MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Not sure what i have, but lots of problems
April 23, 2019, 07:20:32 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
April 23, 2019, 07:20:32 PM

Login with username, password and session length
 
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Not sure what i have, but lots of problems  (Read 1449 times)
Xiandu
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 20


Bookmark and Share

View Profile
« on: February 09, 2005, 08:51:49 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Window XP pro
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:


been awhile since i have had to get some help with you guys, but i got a bug that has hidden it's self well, trend micro online or mcaffee can't find it. ran adware se and spybot s&d latest edition and have not been able to get rid of it. please look over this and see what you can come up with
Logfile of HijackThis v1.99.0
Scan saved at 12:46:47 AM, on 2/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\d3ud.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\netto.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Sean\LOCALS~1\Temp\Rar$EX00.166\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jzyot.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jzyot.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jzyot.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jzyot.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jzyot.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\sthmh.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jzyot.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7970E706-D02D-A73A-7C76-6016BB2C1460} - C:\WINDOWS\system32\iphq.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [netto.exe] C:\WINDOWS\system32\netto.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range:  (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\d3ud.exe

Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #1 on: February 09, 2005, 04:52:45 PM »

Hi Xiandu .. Smiley

I noticed you Downloaded HJT to a TEMP folder,always download to a folder OTHER than Temp/Temorary Internet Folders.

EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT ---this is where you will want to save Hijackthis too, also, backups will be stored there.
Download a fresh copy from here:
http://www.spywareinfo.com/~merijn/files/HijackThis.exe
or here:
http://aumha.org/downloads/hijackthis.exe


Ok I need you to DISABLE SpyBot's TeaTimer...
 In Spybot>>MODE>>ADVANCED MODE>>TOOLS>>SYSTEM STARTUP

Uncheck
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


Now Set Windows to show Hidden files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.



**(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders. This is where it will save the backup files needed if there's a problem.)**

Press Ctrl/Alt/Del and "End Task" or "End Process" on each of the following: (They may or may not be there)

d3ud.exe
netto.exe

Turn off System Restore WinXP WinME. (Turn it back on after this is repaired and you've rebooted.) Close all other open Windows and have HiJackThis Fix:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jzyot.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jzyot.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jzyot.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jzyot.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jzyot.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\sthmh.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jzyot.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7970E706-D02D-A73A-7C76-6016BB2C1460} - C:\WINDOWS\system32\iphq.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O4 - HKLM\..\Run: [netto.exe] C:\WINDOWS\system32\netto.exe

O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O23 - Service: Network Security Service - Unknown - C:\WINDOWS\d3ud.exe


Now delete these Folders or Files that are Highlighted: (You may need enable "Show all Files" and disable "Hide System Files" in Windows Explorer / Tools / Folder Options / View Tab) (You may have to boot to "Safe Mode" in order to delete some Files/Folders)

C:\WINDOWS\d3ud.exe
C:\WINDOWS\system32\netto.exe
C:\WINDOWS\jzyot.dll
C:\WINDOWS\sthmh.dll
C:\WINDOWS\system32\iphq.dll


Now, empty all your TEMP Folders (WinXp has up to 4 of them) / Temporary Internet Files Folder and then empty your "Recycle Bin" and Reboot.

In Xp, here are some locations of Temp files

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Username\Local Settings\Temporary Internet Files
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files

Turn on System Restore

Before opening your browser goto START>CONTROL PANEL>INTERNET OPTIONS and make sure your Homepage is correct,if not ,type the URL you would like in the HomePage box.


Now re-run HJT and post a new logfile back here.

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Xiandu
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 20


Bookmark and Share

View Profile
« Reply #2 on: February 10, 2005, 12:27:04 AM »

hmm when i go to look in my username local settings, my folder freezes and causes and error shutting it down, any idea why that may be?
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #3 on: February 10, 2005, 12:41:32 AM »

Try running the FIX in SAFE MODE

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Xiandu
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 20


Bookmark and Share

View Profile
« Reply #4 on: February 10, 2005, 12:52:01 AM »

yea realized that right after i posted, lol oh well, thanks, now ima gonna go back via non safe mode brb
Logged

 
Xiandu
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 20


Bookmark and Share

View Profile
« Reply #5 on: February 10, 2005, 12:55:29 AM »

ok this is my new hijack log

Logfile of HijackThis v1.99.0
Scan saved at 4:52:04 PM, on 2/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\My Downloads\HijackThis.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

oh yea regarding the hjt in the temp folder i had jus used it while i was searching for a folder, it's in mydownload folder as you see now sorry for the confusion
« Last Edit: February 10, 2005, 12:57:00 AM by Xiandu » Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #6 on: February 10, 2005, 01:12:49 AM »

Ok to remove these...

O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)


Download and run DELDOMAINS
Double click to open the DelDomains.inf.
To execute the file: right-click and Select 'Install' from the Menu.

Post a fresh log when done.

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Xiandu
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 20


Bookmark and Share

View Profile
« Reply #7 on: February 10, 2005, 01:21:38 AM »

ok did that, here's the new log

Logfile of HijackThis v1.99.0
Scan saved at 5:18:50 PM, on 2/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\My Downloads\HijackThis.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe

O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #8 on: February 10, 2005, 01:31:48 AM »

Nice job Xiandu .. Wink

Your logfile is clean... Grin

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Xiandu
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 20


Bookmark and Share

View Profile
« Reply #9 on: February 10, 2005, 01:35:36 AM »

all you man, i totally appreciate it again.  you guys really know your stuff, why i love this site. well gots to finally go eat and do my taxes now lol. thanks again Cactus
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 25, 2018, 10:15:07 PM