MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: 124837 will not go away
June 06, 2020, 07:12:40 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 06, 2020, 07:12:40 AM

Login with username, password and session length
 Featured Sites:
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: 124837 will not go away  (Read 994 times)
chrispoem
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 1


Bookmark and Share

View Profile
« on: October 02, 2004, 12:34:38 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:Logfile of HijackThis v1.97.7
Scan saved at 5:26:22 PM, on 10/1/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSwanmpsvc.exe
C:WINDOWs*xplorer.EXE
C:Program FilesQuickTimeqttask.exe
C:Program FilesCommon FilesRealUpdate_OB\realsched.exe
C:WINDOWSSystem32dktime.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSSystem32wuauclt.exe
C:windows\rundll32.exe
C:WINDOWSSystem32dktime.exe
C:Documents and SettingsDefaultApplication Dataeous.exe
C:Program FilesAmerica Online 7.0caoltray.exe
C:Program FilesAmerica Online 7.0cwaol.exe
C:New FolderHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://ngnoja.t.muxa.cc/s.php?aid=291 (obfuscated)
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://ngnoja.t.muxa.cc/s.php?aid=291 (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = about:blank
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.searchalot.com/"); (C:Program FilesNetscapeUserschrisriniprefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: (no name) - {6CAD3502-9346-7FB5-8756-64550DF17F18} - C:WINDOWSSystem32darqdk.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:WINDOWSquestmod.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [SystemTray] systray.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB\realsched.exe" -osboot
O4 - HKLM..Run: [DKTime] C:WINDOWSSystem32dktime.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [iedll] c:WINDOWSiedll.exe
O4 - HKCU..Run: [RealUpdater] C:WINDOWSSystem32\realupd.exe
O4 - HKCU..Run: [StartPage] C:windows\rundll32.exe
O4 - HKCU..Run: [DKTime] C:WINDOWSSystem32dktime.exe
O4 - HKCU..Run: [Ttnh] C:Documents and SettingsDefaultApplication Dataeous.exe
O4 - HKCU..Run: [Juo] C:WINDOWSSystem32w?nspool.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:Program FilesAmerica Online 7.0caoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~1Office10EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .SWF: C:PROGRAM FILESNETSCAPECOMMUNICATORPROGRAMPLUGINS\npswf32.dll
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:explorer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLMSystemCCSServicesTcpip..{3B3505A8-0551-4FF6-BEC3-09E3346DCC18}: NameServer = 198.81.17.4




I am having trouble removing a nasty file 124837.  When I try to delete the file windows tells me to unintsall 124837 from the unistall/remove programs but it does not exist there. 124837 just keeps re-installling itself
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: October 02, 2004, 08:09:42 AM »

Hi
Close your browser window,run hjt in safe mode and fix these items.Any files/folders that I have highlighted  will also need to be removed from your hard drive as well as from the log.   Make sure to have your system set to show hidden files and folders..  www.xtra.co.nz/help/0,,4155-1916458,00.html while still in safe mode,run "CWshreader".Post a new log when finished but before you do,update to hjt v1.98.2

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://ngnoja.t.muxa.cc/s.php?aid=291 (obfuscated)
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://ngnoja.t.muxa.cc/s.php?aid=291 (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = about:blank
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: (no name) - {6CAD3502-9346-7FB5-8756-64550DF17F18} - C:WINDOWSSystem32 darqdk.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:WINDOWS questmod.dll
O4 - HKCU..Run: [iedll] c:WINDOWS iedll.exe
O4 - HKCU..Run: [RealUpdater] C:WINDOWSSystem32\realupd.exe
O4 - HKCU..Run: [StartPage] C:windows\rundll32.exe
O4 - HKCU..Run: [DKTime] C:WINDOWSSystem32 dktime.exe
O4 - HKCU..Run: [Ttnh] C:Documents and SettingsDefaultApplication Dataeous.exe
O4 - HKCU..Run: [Juo] C:WINDOWSSystem32 w?nspool.exe
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:explorer.cab

« Last Edit: October 02, 2004, 08:17:59 AM by Pancake » Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page February 16, 2020, 09:35:05 PM