| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 52792 | 2004-12-30 02:26:00 | Some Adaware program has installed itself on my computer | paragone (6714) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 308827 | 2004-12-30 03:48:00 | Show all files in My computer / windows explorer. Then search for this ntdll.dll file. See if it is somewhere else on your hdd. It should be in c:/windows/system32 folder. It may also be in c:/windows/servicepackfiles/i386 folder. If ntdll.dll is in this folder BUT not in the system32 folder COPY it to system32 folder. I think this ntdll.dll file has something to do with exe files. Thats why no exes work. |
Speedy Gonzales (78) | ||
| 308828 | 2004-12-30 03:59:00 | The file is there . . . C:\WINDOWS\system32\ntdll . dll Some of my applz work like photoshop, explorer, ad-aware, but i can't run uninstall I just tried to start photoshop and it wouldn't work, but then when I right clicked on the . exe file I notice an extra menu option i never seen before called Run As? what is this? Then it says which user account do you want to use to run this program? Current user is clicked on then a box underneath that is checked saying protect my computer and data from unauthorized program activity . Under that is says this option can prevent computer viruses from harming your computer or personal data, but selecting it might cause the program to function improperly . What's up with all this? |
paragone (6714) | ||
| 308829 | 2004-12-30 04:07:00 | Dont know what Nsynas32 is. I dont think its part of XP. Do a search on your hdd. See if theres a file called Nsynas32.exe somewhere. See what folder its in. |
Speedy Gonzales (78) | ||
| 308830 | 2004-12-30 04:11:00 | Run as if u have more than 1 user, lets whoever run the program only. Its normal in XP. Have u got Cubase VST installed?? I think thats what that Nsynas32 belongs to. | Speedy Gonzales (78) | ||
| 308831 | 2004-12-30 04:14:00 | Yes I have cubase SX installed . . . but I was looking through the ad-aware program and look at this log i found . I remember now that it was asking me that these events want to run and I clicked on cancel the events . So I disabled everything from ad-ware and i'm going to restart and see if this helps . . . and try to un-install after that . . . Ad-watch Logfile, exported on 12/29/2004 Total number of events:3 =============================================== 12/29/2004 11:03:10 PM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\ . exe Value: Data: New Data: exefile Possible browser hijack attempt (Accepted) =============================================== 12/29/2004 11:03:13 PM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\ . lnk Value: Data: New Data: lnkfile Possible browser hijack attempt (Accepted) =============================================== 12/29/2004 11:03:13 PM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\ . reg Value: Data: New Data: regfile Possible browser hijack attempt (Accepted) =============================================== |
paragone (6714) | ||
| 308832 | 2004-12-30 04:19:00 | Have u removed v6 of Adaware yet? By the looks of it u havent. I would uninstall it and install 1.05 of Adaware SE to keep up to date. | Speedy Gonzales (78) | ||
| 308833 | 2004-12-30 04:32:00 | I uninstalled ad-aware... but I never seen that run as options how do I get rid of that? And I just ran a hijackthis.log file do you know what to take out by looking at the file? I have to post that somewhere else on this site right? | paragone (6714) | ||
| 308834 | 2004-12-30 04:37:00 | You cant remove the run as option. Its part of XP. You can paste the hijackthis log here. Might as well keep it in the same post. | Speedy Gonzales (78) | ||
| 308835 | 2004-12-30 04:38:00 | And I just ran a hijackthis . log file do you know what to take out by looking at the file? I have to post that somewhere else on this site right? Leave HijackThis alone until everything is all fixed up or you will be in a right mess . What version of Windows are you running? If it is Win ME or XP you could try a system restore back to before you first installed or ran Adaware . |
FoxyMX (5) | ||
| 308836 | 2004-12-30 04:39:00 | But I never seen that option before . . . I would right click on applications and never saw that option there . Something I did must of turned it on . Logfile of HijackThis v1 . 99 . 0 Scan saved at 11:22:19 PM, on 12/29/2004 Platform: Windows XP SP1 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP1 (6 . 00 . 2800 . 1106) Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr . exe C:\WINDOWS\Explorer . EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc . exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc . exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr . exe C:\WINDOWS\system32\LEXBCES . EXE C:\WINDOWS\system32\spoolsv . exe C:\WINDOWS\system32\LEXPPS . EXE C:\Program Files\Norton AntiVirus\IWP\NPFMntor . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc . exe C:\Documents and Settings\Administrator\Desktop\HijackThis . exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = . com/srh . php?q=%s" target="_blank">fastsearchweb . com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank O2 - BHO: (no name) - {1E0D6E98-21D5-45BD-ACC5-A3C4C5CFEDFB} - C:\WINDOWS\System32\msbc . dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm . ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt . dll O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\iecust . dll O4 - HKLM\ . . \Run: [WildTangent CDA] RUNDLL32 . exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400 . dll",cdaEngineMain O4 - HKLM\ . . \Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON . EXE RUN O4 - HKLM\ . . \Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr . exe O4 - HKLM\ . . \Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck . exe O4 - HKLM\ . . \Run: [DeltTray] DeltTray . exe O4 - HKLM\ . . \Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp . exe" O4 - HKLM\ . . \Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt . exe O4 - HKLM\ . . \Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon . exe O4 - HKLM\ . . \Run: [taskopen . exe] taskopen . exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL . EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim . exe O17 - HKLM\System\CCS\Services\Tcpip\ . . \{FCA6497B-B75D-4BCD-9CD9-946058C0E8BD}: NameServer = 69 . 50 . 166 . 94,69 . 31 . 80 . 244 O21 - SSODL: Web Event Logger - {7CFEFEF1-ED03-1337-ABCD-526492F5D679} - C:\WINDOWS\System32\Hdinlddc . dll O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc . exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr . exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc . exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr . exe O23 - Service: LexBce Server - Lexmark International, Inc . - C:\WINDOWS\system32\LEXBCES . EXE O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing . exe O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc . exe O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor . exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan . exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ . exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc . exe O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc . exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc . exe |
paragone (6714) | ||
| 1 2 3 4 5 | |||||