Results 1 to 8 of 8
  1. #1
    Member
    Join Date
    Jul 2006
    Posts
    4
    Points
    0

    Default New Owner YOUR-FULKL1OH2Q

    My computer has been hijacked. I can not open OWNER in the C drive under documents and settings. A new owner icon has been created right next to the old OWNER icon named YOUR-FULKL1OH2Q which I can open. I can not get into all areas in the SETTINGS menu. Originally there was no sound. After running system recovery it came back. I purchased and installed NORTON INTERNET SECURITY. After that I could not connect to the internet. Emails to NORTON SERVICE were of no help. I uninstalled NORTON and can now connect to the internet. On many of my folder icons there is now a WINDOWS image over them with six multicolored small icons showing in the window. I can not download anything from the internet. Many other lesser aspects of the computer are not acting as they should. I run MS XP '02. McAfee Security was installed when I purchased the computer. I always downloaded all kinds of updates from microsoft.com. Here is my HIJACK THIS registry.

    RO-HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http:
    //securityresponse.symantec.com/avcenter/fix_homepage

    RO-HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=

    RO-HKCU\Software\Microsoft\Internet Explorere\Toolbar,
    LinksFolderName=

    R3-Default URLSearchHook is missing

    04-HKLM\RunOnce:[*Restore]C:\Windows\system32\restore\rstrui.exe-i

    04-HKLM\RunOnce:[isDeleteMe]"C:\WINDOWS\system32
    \cmd.exe"/c"C:WINDOWS\TEMP\isDel.bat"

    015-ProtocolDefaults:'@ivt' protocol is in My Computer Zone, should be in
    Intranet Zone

    015-ProtocolDefaults:'file' protocol is in My Computer Zone, should be in
    Intranet Zone

    015-ProtocolDefaults:'ftp' protocol is in My Computer Zone, should be in
    Intranet Zone

    015-ProtocolDefaults: 'http' protocol is in My Computer Zone, should be in
    Intranet Zone

    015-ProtocolDefaults: 'https' protocol is in My Computer Zone, should be
    in Intranet Zone

    017-HKLM\System\CCS\Services\Tcpip\..\{BEF9A970-28C6-4C8B-B9F5-
    0644ED2561D6}:NameServer=64.136.28.120 64.136.20.120

    023-Service:NVIDIA Driver Helper Service(NVSvc)-NVIDIA Corporation-
    C:\WINDOWS\System32\nvsvc32exe

    I can not HIJACK any of THIS.

    Any help or information would be appreciated.

    10011010

  2. #2
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Run hijackthis again and post the FULL log ... including the "header"

    while you still have the report in notepad ...click "format" & untick wordwrap ... then re-tick wordwrap again ... this is required for your log to post correctly...

    what do you mean by this :-

    "I can not HIJACK any of THIS. "

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  3. #3
    Member
    Join Date
    Jul 2006
    Posts
    4
    Points
    0

    Default

    Here is the full HIJACKTHIS log. And I haven't tried for several days but HIJACKTHIS doesn't hijack any of these items.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:35:42 AM, on 7/17/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\NetZero\exec.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\NetZero\exec.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\Temp\Temporary Directory 10 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
    O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\System32\cmd.exe" /c "C:\WINDOWS\TEMP\isDel.bat"
    O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
    O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BEF9A970-28C6-4C8B-B9F5-0644ED2561D6}: NameServer = 64.136.28.120 64.136.20.120
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

  4. #4
    Member Spyware Fighter Clark76's Avatar
    Join Date
    Feb 2006
    Location
    Cleveland, Ohio
    Posts
    1,359
    Points
    239

    Default Re: New Owner YOUR-FULKL1OH2Q

    Quote Originally Posted by 10011010
    I always downloaded all kinds of updates from microsoft.com.
    You need to update your windows to Service Pack1. You can download it here: http://www.download.com/Windows-XP-S...ml?tag=lst-0-6
    Next, you are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C:\ then click on File > New > Folder and call it HJT , or another name of your choice. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files. You do not have a running antivirus or spyware. Follow the steps in this link then repost a Highjackthis log: http://www.help2go.com/article217.html

    benc

  5. #5
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    I would guess that the new computer name/user account is something to do with the system recovery you performed...

    There are entries in your log, which require dealing with, but they are not causing the amount of problems you are getting...

    1. My computer has been hijacked. I can not open OWNER in the C drive under documents and settings.

    2. A new owner icon has been created right next to the old OWNER icon named YOUR-FULKL1OH2Q which I can open.

    3. I can not get into all areas in the SETTINGS menu.

    4. Originally there was no sound. After running system recovery it came back.

    5. I purchased and installed NORTON INTERNET SECURITY. After that I could not connect to the internet. Emails to NORTON SERVICE were of no help. I uninstalled NORTON and can now connect to the internet.

    6. On many of my folder icons there is now a WINDOWS image over them with six multicolored small icons showing in the window.

    7. I can not download anything from the internet. Many other lesser aspects of the computer are not acting as they should.

    8. I run MS XP '02. McAfee Security was installed when I purchased the computer.

    9. I always downloaded all kinds of updates from microsoft.com.

    10. Here is my HIJACK THIS registry.
    You need to follow benc's directions... you must install SP1

    Can you create a new user account ... see if things will work on that fir you ?

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  6. #6
    Member
    Join Date
    Jul 2006
    Posts
    4
    Points
    0

    Default

    As I said in my first post - I can not download anything! I would have downloaded SP-1 and a lot more from MicroSoft if I could. The new owner
    name was there before the system recovery process. The new owner name is probably due to the virus or whatever it is infecting my computer.

    Now remember I did purchase NORTON INTERNET SERCURITY which includes NORTON ANTIVIRUS. When I installed it the computer was already running. Someone suggested installing it on start-up when the computer was going through its intial processes but I don't know how to do that. When I start the computer it very quickly goes to sign-on. Is there a process to install NORTON while the computer boots-up?

  7. #7
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    Try down loading SP1a, on a working PC, save to a CDR/Thumb drive the network install of SP1:

    http://www.microsoft.com/windowsxp/d...1/network.mspx

    Use that Disk to install SP1a on the sick PC.

    Looks like you have a problem with the system restore also.

    Still need to get HJT in a permanent file.

    BG

  8. #8
    Member
    Join Date
    Jul 2006
    Posts
    4
    Points
    0

    Default

    MY COMPUTER SAYS D DRIVE IS INACCESSIBBLE. INCORRECT FUNCTION..