Green Newbie needs help posting log

Discussion in 'adware, spyware & hijack cleaning' started by Avlis, Jun 21, 2004.

Thread Status:
Not open for further replies.
  1. Avlis

    Avlis Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    11
    Ok, I'm here. Can someone walk me through the steps to post a hjt log. This is my first time to the site, so please don't use any big words...(ie..foolproof directions??). Thanks in advance. o_O
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
  3. Avlis

    Avlis Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    11
    Thank you big C. Judging from your picture you may be greener than I (only in a better way). :)
     
  4. Avlis

    Avlis Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    11
    Alright! I hope I'm in the right place. Can somebody look at my hjt log and tell me what I may need to remove. I downloaded and ran both Ad-ware and Spybot before creating this log. I am so greatful for such a service as this site. Thank you for helping me. :D





    Logfile of HijackThis v1.97.7
    Scan saved at 5:09:25 PM, on 6/21/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 (5.00.2920.0000)

    Running processes:
    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\system32\spoolsv.exe
    D:\WINNT\System32\svchost.exe
    D:\PROGRA~1\NORTON~3\navapsvc.exe
    D:\Program Files\Norton Internet Security\NISUM.EXE
    D:\PROGRA~1\NORTON~3\npssvc.exe
    D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    D:\WINNT\system32\regsvc.exe
    D:\WINNT\system32\MSTask.exe
    D:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe
    D:\WINNT\system32\stisvc.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\WINNT\system32\svchost.exe
    D:\Program Files\Norton Internet Security\NISSERV.EXE
    D:\PROGRA~1\NORTON~3\alertsvc.exe
    D:\WINNT\Explorer.EXE
    D:\WINNT\system32\atiptaxx.exe
    D:\WINNT\SOUNDMAN.EXE
    D:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\Common Files\Symantec Shared\SymTray.exe
    D:\Program Files\Norton Internet Security\IAMAPP.EXE
    D:\Program Files\Norton Antivirus\POPROXY.EXE
    D:\Program Files\Norton Antivirus\navapw32.exe
    D:\Program Files\Norton Internet Security\ATRACK.EXE
    D:\Program Files\The Learning Company\Mavis Beacon Teaches Typing Deluxe 11\MiniMavis.exe
    D:\WINNT\system32\wuauclt.exe
    D:\Program Files\Spy ware\Ad-aware\Ad-aware 6\Ad-aware.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Microsoft Office\Office\Office\WINWORD.EXE
    D:\Program Files\Microsoft Works\MSWorks.exe
    D:\WINNT\System32\MsiExec.exe
    D:\Program Files\Spy ware\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [WorksFUD] D:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] D:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] D:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKLM\..\Run: [NPS Event Checker] D:\PROGRA~1\NORTON~3\npscheck.exe
    O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Internet Security\IAMAPP.EXE
    O4 - HKLM\..\Run: [Norton eMail Protect] D:\Program Files\Norton Antivirus\POPROXY.EXE
    O4 - Startup: Mavis Beacon Teaches Typing Deluxe 11.lnk = D:\Program Files\The Learning Company\Mavis Beacon Teaches Typing Deluxe 11\MiniMavis.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\Office\OSA9.EXE
    O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = D:\Program Files\Norton Antivirus\navapw32.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38122.6423958333
     
  5. Avlis

    Avlis Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    11
    Hi again. This is the green newbie again. I should mention to anyone kind enough to help me that my most significant computer problem is that I can't get Norton Antivirus live updates. Every time I try, the attempt freezes at 4K out of whatever K its attempting to download. Then it won't cancel out. I have to go to Task manager to end it.

    I am concerned that I am not protected without the updates, when I am on the net. Please help as I have work to do on the net and am "afeared" to do it.

    Thanks again. :doubt:
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Avlis,

    I can't find anything wrong in your log.

    One thing you may or may not know but would be very handy if you did.
    You can download the daily updates manually, so you don't get behind.
    Go here to do so and choose the correct language:
    http://www.symantec.com/avcenter/defs.download.html

    Install IE6 SP1 from http://www.microsoft.com/windows/ie/downloads/critical/ie6sp1/default.mspx
    (Again choose the correct language before you proceed)
    This replaces a lot of system files and may solve your problem. If not you will at least have improved security.

    Regards,

    Pieter
     
  7. Avlis

    Avlis Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    11
    Wow! :eek: Thats great. Thank you Pieter!

    I have often tried to down load the updates manually from the Symantec window on my desktop. Still freezes at 4k. It used to 8K, then it just changed. Could this be a different type of problem than spyware? Maybe a virus or worm? o_O Or is there some type of adjustment or option that I have inadvertantly changed?

    Sounds like you mean downloading from the website, so I'll try that. But what do you mean choose language? I doubt your talking English vs. German here. :) Are you referring to a file type? o_O

    Also I will install the IE6 SP1 from the other site, but could you tell me a little about what it is? Changes system files you say? Can you elaborate at all? I would appreciate any input you can offer about what I am installing.

    Thanks Again, :D

    Avlis
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Avlis,

    IE 6 SP1 is the latest release of the MicroSoft browser. Installing it will replace a lot of system files with newer versions.

    With selecting the correct language I meant using the drop down boxes on the sites. This is a international forum so I can't assume everyones computer is running English/US versions of Windows or NAV.

    In fact, my own computer would start making even less sense if I installed an English update. :D

    Do you have problems with any other downloads at all?
    You can rightclick the download links at the Symatec site and choose Save as... and they should be managed like any other download.

    Regards,

    Pieter
     
  9. Avlis

    Avlis Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    11
    No!!!!!!!!!!!!....

    I just wrote a complete well thoughtout reply and went to submit....and it said I wasn't logged in.

    ....Lost the whole thing!

    Ack!

    I logged in to view the last post. Do I have to log in for each page if I unclick the "remember me" page? Does the "remember me" option remain from one day to the next or just while I am the site for the current session?
     
  10. Avlis

    Avlis Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    11
    Hi Pieter,

    I just lost my reply, so I guess I'll do the abbreviated version.

    The Symantec site said that my Norton internet Secuity version is "NOT SUPPORTED" . They want me to buy a newer versiopn. I have NO budget- unless critical.

    I couln't get Live updates from site. I'll go back and try right clicking some more.

    I intiated a scan of computer from symantec site because it said I haven't gotton updates in several weeks. After 15 minutes or so I canceled because even though it said it was working there was no indication of progress being made. There was no progress bar, time esitimate or files being scanned. Nothing.

    When I manually start live update from the Norton window on my desktop, it says that Live update is already running and wiat untill it is finnished or close the configuatiion window. It still freezes at 4K or 8K if I do get it to attempt to down load updates.

    Also I keep getting a notice that my com[puter is trying to access a web site called "Files\Real\update_OB/realevent.exe". Is this part of Norton??

    Sorry If I shouldn't be asking for this type of advice here. If not here can you direct me to other help?

    Thanks very much for any and all input!

    Avlis
     
    Last edited: Jun 24, 2004
Thread Status:
Not open for further replies.