Author Topic: big problem with norton (Read 22395 times)

jedwardsb · « **on:** February 07, 2006, 08:35:15 PM »

Hi
I just installed the newest version of Norton on my laptop. Up til now I've never had any problems with viruses. All of a sudden Norton says it has found 5. So, I do as it says and do the scan. While the scan is going on approximately 10 IE pop ups come and wont close. The thing is I use firefox and never opened IE. Also, I cant fully shut down my computer now. It shuts down to the blue screen that says windows is shutting down and stays there. So I have to manually turn it off. Add to all of this my laptop is now extremely slow since I put Norton on. I paid 70 dollars for this software. Could anyone please tell me if there's anything I can do to remedy the problems Im having.
Thanks

Windows98 · « **Reply #1 on:** February 07, 2006, 09:29:52 PM »

Pop up indicates spyware and adaware..

http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1134123580 <- antispyware and malware

http://www.google.com/search?hl=en&lr=&q=define%3AAdware <- for more info to solve your curiosity

Fed · « **Reply #2 on:** February 07, 2006, 09:52:26 PM »

Replace Norton.

jedwardsb · « **Reply #3 on:** February 08, 2006, 03:44:36 PM »

Quote

Replace Norton.

what should i replace norton with though? i was under the impression that norton is one of the better antivirus systems out there

dl65 · « **Reply #4 on:** February 08, 2006, 03:58:17 PM »

jedwardsb...... Contary to what some people say ...Norton does do a good job ....... Which Norton are you using Norton AV 2006 ? Did you have another Norton product installed prior to the one you have now .........
Have you tried going into safe mode and then running Norton again ?

dl65

jedwardsb · « **Reply #5 on:** February 08, 2006, 04:12:39 PM »

Yes, Im running Norton 2006 and I havent had any other verision of it installed before. Im running Spybot now so hopefully that will solve the problem. But I was wondering, is it normal for Norton to slow down the system so tremendously?
Thanks to everybody for all of the help.

dl65 · « **Reply #6 on:** February 08, 2006, 04:16:51 PM »

jedwardsb... If you are trying to run a full scan with Norton and carry on doing other things ....yes it will slow things right down ....however ...if you set up Norton to do its full scans at a time when your not using the machine , you will not ever know its there .

dl65

R0SS · « **Reply #7 on:** February 09, 2006, 02:56:07 PM »

get rid of Norton.

Its the crappest piece of crap out there all it gave me was crap!

get AGV free, or Pc-Cillin

R0SS

soybean · « **Reply #8 on:** February 10, 2006, 08:05:15 AM »

Quote

get rid of Norton.

Its the crappest piece of crap out there all it gave me was crap!

get AGV free, or Pc-Cillin

R0SS

That was an asinine post. I know better. I've been using Norton for over 3 years. My son has been using it for over 2 years. I use a computer at a client's office with Norton Anti-Virus installed. No problems.

Fed · « **Reply #9 on:** February 10, 2006, 12:36:09 PM »

There are many die hard Norton users out there, we can't save them all.

Peccavi · « **Reply #10 on:** February 10, 2006, 02:37:18 PM »

Quote

There are many die hard Norton users out there, we can't save them all.

I was dead.
Resurrected by AVG...

jedwardsb · « **Reply #11 on:** February 10, 2006, 07:21:42 PM »

Yea, so far I've learned to hate Norton too. I'd never had any problems until I installed it....
I installed hijack this and spybot (both of which claimed to have found lots of spyware). I ran the scans on both of them. I deleted everything that came up in spybot. In spybot, I deleted everything I thought was suspicious. However, Im still having problems. Ill just get random pop ups that go to a variety of websites, including cheaptickets.com and other "valid, respectable" website...This is the log from hijack this....Did I miss anything?
Thanks again

Logfile of HijackThis v1.99.1
Scan saved at 8:11:44 PM, on 2/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\dHJhY2N5\command.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\AOL\1133212568\ee\AOLSoftware.exe
C:\WINDOWS\system32\comsvcs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\windows\winsysban7.exe
C:\WINDOWS\sys033982790121.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wgse.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\hpsw.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\aol\1133212568\ee\aim6.exe
C:\DOCUME~1\traccy\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\system32\vtsts.dll
O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133212568\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [COM Service] C:\WINDOWS\system32\comsvcs.exe
O4 - HKLM\..\Run: [Windows Task Scheduler] C:\WINDOWS\system32\3D.tmp
O4 - HKLM\..\Run: [ObjectLoader] C:\WINDOWS\system32\23.tmp
O4 - HKLM\..\Run: [Microsoft (R) Windows Peer-to-Peer Security Interface] C:\WINDOWS\system32\ppsi32.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd7.exe
O4 - HKLM\..\Run: [0oqw0ub0.dll] RUNDLL32.EXE 0oqw0ub0.dll,b 227015
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban7.exe
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
O4 - HKLM\..\Run: [sys033982790121] C:\WINDOWS\sys033982790121.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: xpxo.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://my.netzero.net/s/sp?r=al&cf=sp
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\W

soybean · « **Reply #12 on:** February 11, 2006, 09:33:31 AM »

Quote

Yea, so far I've learned to hate Norton too. I'd never had any problems until I installed it....
I installed hijack this and spybot (both of which claimed to have found lots of spyware). I ran the scans on both of them. I deleted everything that came up in spybot. In spybot, I deleted everything I thought was suspicious. However, Im still having problems. Ill just get random pop ups that go to a variety of websites, including cheaptickets.com and other "valid, respectable" website...This is the log from hijack this....Did I miss anything?
Thanks again

Yep, you still have spyware. Clearly you had a bad case of spyware, and you had it before you installed Norton. And, even though Norton will slow down your system when doing a full scan, it will not significantly slow down your system when merely monitoring your email traffic. So, the slowdown you complained of in your first post is definitely partly or mostly attributable to your spyware problem. Also, Norton did detect 5 viruses, which may have been affecting your system's performance and/or behavior.

Since you've scanned with spybot and deleted everything it found and you still have random pop ups, etc., that indicates you had a major spyware/malware infestation. Spybot is good, but none of the good spyware removal tools can detect and remove 100% of all the stuff that accumulates in bad infestations. So, yeh, you're going to have to use other (more than one) spyware removal tools and, if you can, get recommendations based on your HijackThis log.

In bad spyware/malware infestations, the ultimate solution is formatting your hard drive and restoring your system from your recovery CD. If have important files on your laptop that have not been backed up and you're still able to backup files from your laptop, I'd do that ASAP.

And, know this. If you have no firewall running and you get online with that laptop, you can quickly and unknowingly get more spyware.

GX1_Man · « **Reply #13 on:** February 11, 2006, 10:26:19 AM »

Agreed. It is not so much a "Big Problem with Norton" as it is a Big Problem with Unsafe Surfing.

You need several good spyware/adware removal programs and whatever antivirus floats your boat. I don't recommend Norton, but a lot of people use it, and you already have money invested in it.

Fed · « **Reply #14 on:** February 11, 2006, 02:01:57 PM »

Post the rest of your hijackthis log if/when you return.

dl65 · « **Reply #15 on:** February 11, 2006, 09:31:10 PM »

jedwardsb..... Clearly you may still have a virus .........

Your log indicates that you are not using any anti virus ..........What happened to Norton 2006 ?

This is a entry as a result of a virus .....
C:\WINDOWS\dHJhY2N5\command.exe ........ added by the Buddy virus......
Manually locate and delete.........

Mark for removal :

O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\system32\vtsts.dll

O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

There are a number of other questionable entries which may have to go as well.......but the ones listed are the bad ones .....

dl65

jedwardsb · « **Reply #16 on:** February 15, 2006, 09:58:29 PM »

Sorry for the delay in my response. Ive been kind of busy..Anyway, I deleted everything that you all said to delete and for the most part that got rid of the problem. However, I still get random pop-ups( granted it is nowhere near as bad as before). Also, somehow, my mouse pad for the laptop isnt working correctly. The right click doesnt work as well as the scroll buttons. There normally is a display in the lower right hand corner that tells me where my finger is on the pad, but that has dissapeared. Maybe I inadvertently turned something off. Is there anyway to fix this?

Fed · « **Reply #17 on:** February 15, 2006, 10:24:04 PM »

Your computer has ZERO realtime protection.
Download, install, update and run the following.

1 x Antivirus, 2 x Antispyware, 1 x Firewall.
We are wasting time until these things are in place.

jedwardsb · « **Reply #18 on:** February 16, 2006, 05:18:38 PM »

Before I reinstall Norton, I was wondering if that was the wisest decision or not. The feelings about it seem to be mixed from you all. Also, about the firewall....Windows says there is one already that is guarding my system. Do you all suggest that I get something other than than the standard Windows firewall?

Fed · « **Reply #19 on:** February 16, 2006, 08:16:52 PM »

I'm not a big fan of Norton as it tries to take over your computer and is high on resources.
The XP firewall doesn't monitor outgoing data so I'm not fond of it either.

I use AVG Free Antivirus because it runs like a clock and has never let me down.
I use Spybot S&D running with the Teatimer because Microsoft Antispyware is like Norton (above).
I use Prevx intrusion prevention system as a backup but I swap this around to try different programs
like Winpatrol, Microsoft etc. (I'm thinking about trying the new Microsoft one soon)
I use the Sygate firewall because I find the Zonealarm GUI very convoluted and confusing.

Just my thoughts, others may care to comment.

Mr_President · « **Reply #20 on:** February 18, 2006, 07:48:40 AM »

Quote

Yes, Im running Norton 2006 and I havent had any other verision of it installed before. Im running Spybot now so hopefully that will solve the problem. But I was wondering, is it normal for Norton to slow down the system so tremendously?
Thanks to everybody for all of the help.

AVG Free Home Edition

Norton is a resource hog.

jedwardsb · « **Reply #21 on:** February 19, 2006, 03:17:17 PM »

I installed AVG and so far its running well. I did a full system scan. It told me to restart and I did. Im still having problems with pop-ups though. I was wondering if I can do anything about them. This is my updated Hijack this log. If anyone can tell me if its worth trying to fix this problem, I'd appreciate it.

Logfile of HijackThis v1.99.1
Scan saved at 4:10:05 PM, on 2/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\dHJhY2N5\command.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\AOL\1133212568\ee\AOLSoftware.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\windows\winsysban9.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\sys021398279012.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\traccy\APPLIC~1\SMBOLS~1\wuauclt.exe
C:\WINDOWS\system32\??rvices.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\DOCUME~1\traccy\LOCALS~1\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - {EC0D2D1D-EBF3-E15E-A7FB-E83B8B012192} - C:\WINDOWS\system32\yqx.dll
R3 - URLSearchHook: (no name) - {EC0D2D69-EBF0-E22C-A7F8-E13B840221E1} - C:\WINDOWS\system32\yqx.dll
O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\system32\vtsts.dll
O2 - BHO: (no name) - {EC0D2D69-EBF0-E22C-A7F8-E13B840221E1} - C:\WINDOWS\system32\yqx.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133212568\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Windows Task Scheduler] C:\WINDOWS\system32\3D.tmp
O4 - HKLM\..\Run: [ObjectLoader] C:\WINDOWS\system32\1E3.tmp
O4 - HKLM\..\Run: [Microsoft (R) Windows Peer-to-Peer Security Interface] C:\WINDOWS\system32\ppsi32.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd9.exe
O4 - HKLM\..\Run: [0oqw0ub0.dll] RUNDLL32.EXE 0oqw0ub0.dll,b 227015
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [sys021398279012] C:\WINDOWS\sys021398279012.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\traccy\APPLIC~1\SMBOLS~1\wuauclt.exe" -vt mt
O4 - HKCU\..\Run: [Avjbsi] C:\WINDOWS\system32\??rvices.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Prog

jedwardsb · « **Reply #22 on:** February 19, 2006, 03:18:39 PM »

Sorry, this is the rest

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\m0po0a73ed.dll
O20 - Winlogon Notify: vtsts - C:\WINDOWS\system32\vtsts.dll
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dHJhY2N5\command.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Service (RpcSssvc) - Unknown owner - C:\WINDOWS\system32\RpcSs.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

rockerest · « **Reply #23 on:** February 19, 2006, 08:19:12 PM »

http://www.hijackthis.de/

Copy and paste your entire logfile into the box and click the analyze button.

Your first logfile post found 3 viruses and probably 20 spyware. Go through them all (Red exclamation marks and yellow question marks) and check to make sure they're something you need. Try typing each program or string into google. It usually brings up on the first or second link a page that'll tell you what it is...

Yeah, definitely a lot of spyware/adware....

My opinion on Norton can be found in http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1135475077/18#18

-rock

Fed · « **Reply #24 on:** February 19, 2006, 09:49:18 PM »

Download, install & [highlight]update[/highlight]...
CLEANUP
Ccleaner
ANTI SPYWARE
Ad-Aware
Spybot S&D
Microsoft Antispyware (W2k & XP)
ANTI VIRUS
AVG Free [highlight](Set options to 'scan all files')[/highlight]
ANTI TROJAN
EWIDO (W2k & XP)

Turn off System Restore if applicable. (ME & XP users)

Run Ccleaner
Run Ad-Aware
Run Spybot
Run Microsoft Antispyware
Run AVG Free
Run Ewido

Re-start in Safe Mode
Re-run AVG Free

Re-start in Normal Mode
Turn on System Restore if applicable. (ME & XP users)

Then come back with a fresh Hijackthis log, let's see how good these scanners are.

dl65 · « **Reply #25 on:** February 19, 2006, 11:19:43 PM »

jedwardsb..... Locate these entries manually and delete them ....... C:\WINDOWS\dHJhY2N5\command.exe .........

C:\DOCUME~1\traccy\APPLIC~1\SMBOLS~1\wuauclt.exe

I would mark for removal the following :

O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\system32\vtsts.dll

O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dHJhY2N5\command.exe

O23 - Service: Remote Procedure Call (RPC) Service (RpcSssvc) - Unknown owner - C:\WINDOWS\system32\RpcSs.exe (file missing)

Fed · « **Reply #26 on:** February 20, 2006, 02:31:13 AM »

Awww DL65, I wanted to see a new log after the recommended antivirus & antispyware routine.

jedwardsb · « **Reply #27 on:** February 20, 2006, 12:17:04 PM »

Thanks to everyone for the help. I downloaded all of the software that FED suggested and it seems to have gotten rid of all that *censored* spyware. In the process however two things happened that I was wondering if I could get advice on.
1) My quick links have disappeared(the ones that are in the lower left hand corner to the right of the Start menu). I tried dragging and dropping my old icons, but that didnt work.
2) My mousepad doesnt work right at all. The scroll parts of the pad don't respond. Lastly, there used to be an icon that showed where my finger was on the mouspad, that too has dissapeared.

But aside from those minor issues, everything seems to be fine.

To those that wanted to see my updated log, here it is....

Logfile of HijackThis v1.99.1
Scan saved at 1:15:18 PM, on 2/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\AOL\1133212568\ee\AOLSoftware.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\DOCUME~1\traccy\APPLIC~1\SMBOLS~1\wuauclt.exe
C:\WINDOWS\system32\??rvices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\traccy\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - {EC0D2D69-EBF0-E22C-A7F8-E13B840221E1} - C:\WINDOWS\system32\yqx.dll
O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\system32\vtsts.dll
O2 - BHO: (no name) - {EC0D2D69-EBF0-E22C-A7F8-E13B840221E1} - C:\WINDOWS\system32\yqx.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133212568\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Windows Task Scheduler] C:\WINDOWS\system32\3D.tmp
O4 - HKLM\..\Run: [ObjectLoader] C:\WINDOWS\system32\1E3.tmp
O4 - HKLM\..\Run: [Microsoft (R) Windows Peer-to-Peer Security Interface] C:\WINDOWS\system32\ppsi32.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd10.exe
O4 - HKLM\..\Run: [0oqw0ub0.dll] RUNDLL32.EXE 0oqw0ub0.dll,b 227015
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames10.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\traccy\APPLIC~1\SMBOLS~1\wuauclt.exe" -vt mt
O4 - HKCU\..\Run: [Avjbsi] C:\WINDOWS\system32\??rvices.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\k8440ihqe84e0.dll
O20 - Winlogon Notify: vtsts - C:\WINDOWS\system32\vtsts.dll

jedwardsb · « **Reply #28 on:** February 20, 2006, 12:17:37 PM »

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\k8440ihqe84e0.dll
O20 - Winlogon Notify: vtsts - C:\WINDOWS\system32\vtsts.dll
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Service (RpcSssvc) - Unknown owner - C:\WINDOWS\system32\RpcSs.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

rockerest · « **Reply #29 on:** February 20, 2006, 06:19:04 PM »

Both the scroll and icon for your mousepad are probably settings that can be changed from inside your mouse software.

Quicklinks, like programs you use a lot?

You can get them back by just using the programs a lot. However, I've got the programs I use a lot pinned to my start menu, and NO quicklinks enabled. That way, they never go away.....

rockerest · « **Reply #30 on:** February 20, 2006, 06:24:30 PM »

Looks like there are still some problems in your HiJack This logfile. Some marked in the analyzer are ok, but there are a few that should still be looked at (what is the file ??rvices.exe that's running?).

dl65 · « **Reply #31 on:** February 20, 2006, 07:39:59 PM »

jedwardsb....... Did you use hijackthis to remove the earlier mentioned bad entries ...... because I am seeing them all still there ........
Please mention how you removed them ?

dl65

Fed · « **Reply #32 on:** February 20, 2006, 10:22:54 PM »

DL65, it looks like jedwardsb has just run the scans so far.
I am concerned about ??rvices, it's listed as a possible trojan, I wonder why Ewido didn't get it?

dl65 · « **Reply #33 on:** February 21, 2006, 12:57:53 AM »

Quote

DL65, it looks like jedwardsb has just run the scans so far.
I am concerned about ??rvices, it's listed as a possible trojan, I wonder why Ewido didn't get it?

I found one place where it refered to that entry as a virus and another that called it a trojan ....... One things for sure , it shouldnt be there at all ....... Did jedwardsb run the scans in safe mode I wonder ..... with system restore turned off ? I just went thru his latest hijackthis log and I see quite a few items which should be removed ....but until he tells us his machine has been scanned in Safe by the AV and Ewido .........I wouldnt go any further yet . I didnt see any confirmation that he ran Ewido .....

dl65

jedwardsb · « **Reply #34 on:** February 21, 2006, 09:14:45 PM »

I forgot to post that I had had a problem with starting over in Safe Mode. I attempted to do it, but it stopped at a black screen and wouldnt go any further. I restarted the laptop in normal mode by turning the power off (I had waited for more than an hour) and installed the software previously mentioned.

In other news, the pop-ups have returned. But the software must have done something, because the severity in the number of pop-ups has gone down significantly.

Im also still having the problems w/ the mousepad and the quick links in the lower left hand corner.

Oh, and I did use hijack this to remove the entries you all said to remove. However they returned

GX1_Man · « **Reply #35 on:** February 22, 2006, 04:53:37 AM »

You're just getting reinfected. If you cannot do EXACTLY what is suggested be up front about it. Do you have a shiny, real Windows CD to reinstall if needed?

jedwardsb · « **Reply #36 on:** March 04, 2006, 04:45:50 AM »

Sorry for the delay in reply, but yes I do have that cd

Backdated · « **Reply #37 on:** March 04, 2006, 05:56:56 AM »

You have multiple infections. Carefully follow the instructions outlined in [highlight]this post[/highlight] and report back.

jedwardsb · « **Reply #38 on:** March 24, 2006, 07:33:12 PM »

Thank you all for all of the help. However I have found the solution. I reinstalled Norton and all of a sudden it decided to work. I dont have any more spyware problems.

Backdated · « **Reply #39 on:** March 25, 2006, 05:52:01 AM »

Unless it's vastly improved over the last month or so, NAV will not fix some of the problems that you have.

jedwardsb · « **Reply #40 on:** March 25, 2006, 06:23:52 PM »

Well, I've also run the other anti-spyware programs that you all suggested. They didnt work when separate, but when they both were running simultaneously, they worked.

GX1_Man · « **Reply #41 on:** March 25, 2006, 08:40:08 PM »

Quote

Well, I've also run the other anti-spyware programs that you all suggested. They didnt work when separate, but when they both were running simultaneously, they worked.

I would like to hear more of this story.

jedwardsb · « **Reply #42 on:** March 25, 2006, 09:50:03 PM »

To make a long story short, I had originally had McCaffe(sp?) pre-installed on my laptop. That worked fine and I never had any problems with it. The subscription ran out and my dad had just bought Norton so I installed it. As soon as McCaffe was gone and Norton was installed I started having serious pop up problems so I uninstalled Norton. The anti-spyware software that was suggested on here such as hijack this worked. But only until I restarted my computer. When I reinstalled Norton all the problems stopped. Weird, huh?

Backdated · « **Reply #43 on:** March 26, 2006, 05:18:15 PM »

Post a final Hijackthis logfile and we'll check to see if your problems have really stopped.

jedwardsb · « **Reply #44 on:** March 26, 2006, 10:29:04 PM »

Logfile of HijackThis v1.99.1
Scan saved at 11:27:35 PM, on 3/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1133212568\ee\AOLSoftware.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Comcast Rhapsody\rhaphlpr.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\traccy\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\system32\vtsts.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133212568\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\dnn0015me.dll (file missing)
O20 - Winlogon Notify: vtsts - C:\WINDOWS\system32\vtsts.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.

dl65 · « **Reply #45 on:** March 27, 2006, 01:27:25 AM »

It appears you still seem to have issues.........
Give this a try and see if it cleans things up .

Tools needed for this fix:
Vundo Fix
VirtumundoBegone

O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\mljjk.dll
O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\mljjk.dll

Note: This fix only applies to Vundo infections where the O2 entry contains MSEvents or ATLDistrib.

Preperation Steps:

Please do both of the following before we start:

1. Please print these instructions as they will be needed later when Internet access is not available.

2. Save these instructions in word or notepad to the desktop where they can be easily found.

Removal Steps:

Download VundoFix.exe and save it to your desktop.
Double-click VundoFix.exe to run it.

Place a check in the checkbox labeled Run VundoFix as a task. You will receive a message stating that VundoFix will close and re-open in a minute or less.

When VundoFix reopens, click the OK button.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click the YES button.

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will shutdown your computer, click the OK button.

When the computer has shutdown, turn your computer back on.

The Winfixer/Vundo infection should now be cleaned from your computer. If you are still having a problem then please proceed to Step 2.
This step should only be used if the instructions in Step 2 did not remove the infection.

Download VirtumundoBegone and save it to your desktop.

VirtumundoBegone

Reboot your computer into Safe Mode

Then double click VirtumundoBeGone.exe you just downloaded and follow the instructions.

Exit when it has finished

Hopefully , that should have done the trick .

dl65

Backdated · « **Reply #46 on:** March 27, 2006, 06:13:01 AM »

This is not a full logfile!
Carry out the procedures listed [highlight]in this post[/highlight] and post a Hijackthis logfile here when done.
If possible, zip the logfile and attach it rather than post it.

Computer Hope Forum

News:

Author Topic: big problem with norton (Read 22395 times)

jedwardsb

Windows98

Fed

jedwardsb

dl65

jedwardsb

dl65

R0SS

soybean

Fed

Peccavi

jedwardsb

soybean

GX1_Man

Fed

dl65

jedwardsb

Fed

jedwardsb

Fed

Mr_President

jedwardsb

jedwardsb

rockerest

Fed

dl65

Fed

jedwardsb

jedwardsb

rockerest

rockerest

dl65

Fed

dl65

jedwardsb

GX1_Man

jedwardsb

Backdated

jedwardsb

Backdated

jedwardsb

GX1_Man

jedwardsb

Backdated

jedwardsb

dl65

Backdated