MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: pop ups and worm wars
June 19, 2019, 01:00:07 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 19, 2019, 01:00:07 AM

Login with username, password and session length
 
News
12th Anniversary Celebrating 12 Years! (1997 - 2009) 12th Anniversary
Thanks to ALL that make this site what it is!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: pop ups and worm wars  (Read 2099 times)
colocrazy
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« on: October 09, 2004, 03:24:09 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:2000
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:


tried about everything I can think of and still no luck....please help if you can  thnx


Logfile of HijackThis v1.98.2
Scan saved at 9:11:50 PM, on 10/9/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\LEXBCES.EXE
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\LEXPPS.EXE
D:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
D:\Program Files\NavNT\defwatch.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Norton Personal Firewall\NISUM.EXE
D:\Program Files\NavNT\rtvscan.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\Program Files\Norton Personal Firewall\SymProxySvc.exe
D:\WINNT\wanmpsvc.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Norton Personal Firewall\NISSERV.EXE
D:\WINNT\Explorer.EXE
D:\Program Files\NavNT\vptray.exe
D:\WINNT\Mixer.exe
D:\Program Files\Norton Personal Firewall\IAMAPP.EXE
D:\Program Files\America Online 9.0a\aoltray.exe
D:\WINNT\system32\MsgSys.EXE
D:\Program Files\Norton Personal Firewall\ATRACK.EXE
D:\Program Files\America Online 9.0a\waol.exe
D:\Program Files\America Online 9.0a\shellmon.exe
D:\Program Files\America Online 9.0a\aolwbspd.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Sys29] D:\winnt\system32\winsas32.exe
O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = D:\Program Files\America Online 9.0a\aoltray.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA15B994-2CC6-4206-8924-F2EFB37BD86D}: NameServer = 205.188.146.146
« Last Edit: October 09, 2004, 03:31:51 AM by benditup » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: October 09, 2004, 03:39:37 AM »

Download and save to desktop CWShredder
Run this later

Disconnect from the Net

Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php

O4 - HKLM\..\Run: [Sys29] D:\winnt\system32\winsas32.exe


After you have Fix checked and closed hijackthis
Open JUST CWShredder and let it FIX all problems

RESTART your computer
Don't open a browser yet, instead access Internet Options
via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Find and delete this file if it exists
D:\winnt\system32\winsas32.exe <--this file

You may have to Set Windows to Show Hidden Files and Folders

Download and Install the free version of Ad-Aware
After installation-CHECK FOR UPDATES
Do a Full system scan----Remove All Critical objects
RESTART your computer to finish the cleaning process

Post back a Fresh hijackthis log and let us know if you are still having problems
Logged

 
colocrazy
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #2 on: October 09, 2004, 04:44:26 AM »

ok thnx again....here is the results of the new scan....

Download Attachment: hijackthis.txt 3.38 KB
Right click and select Save Target As... then rename the file as shown here and save.
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: October 09, 2004, 04:49:04 AM »

That's the same hijackthis log file you posted the first time

Can you do another scan with hijackthis and post a Fresh log, thanks
Logged

 
colocrazy
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #4 on: October 09, 2004, 05:04:41 AM »

sorry about that...new at this...

Logfile of HijackThis v1.98.2
Scan saved at 11:01:00 PM, on 10/9/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\LEXBCES.EXE
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\LEXPPS.EXE
D:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
D:\Program Files\NavNT\defwatch.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Norton Personal Firewall\NISUM.EXE
D:\Program Files\NavNT\rtvscan.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\Program Files\Norton Personal Firewall\SymProxySvc.exe
D:\WINNT\wanmpsvc.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Norton Personal Firewall\NISSERV.EXE
D:\WINNT\system32\MsgSys.EXE
D:\WINNT\Explorer.EXE
D:\Program Files\NavNT\vptray.exe
D:\WINNT\Mixer.exe
D:\Program Files\America Online 9.0a\aoltray.exe
D:\Program Files\Norton Personal Firewall\ATRACK.EXE
D:\Program Files\America Online 9.0a\waol.exe
D:\Program Files\America Online 9.0a\shellmon.exe
D:\Program Files\America Online 9.0a\aolwbspd.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [Sys29] D:\winnt\system32\winsas32.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = D:\Program Files\America Online 9.0a\aoltray.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA15B994-2CC6-4206-8924-F2EFB37BD86D}: NameServer = 205.188.146.146
« Last Edit: October 09, 2004, 05:24:17 AM by benditup » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #5 on: October 09, 2004, 05:28:32 AM »

Did you find this file?

D:\winnt\system32\winsas32.exe

Restart your computer into Safe mode

Find and delete that file if it exists

Stay in safe mode and
Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

O4 - HKLM\..\Run: [Sys29] D:\winnt\system32\winsas32.exe

RESTART back in Normal Mode
Do another scan with hijackthis and post a fresh log
Let me know how everything is going...
Logged

 
colocrazy
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #6 on: October 12, 2004, 04:19:38 AM »

here is the new highjackthis list.... I did delete the file winsas32.exe before my other scan... checked again and it still gone.... or i cant see it anymore anyway... thnx

Download Attachment: hijackthiss.txt 2.65 KB
Right click and select Save Target As... then rename the file as shown here and save.
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 27, 2018, 05:17:45 AM