Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My search bar


  • Please log in to reply

#1
plaszac

plaszac

    Member

  • Member
  • PipPipPip
  • 109 posts
I would like to know if it safe to run as its appeared on my tool bar .
I think that my son has downloaded something but am not sure what,
Should i delete it and how do I delete it?
Ive tried looking in C drive and files and folder but nothing comes up under that title.


My norton AV was telling me i had a medium risk on a program called P2P what is this as it recommended blocking but it came up a few times thanx for any assistance
zac
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Welcome plaszac <_<

You have spyware on your system. Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
plaszac

plaszac

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
When i click hijack this the page returns saying about network setting etc etc.
I try to do the quick start but it returns sayin this page cannot be displayed!and reccomends chining settings but when i open to the lan settings there is nothing in the boxes to compare

Edited by plaszac, 20 May 2004 - 01:31 PM.

  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Try this link: <_<
http://209.133.47.20.../HijackThis.exe
  • 0

#5
plaszac

plaszac

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
This liink also says page cannot be displayed ......
Should I disable norton internet virus ?then run?
  • 0

#6
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Hmm... It should work. Maybe disable your firewall <_<
  • 0

#7
plaszac

plaszac

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
How do I disable the firewall?
  • 0

#8
plaszac

plaszac

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Ive tried it by disabling both Norton AV and Norton internet. and it still return to page cannot be open end. at the bottm of the page it says cannot find server or dns error internet explorer
  • 0

#9
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Strange--try this direct download:
http://www.geekstogo...ackthis1977.zip
  • 0

#10
plaszac

plaszac

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Right I have dowloaded the compressed file ...Now what do I do ?
Thanx Zac
  • 0

Advertisements


#11
plaszac

plaszac

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
I think ive done this correctly i ran it and i have saved the log .
  • 0

#12
plaszac

plaszac

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
gfile of HijackThis v1.97.7
Scan saved at 12:58:12, on 21/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PCI Audio Applications\Mixer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\zac.HOME-4MKJ31HXYS.000\My Documents\My Received Files\HijackThis.exe

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [Shotz Snap 'N' Save] C:\PROGRA~1\Shotz\Shotz Snap 'N' Save.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...tl.CAB?38045.11
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....ta/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec..../ActiveData.cab
O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} (VOGWeb2 Class) - http://engine.vogclu...ex/vogweb29.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/.../RumbleCube.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28177.cab



I think i have done this right let me know please .
I have left the log open and just minmised it or should i close it down?
Mnay thanx for your assistance Zac
  • 0

#13
plaszac

plaszac

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Sorry for this being late.



HAPPY BIRTHDAY TO YOU !!!
HAPPY BIRTHDAY TO YOU !!!
Squashed tomatoes and stew
I saw a fat monkey ,
And it looked just like you .
LA la la la la la la la la la
happy birthday peeps ZAC !!!
  • 0

#14
plaszac

plaszac

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Is there anything on the Hijack scan that shouldnt be there?
  • 0

#15
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
The only thing I see is P2PNetworking. You should be able to uninstall it using add/remove programs and selecting P2P networking.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP