• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
jean061402

Ready to Format--AAHHHHHH

4 posts in this topic

This is my third time typing this because my computer keeps locking up .

For the last four days I have been working constantly to get this wonderful computer of mine back on track. I am going to give the rundown and give it one more day before I format.

Here it goes>>

 

I have Norton and keep it updated and run it at least once a week.

About two weeks ago I started using Spybot S&D and AD AWARE both currnet versions. Last wed night I went to sleep while Spybot S&D was running.

 

This is when all HELL HIT!!!! I woke up to find some problems. I hit fix. My computer then began to run very very slowly and then I rebooted. After rebooting My active desktop went away. My homepage was set to About blank with search options & an address showing ezwizard or something close to that. I started getting tons of spyware popups. I started getting dll errors(kernel32.lzexpand, ver, 1phlpap1) and user.exe.

I began my self taught class on spyware and adware and have read everything I could find . I also read tons off of this website and Articles, FAQ's , links etc...

This is what I did:

 

I ran Spybot S&D in regular and safe mode. (checked for updates)It found some problems and fixed them but I still get DSomething exploit which i heard is in spybot and will be fixed soon. Nothing major other than that

 

I ran Ad Aware in regular and safe mode (checked for updates) It has 104 blocked items but seems to keep finding the same ones. This is where i first seen something to do with Cool WEbsearch so I got rid of it but it keeps finding more so

 

I ran CWShredder it found nothing

 

I ran Trojan Hunter it found only one thing ==it said it could not open an adobe 6 file .

I also ran LSP fix but it only found 4 or 5 things and said not to move them???/

 

I ran norton with updates about a million times and it finds nothing.

 

I have also checked my windows update and have none so I am good there too.

 

I then ran HJT which I stored correctly in its own file not a temp file. I ran it too in safe mode, after all of the other stuff. I am going to post my HJT log after this post because I keep locking up and want to get this up so I dont have to type again.

 

Please help or let me know if I should just format..........

I am ready to toss this thing out the window

THIS really sucks and I feel everyones pain and appreciate any advice or help that might come my way.

 

I will post HJT log next

 

 

FINALLY OK HERE IT IS:

Logfile of HijackThis v1.97.7

Scan saved at 1:23:07 PM, on 6/21/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.e4me.com/start.html

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [eMachine eBoard] C:\PROGRA~1\ESOFT\EBOARD\eBoard.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE

O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\MSconfig.exe /reminder

O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE"

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [pcAnywhere Agent] C:\Program Files\Symantec\pcAnywhere\pcamgt.exe

O4 - HKLM\..\RunServices: [awhost32] C:\Program Files\Symantec\pcAnywhere\\Awhost32.exe /A

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - Startup: eWare Startup.lnk = C:\Program Files\eWare\iWareStart.exe

O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)

O9 - Extra button: ComcastHSI (HKLM)

O9 - Extra button: Support (HKLM)

O9 - Extra button: Help (HKLM)

O9 - Extra button: AIM (HKLM)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8113.5073842593

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab

 

THANKS AGAIN IN ADVANCE !!!!

Edited by jean061402

Share this post


Link to post
Share on other sites

THANKS-JEB

I ran the program which did find a non clearable trojan dll

I then followed the directions to clean it anyway

SO FAR SO GOOD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!I dont know if it was because i just started deleting all of the R1's on the Hijack list or because of this BUT I want to say

THANKS you were my only reply and it was greatly appreciated!!!!

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0