HARMFULL ITEMS IN THE DOCUMENTS AND SETTINGS FOLDER(S) :
Nothing found.
THE FOLLOWING ITEMS ARE NOT NEEDED TO LOAD
AT BOOTTIME FOR THE SYSTEM TO WORK PROPERLY :
o4 - global startup: corecenter.lnk = c:\program files\msi\core center\corecenter.exe
After this, reboot into normal mode (NOT SAFE MODE), and run all those scanners again, after this reboot into normal mode again, and redo and post another hijackthis log.
Lemme just clarify this part of my ramblings. I meant Norton Utilities (or whatever it’s called now) would be the way to go for security as it did (not sure if it does now) include firewall, windows cleaners, and i know it includes an image utility for backups. I’m not at all dissapointed in Avast and will continue to use it. After all, it has kept this stuff from spreading even further. I realize it was my lack of security software/settings that even allowed it to infect my computer, not Avast. I did as you suggested and here’s where I stand now w/ the hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 4:36:08 PM, on 2/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
I know there’s some repeats from before, but I’ve removed them and don’t know why they keep coming up. Maybe my spyware cleaners are infected, Laugh Oh and does anyone know how it’s possible my links are disconnected and do I need to log in as administrator to do these cleanings, b/c it won’t let me for some odd reason unless I go into Safe mode.
Thanks again for the help!
This forum is littered with people who suffered from Norton’s multi function packages, especially if it includes the AV as it is very difficult to remove and causes conflict with avast’s resident scanner.
If Norton Utilities doesn’t have an AV, you might be ok, however, would I take the chance, no.
When you are at the login screen, hit CTRL + ALT + DEL two times in a row. This will bring up the “old” Login prompt. It will ask for your login (login) name and password.
If this doesn’t work, log in as administrator in safe mode and check your accounts (username and password etc)
And when your finally logged in as administrator (not in safe mode) run your scanners again, the redo and repost your hijackthis log.
Now I’m just confused. :-\ I can log in as “Administrator” in safe mode, but I can’t change my administrator status from my other account to “Administrator”. In other words, I’m logged in as “Computer administrator” on OTHER (actual name being anonymous for security reasons) account, but I can’t actually see my “Administrator” account unless I’m in safe mode. Does it matter that I log in specifically to “Administrator”? I think something is really f-ed on my PC b/c all my windows settings, wallpaper, start program links (although they still work, they’re reduced from what they were a few days ago), and some programs were acting like it was the first time I started them up (as in giving hints and tips, or in some cases even starting the wizard that some apps start after installation), but still present thru the hdd. Ummm if that’s confusing let me know, i’ll try to clear up my explanation below. I’m not sure if did this, or the Malware crap. ???
I hope this helps clear up what I was trying to explain above…this is my current situation:
I’m logged in as my OTHER account, but it’s labeled as “Computer Administrator” in the CPanel\User Accounts. There is only another account available called “Guest”.
In SAFE MODE, I see those 2 accounts AND an “Administrator” account, but it won’t let me switch the “Computer Administrator” status from OTHER account to the “Administrator” account.
So what’s goin on? Am I being blocked, or did I just mess somethin up and need to fix it? Please help I’ve never been more confused in my life, lol.
Thanks again for quick responses!
Hi all. I think i still got the problem as some of these entries in hijackthis keep poppin up. I got so frustrated w/ it and some other things outside of this issue i took a couple days off and away from my pc. anyways i’m back at it (sort of, heheheh) and here’s my latest hijackthis.log after scanning (in safe mode using XP Home) and rebooting, then letting avast scan b4 entering windows (scheduled boot scan):
Logfile of HijackThis v1.99.1
Scan saved at 11:50:53 PM, on 2/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
I haven’t had a chance to completely consume all the information from those security sites, so I may be missing something. the good news is that i don’t get popups w/ both my hardware (motherboard) and software (zone alarm) activated. the annoying thing tho is that my links & settings are still missing. :-\ Thanks again for the help!!!
hey again!
Yeah I started usin Firefox for a couple months now and I love it. What I meant about the broken links is that after messin around in safemode I came into normal mode and some of my windows settings and links dissappeared. For instance, I had to manually click through my computer\c: drive\program files\etc. etc. to open a game. I used to have a link in my start menu for it. A couple of other programs act like I’ve JUST installed them by popping up “getting started” tutorials, wizards, etc. My wallpaper is also an old one I used to have months back. Not sure what happened, but if you know, please let me know. that last hijackthis was takin in normal mode moments only moments before I posted it. I fixed those suggested, rebooted and here’s the latest one (also from normal mode):
Logfile of HijackThis v1.99.1
Scan saved at 12:56:58 PM, on 2/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
THESE ITEMS ARE EITHER HARMFULL OR A SECURITY RISK
WE STRONGLY RECOMMEND TO FIX THEM :
o2 - bho: (no name) - {c7cb7747-b60a-21fe-33c9-e3e479112a67} - (no file)
O15 - ProtocolDefaults: ‘http’ protocol is in Trusted Zone, should be Internet Zone
I’m not sure why the ‘02 - bho’ keeps popping up, however its not malware, just a dead Reg key, nothing big to worry about.
About the links and settings, you can either reinstall the programs/applications, Or, you can go into your stat menu, select the specific applications that are not working (firefox, sunbird etc) and right click and select properties, from there make sure the ‘Target’ and ‘start in’ text boxes are filled in right. (see below for example).
About the wallpaper, its was maybe something to do with windows trying to ‘restore’ itself from the infection, best thing to do is change it back again, should be fine then.
Oh and does anyone know how it’s possible my links are disconnected and do I need to log in as administrator to do these cleanings, b/c it won’t let me for some odd reason unless I go into Safe mode.
