1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I can't enable my norton auto protect

Discussion in 'Virus & Other Malware Removal' started by rondo 60, Apr 20, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. rondo 60

    rondo 60 Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    68
    On my Norton Antivirus system status list, my "auto protect" is off and the "e-mail scanning" has error beside it. I click on enable to start auto protect and it won't do anything. When I hit options and click the setting for enable, it won't do anything again. I can not bring up anything about the error message. I can scan my computer and found nothing. I can receive live updates. I just installed norton a week ago, downloaded it from the internet, and my computer has been slow since then as well. Would this have anything to do with it being slow? Thanks, Rhonda
     
  2. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Hi, I had a similar experience. I had to download the manual uninstall tool, run it about 6 times and reinstall.

    Also, when you say you downloaded it from the internet, I'm assuming you downloaded from Symantec, or Buy.com etc.?
     
  3. rondo 60

    rondo 60 Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    68
    Hi! I finally found the remedy after searching everywhere on Symantec's site. Dell had me to msconfig and disable systems config. utilities to make the computer faster after a call to their tech support earlier today. That turned off the NAV. I restored everything. My computer is sooooo slow. It was not this way until I installed Norton. Can that do it? I had AVG before and it was not this slow. Rhonda
     
  4. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Amount of ram, programs running on startup would affect the system performance too.

    Start, run, type msinfo32 and hit ok, go to software, startups, edit, select all, edit, copy and come back and paste.

    Also download hijack this from the internet, scan your system and post your scan log.

    http://www.spywareinfo.com/~merijn/downloads.html
     
  5. rondo 60

    rondo 60 Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    68
    AGNQXEKR c:\windows\agnqxekr.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    AIM c:\progra~1\aim\aim.exe -cnetwait.odl D15NGC31\Jim and Rhonda HKU\S-1-5-21-1538319785-1497398554-2983912157-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    AIM c:\program files\aim\aim.exe -cnetwait.odl D15NGC31\Audra HKU\S-1-5-21-1538319785-1497398554-2983912157-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    AdaptecDirectCD "c:\program files\roxio\easy cd creator 5\directcd\directcd.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    DESKTOP desktop.ini NT AUTHORITY\SYSTEM Startup
    DESKTOP desktop.ini D15NGC31\Jim and Rhonda Startup
    DESKTOP desktop.ini D15NGC31\Audra Startup
    DESKTOP desktop.ini .DEFAULT Startup
    DESKTOP desktop.ini All Users Common Startup
    Dell AIO Printer A920 "c:\program files\dell aio printer a920\dlbkbmgr.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Digital Line Detect c:\progra~1\digita~1\dlg.exe All Users Common Startup
    DwlClient c:\program files\common files\dell\eusw\support.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ELRYFLSYF c:\windows\elryflsyf.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HotKeysCmds c:\windows\system32\hkcmd.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    IgfxTray c:\windows\system32\igfxtray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    MCAgentExe c:\progra~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    MCUpdateExe c:\progra~1\mcafee.com\agent\mcupdate.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    MMTray c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    MsnMsgr "c:\program files\msn messenger\msnmsgr.exe" /background D15NGC31\Audra HKU\S-1-5-21-1538319785-1497398554-2983912157-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    MyWebSearch Email Plugin c:\program files\mywebsearch\bar\2.bin\mwsoemon.exe All Users Common Startup
    MyWebSearch Email Plugin c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    OrbitUpdate c:\program files\orbit\update.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    OrbitView c:\program files\orbit\view.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    PCDRealtime c:\windows\realtime.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    QuickBooks Update Agent c:\progra~1\common~1\intuit\quickb~1\qbupdate\qbupdate.exe All Users Common Startup
    SpyKiller c:\program files\spykiller\spykiller.exe /startup D15NGC31\Jim and Rhonda HKU\S-1-5-21-1538319785-1497398554-2983912157-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    TkBellExe "c:\program files\common files\real\update_ob\realsched.exe" -osboot All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    URLLSTCK.exe c:\program files\norton internet security\urllstck.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Weather c:\program files\aws\weatherbug\weather.exe 1 D15NGC31\Jim and Rhonda HKU\S-1-5-21-1538319785-1497398554-2983912157-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    What's New in Quicken 2002 New User Edition c:\progra~1\quickenw\whatsnew.wri All Users Common Startup
    Yahoo! Pager c:\program files\yahoo!\messenger\ypager.exe -quiet D15NGC31\Audra HKU\S-1-5-21-1538319785-1497398554-2983912157-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ccApp "c:\program files\common files\symantec shared\ccapp.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    mmtask c:\program files\musicmatch\musicmatch jukebox\mmtask.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ssate.exe c:\windows\system32\irun4.exe D15NGC31\Jim and Rhonda HKU\S-1-5-21-1538319785-1497398554-2983912157-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
     
  6. rondo 60

    rondo 60 Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    68
    AGNQXEKR c:\windows\agnqxekr.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    AIM c:\progra~1\aim\aim.exe -cnetwait.odl D15NGC31\Jim and Rhonda HKU\S-1-5-21-1538319785-1497398554-2983912157-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    AIM c:\program files\aim\aim.exe -cnetwait.odl D15NGC31\Audra HKU\S-1-5-21-1538319785-1497398554-2983912157-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    AdaptecDirectCD "c:\program files\roxio\easy cd creator 5\directcd\directcd.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    DESKTOP desktop.ini NT AUTHORITY\SYSTEM Startup
    DESKTOP desktop.ini D15NGC31\Jim and Rhonda Startup
    DESKTOP desktop.ini D15NGC31\Audra Startup
    DESKTOP desktop.ini .DEFAULT Startup
    DESKTOP desktop.ini All Users Common Startup
    Dell AIO Printer A920 "c:\program files\dell aio printer a920\dlbkbmgr.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Digital Line Detect c:\progra~1\digita~1\dlg.exe All Users Common Startup
    DwlClient c:\program files\common files\dell\eusw\support.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ELRYFLSYF c:\windows\elryflsyf.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HotKeysCmds c:\windows\system32\hkcmd.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    IgfxTray c:\windows\system32\igfxtray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    MCAgentExe c:\progra~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    MCUpdateExe c:\progra~1\mcafee.com\agent\mcupdate.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    MMTray c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    MsnMsgr "c:\program files\msn messenger\msnmsgr.exe" /background D15NGC31\Audra HKU\S-1-5-21-1538319785-1497398554-2983912157-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    MyWebSearch Email Plugin c:\program files\mywebsearch\bar\2.bin\mwsoemon.exe All Users Common Startup
    MyWebSearch Email Plugin c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    OrbitUpdate c:\program files\orbit\update.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    OrbitView c:\program files\orbit\view.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    PCDRealtime c:\windows\realtime.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    QuickBooks Update Agent c:\progra~1\common~1\intuit\quickb~1\qbupdate\qbupdate.exe All Users Common Startup
    SpyKiller c:\program files\spykiller\spykiller.exe /startup D15NGC31\Jim and Rhonda HKU\S-1-5-21-1538319785-1497398554-2983912157-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    TkBellExe "c:\program files\common files\real\update_ob\realsched.exe" -osboot All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    URLLSTCK.exe c:\program files\norton internet security\urllstck.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Weather c:\program files\aws\weatherbug\weather.exe 1 D15NGC31\Jim and Rhonda HKU\S-1-5-21-1538319785-1497398554-2983912157-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    What's New in Quicken 2002 New User Edition c:\progra~1\quickenw\whatsnew.wri All Users Common Startup
    Yahoo! Pager c:\program files\yahoo!\messenger\ypager.exe -quiet D15NGC31\Audra HKU\S-1-5-21-1538319785-1497398554-2983912157-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ccApp "c:\program files\common files\symantec shared\ccapp.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    mmtask c:\program files\musicmatch\musicmatch jukebox\mmtask.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ssate.exe c:\windows\system32\irun4.exe D15NGC31\Jim and Rhonda HKU\S-1-5-21-1538319785-1497398554-2983912157-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
     
  7. rondo 60

    rondo 60 Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    68
    Sorry for the two identical posts above. I thought I was posting my hijack this log the second time. The first log is after doing the start>run>msinfo32.......the following is my recent hijack this log. Thanks, Rhonda







    Logfile of HijackThis v1.97.7
    Scan saved at 9:30:55 AM, on 4/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\PROGRA~1\AIM\aim.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Jim and Rhonda\Local Settings\Temp\Temporary Directory 5 for hijackthis[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
    O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
    O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ELRYFLSYF] C:\WINDOWS\ELRYFLSYF.exe
    O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
    O4 - HKLM\..\Run: [AGNQXEKR] C:\WINDOWS\AGNQXEKR.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [ssate.exe] C:\WINDOWS\System32\irun4.exe
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: What's New in Quicken 2002 New User Edition.lnk = C:\Program Files\QUICKENW\whatsnew.wri
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .midi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EEABFA0C-6F83-45BF-92C3-E257D54F9542}: NameServer = 12.160.140.10,12.160.140.11

    Logfile of HijackThis v1.97.7
    Scan saved at 9:30:55 AM, on 4/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\PROGRA~1\AIM\aim.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Jim and Rhonda\Local Settings\Temp\Temporary Directory 5 for hijackthis[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
    O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
    O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ELRYFLSYF] C:\WINDOWS\ELRYFLSYF.exe
    O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
    O4 - HKLM\..\Run: [AGNQXEKR] C:\WINDOWS\AGNQXEKR.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [ssate.exe] C:\WINDOWS\System32\irun4.exe
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: What's New in Quicken 2002 New User Edition.lnk = C:\Program Files\QUICKENW\whatsnew.wri
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .midi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EEABFA0C-6F83-45BF-92C3-E257D54F9542}: NameServer = 12.160.140.10,12.160.140.11
     
  8. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Well you have quite a few items starting that we need to clean up.

    Do you have any idea what this is?

    O4 - HKLM\..\Run: [AGNQXEKR] C:\WINDOWS\AGNQXEKR.exe

    Also, how much ram do you have.

    Someone else will check your log.
     
  9. rondo 60

    rondo 60 Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    68
    I don't know what that item is. My computer description is Dell Dimension 2400 series, Intel, Celeron Processor at 2.2 GHz--128 MB DDR SDRam at 333 mhz. I bought it in August 03. Rhonda
     
  10. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    128 megs of ram running XP? You definitely have waaaaaaaayyyyy too much loading. Let's wait for someone to look at your hijack this log.

    While you are waiting, I'd go to Symantec's website and use their virus scanner. You never answered my question about where you downloaded Norton from, so I want to be sure it is really up to date with virus definitions, etc.
     
  11. rondo 60

    rondo 60 Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    68
    Hi! Sorry about not answering the question about Norton--I had gotten side tracked!! I had a computer tech guy here the day that I downloaded the Norton. He was taking a trojan off my computer and it took him three hours. It has been slow ever since. We were using AVG and my husband wanted Norton, so we changed it that day. I downloaded it from the Symantec website--the tech picked out which one he recommended--$70.00 package--firewall, autoprotect, spam detector, etc. I just checked and everything is up to date on it. I have scanned this morning with Ad-aware and norton and everything was clear. I'll keep checking this post. Thanks for your help, Rhonda
     
  12. rondo 60

    rondo 60 Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    68
    Putting this back up for another look. I just scanned with Spybot and I had Xupiter. I have found it a couple of times this week. Rhonda
     
  13. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    You have a bunch of other crap that needs to go too. I think the security gurus are slacking today. It may be a bit longer, sit tight.
     
  14. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Actually, let me move you to security, I thought I had alread done that.
     
  15. tgm1024

    tgm1024

    Joined:
    Apr 30, 2004
    Messages:
    19
    I spent over 5 hours getting rid of a similar issue on my computer.

    It is one of the variants of the GOABOT virus.

    http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afj.html

    This sucker is a royal pain in the ***. Let me tell you all the issues I can without puking over the stress of it all.


    1. The stupid thing clobbers your ccEvtMgr.exe (a critical norton AV task) among others.

    2. It puts all the helpful antivirus websites into your hosts file, with them all pointing to 127.0.0.1 (your local machine). This kills your ability to visit grissoft.com (avg), symantec, mcafee, etc., etc. First you need to do is delete everything in your hosts file after the first "127.0.0.1 localhost" entry. You'll have to scroll down.

    Hosts file ---> C:\windows\system32\drivers\etc\hosts

    3. If you're using norton, you will have to go to the web site and download the very latest and greatest. This is not available through their "liveupdate" since that is published only on wednesday. Today was friday, and I needed yesterday's virus file.

    4. Among the crazy thing it does is it'll put a bunch of crazy named .exe's in c:. Like xcdfvscx.exe or similar. Delete them all when you find them.

    5. It also infected my c:\windows\system32\microsoft.exe. Just great.

    Best of luck. Send me an email if you get stuck.

    Thomas G. Marshall
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222384

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice