Computer Hope

Software => Computer viruses and spyware => Topic started by: pandora95 on August 19, 2006, 04:26:29 PM

Title: plz hijack this
Post by: pandora95 on August 19, 2006, 04:26:29 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:20:40 PM, on 8/19/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Diane\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .au: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{77947153-DB93-4323-BCE4-00A63B04609E}: NameServer = 207.69.188.185 207.69.188.186
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

my grandmas pc tryin to fix ive treid evrythin i could do with my brain and 2 hands so the final option was having u guys performing another miracle thanks alot
oh the pc is a sony vaio with 128mb
and 2 hardrives 1 15gb and the other 1 31 gb
intel pentium 3 processor
 thats all folks

Title: Re: plz hijack this
Post by: Maksim on August 19, 2006, 04:29:30 PM

I can give you some help.. Download Lavasofts Ad-Aware 6 program and run it.. select for deep scanning.. hijack this software. i dont find it useful.. but if you cant then i would suggest backing up the data from the old grungy PC and reformat and reinstall windows. That would be my suggestion..
but if someone else has something, then please go head.

Title: Re: plz hijack this
Post by: pandora95 on August 19, 2006, 04:34:43 PM

i know about ad aware and all that i did all the scans and  tuff but
this pc came with windows me i think and my freind put windows xp on so  i dunno how to reinstall it and i keep  getting the popus that say fail to act may lead to pc failure.ty

Title: Re: plz hijack this
Post by: Fed on August 19, 2006, 04:41:29 PM

Increase your RAM, 128 MBs is not enough.
Update Windows.

What seems to be the problem?

Title: Re: plz hijack this
Post by: Fed on August 19, 2006, 04:44:54 PM

I just read your last reply, Win98SE would be good for this, cheap too. LOL

Title: Re: plz hijack this
Post by: pandora95 on August 19, 2006, 06:37:20 PM

besides buying anythin what can i do ?

Title: Re: plz hijack this
Post by: Maksim on August 19, 2006, 07:35:59 PM

Quote

besides buying anythin what can i do ?

Hey pandora95 try this, Download Webroot Window Washer, site: http://www.webroot.com/consumer/downloads
and select Free Trial of Window Washer, It hink that should work..

Title: Re: plz hijack this
Post by: Fed on August 19, 2006, 07:45:13 PM

Do a clean install with your ME disk.
Install AVG Free.
Install SpyBot +resident tea timer. Edit: Install WinPatrol.
Install Sygate Firewall.
Update ME to the hilt.

Title: Re: plz hijack this
Post by: pandora95 on August 26, 2006, 10:01:00 PM

when i pop in the system recovery disk nothin happens nothin can happen for some reason,then when i pop in the application recovery it says cannot work because of windows xp being installed so now that the recovery disks dont work how would i get rid of windows xp so they can work?ty

Title: Re: plz hijack this
Post by: GX1_Man on August 26, 2006, 10:31:25 PM

You may have boogered it up too much already if there were necessary hidden partitions that have been removed or overwritten.

Title: Re: plz hijack this
Post by: pandora95 on August 27, 2006, 08:44:40 AM

so what can i do