MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: .
July 22, 2019, 09:59:51 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
July 22, 2019, 09:59:51 PM

Login with username, password and session length
 
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: .  (Read 1080 times)
checkoutthefood
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 3


Bookmark and Share

View Profile
.
« on: August 24, 2004, 03:57:10 PM »

*
« Last Edit: January 27, 2009, 03:32:33 PM by checkoutthefood » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: August 25, 2004, 12:02:16 AM »

Download and save to desktop CWShredder
Run this later

Disconnect from the net
Set Windows to Show Hidden Files and Folders

Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aqzrhv.t.muxa.cc/s.php?aid=11117 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aqzrhv.t.muxa.cc/s.php?aid=11117 (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aqzrhv.t.muxa.cc/s.php?aid=11117 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aqzrhv.t.muxa.cc/s.php?aid=11117 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://aqzrhv.t.muxa.cc/h.php?aid=11117 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aqzrhv.t.muxa.cc/s.php?aid=11117 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aqzrhv.t.muxa.cc/s.php?aid=11117 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://aqzrhv.t.muxa.cc/h.php?aid=11117 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://aqzrhv.t.muxa.cc/h.php?aid=11117 (obfuscated)

O4 - HKLM\..\Run: [sys] regedit -s sys.reg

O21 - SSODL: System - {3B9F9868-D2A2-42F7-AD9A-8341A21687A5} - C:\WINDOWS\system32\system32.dll

After you have fix checked and closed hijackthis
Open up CWShredder and let it FIX all problems

RESTART your computer into Safe Mode

Find and delete this file if it exists
C:\WINDOWS\system32\system32.dll

RESTART back in Normal mode
Don't open a browser yet, instead access Internet Options via Control
Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Post back with a fresh hijackthis log
Logged

 
checkoutthefood
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 3


Bookmark and Share

View Profile
« Reply #2 on: August 25, 2004, 06:12:01 PM »

**
« Last Edit: October 20, 2008, 01:22:11 PM by checkoutthefood » Logged

 
alykat
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 4


Bookmark and Share

View Profile
« Reply #3 on: August 26, 2004, 06:29:12 PM »

Hi Alykat, I'm removing your log from this thread

Can you please start your own Topic please, simply click on New topic
at the top of this forum
Your version of Hijackthis is out of date
Delete it
Important---Create a permanent folder hijackthis
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT
OR create a folder as C:\HJT---this is where you will want to save Hijackthis too, also, backups will be stored there.
download from
HERE or HERE


Do a SCAN----Scan will change to SAVE LOG----copy and paste the WHOLE contents of the log
in your own topic... Don't try and fix anything yet----It is all important
« Last Edit: August 26, 2004, 07:14:41 PM by benditup » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #4 on: August 26, 2004, 07:13:28 PM »

Looks good checkoutthefood
Just some optional fixes, up to you, these are not needed on startup

Access task manager(Ctrl--Alt--Del)
End task on this
EVNTSVC.EXE
Navigate to this file
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
RENAME EVNTSVC.EXE>>>EVNTSVC.OLD

Have hijackthis fix these entries
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

RESTART your computer
Don't delete the backups made by hijackthis until everything is running smooth for you

I see this entry in your log
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
If it's the free version of DAP, it's been associated with Spyware
or is it a leftover entry? Don't need to remove it, just enquiring...

This is my canned speech Smiley I don't like repeat customers, just kidding
You should install these 2 apps., they add extra security while
silently protecting you, without running in the background
 
SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
http://www.bleepingcomputer.com/forums/index.php?showtutorial=53

With both---Check for updates every couple of weeks


Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 24, 2018, 03:06:58 AM