MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Problem with my computer
November 22, 2019, 10:14:11 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 22, 2019, 10:14:11 AM

Login with username, password and session length
 Featured Sites:
News
12th Anniversary Celebrating 12 Years! (1997 - 2009) 12th Anniversary
Thanks to ALL that make this site what it is!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: Problem with my computer  (Read 3035 times)
Trishs
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 37


Bookmark and Share

View Profile
« on: July 22, 2004, 07:59:48 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



Hey guys, I got a lot of viruses/spyware on my computer. When I open IE, I get the message, "Explorer has caused an error 'unknown'" I also got the search assitant thing virus. This is my hijack this results. Please tell me which ones to delete. Thanks!
O2 - BHO: (no name) - {6A699FC3-85E6-C9B8-BFFA-A00E8985B70A} - C:\WINDOWS\IPZI32.DLL
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [xtqmjlbkfog] C:\WINDOWS\SYSTEM\cjkcqro.exe
O4 - HKLM\..\Run: [D3GL32.EXE] C:\WINDOWS\SYSTEM\D3GL32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [VidSvr]  
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SYSSH.EXE] C:\WINDOWS\SYSSH.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN
MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\SYSTEM\NDrv.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38114.7530787037
O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32} (VacPro.canada_ver3) - http://www.advnt01.com/dialer/canada_ver3.CAB

Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #1 on: July 22, 2004, 11:06:02 PM »

Could you please re-run HJT and Copy the ENTIRE LOGFILE.

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #2 on: July 22, 2004, 11:09:58 PM »

I need to see your whole log, the top header and everything
Includes hijackthis version and processes

Just in case,
Are you using hijackthis 1.98, if not delete your copy and redownload
the newest version into a permanent folder.... This is my canned speech


Would you please download Hijackthis---Important---Create a permanent folder hijackthis
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT ---this is where you will want to save Hijackthis too, also, backups will be stored there.
download from
HERE or HERE


Do a SCAN----Scan will change to SAVE LOG----copy and paste the WHOLE contents of the log
here... Don't try and fix anything yet----It is all important



Also, if you haven't done so already can you please
Download and Install the free version of Ad-Aware

After install----CHECK FOR UPDATES
Disconnect from the Net, set these additional options for a custom scan
click the gear wheel at the top and check these options:

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".

RESTART your computer and then post a Fresh hijackthis log, thanx
Logged

 
Trishs
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 37


Bookmark and Share

View Profile
« Reply #3 on: July 23, 2004, 01:53:53 AM »

Here it is guys! Hope you can help Thanks Cheesy
I noticed that my version is 1.97 so im going to download 1.98 I'm gonan post that logfile too. THanks

Logfile of HijackThis v1.97.7
Scan saved at 6:49:03 PM, on 22/07/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXE
C:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSSH.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\CJKCQRO.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
D:\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
O2 - BHO: (no name) - {6A699FC3-85E6-C9B8-BFFA-A00E8985B70A} - C:\WINDOWS\IPZI32.DLL
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [xtqmjlbkfog] C:\WINDOWS\SYSTEM\cjkcqro.exe
O4 - HKLM\..\Run: [D3GL32.EXE] C:\WINDOWS\SYSTEM\D3GL32.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [VidSvr]  
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SYSSH.EXE] C:\WINDOWS\SYSSH.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\SYSTEM\NDrv.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38114.7530787037
« Last Edit: July 23, 2004, 01:58:19 AM by Trishs » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #4 on: July 23, 2004, 03:43:13 AM »

If you get a chance, can you please run an online virus scan at Housecall's---Set to Autoclean and delete what it can't fix if you can,
thanks
http://housecall.trendmicro.com/

Don't forget to post back with an updated hijackthis log afterwards
Logged

 
Trishs
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 37


Bookmark and Share

View Profile
« Reply #5 on: July 23, 2004, 05:47:05 PM »

Hey guys, when I'm trying to download hjk 1.98, it gives me the message, "Cannot open zip file" and it just stops downloading. Also, I can't run that trend micro stuff because my other computer (the one with the virus(es) cant access the interent because whenenver I open IE, it gives me that explorer has cause an error unknown. so really, im downloading like hjk and stuff and burning it onto a disc and transffering it to another computer. If i re-install IE, will it help, and how do I reinstall IE without access to the internet?
« Last Edit: July 23, 2004, 05:48:49 PM by Trishs » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #6 on: July 23, 2004, 08:08:47 PM »

Let's try this, we'll work on your hijackthis 1.97.7 log

If you can make a permanent folder for hijackthis on your C:drive
and move hijackthis to that new folder....
Backups will be stored there, try running from that new folder
Once you transfer it over, right click on it and ensure there is no
check in READ ONLY

You have some entries that I don't recognize....We'll send them to the
recycle bin for now
I do recognize one that was taken care of by About:buster, but I see no other signs of the infection
Could you please download Download the tool about:Buster created by Rubber Ducky. http://www.downloads.subratam.org/AboutBuster.zip

Unzip it to the desktop, DON'T run it yet
You will have to copy it over to your C: drive again

Access your add/remove programs and remove Twain Tech if there

Restart your computer in Safe Mode

Set windows to show hidden files and folders
* Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Click Yes to confirm.
    * Click OK.
    * Click Start, Programs and Accessories and open Windows Explorer.
    * Select a hard drive from the left hand side of the Windows Explorer window.
    * Select View the Entire contents of this drive.

Find and delete these files or folders
C:\WINDOWS\SYSTEM\cjkcqro.exe <---this file if unknown
C:\WINDOWS\SYSTEM\D3GL32.EXE <---this file
C:\WINDOWS\SYSSH.EXE <---this file
C:\WINDOWS\SYSTEM\NDrv.exe <--this file

Next: while still in safe mode
Do another Scan with Hijackthis and put a check next to these entries and then FIX CHECKED when ALL other windows are closed
O2 - BHO: (no name) - {6A699FC3-85E6-C9B8-BFFA-A00E8985B70A} - C:\WINDOWS\IPZI32.DLL
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL

O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [xtqmjlbkfog] C:\WINDOWS\SYSTEM\cjkcqro.exe
O4 - HKLM\..\Run: [D3GL32.EXE] C:\WINDOWS\SYSTEM\D3GL32.EXE

O4 - HKLM\..\RunServices: [SYSSH.EXE] C:\WINDOWS\SYSSH.EXE
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\SYSTEM\NDrv.exe

Close down Hijackthis after you FIX checked the above

While still in Safe Mode
Double click aboutbuster, click OK, click Start, then click OK. This will scan your computer for the bad files and delete them.
Save the log

Run aboutbuster again--save log

RESTART in Normal mode

When downloading hijackthis don't try and open it but choose save instead, you must have an unzipping utility such as Winzip or IZarc
installed.... Windows XP has one built in
The links I supplied above are for hijackthis.exe, you won't need to unzip it.

Did any of these problems with loss of Internet connection happen after you tried fixing any entries with Hijackthis?
I noticed that your 2 logs are a little different, some entries manually fixed with hijackthis can cause loss of Internet connection

You may want to try Winsock Fix or restore what you have tried to fix
already, if you saved the backups
http://www.bu.edu/pcsc/internetaccess/winsock2fix.html

Post back with a fresh hijackthis log and about:buster logs
« Last Edit: July 23, 2004, 08:10:49 PM by benditup » Logged

 
Trishs
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 37


Bookmark and Share

View Profile
« Reply #7 on: July 23, 2004, 11:37:16 PM »

Hi, when i try to download that about:buster thing, it says that "the compressed(zipped) folder is invalid or corrupted" it was the same problem i had with the hjk 1.98
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #8 on: July 23, 2004, 11:43:41 PM »

Hi Trish, I would like you to save first to disk---don't open
You may of inadvertently unchecked that option Smiley
Follow this link to restore the ability

http://uslinux.ied.edu.hk/stffaq/5.12.html

If you get a popup, just close it out

Also check out this link
http://support.microsoft.com/?kbid=308090
« Last Edit: July 23, 2004, 11:46:15 PM by benditup » Logged

 
Trishs
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 37


Bookmark and Share

View Profile
« Reply #9 on: July 24, 2004, 12:02:50 AM »

Hi, how do I uncheck it? like where do I go to uncheck the "open" thing?
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #10 on: July 24, 2004, 12:24:05 AM »

Not sure what unzipping utility your using and I've never used Windows ME, but it should be close to 98SE.
I'll check my other computer
I'm going to assume your using Winzip, not sure???
I use IZArc

Right click the START button on desktop
Left Click EXPLORE
TOOLS>>>>>>Folder Options
Open the FILE TYPES tab
In the Registered File types scroll down to Winzip
Left click once to highlight it
Click the EDIT button
Put a check in "Confirm open after download"

Make sure to put that there IS a check there...
« Last Edit: July 24, 2004, 12:25:33 AM by benditup » Logged

 
Trishs
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 37


Bookmark and Share

View Profile
« Reply #11 on: July 24, 2004, 12:28:54 AM »

I'm actually on windows XP right now because My ME does not have IE. I transfer files from one comp0uter to anohter by burning the files off a cd.
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #12 on: July 24, 2004, 12:43:30 AM »

Are you using the Windows XP built in unzipping utility?

Try this
Right click the START button
Left Click EXPLORE
Click TOOLS at the top
Folder Options
Open the FILE TYPES tab
Under registered file types highlight .zip extension
Click ADVANCED
Put a check IN "confirm open after download"
Logged

 
Trishs
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 37


Bookmark and Share

View Profile
« Reply #13 on: July 24, 2004, 03:17:40 AM »

Hey, I managed to download the about:buster, and hijack this 1.98 Ill update u w/ more info later. Thx!
Logged

 
Trishs
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 37


Bookmark and Share

View Profile
« Reply #14 on: July 24, 2004, 03:28:46 AM »

Good news guys! I i fixed my computer!!!!! YAY Lol thanks a lot uve been sooo much help. I'll recommend u guys to all my friends and tell my friend to advertise on their sites: canucksource.com and allstarboard.com!!!!! Thanks SOOOOO MUCH Grin;D;D;D;D
Logged

 
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 28, 2017, 09:13:11 PM