1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Please Something Is Happeing and I dont know What

Discussion in 'Virus & Other Malware Removal' started by texastoy4her, Jan 28, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. texastoy4her

    texastoy4her Thread Starter

    Joined:
    Nov 30, 2004
    Messages:
    578
    Hi,

    I have recently had to change ISP. When I did, I contacted the tech department at the new IP and they walked me throught the changes that I neeed to make. They were actually little changes. Just change on my outlook account and the phone in which I dial into. So I am not sure what is going on.

    But every since I have signed on with this new ISP when I first start my computer and log onto the internet, when I try to open something, either IE or Yahoo IM or anything, I get a pop up box saying " Either you or a program is requesting information from local host. Which local host do you want to use?" Then at the bottom in a little box it gives me the option on which Host I want to use....It has my IP listed. Then at the very bottom gives me the option to connect or cancel. If I hit cancel I can continue with whatever it was I was doing with no problems. Thats why I think there maybe something on my computer.

    I have ran ad aware, spybot, and norton. I have deleted and fixed everything that they found. Norton found something called a mini bug transporter. Spybot found wild tangent, and not sure what it was ad aware found.

    Please help me with this. It may be nothing which would be great. I just want to make sure. let me know if I need to post a HJTL and I will.

    Thanks Alot.
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    On the face of it it doesn't sound like a "Security" issue but a configuration one with the programs you are using or accessing. I don't know what.

    But for a security review follow these directions:

    Create a new, permanent folder for HijackThis and save the file to that. Run it and select "do a system scan and save the log file". Then copy/paste the contents of the log to a reply

    Direct HijackThis download link: http://www.spywareinfo.com/~merijn/files/HijackThis.exe

    Also when you get that message again, please copy and quote it absolutely exactly. No web hits return for the current message -- and usually we can find something for most error messages.
     
  3. texastoy4her

    texastoy4her Thread Starter

    Joined:
    Nov 30, 2004
    Messages:
    578
    It kinda threw me cause it didnt start happeing until I switched IP. Never had it happened before.


    Here is my Hijack this log.


    Logfile of HijackThis v1.98.2
    Scan saved at 2:34:48 PM, on 1/28/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Propel Accelerator\PropelAC.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\All Users\Documents\AOL Downloads\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myleague.com/club8
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Propel Accelerator\prpl_IePopupBlocker.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
    O15 - Trusted Zone: *.musicmatch.com
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7966DF32-53A4-432F-9C69-D4FA082A852F}: NameServer = 209.213.140.17 216.136.33.82
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I'm not sure what the function of this entry is in the Scanlog:

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"

    But since it is loading the "Internet Connection Wizard" and that is evidently calling Outlook Express -- it might be involved in the message.

    I see no malware in the Scanlog, although you have used an older version, I doubt it would be useful to post with the more recent one at this time.

    Try "fixing" that entry with HijackThis. If it doesn't help and the entry is useful for something (perhaps launching Outlook Express every time you launch IE), you can restore it through HijackThis > Config > backups.

    If you continue to get the message, please give me an exact quote.
     
  5. texastoy4her

    texastoy4her Thread Starter

    Joined:
    Nov 30, 2004
    Messages:
    578
    Thanks for your help. I really appreciate it. I will do what is suggested and see what happens. To be honest about it I have not had the problem that I mentioned earlier ie: the box opening says that you or a program is requesting information from local host....since this morning. So I dont know what is going on lol.

    Thanks again.
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Wait until it returns again to try what I suggested. Make sure the problem is repeatable first.

    It's possible you may need to disconnect and reboot for it to occur. Whatever configuration setting you are enabling or okaying may only need to be renewed once a session.

    I think that R1 entry just launches Outlook Express automatically for you. It's actually rather common in Scanlog now that I've had a look. But if the message is only present when that entry is, then you know it is Outlook Express related.
     
  7. texastoy4her

    texastoy4her Thread Starter

    Joined:
    Nov 30, 2004
    Messages:
    578
    Hiya Rollin'


    I think its fixed now. See what had happened was I was haveing that box open when started IE or Yahoo Im or anything. Thats when I ran norton spybot and adaware and removed and foxed everything it found. I thought it would fix the prob but it would still happen after that. So thats when I came and posted the thread. The next day however by the time you had replyed it quit lol. So I am guessing it was something that 1 of them programs had found. I do really appreciate your help.



    Tex
     
  8. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Good to hear and you welcome for the review. We'll just mark it up to one of those solved but unsolved Window's mysteries :)
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/324223

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice