|
|
|
Norton AntiVirus 2005
|
|
Member
|
8. April 2006 @ 19:31 |
Link to this message
|
|
This is really weird but for some reason I couldn't delete the viruses. Yes, it detects virus but it couldn't delete it. Is it really how it suppose to work?
*Confused*
=P
|
|
Advertisement
|
|
|
|
AfterDawn Addict
|
8. April 2006 @ 19:34 |
Link to this message
|
Download Hijackthis!
What is Hijackthis?
HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents.
Hjt download ->
http://www.filepedia.com/desktop_software/desktop_security/hijack...
-> download -> Unzip to C:\HJT-> Press Ok and Close window
Make sure that you actually extract HijackThis to its own folder: C:\HJT.
DO NOT run it from within a zip manager (Winzip), or Desktop as no backups will be saved.
----------------------------------------------------------------------
Once you have the HJT on yout computer
Scan your computer
Now Open Hijackthis -> Click "Do a system scan and save log file"
Hjt will scan your computer for about 15 sec. -> Log file will pop up.
Most items are perfectly fine. You should not remove them.
Never remove everything by yourself.
This forum will now help you work with the Experts to clean up your system.
-> Copy and paste the contents of the HijackThis log into your post.
Post full log, begins with: Logfile of HijackThis v1.99.1... etc
---------------------------------------------------------------------Step 5:
Wait for help.
Remember:
Never remove, checkmark and fix by yourself.
Unless you are POSITIVE you know what your removing.
post a log here and one of us will examine it.
Cheers
Possunt Quia Posse Videntur. This message has been edited since posting. Last time this message was edited on 8. April 2006 @ 19:35
|
Member
|
8. April 2006 @ 20:49 |
Link to this message
|
kk, thanks for the help. But imma just choose the Ad-Aware. Cuz that thing that you said, without putting it in WinRAR, is impossible (I think.)Whenever I try to download it, it automatically goes in there. Probably because I got little knowledge in computers. =P Pardon me..
And the way you said it, it really scares me. I might do something wrong and really mess my computer so badly. lol, I hope you understand.But I really appreciated your help; Big Time!
Anyway, is Ad-Aware good enough?
|
AfterDawn Addict
|
8. April 2006 @ 21:19 |
Link to this message
|
Probably not.
You cant hurt anything with HJT unless you try to fix it yourself.
Running the scan and posting the log wont hurt anything,
But it will allow US to tell you what to remove to fix the issue.
The files are downloaded in winrar format,
you have to extract them first.
Its real easy just refer to the picture below.
Try the ad-aware if the problems still remain you
know what you have to do.
Possunt Quia Posse Videntur.
This message has been edited since posting. Last time this message was edited on 8. April 2006 @ 21:21
|
Senior Member
|
9. April 2006 @ 01:33 |
Link to this message
|
Quote:
kk, thanks for the help. But imma just choose the Ad-Aware. Cuz that thing that you said, without putting it in WinRAR, is impossible (I think.)Whenever I try to download it, it automatically goes in there. Probably because I got little knowledge in computers. =P Pardon me..
And the way you said it, it really scares me. I might do something wrong and really mess my computer so badly. lol, I hope you understand.But I really appreciated your help; Big Time!
Anyway, is Ad-Aware good enough?
Hello Schwaber,
Ok then, if your suggesting you replace Norton AV for Ad Aware Se i strongly suggest you do not do that.
Ad aware is not a Anti Virus program Schwaber, it also has no real time protection etc also, it is a excelent program and is a essential for everyone,you should already have it, get it as soon as possible, its useful.
Occasionaly norton will find viruses it can't delete but i think it still qauretines then so nothing to worry about, i reccomend that you post a HJT log as Ole' Jizmak is telling you to do :)
It's true if you attempt to fix entires without knowing what they are etc you can do serious damage to your pc and even cause instabilty..but thats where AfterDawn comes in ;)
You post your log in the windows spyware and virus problems and then people will tell you what entries to fix, sorted :D
I'd take a look at the log for you mate but i am gonna be off for a few days, someone else will take care of it.
But basicaly to answe your qeustion "Anyway, is Ad-Aware good enough?" Its good , very good but its not what your looking for i dont think, Ad Aware is'nt a anti virus, if lavasoft did make one it would be pretty good i think but they aint so post a HJT log.
This message has been edited since posting. Last time this message was edited on 9. April 2006 @ 01:34
|
Member
|
9. April 2006 @ 06:56 |
Link to this message
|
|
Ok guys, Am gonna try it. But it will take me time cuz am busy this coming week. So probably am gonna start next weekend. By the way, how will I post a picture in this message box? Do I need to go to photobucket then get the tag for that photo???
Am really amazed by people in this forum. Love afterdawn! :D
|
Member
|
9. April 2006 @ 07:10 |
Link to this message
|
|
And oh, does it also detect viruses? Like Norton does? Sorry for this stupid question.
|
|
The_Fiend
Suspended permanently
|
9. April 2006 @ 10:27 |
Link to this message
|
|
Rav009 already answered your question... do you actually even take time to read what people tell you, or do you just want to be spoonfed the answers?
irc://arcor.de.eu.dal.net/wasted_hate
Wanna tell me off, go ahead.
I dare ya !
|
Member
|
9. April 2006 @ 11:48 |
Link to this message
|
|
lol, I was in a hurry back then when I wrote that. Stupid me!
Sorry..
|
Member
|
9. April 2006 @ 19:42 |
Link to this message
|
|
This message has been edited since posting. Last time this message was edited on 9. April 2006 @ 19:49
|
AfterDawn Addict
|
9. April 2006 @ 21:02 |
Link to this message
|
Yes thats why I have been after you to run HTJ,
and post a complete log,
Then you will be able to get rid of the bad things
on your computer.
Norton couldnt delete the viruses, they are still on the computer,
Its not serious now but should one of these get activated,
It becomes real serious real quick.
This is what we do around here.
And there is a bunch of people ready to help here.
But dont take my word for it,
check around in the virus forums,
You will see plenty of hi-jack this logs.
http://forums.afterdawn.com/forum_view.cfm/166
Cheers!
Possunt Quia Posse Videntur.
This message has been edited since posting. Last time this message was edited on 9. April 2006 @ 21:04
|
Member
|
9. April 2006 @ 21:20 |
Link to this message
|
|
Cheers indeed!
BTW, how do I post a picture in this message box? lol
This message has been edited since posting. Last time this message was edited on 9. April 2006 @ 21:24
|
AfterDawn Addict
|
9. April 2006 @ 21:33 |
Link to this message
|
Possunt Quia Posse Videntur.
This message has been edited since posting. Last time this message was edited on 9. April 2006 @ 21:34
|
Member
|
9. April 2006 @ 22:00 |
Link to this message
|
|
|
Senior Member
|
10. April 2006 @ 09:36 |
Link to this message
|
Extract HJT mate, then put it in its own folder...
Post a HJT log
Get HijackThis from here:
http://koti.mbnet.fi/pattaya1/HijackThis.exe
Put it in its own folder...
heres how
Right Click START 
Choose "Explore"
Pull up vertical slide bar to view the Local Disk (C:) icon.
Double left click on the C: drive entry
In the right hand Window right button click in an open area
When the menu appears left click on New
And slide on over into the adjacent popup menu and left button click on Folder.
Now you have a New Folder blinking...
immediately type over the letters with your new folder name HJT.
DONE!!
Run a "Full system scan and save log file", paste the log file here.
This message has been edited since posting. Last time this message was edited on 10. April 2006 @ 09:37
|
Member
|
10. April 2006 @ 11:42 |
Link to this message
|
Ok, heres mine..
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usths77.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22-1.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Hijacked Internet access by New.Net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCards...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
Any bad things that I should remove?
|
Member
|
12. April 2006 @ 11:20 |
Link to this message
|
|
ANYONE??
|
|
Advertisement
|
|
|
|
ddp
Moderator
|
16. April 2006 @ 19:36 |
Link to this message
|
|
moved to correct forum
|
|
