[Resolved] NEED Hijack log help PLEASE ANDTHANK YOU.
#16
Posted 04 April 2008 - 06:07 PM
Register to Remove
#17
Posted 04 April 2008 - 07:09 PM
Just in case things continue to get worse and a reformat is a probability .
Certainly sounds to me like windows is about to crash on you. Things are changing for no apparent reason . Weather this be about Malware which by the looks of combofix you certainly had a lot of , or be it just a windows error situation the probability exists your about to crash. So it is best to be ready to minimize problems ,Heart aches and Heart breaks..
All the tools we have used I use on many many computers over the years without a single issue. So I can't in all reality blame them.
You have tried system restore more than 1 time I assume ? Going back further each time ?
You mentioned you do not have any of the original disks. This may emnd up to be a bad situation as a reformat isn't a possibility unless there is a back up on the computer as listed by an alternative hard drive.
When you click My computer / you will see listed Local disk C more than likely.
Do you see another local disk listed ?
_____________________________
At this point just answer my questions as best you think you can.
#18
Posted 04 April 2008 - 07:15 PM
Just in case things continue to get worse and a reformat is a probability . Unfortunatly without any disks that came with the compuer you will have to do one of 2 things.
Contact the manufacturer of the computer \or
Take it to a computer shop to have windows reinstalled. At this point I don't think a repair is in order. ( in case they mention it)
Certainly sounds to me like windows is about to crash on you. Things are changing for no apparent reason . Weather this be about Malware which by the looks of combofix you certainly had a lot of , or be it just a windows error situation the probability exists your about to crash. So it is best to be ready to minimize problems ,Heart aches and Heart breaks..
All the tools we have used I use on many many computers over the years without a single issue. So I can't in all reality blame them.
You have tried system restore more than 1 time I assume ? Going back further each time ?
You mentioned you do not have any of the original disks. This may emnd up to be a bad situation as a reformat isn't a possibility unless there is a back up on the computer as listed by an alternative hard drive.
When you click My computer / you will see listed Local disk C more than likely.
Do you see another local disk listed ?
_____________________________
At this point just answer my questions as best you think you can.
#19
Posted 05 April 2008 - 06:07 AM
Do this by:
Going to Start " Run " type / copy in : Services.msc " and click OK.
Look at each and every name on the chart then
Double-click on it on your computer.
Then as start up type choose the default setting. for XP home/ pro depending on which version of windows you have.
Click APPLY then OK for each one.
When there all done reboot the computer.
Check again to see if the device manager is working now.
Also try to connect to the internet.
________________________________
Still no internet connection ?
Try this:
download winsock fix.exe by explicit from here
to your desktop.
Click on the file to open it.
Choose fix and follow the prompts.
Let me know how all this goes.
#20
Posted 05 April 2008 - 06:38 AM
#21
Posted 05 April 2008 - 01:58 PM
#22
Posted 06 April 2008 - 05:47 AM
malware and trying to fix it . Something that happens from time to time with heavily infected machines.
So it created Barney/HomeComputer.
We are now going to try and get your old data and information all moved over to a new name.
Barney is no more.
Some things can not be moved such as printer settings wallpaper and screen savers.
These will all have to be reconfigured later. This explains your desktop being different.
Least of your worries.
Using windows explorer.
I want you to navigate and see if this folder exsists.
C:\Documents and Settings\Barney
If it does we are in luck and you may continue.
__________________________________
A. Create a New User Profile
1. Log on as the Administrator or as a user with administrator credentials. (Barneys Home computer should work.)
2. Click Start, and then click Control Panel.
3. Click User Accounts.
4. Under Pick a task, click Create a new account.
5. Type a name for the user information, and then click Next.
6. Click an account type, and then click Create Account
7. Go ahead and create a new account name. This will be the name you use to logon to windows once we have all this done.
_______________________________________________________
B. Copy Files
1. In Windows Explorer, click Tools, click Folder Options, click the View tab, click Show hidden files and folders, click to clear the Hide protected operating system files check box, and then click OK.
2. Locate the C:\Documents and Settings\Barney << Old_user name
3. Press and hold down the CTRL key while you click each file and subfolder in this folder,
except the following files:
• Ntuser.dat
• Ntuser.dat.log
• Ntuser.ini
Do Not copy those.
4. On the Edit menu, click Copy.
5. Locate the C:\Documents and Settings\New _user, where New_Username is the name of the user profile that you created in the "Create a New User Profile" section.
6. On the Edit menu, click Paste.
7. Log off the computer, and then log on as the new user.
___________________________________________________________
Let me know what e mail program you were using.
Or if you just care to reset up your E Mail you can do that.
Let me know how all this went.
#23
Posted 06 April 2008 - 06:58 AM
#25
Posted 06 April 2008 - 07:23 AM
Anyway, here's the latest Hijack scan, should I re-run spybot and adaware or did my restore attempts negate anything we did since?
Of course the GOOD news is the modem and all seems to be working now since I restored the default settings to about 100 things in the Services deal that were disabled by something.
THANK YOU
Logfile of HijackThis v1.99.1
Scan saved at 8:13:40 AM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hijackthis\Analyze.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoconfig.cpqcorp.net
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF3612.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...ck/bjattack.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165524748756
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinn...be/wordcube.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinn...jo/wordmojo.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v45/sol/sol.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinn...v46/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinn...man/hangman.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinn...paint/paint.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinn...sol/golfsol.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinn...es/wwspades.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Register to Remove
#27
Posted 06 April 2008 - 09:06 AM
#28
Posted 06 April 2008 - 09:07 AM
#29
Posted 06 April 2008 - 10:24 AM
Owner is working just fine. You can log off and log onto to it correct ?
The desktop settings have to be replaced. All your icons/shortcuts /wallpaper/screen savers and such.
Do not attempt to replace any shortcuts from an old folder to your new desktop. Just do the work of creating all the shortcuts again.
Now let's get Java updated.
You need to update SunJava for security reasons.
Updating Java:
Download the latest version of
Java Runtime Environment (JRE) 6 Update5
- Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5
... allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement".
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the icon next to it.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u5-windows-i586-p.exe
to install the newest version.
Let me know how things seem now.
#30
Posted 06 April 2008 - 12:51 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users