Jump to content


Photo

Ready to Format--AAHHHHHH


  • Please log in to reply
3 replies to this topic

#1 jean061402

jean061402

    Member

  • New Member
  • Pip
  • 3 posts

Posted 21 June 2004 - 03:32 PM

This is my third time typing this because my computer keeps locking up .
For the last four days I have been working constantly to get this wonderful computer of mine back on track. I am going to give the rundown and give it one more day before I format.
Here it goes>>

I have Norton and keep it updated and run it at least once a week.
About two weeks ago I started using Spybot S&D and AD AWARE both currnet versions. Last wed night I went to sleep while Spybot S&D was running.

This is when all HELL HIT!!!! I woke up to find some problems. I hit fix. My computer then began to run very very slowly and then I rebooted. After rebooting My active desktop went away. My homepage was set to About blank with search options & an address showing ezwizard or something close to that. I started getting tons of spyware popups. I started getting dll errors(kernel32.lzexpand, ver, 1phlpap1) and user.exe.
I began my self taught class on spyware and adware and have read everything I could find . I also read tons off of this website and Articles, FAQ's , links etc...
This is what I did:

I ran Spybot S&D in regular and safe mode. (checked for updates)It found some problems and fixed them but I still get DSomething exploit which i heard is in spybot and will be fixed soon. Nothing major other than that

I ran Ad Aware in regular and safe mode (checked for updates) It has 104 blocked items but seems to keep finding the same ones. This is where i first seen something to do with Cool WEbsearch so I got rid of it but it keeps finding more so

I ran CWShredder it found nothing

I ran Trojan Hunter it found only one thing ==it said it could not open an adobe 6 file .
I also ran LSP fix but it only found 4 or 5 things and said not to move them???/

I ran norton with updates about a million times and it finds nothing.

I have also checked my windows update and have none so I am good there too.

I then ran HJT which I stored correctly in its own file not a temp file. I ran it too in safe mode, after all of the other stuff. I am going to post my HJT log after this post because I keep locking up and want to get this up so I dont have to type again.

Please help or let me know if I should just format..........
I am ready to toss this thing out the window
THIS really sucks and I feel everyones pain and appreciate any advice or help that might come my way.

I will post HJT log next


FINALLY OK HERE IT IS:
Logfile of HijackThis v1.97.7
Scan saved at 1:23:07 PM, on 6/21/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.e4me.com/start.html
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [eMachine eBoard] C:\PROGRA~1\ESOFT\EBOARD\eBoard.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\MSconfig.exe /reminder
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [pcAnywhere Agent] C:\Program Files\Symantec\pcAnywhere\pcamgt.exe
O4 - HKLM\..\RunServices: [awhost32] C:\Program Files\Symantec\pcAnywhere\\Awhost32.exe /A
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: eWare Startup.lnk = C:\Program Files\eWare\iWareStart.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: ComcastHSI (HKLM)
O9 - Extra button: Support (HKLM)
O9 - Extra button: Help (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8113.5073842593
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...81/mcinsctl.cab

THANKS AGAIN IN ADVANCE !!!!

Edited by jean061402, 21 June 2004 - 04:06 PM.


#2 jean061402

jean061402

    Member

  • New Member
  • Pip
  • 3 posts

Posted 22 June 2004 - 04:40 PM

?PLease help with hjt log

#3 jebsterino

jebsterino

    Member

  • New Member
  • Pip
  • 2 posts

Posted 22 June 2004 - 05:18 PM

I ran into this one the other day. Here is a link to what I found in another forum:
http://www.experts-e...6.html#11352367

Edited by jebsterino, 22 June 2004 - 05:18 PM.


#4 jean061402

jean061402

    Member

  • New Member
  • Pip
  • 3 posts

Posted 23 June 2004 - 12:11 AM

THANKS-JEB
I ran the program which did find a non clearable trojan dll
I then followed the directions to clean it anyway
SO FAR SO GOOD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!I dont know if it was because i just started deleting all of the R1's on the Hijack list or because of this BUT I want to say
THANKS you were my only reply and it was greatly appreciated!!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button