Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dead In The Water


  • Please log in to reply
3 replies to this topic

#1 xpiswhyilikemax

xpiswhyilikemax

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:canada
  • Local time:03:05 AM

Posted 26 July 2006 - 08:35 AM

hiya again
put highjackthis on a 3 1/2 installed in safe mode
ran program couldn't save correctly (sez not enough memory)
so....here it is as rtf
{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil\fcharset0 Times New Roman;}}
\viewkind4\uc1\pard\f0\fs20 Logfile of HijackThis v1.99.1\par
Scan saved at 10:18:54 AM, on 7/26/2006\par
Platform: Windows ME (Win9x 4.90.3000)\par
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)\par
\par
Running processes:\par
C:\\WINDOWS\\SYSTEM\\KERNEL32.DLL\par
C:\\WINDOWS\\SYSTEM\\MSGSRV32.EXE\par
C:\\WINDOWS\\SYSTEM\\MPREXE.EXE\par
C:\\WINDOWS\\EXPLORER.EXE\par
C:\\WINDOWS\\SYSTEM\\DDHELP.EXE\par
C:\\WINDOWS\\SYSTEM\\RESTORE\\STMGR.EXE\par
C:\\WINDOWS\\SYSTEM\\STIMON.EXE\par
C:\\PROGRAM FILES\\HIJACKTHIS\\HIJACKTHIS.EXE\par
\par
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = \par
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Local Page = \par
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = \par
R3 - Default URLSearchHook is missing\par
O2 - BHO: NAV Helper - \{BDF3E430-B101-42AD-A544-FADC6B084872\} - C:\\Program Files\\Norton SystemWorks\\Norton AntiVirus\\NavShExt.dll\par
O3 - Toolbar: Norton AntiVirus - \{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6\} - C:\\Program Files\\Norton SystemWorks\\Norton AntiVirus\\NavShExt.dll\par
O3 - Toolbar: &Radio - \{8E718888-423F-11D2-876E-00A0C9082467\} - C:\\WINDOWS\\SYSTEM\\MSDXM.OCX\par
O4 - HKLM\\..\\Run: [ScanRegistry] C:\\WINDOWS\\scanregw.exe /autorun\par
O4 - HKLM\\..\\Run: [TaskMonitor] C:\\WINDOWS\\taskmon.exe\par
O4 - HKLM\\..\\Run: [SystemTray] SysTray.Exe\par
O4 - HKLM\\..\\Run: [PCHealth] C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s\par
O4 - HKLM\\..\\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme\par
O4 - HKLM\\..\\Run: [LoadQM] loadqm.exe\par
O4 - HKLM\\..\\Run: [ccApp] "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"\par
O4 - HKLM\\..\\Run: [Symantec Core LC] C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe start\par
O4 - HKLM\\..\\Run: [NPROTECT] C:\\Program Files\\Norton SystemWorks\\Norton Utilities\\NPROTECT.EXE\par
O4 - HKLM\\..\\Run: [Symantec NetDriver Monitor] C:\\PROGRA~1\\SYMNET~1\\SNDMON.EXE /Consumer\par
O4 - HKLM\\..\\Run: [WinampAgent] C:\\Program Files\\Winamp\\winampa.exe\par
O4 - HKLM\\..\\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme\par
O4 - HKLM\\..\\RunServices: [SchedulingAgent] mstask.exe\par
O4 - HKLM\\..\\RunServices: [*StateMgr] C:\\WINDOWS\\System\\Restore\\StateMgr.exe\par
O4 - HKLM\\..\\RunServices: [KB891711] C:\\WINDOWS\\SYSTEM\\KB891711\\KB891711.EXE\par
O4 - HKLM\\..\\RunServices: [ccEvtMgr] "C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"\par
O4 - HKLM\\..\\RunServices: [ccSetMgr] "C:\\Program Files\\Common Files\\Symantec Shared\\ccSetMgr.exe"\par
O4 - HKLM\\..\\RunServices: [SymTray - Norton SystemWorks] C:\\Program Files\\Common Files\\Symantec Shared\\SymTray.exe "Norton SystemWorks"\par
O4 - HKLM\\..\\RunServices: [NPFMonitor] C:\\Program Files\\Norton SystemWorks\\Norton AntiVirus\\IWP\\NPFMntor.exe\par
O4 - HKLM\\..\\RunServices: [ScriptBlocking] "C:\\Program Files\\Common Files\\Symantec Shared\\Script Blocking\\SBServ.exe" -reg\par
O4 - HKLM\\..\\RunServices: [NPROTECT] C:\\Program Files\\Norton SystemWorks\\Norton Utilities\\NPROTECT.EXE\par
O4 - HKLM\\..\\RunServices: [ALU Scheduler Service] C:\\Program Files\\Symantec\\LiveUpdate\\ALUSchedulerSvc.exe\par
O4 - HKLM\\..\\RunServices: [StillImageMonitor] C:\\WINDOWS\\SYSTEM\\STIMON.EXE\par
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone\par
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone\par
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone\par
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone\par
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone\par
\par
}
Face Piles of Trials with Smiles - Moody Blues

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:05 AM

Posted 08 August 2006 - 12:28 PM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log

#3 xpiswhyilikemax

xpiswhyilikemax
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:canada
  • Local time:03:05 AM

Posted 08 August 2006 - 03:33 PM

hiya, thanx for the input,
took the advice offered earlier;
used killdisk, re-installed O/S etc
used PartitionMagic to allocate unused
28gig...all is kewl
great site, great assistance thanx
Face Piles of Trials with Smiles - Moody Blues

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:05 AM

Posted 08 August 2006 - 04:34 PM

Glad I could help! :thumbsup:
I think reformatting was the best option.
Follow this list and your potential for being infected again will be reduced dramatically.

Use an Anti Virus Software -
* It is very important that your computer has an anti-virus software running on your machine.
* This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
* Click here for more information on -> Computer Safety On line - Anti-Virus
* I would recommend Grisoft's AVG or AVAST.
* These are the more secure and better ones.

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall -
* I can not stress how important it is that you use a Firewall on your computer.
* Without a firewall your computer is susceptible to being hacked and taken over.
* Simply using a Firewall in its default configuration can lower your risk greatly.
* For an article on Firewalls and a listing of some available ones see the link below:
* Click here for more information on -> Computer Safety On line - Software Firewalls
* I would recommend ZoneAlarm as a firewall as it's easy to use.

Visit Microsoft's Windows Update Site Frequently -
* It is important that you visit http://www.windowsupdate.com regularly.
* This will ensure your computer has always the latest security updates available installed on your computer.
* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option.
* This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
* You should also scan your computer with program on a regular basis just as you would an anti virus software.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Lavasofts© Ad-Aware - Install and download Ad-Aware.
* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Javacools© SpywareBlaster -
* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
* A article on anti-malware products with links for this program and others can be found here:
* Click here for more info -->Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.

If you have any addition questions just ask...
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users