MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: aaawebsearch
October 14, 2019, 12:25:45 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
October 14, 2019, 12:25:45 AM

Login with username, password and session length
 
News
New  Check out our improved Download section for tons of software....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: aaawebsearch  (Read 867 times)
dan6684
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 3


Bookmark and Share

View Profile
« on: January 15, 2005, 05:24:33 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:windows 2000 professional
Problem Application Name & Version:aaawebsearch
Problem Hardware Make & Model: x86 family 6 model 8 stepping 3  
Error Messages:



HI! My homepage keeps being directed to http://www.aaawebsearch.com
I've tried tempering with REGEDIT and am using MicroSoft AntiSpyware
The problem still exists with occational popup windows.

please help me out here.
THANKS IN ADVANCE!

  my HIJACK LOG:

Logfile of HijackThis v1.99.0
Scan saved at 01:06:43, on 2005/1/15
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\LEXBCES.EXE
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\LEXPPS.EXE
D:\WINNT\system32\CTSvcCDA.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\devldr32.exe
D:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
D:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
D:\WINNT\system32\rtdsspx.exe
D:\Program Files\Creative\ShareDLL\CtNotify.exe
D:\winnt\system32\sp2ctr.exe
D:\winnt\system32\evthtm.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\WINNT\system32\internat.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Creative\ShareDLL\MediaDet.Exe
D:\VSTASCAN\vsaccess.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\KKman\KKMAN.exe
C:\Documents and Settings\daniel\desktop\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {73862806-E71E-1F08-15C9-A4673F0DD2EE} - D:\WINNT\system32\rtdsspx.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\ycomp5_1_6_0.dll
O3 - Toolbar: @msdxmLC.dll,-1@1028,radio[&R] - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] D:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [AudioHQ] D:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [Speed racer] D:\Program Files\Creative\SBLive2k\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [Creative Launcher] D:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [XPSP2 Firewall] D:\WINNT\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [9FB799E3] D:\WINNT\system32\rtdsspx.exe
O4 - HKLM\..\Run: [8C2C936E] D:\WINNT\system32\firypref.exe
O4 - HKLM\..\Run: [F08121F6] D:\WINNT\system32\WMASetmg.exe
O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [sp2ctr] d:\winnt\system32\sp2ctr.exe /nocomm
O4 - HKLM\..\Run: [EvtHtm] d:\winnt\system32\evthtm.exe /nocomm
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows Update Client ] D:\WINNT\system32\wuclient.exe
O4 - HKCU\..\Run: [8C2C936E] D:\WINNT\system32\firypref.exe
O4 - HKCU\..\Run: [F08121F6] D:\WINNT\system32\WMASetmg.exe
O4 - HKCU\..\Run: [9FB799E3] D:\WINNT\system32\rtdsspx.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.spgame.com.tw/xml_web_setup/msxml4.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINNT\system32\CTSvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - D:\WINNT\system32\LEXBCES.EXE


Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: January 15, 2005, 06:17:13 AM »

Hi
First check you are not running HJT  the desktop or a Temp folder.Its best run in a folder of its own.

Make sure you  run Adaware, Spybot S & D(check for updates) and  as these will do a preliminary clean first.Some files below may not be present after running the above programs.

Then.....
Close your browser window and run hjt in safe mode... How To Run Safemode  and have "Hijack This" fix the following by placing a check in the appropriate boxes and selecting "fix checked". .If any EXE files have been selected go into HijackThis/Config/Misc/Tools/ and open process manager. Select the  EXE files (if they are there) and click Kill process before deleting.


Files highlighted in BLACK will need to be removed from your hard drive.

Make sure to have your system set to show hidden files and folders..How To Show File .

 When done download Cleanup and run it to clean out the temp folders  Please post a new log when finished...

R3 - URLSearchHook: (no name) - {73862806-E71E-1F08-15C9-A4673F0DD2EE} - D:\WINNT\system32\rtdsspx.exe
O4 - HKLM\..\Run: [XPSP2 Firewall] D:\WINNT\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [9FB799E3] D:\WINNT\system32\rtdsspx.exe
O4 - HKLM\..\Run: [8C2C936E] D:\WINNT\system32\firypref.exe
O4 - HKLM\..\Run: [F08121F6] D:\WINNT\system32\WMASetmg.exe
O4 - HKLM\..\Run: [sp2ctr] d:\winnt\system32\sp2ctr.exe /nocomm
O4 - HKLM\..\Run: [EvtHtm] d:\winnt\system32\evthtm.exe /nocomm
O4 - HKCU\..\Run: [8C2C936E] D:\WINNT\system32\firypref.exe
O4 - HKCU\..\Run: [F08121F6] D:\WINNT\system32\WMASetmg.exe
O4 - HKCU\..\Run: [9FB799E3] D:\WINNT\system32\rtdsspx.exe
Logged

An Australian Member of

EDDY
dan6684
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 3


Bookmark and Share

View Profile
« Reply #2 on: January 16, 2005, 08:07:51 AM »


HI. I think i've done everything as told
BTW. apart from problems with aaawebsearch, there was also
http://www.69s*xsearch , which i forgot to mention last time

so pls check for me again..
here's my log
THX AGAIN!

ps. i'm using a chinese system..so u might see some weird characters.




Logfile of HijackThis v1.99.0
Scan saved at
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: January 16, 2005, 08:22:42 AM »


Remove this highlighted file and all three entries from the log.
O4 - HKCU\..\Run: [Windows Update Client ] D:\WINNT\system32\wuclient.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=

To fix http://www.69s*xsearch
Download and run   DELDOMAINS
then double click to open the DelDomains.inf .To execute the file: right-click and Select Install from the Menu.
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 08, 2017, 09:05:11 AM