Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Why are the colours all jacked up?/Norton message  (Read 7614 times)

0 Members and 1 Guest are viewing this topic.

Meerkat

  • Guest
Re: Why are the colours all jacked up?/Norton mess
« Reply #15 on: March 07, 2006, 05:04:25 PM »
Is this what you wanted me to do? I have no clue what this gobbedly gook means/

Logfile of HijackThis v1.99.1
Scan saved at 18:03:18, on 07/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1123361264\ee\AOLHostManager.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\AOL\1123361264\ee\AOLServiceHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\lxcfcoms.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1123361264\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C7549

Meerkat

  • Guest
Re: Why are the colours all jacked up?/Norton mess
« Reply #16 on: March 07, 2006, 05:09:00 PM »
So far I found a virus called win32CTX

Backdated

  • Guest
Re: Why are the colours all jacked up?/Norton mess
« Reply #17 on: March 07, 2006, 06:02:49 PM »
This isn't a full logfile because the forum posting limit has truncated it. You need to split it into sections of 5500 characters or less and post it over several posts.

Please remove the Hijackthis folder out of your temporary files folder and place it on the desktop or somewhere else that's easily accessible. The reason for this is that all temp files should be cleared before attempting any of these operations and doing so will delete Hijackthis and perhaps more importantly, any backups that it has made.

Are you absolutely certain that you carried out all the procedures in the post that I listed? It is very important that you follow those instructions to the letter! If there's anything that you don't understand, ask.
« Last Edit: March 07, 2006, 06:03:33 PM by Backdated »

Meerkat

  • Guest
Re: Why are the colours all jacked up?/Norton mess
« Reply #18 on: March 07, 2006, 07:41:37 PM »
Thank you, let me try again...will let you know.

Meerkat

  • Guest
Re: Why are the colours all jacked up?/Norton mess
« Reply #19 on: March 07, 2006, 07:47:20 PM »
I'm starting all over with your instructions.  But I got this msg when I tried to do Panda:

An error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try againPossible causes of this error are:

Not allowing the application's ActiveX control to be downloaded.

Problems with the Internet connection.

The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,...



I restarted the system and all that, but I still got the error msg.  Will try the next one you listed!

Meerkat

  • Guest
Re: Why are the colours all jacked up?/Norton mess
« Reply #20 on: March 07, 2006, 07:57:40 PM »
TrendMicro brings up this page, which I do not understand: http://http://housecall65.trendmicro.com/http://

Meerkat

  • Guest
Re: Why are the colours all jacked up?/Norton mess
« Reply #21 on: March 07, 2006, 08:43:03 PM »
Panda Active Scan had some kind of error

Trend Housecall was in French (I only speak conversational)

AboutBuster ran fine.

CWshredder ran fine

Adaware found no ads.

Spybot , Soptdoctor found 36 infections (I don't know what it did, does it kill them?)

A2 went fine after reboot

Blacklight was fine
 
 
Download, install, update if necessary and run the following:
AboutBuster. Close all other windows and fix anything it finds.
CW Shredder. Close all other windows and let it fix anything it finds.
Ad-Aware. Close all other windows and fix everything it finds.
Spybot S&D. Close all other Windows and fix anything it finds.
A² Free. Close all other Windows and fix anything that it finds.
F-Secures Blacklight Beta. Run this and remove anything that it finds.
 
 
Download and safely store LSP Fix. You may need this to reinstate connectivity if the likes of NewDotNet, WebHancer and other LSP hijackers are erroneously removed.
 
 
Download and safely store Pocket Killbox.
 
 
Download HijackThis and extract it to it's own unique folder.
 
 
If anything is found at any point, disable System Restore or similar type programs if used, reboot and restart the procedure. Run HijackThis and post a log file.
Reinstate System Restore etc only when you know that you're clean.
 
 
To take preventative measures against infection and exploits download, install and regularly update the following:
 
SywareBlaster.
IE-SpyAd.
 
Install and maintain a decent HOSTS file.
 
Install and maintain reliable anti virus and firewall software. There are some free offerings here.
 
Ensure that your computer is fully updated via Windows Update and Office Update etc but install only the components that you need. For example, if you don't use DotNet etc, then don't install it.
 
Show Hidden Files.
Disable System Restore.
Reboot to Safe Mode.

Meerkat

  • Guest
Re: Why are the colours all jacked up?/Norton mess
« Reply #22 on: March 07, 2006, 08:51:11 PM »
I'm going to try to repost your hijack thingie log

Logfile of HijackThis v1.99.1
Scan saved at 21:49:27, on 07/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\AOL\1123361264\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1123361264\ee\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1123361264\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-F7AQ0.exe" /REG
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

Meerkat

  • Guest
Re: Why are the colours all jacked up?/Norton mess
« Reply #23 on: March 07, 2006, 08:51:51 PM »
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinner.com/games/v44/wordcube/wordcube.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37670.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

There ya go...that's the whole log.


Meerkat

  • Guest
Re: Why are the colours all jacked up?/Norton mess
« Reply #24 on: March 07, 2006, 08:55:23 PM »
The last part of your post from the link you gave me says this:

Install and maintain reliable anti virus and firewall software. There are some free offerings here.  
  
Ensure that your computer is fully updated via Windows Update and Office Update etc but install only the components that you need. For example, if you don't use DotNet etc, then don't install it.  
  

I'm confused.  Didn't I just do that with all those bloody downloads?  I'll be back later.  I'm going to go relieve some of this stress by putting my hand in a rusty kitchen grinder.  It won't hurt half as much as this does.

Backdated

  • Guest
Re: Why are the colours all jacked up?/Norton mess
« Reply #25 on: March 08, 2006, 07:34:31 AM »
Quote
The last part of your post from the link you gave me says this:

Install and maintain reliable anti virus and firewall software. There are some free offerings here.  
  
Ensure that your computer is fully updated via Windows Update and Office Update etc but install only the components that you need. For example, if you don't use DotNet etc, then don't install it.  
  

I'm confused.  Didn't I just do that with all those bloody downloads?  I'll be back later.  I'm going to go relieve some of this stress by putting my hand in a rusty kitchen grinder.  It won't hurt half as much as this does.

No you didn't do any of that with "all those bloody downloads". A computer is a tool and if you don't like maintaining it then buy a toy such as an X-Box or similar! What is it about the last part of that post that is so difficult to understand?

Backdated

  • Guest
Re: Why are the colours all jacked up?/Norton mess
« Reply #26 on: March 08, 2006, 07:42:19 AM »
Quote
Panda Active Scan had some kind of error

Trend Housecall was in French (I only speak conversational)

AboutBuster ran fine.

CWshredder ran fine

Adaware found no ads.

Spybot , Soptdoctor found 36 infections (I don't know what it did, does it kill them?)

A2 went fine after reboot

Blacklight was fine
 
 
Download, install, update if necessary and run the following:
AboutBuster. Close all other windows and fix anything it finds.
CW Shredder. Close all other windows and let it fix anything it finds.
Ad-Aware. Close all other windows and fix everything it finds.
Spybot S&D. Close all other Windows and fix anything it finds.
A² Free. Close all other Windows and fix anything that it finds.
F-Secures Blacklight Beta. Run this and remove anything that it finds.
 
 
Download and safely store LSP Fix. You may need this to reinstate connectivity if the likes of NewDotNet, WebHancer and other LSP hijackers are erroneously removed.
 
 
Download and safely store Pocket Killbox.
 
 
Download HijackThis and extract it to it's own unique folder.
 
 
If anything is found at any point, disable System Restore or similar type programs if used, reboot and restart the procedure. Run HijackThis and post a log file.
Reinstate System Restore etc only when you know that you're clean.
 
 
To take preventative measures against infection and exploits download, install and regularly update the following:
 
SywareBlaster.
IE-SpyAd.
 
Install and maintain a decent HOSTS file.
 
Install and maintain reliable anti virus and firewall software. There are some free offerings here.
 
Ensure that your computer is fully updated via Windows Update and Office Update etc but install only the components that you need. For example, if you don't use DotNet etc, then don't install it.
 
Show Hidden Files.
Disable System Restore.
Reboot to Safe Mode.

Panda Active scan runs just fine and Trend Housecall is in plain English. You have to accept the ActiveX controls and therefore you need to be running Internet Explorer.
What did Spybot find? Run it again and click on the "Recovery" button for info.
What is Soptdoctor???
What "found" [highlight]Win32 CTX[/highlight]? This is the cause of your colour inversion and there will be several instances of it.
« Last Edit: March 08, 2006, 07:45:51 AM by Backdated »

Backdated

  • Guest
Re: Why are the colours all jacked up?/Norton mess
« Reply #27 on: March 08, 2006, 07:52:39 AM »
Your logfile is clean but you need to understand that computer security is not an option, it's a necessity!
You have a duty to other network users!
« Last Edit: March 08, 2006, 07:54:34 AM by Backdated »

Meerkat

  • Guest
Re: Why are the colours all jacked up?/Norton mess
« Reply #28 on: March 08, 2006, 09:48:59 AM »
Easy!  I'm trying, can't you SEE that?

Meerkat

  • Guest
Re: Why are the colours all jacked up?/Norton mess
« Reply #29 on: March 08, 2006, 09:55:30 AM »
Do you think I'm just making it up that Panda won't run and that the other one shows up in French?  Well, I assure you, I'm not. Here, if you don't believe me, look for yourself:

Trend Micro HouseCall est un service de scan antivirus innovant, disponible en ligne, grâce auquel les utilisateurs de PC peuvent rechercher sur leurs systèmes la présence d'infections virales contractées lors de la navigation sur Internet. HouseCall est simple d'utilisation et constitue une solution idéale pour les utilisateurs novices.

HouseCall propose deux services : le premier permet de scanner l'ordinateur et de détecter une infection par virus, et le deuxième nettoie l'infection trouvée. Le scan est gratuit et fournit des informations détaillés sur tout virus et tout autre programme malveillant détecté sur l'ordinateur analysé.

Questions fréquemment posées
1. Quelles sont les fonctionnalités de HouseCall ?
HouseCall peut être utilisé pour vérifier la présence de virus et de programmes espions sur un ordinateur et pour nettoyer toutes les infections trouvées. Veuillez noter que les scanners antivirus en ligne tels que HouseCall ne peuvent vous aider que si l'ordinateur est infecté.

HouseCall ne fournit pas de protection proactive. Il vous est donc recommandé de protéger également votre ordinateur à l'aide d'un logiciel antivirus. Trend Micro offre des solutions antivirus personnalisables. Pour obtenir des informations complètes sur les produits dont vous avez besoin, veuillez consulter notre site Web :

http://www.trendmicro.com/ HouseCall ne doit être considéré que comme un service d'urgence.

HouseCall est-il capable de trouver tous les types de virus et de programmes malveillants ?
HouseCall peut détecter la plupart des virus et des programmes malveillants. Malheureusement, le nombre croissant de virus et de programmes malveillants déjà existants ou en phase de développement rend la tâche de détection plus difficile et il est impossible d'en garantir l'infaillibilité.