Acura Car Forums banner

1 - 20 of 20 Posts

·
Registered
Joined
·
360 Posts
Discussion Starter #1
ok guys, I posted this in the "how to remove spyware" sticky last night, but only got one responce, and it didnt help at all, please help guys, I had to click off 243 pop ups before i could even use the damned computer, please help, i dunno what to do.....

OK, Imma cut to the chase. I ran ad-aware and hijack this, the ad-aware was self explanitory, but this shit is just too much.

A breif explanation: My prior roommate was a piece of shit and was going to myspace and a bunch of other gay sites, and my computer hasnt been the same sence.

I had comcast high speed put in my name and installed today, and since Ive been on ive been flooded with god damned pop ups!!!

anyway, heres the list I got off of hijack this, I need to know what to delete.


Logfile of HijackThis v1.99.1
Scan saved at 9:35:22 PM, on 4/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tim\Local Settings\Temp\hijackthis-1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yc...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebaymotors.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll (file missing)
O1 - Hosts: http://213.159.117.203/dkprogs/hosts.txt
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0. dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - h:\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll (file missing)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0. dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\RunOnce: [qf3z7t0.exe] C:\WINDOWS\System32\qf3z7t0.exe /k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\RunOnce: [qf3z7t0.exe] C:\WINDOWS\System32\qf3z7t0.exe /k
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

I almost shit when I saw that list!!! Im a gear head (as you can tell by my shitty spelling, LOL) I fix hondas (and crap when the money is right) Computers have never been my thing, I love the internet, and cool shit like Super Honda, but Hell, I dont even own an XBOX. Just not my thing, sorry if I offended anyone,


Thanking you in advance,
Tim
 

·
Registered
Joined
·
12,436 Posts
i can see three things so far that you need to get rid of

1.) AOL toolbar: low risk spyware

2.) Yahoo toolbar: low risk spyware

3.) RXToolBar: worst of the three, it tracks all of the websites you go to and sends the track record to a remote site, which then hits you with hella pop-ups.

you should be able to remove each of these in the Add/Remove menu, then use a registry cleaner to wipe the remnants from your harddrive.

also do you use Internet Explorer pop-up blocker?
 

·
Registered
Joined
·
360 Posts
Discussion Starter #5
I was on mozilla Firefox, but decided to go back to IE because i couldnt find much support for firefox, But right now I wave "popupcop" and "popswatter" and run ad-aware daily, but imma go get rid of the 3 you just mentioned, if i can figure it out, but i know for a fact they arent in the add/remove section, so i guess im just gonna run hijack this again, and try to delete them with that.

thanks so much for your help, i hope it works,

Tim
 

·
Registered
Joined
·
12,436 Posts
i dont think that you can delete them with HJT, but if they arent in the Add/Remove menu, they should be in the C:\ Program Files folder. Just make sure that you use uninstall.exe to get rid of them or else they will leave a bunch of extra shit on your computer.
 

·
Registered
Joined
·
360 Posts
Discussion Starter #7
???? do what???

uninstal.exe??? wtf is that, like i said earlier, i dont get this shit, im about to unplug this piece of shit and take it to best buy and let them do it...I just cant afford to do that right now, good god, all I want is 1 month free of drama and bullshit, :bash
 

·
Registered
Joined
·
1,478 Posts
Hello..

Hello.. my name is Uni.. and i sell auto insurance..

I will give you some advice.. the best place to go is http://www.techguy.org/

You go to to Forums.. then go to Security..

Run a HiJackThis log.. and post it on there.. they will tell you exactly what to remove.. or what programs you need to install to remove..

Afterwards i highly recommend you move on to FireFox or some shit

They have helped me clean out my computer 4 times prior.. and i've had really hard ones to get rid of

IM me on "uni le pew" on AIM if you need help
 

·
Registered
Joined
·
49,788 Posts
first off if you want to keep having spyware issues then keep using IE, firefox blocks alot of that cause alot of spyware enters through Active X which firefox doesnt support, and the only thing you ever really need to use Active X for is if you wanna do windows update through a webbrowser, in that case just use IE

second off whoever said you couldnt delete stuff using HJT was wrong lol. ill post what you need to remove here in a second but i did notice some stuff in there that you dont want.
 

·
Registered
Joined
·
49,788 Posts
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - h:\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\RunOnce: [qf3z7t0.exe] C:\WINDOWS\System32\qf3z7t0.exe /k

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll


get rid of that stuff then go http://www.spybot.info/en/download/index.html and download spybot, update the detection file (should automaticlly do it when you run if for the first time, if it doesnt there is a button right on the program to do it) then run that, it should help alot

good luck, you need any help just pm me
 

·
Registered
Joined
·
5,269 Posts
Get rid of these two.

O4 - HKLM\..\RunOnce: [qf3z7t0.exe] C:\WINDOWS\System32\qf3z7t0.exe /k
O4 - HKCU\..\RunOnce: [qf3z7t0.exe] C:\WINDOWS\System32\qf3z7t0.exe /k
 

·
Registered
Joined
·
12,436 Posts
Red Si said:
I don't know if they are still offering free trials of the software, but I had a great deal of luck with Webroot Spy Sweeper, got rid of a trojan horse that was giving me trouble. If nothing else is working...you may want to give it a shot.

http://www.webroot.com/land/freescan_download.php?rc=4259
webroot still does offer free trials, but they dont remove anything without a subscription. IMO webroot is the best spyware remover, but it sucks that you have to pay
 

·
Registered
Joined
·
12,436 Posts
StillAHondaFrea said:
uninstal.exe??? wtf is that, like i said earlier, i dont get this shit, im about to unplug this piece of shit and take it to best buy and let them do it...I just cant afford to do that right now, good god, all I want is 1 month free of drama and bullshit, :bash
most programs have uninstall.exe files in their directory, its an uninstalling file. yahoo toolbar and aol toolbar should both have an unistall.exe file if you look in the program files.
 

·
Registered
Joined
·
49,788 Posts
fartbomber said:
Get rid of these two.

O4 - HKLM\..\RunOnce: [qf3z7t0.exe] C:\WINDOWS\System32\qf3z7t0.exe /k
O4 - HKCU\..\RunOnce: [qf3z7t0.exe] C:\WINDOWS\System32\qf3z7t0.exe /k
okay lets just copy exacty what i said.. way to try and sound smart
 

·
Registered
Joined
·
360 Posts
Discussion Starter #17
messenger srevice????

ok, guys, ive noticed a pattern, all of the popups are labeled "messenger service" and i took a few seconds to read a few of them as I was doing my daily clickapalooza They all said something about cleaning my registry and all had "reccommended" site and shitok, here, one just popped up, ill se if i can copy it

cant copy and paste so ill just type it:

Messenger Service
Message from SYSTEM to ALERT on 4/26/2006 3:05:13 PM

STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.
Windows has found CRITICAL SYSTEM ERRORS.

To fix the errors please do the folowing:
1. download registry cleaner from: www.sys32win.com
2. Install Registry Cleaner
3. Run Registry Cleaner
4. Reboot your computer
FAILEURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!

I dont know guys, imm go in and do all of the stuff you guys said, and get back on firefox. But since im on high speed, wont IE continue to run? will windows get cranky if i delete it? I think im gonna just unplug the modem when im not using it, then i wont have to clik away for 20 minutes before i can do anything.

Im gonna make something to eat and then ill come back and check this, then ill download firefox again, and go from there.

thanks again guys,
Tim
 

·
Registered
Joined
·
12,436 Posts
Messenger Service Message from SYSTEM to ALERT on 4/26/2006 3:05:13 PM STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION. Windows has found CRITICAL SYSTEM ERRORS. To fix the errors please do the folowing: 1. download registry cleaner from: [url said:
www.sys32win.com[/url]
2. Install Registry Cleaner
3. Run Registry Cleaner
4. Reboot your computer
FAILEURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!
Looks like you also have virtumonde adware, symantec makes a virtumonde remover......might as well try running it.

http://www.symantec.com/avcenter/venc/data/adware.virtumonde.html
 

·
Registered
Joined
·
360 Posts
Discussion Starter #20 (Edited)
THEYRE GONE!!!

I somehow managed to screw up the quote whn I tried to isolate "the important part" You gus should get the idea though, i think I fixed it good enough...


domscivic said:
get rid of that stuff then go http://www.spybot.info/en/download/index.html and download spybot, update the detection file (should automaticlly do it when you run if for the first time, if it doesnt there is a button right on the program to do it) then run that, it should help alot


THANK YOU SOOO MUCH!!!!! While I was running spybot S+D, I read the tutorial and the FAQs, by doing that i was able to "turn off" the messenger service, ive been back on line for about 5 minutes now and havent had a single pop-up


youre getting like 10 rep points, you sir, are the SHIT!

Thanks again to everyone elso who helped out, you will all get rep also, but I have to run to Wal-mart and watch the old lady pick out new pants for work, fun fun!!

Thanks again everyone,
Tim

FYI I wasnt able to give nearly as much rep as I wanted to, but I gave as much as SHO would let me, oh well, off to walmart, thanks again.
Tim
 
1 - 20 of 20 Posts
Top