|
#1
February 3rd, 2004, 08:32 AM
|
|||
|
|||
computer under seige
It took me 30 min. to figure out how to post this if that tells you anything about my p.c. smarts. My p.c. dials out all the time (on it's own) but won't let me get anything but netscape and that takes a long time to load. Only one page too. Can't get a second one. It also eats Nortons. If I'm trying to reinstall another one, it starts dialing out and I keep shutting the dial up down. Over and over like pop up ads. Dial's out all hours of the day and nite. Have to keep phone line unplugged. Can't get on the internet to run "housecall" so rented this p.c. from Rent One to try and download something on a disc to run in my other p.c.. Can't figure that out either. Ran the hijak this and talked to their tech. He said whatever I had - was really big and bad -said I may as well go ahead and uninstall Norton because it was all broke up. Went and bought another one-2003 Norton (first one I bought as a download off the internet-can't get on internet so can't download another)-Tower chugs like there is a demon in it when I try installing new Norton, then I get bits and pieces of norton pages or sometimes I can run parts of it. Printer, scanner, all other software works good. When I tried to get thru to trendmicro.com a screen popped up that said "You are not permitted on this site". Ran "Spyware" everytime it put things in the recycle bin, they got back out. Finally, new Norton kept them in there till I could get rid of them. So, does anyone know what hijaks your dial up and eats your virus ware. I'm at war here. Please, help.
|
|
#2
February 3rd, 2004, 08:58 AM
|
||||
|
||||
|
It could be alot of things...first disable your windows messenger, check here then run spybot or adaware and finally run hijackthis and post the log it creates here.
__________________
Dan Registered Linux User #382181 - Don't be irreplaceable; if you can't be replaced, you can't be promoted. posting tips - cth tos - how to post hijackthis log
|
|
#3
February 3rd, 2004, 07:36 PM
|
|||
|
|||
|
Quote:
Administrative tools won't let me in to disable messenger. Is there another way? Ran spyware. Will run spy bot if I can get it downloaded on this p.c.. Already ran hijak and they helped me delete some things. It didn't help. The log follows with what remains. Thanks. Logfile of HijackThis v1.97.7 Scan saved at 9:53:06 PM, on 2/2/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\MDM.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\TASKMON.EXE C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 3.0 SE\CALCHECK.EXE C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe C:\PROGRAM FILES\WINZIP\WINZIP32.EXE C:\WINDOWS\TEMP\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dogpile.com/info.dogpl.to...rms/search.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com/info.dogpl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.com/info.dogpl.to...rms/search.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dogpile.com/info.dogpl.to...rms/search.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com/info.dogpl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.com/info.dogpl.to...rms/search.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.dogpile.com/info.dogpl.toolbar/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" O4 - HKLM\..\Run: [LexStart] lexstart.exe O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...983.9103240741
|
|
#4
February 5th, 2004, 02:24 AM
|
||||
|
||||
|
Hi oakbluffs - Close IE and all open windows and run Hijack This again. Check the below entries and click on Fix Checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dogpile.com/info.dogpl.t...orms/search.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com/info.dogpl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.com/info.dogpl.t...orms/search.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dogpile.com/info.dogpl.t...orms/search.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com/info.dogpl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.com/info.dogpl.t...orms/search.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.dogpile.com/info.dogpl.toolbar/ Reboot and reset your Home Page. Also let us know if you still have a problem.
__________________
Moderator: Vista Forum Microsoft MVP - Windows Desktop Experience 2004-2008 If we have helped you, please consider supporting Cyber Tech Help with a subscription Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you. How to help prevent re-infection
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 09:03 PM.
[
RSS ]
