Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Maintain Updates, Spy/virus/malware Scans, Defrag, Errors Still Keep Popping Up


  • Please log in to reply
16 replies to this topic

#1 joygreen

joygreen

  • Members
  • 242 posts
  • OFFLINE
  •  
  • Location:Southeast U.S.A.
  • Local time:05:52 AM

Posted 16 December 2006 - 01:18 AM

Logfile of HijackThis v1.99.1
Scan saved at 12:47:25 AM, on 12/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\downloaded security files\hijackthis_sfx.exe
C:\Documents and Settings\Owner\Desktop\downloaded security files\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/......(edited for privacy)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 103.168.1.3:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ioloDelayModule] "C:\Program Files\iolo\System Mechanic Professional 6\delay.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162658997453
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe




Thank you; please advise if you need the homepage address.

Edited by joygreen, 16 December 2006 - 01:20 AM.

"Restore an environmentally sustainable and economically just America"

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 19 December 2006 - 06:22 PM

You have Norton and Command Software AV's - only one active AV should be running - remove one

Explain in better details the problem you have

Have you checked spysweeper for updates and run?
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 joygreen

joygreen
  • Topic Starter

  • Members
  • 242 posts
  • OFFLINE
  •  
  • Location:Southeast U.S.A.
  • Local time:05:52 AM

Posted 19 December 2006 - 11:50 PM

Thank you so much for reviewing this. I think spysweeper w/antivirus is corrupted. It never finds anything.
Norton System Works occasionally stops a trojan, but usually on my win98 machine that works fine. I ran "SPYNOMORE" last night and got these results:

It turned out that SPYNOMORE (snm.exe) found 11 nasty items: in 5.5 minutes.scanned 219 folders and 2776 files. The type of problem were two:

zlob trojan rogue security website hijackers and
WinAntiVirus Ransomware in

they were all in registry keys that started with this filename
registry hkey_current users|software\microsoft\windows\currentversion\internet settings\zonemap\domains:

here are the 11 domains.

dvdaccess.net
MovidCodec.net
playercodec.net
Tvcodec.com
videosaccess.net
zcodec.com
winantispyware.com
winantivirus.com
winfixer.com
winnanny.com
winsoftware.com

Then I worked with Microsoft for awhile and ran a couple of programs that changed over 4,000 files. My settings were all messed up today. First we ran SmitFraudFix.exe and it was supposed to run for 3 hours or so. 6 hours later, the PC appeared frozen (no lights blinking on the cpu or the router), and there were two instances of the program running. So I called Microsoft again, closed one of the windows; and I saw that the progress bar was about 3/4 of the way through. But the agent wanted me to shut it down, and then I ran AVG Anti Spyware which has put itself in the startup try. So now I have 3 antivirus programs running. My System Guard is going nuts, not knowing what to let run. Before realizing it was SMITFRAUDFIX that had found the problems, I uninstalled it and my start menu is a bit more peaceful now and I was able to restore my outlook express.

This problem has been going on for ages (weeks/month or two?)
this is the error message I am getting when I go to control panel, add new programs, and click add/remove Windows components, "Windows XP Setup" gives me an error message with non-ASCII characters in it. I had to take a picture of it, but here is the verbiage: :

"Windows XP Setup
Setup was unable to open information file hide [weird characters]
Contact your system administrator. The specific error code is 0x7b at line 2088999592."

I have a .jpeg file on my pc; not sure how/where to upload it to insert it here.
not sure how/where to upload the .jpeg file to get it online and insert it here. It won't copy/paste. Isn't there a way to get to alternate characters with my keyboard? I could type in the rest of the characters.

I own several anti v/s programs; non work well enough. Seems like I get better results when I run a program from a website. Occasionally, when I am going to a security site, the window will just shut down. That happened the first few times I tried to run safety.live.something (the microsoft online safety checker). We finally got it to run; found nothing. I just see where we (McSft) ran "EWIDO" it found one infection "2o7" in the owner cookies folder. That cookie will just never go away; that's been around since the beginning of this new machine. The OEM software is foolishly designed; have to be online to wipe the disk and reload the O/S; takes ages to re-set the settings because my backup file didn't work (I didn't know how to restore it is more correct). THEN I get to load my own programs. So hours have gone by (it would be less now that I have Vzn F'S; and there are a bunch of junk programs that have to be deleted as well. I thought I was getting an XP CD; but nooooo. The only cool thing is it makes a virtual d: drive to store the o/s. loads so much faster.

I maintain the machine regularly update windows; spysweeper, norton, and System Mechanic 6 pro; use windows and norton firewall(i know that is a no no but they have both been compromised at one time or other. and I do the cleanup and defrags. I will say that about 1/4 of my used space was wiped out by the m/s agent and the programs we ran last night/early this morning. But I am not comfortable with it yet; especially since I get the windows xp setup errors still. Which online protections do you like the best? I'll be real happy to get rid of Norton; support is terrible.

I hope I have given you the info you need without being too long winded. I am exhausted. And I got myself into a hornets nest on a blog. I replied to it; but in my haze did an e-mail reply and it didn't get posted. Thank you for inserting that flag about SpyNoMore.

My body is shutting down and I can't see anymore. I hope I can sleep tonight. Thank you so much for your help.

Joanne
"Restore an environmentally sustainable and economically just America"

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 20 December 2006 - 12:16 PM

You should only run 1 active AV


Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
o Select "Automatically generate report after every scan"
o Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG and a new HiJack log
=================

those are legit entries in the registry - I have them and I know I'm not infected

SpyNoMore is known for false positives
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 joygreen

joygreen
  • Topic Starter

  • Members
  • 242 posts
  • OFFLINE
  •  
  • Location:Southeast U.S.A.
  • Local time:05:52 AM

Posted 22 December 2006 - 11:45 PM

Hi MFD and thank you for your help. I ran the utilities; they all report "no problems". I turned off all the automatic scans; it is possible they were running into each other and corrupting the registry.

Microsoft said my problems all had to do with my XP installation. (The Runtime error, the %Notepad error, the inability for XP installs).

Ahh, it was not you who input that reference to "spynomore" in my unfortunate entry into that hornet's nest blog. I deleted it from my PC (I did not find an uninstall option). The reports you requested said nothing; only "no problems". Norton, however, is now showing some registry problems. Can you please recommend a good registry cleaner? Or would you still like the Hijack This report?

Thanks again, and happy, blessed holidays to you and yours.
"Restore an environmentally sustainable and economically just America"

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 23 December 2006 - 10:31 AM

What is Norton saying

post a hijack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 joygreen

joygreen
  • Topic Starter

  • Members
  • 242 posts
  • OFFLINE
  •  
  • Location:Southeast U.S.A.
  • Local time:05:52 AM

Posted 23 December 2006 - 09:07 PM

These are 'miscellaneous files' that Norton could not clean up. The scan, which included Windows Registry, Program Integrity,

Virus Definitions, Auto-Protect, Last Virus Scan, Shortcut Scan all had no errors found. The Norton Cleanup Scan cleaned 618

of 629 items.

1 ewido online scanner
2 Java Plug-in 1.5.0_09 for Netscape Navigator (DLL Helper) [note: i do not have netscape installed on my machine. [I will scan for Netscape after I finish copying this report from Norton One Button Checkup}
3 Microsoft Office Update Detection Engine
4 muweb.dll
5 OGACheckControl.DLL
6 Symantec Security Check Registry and File Information control.
7 Symantec Security Check Virus Detection Scan
8 Trend_Micro_ActiveX_Scan_Agent Module10
9 Windows Genuine Advantage Validation
10 Windows Live OneCare Safety Scanner Base Module

Norton is only offering me to "Ignore selected problems in future Checkups"

I did a rescan, and it found 27 problems. Clicked the Fix Now button, and the same 10 problems (plus, of course, perflib_perfdata... were still there.

Yesterday, my AVG Anti-Spyware expired and is running on limited (not protecting) mode. I do have NAV and Spysweeper "on guard". I do not have WinOne Care installed; the reference might be to the http://safety.live.com PC Safety Scan that I run maybe weekly.

just got another runtime error:
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information.

Another change I made yesterday was to disable the scheduled scans of norton, webroot and system mechanic pro 6. They seem to run into each other and continue to run; I cannot understand how that would NOT corrupt files. But today when I turned on the PC, it went nuts processing something (no applications listed) as if it were doing its scans. Possibly the automatic updates, but they should not have taken that long. I do run the scans and updates regularly.

Following is the Hijack This report you requested. Thank you so much. I hope you are enjoying your holidays in lovely South Carolina.

Kindest regards,
Joanne
"Restore an environmentally sustainable and economically just America"

#8 joygreen

joygreen
  • Topic Starter

  • Members
  • 242 posts
  • OFFLINE
  •  
  • Location:Southeast U.S.A.
  • Local time:05:52 AM

Posted 23 December 2006 - 09:26 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:59:26 PM, on 12/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Owner\Desktop\new anti v&s pgms\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/ [...edited]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 103.168.1.3:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ioloDelayModule] "C:\Program Files\iolo\System Mechanic Professional 6\delay.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Startup: Norton Disk Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162658997453
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


Please Note: the date has been messed up for two days; it jumped ahead on Thursday to Dec 24 then with a mouseover, it went to the 23rd. I adjusted the date yesterday, Friday to the 22. This post is actually entered on Dec 23, not the 24th as reported above. Maybe there's a "Christmas Virus" messing with my machine's clock? I do have settings to set time automatically...

One other thing: whenever I sign onto Hotmail, it will take my ID but not my password. It ALWAYS makes me type it in twice. I'm either paranoid, or have a keylogger? I'm pretty sure I usually type it in correctly the first time. Also, sometimes, the cursor stops moving while I am typing and it will catch up and post the characters. It reminds me of the old days when RAM was really low and I used to type over 90 wpm, and the machine wouldn't keep up with me. Anyway that is hapening again, just started lately.

OK, bye now. And thank you again.
"Restore an environmentally sustainable and economically just America"

#9 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 24 December 2006 - 10:11 AM

You still have Norton and Command Software AV's remove one of them
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#10 joygreen

joygreen
  • Topic Starter

  • Members
  • 242 posts
  • OFFLINE
  •  
  • Location:Southeast U.S.A.
  • Local time:05:52 AM

Posted 24 December 2006 - 03:00 PM

:thumbsup: Greetings MFD,

I just stopped the virus protection portion of Norton. I have "Norton System Works". I also set for Windows to take care of its own updating. I will reboot, and send another Hijack this, if that's ok, and you tell me if I've removed enough stuff. I like Webroot, they offer free support but it is a virus and spyware program. I am not sure what you mean by Command; so I will really appreciate your taking another look. Thank you so much.

"joy"
"Restore an environmentally sustainable and economically just America"

#11 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 24 December 2006 - 03:10 PM

SpySweeper is not an AV



O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

Here is command
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#12 joygreen

joygreen
  • Topic Starter

  • Members
  • 242 posts
  • OFFLINE
  •  
  • Location:Southeast U.S.A.
  • Local time:05:52 AM

Posted 24 December 2006 - 07:32 PM

Hi MFD, thanks for being here for me today. I think you have found the problem. It appears there is/was a program called "Authenticum" on the PC. In the folder you listed, there are several files with the Command Software label. Here are my notes. Should I perform the uninstall on Authentium? or go to Safe Mode and delete each Command Software file? Also, what is AV? Anti-virus? if so, the version of Webroot I have on this machine also has anti-virus features on it as well...

Thank you :thumbsup:

Some of the command software systems files found in that folder
dvpapi.exe is read only; cannot delete access is denied. make sure disk is not full or write-protected and that file is not currently in use.
and
dvpmgr.exe (deleted ok)
and
fixdsknt.exe (cannot delete....

help on avavent.exe (options)
-b - Fire Begin Update event
-e Fire EndUpdate event
-r Fire EndUpdateReboot event
-s Fire ShutdownAll event.

Found avsdk.msi; a Windows Installer Package in same folder: executed it, returned an Authentium Setup Application Maintenance window:

'Select the maintenance operation to perform

Modify: Change which app. features are installed. Displays the Select Features dialog, which lets you configure individual features.
Repair: reinstall missing or corrupt files, registry keys and shorcuts. Preferences stored in the registry may be reset to default values
Remove: Uninstall Authentium from this computer

Note:
Authentium is also not listed in add/remove programs, and the search program did not find "Authentium" anywhere on the PC (like my notes, which I usually make when I download software - and only by directions from a support staff eg you, MS. e-machines, norton usually no help; webroot can always fix their application with a reinstall although I have not had problems with it on this machine.


Thank you! I hope you are having fine weathah in South Carolina :flowers:
OOOh, I am glad I fell asleep this afternoon and did not go out tonight, it just started storming outside. Going to let kitty cat in the garage...
"Restore an environmentally sustainable and economically just America"

#13 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 25 December 2006 - 03:10 PM

uninstall on Authentium
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#14 joygreen

joygreen
  • Topic Starter

  • Members
  • 242 posts
  • OFFLINE
  •  
  • Location:Southeast U.S.A.
  • Local time:05:52 AM

Posted 01 January 2007 - 08:39 PM

SpySweeper is not an AV



O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

Here is command


I am sorry, I do not understand this. I have been removing all my downloaded spy/virus checker programs. Spybot stuck itself in my startup programs. I also have that 0x7b error, XP install program does not work. May I attach another Hijack This scan?

Thank you for your help. Happy New Year!
"Restore an environmentally sustainable and economically just America"

#15 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 02 January 2007 - 10:06 AM

I was showing you the presence of Command (Authentium )

Yes post a log but explain in more detail the problems
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users