HJT Log Please Help

dani2828 · 10-04-2005, 04:06 PM

Hello,

my computer is extremely when I just started it. I seem to be unable to update Adaware although I've downloaded a newer version. Coul you please check my Log if there's anything suspicious? Thanks! Daniela

Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 8:02:13 a.m., on 5/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtra.co.nz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.xtra.co.nz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/re...c=3C01&lc=6809
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.studentmail.otago.ac.nz/
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BrowserBrand] C:\Program Files\ONLINE~1\XTRA\brand.exe
O4 - HKCU\..\Run: [SDR6252-1A14] C:\DOCUME~1\Owner\LOCALS~1\Temp\pft34.tmp\SDR6252-1A14.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\Windows\system32\HPConfig.exe

End of KRC HijackThis Analyzer Log.
======================

Ried · 10-05-2005, 11:23 AM

Hi Daniela,

Please print out or copy this page to Notepad since you will not have any of browsers open while you are fixing this.

You'll need this program again. In case you uninstalled it since May, here are the links and instructions again.

Download CleanUp! (Alternate Link if main link doesn't work) and install it. Do not run it yet.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKCU\..\Run: [SDR6252-1A14] C:\DOCUME~1\Owner\LOCALS~1\Temp\pft34.tmp\SDR6252-1A14.exe

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
-Empty Recycle Bins
-Temporary Internet Files
-Delete Cookies
-Delete Prefetch files
-[X]Scan local drives for temporary files (Please uncheck this option)
-Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

From Normal Mode:

Perform an online scan using Internet Explorer with Panda ActiveScan - requires Internet Explorer

Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
Click On 'Scan Now'
Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
Begin the scan by selecting My Computer
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
If it finds any malware, it will offer you a report. Click on see report
Then click Save report
Post the contents of the report in your next reply along with a new HijackThis log.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

dani2828 · 10-06-2005, 09:20 PM

Hi Ried,

I did everything you said (I think). Panda did not find anything at all. Here's my new HJT log, I hope it's clean. However, my computer is still so very slow.

Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 1:09:10 p.m., on 7/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/re...c=3C01&lc=6809
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.studentmail.otago.ac.nz/
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BrowserBrand] C:\Program Files\ONLINE~1\XTRA\brand.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\Windows\system32\HPConfig.exe

End of KRC HijackThis Analyzer Log.

**POADB** · 10-07-2005, 01:12 AM

What are your system specs?

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).

Save it to your desktop.
Double-click the new icon on your desktop (tmas-web-scan.exe)
It will say "Loading TrendMicro definitions".
Once the definitions are loaded, the program will appear to close then re-open.
Click "Start Scan"
After it's done scanning, click "Scan Results"
Make sure all items found have a check next to them, then click "Clean Threats Now".
Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post.

dani2828 · 10-09-2005, 07:23 PM

My system is XP Home edition 2002 service pack 2. TrendMicro did not find anything either. I don't know what could be the problem..

**POADB** · 10-10-2005, 12:55 AM

What I mean is - what speed is the CPU, how much RAM, Hard drive capacity.. that sort of thing.

dani2828 · 10-10-2005, 05:09 PM

All right sorry!! Intel Pentium 4 (2.80 GHz I think)
512 MB RAM; 40 GB hard drive

**POADB** · 10-11-2005, 03:33 AM

That's fine, thanks.

Could you run TMAS? (as in post 4)

dani2828 · 10-11-2005, 03:42 PM

I just ran TMAS again, and as last time it said 'no spyware found'..

**POADB** · 10-12-2005, 01:16 AM

It appears you're clean.

Can you tell me what BrowserBrand is, please?

dani2828 · 10-12-2005, 03:39 PM

BrowserBrand? I have no idea... It appears to be related to Xtra which is a ISP I no longer use and thought I had deleted. Should I get rif of it, and if yes, how? Thanks for your help!!!

**POADB** · 10-13-2005, 02:03 AM

Uninstall, via Add/Remove Programs in Control Panel:

BrowserBrand or Online(something) or Xtra

Run hJT and fix:

O4 - HKLM\..\Run: [BrowserBrand] C:\Program Files\ONLINE~1\XTRA\brand.exe

And delete this folder:

C:\Program Files\ONLINE~1\

dani2828 · 10-13-2005, 03:46 PM

Hi POADB. Thanks, I've deleted it. I just saw something when I connected to the forum: on the bottom of the Firefox page where you can see the webaddress you're trying to connect to, there was 'tribalfusion' for a second! I remember I used to have tribalfusion on my computer some months ago and deleted it with Spybot, I think. Here's the new log:

Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 7:36:18 a.m., on 14/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/re...c=3C01&lc=6809
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.studentmail.otago.ac.nz/
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\Windows\system32\HPConfig.exe

End of KRC HijackThis Analyzer Log.
=========

**POADB** · 10-14-2005, 01:16 AM

Tribalfusion is just the ad server. Can you see the banners at the top of this page? Move your mouse over it (do not click) and you'll see tribalfusion appear in the same place again. Spybot will clean any cookies left by tribal fushion off your computer.

TSF doesn't offer Popups or websites that are malicious - these are safe advertisements. TSF has to generate funding from somewhere to stay up and running. Banner advertisements is a step in that perspective.

Back to the log... It looks clean.

All all honesty, I think it's Norton slowing your computer down. It's common with Symantec users - since Norton hogs a lot of resources to run. Just look at the Analyzer results in the top section. It's a lot for one program.

Disconnect from the Internet and disable everything Norton, shut it down. Also shut down Microsoft Antispyware and see if the performance improves.

dani2828 · 10-14-2005, 01:48 AM

Oh yes that might be it. I think I'll get rid of Norton alltogether.. But it's already performing a bit better since I've uninstalled the Xtra stuff this morning. Thanks so much for your help!!! You guys are great. I'm a poor student but I promise I'll donate something next time (I'm sure there will be a next time .. unfortunately).

**POADB** · 10-14-2005, 09:00 AM

Dani2828, Do not leave your system without Anti virus protection.

Try my suggestion first. Disable Norton as a test run - let me know if it improves.

If it does, and you decide to remove Norton - I can offer you some 'student discounted'

free AV alternatives, along with a complete guide to protect your computer

Let me know.

dani2828 · 10-18-2005, 05:48 PM

Hi, could you please tell me how to disable Norton until after reboot? As my computer is only slow right after start-up, I would need Norton to be off then. I disabled it, but it enabled itself when I rebooted. Thanks!

**POADB** · 10-19-2005, 01:08 AM

I will need to see the HJT log without the analyzer being used.

At the moment there is only one startup for Norton showing in the analyzer results.
If I can see a complete list of startup entries I can see which ones are not needed.

Thanks.

dani2828 · 10-19-2005, 10:40 PM

Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 2:36:51 p.m., on 20/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Windows\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/re...c=3C01&lc=6809
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.studentmail.otago.ac.nz/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\Windows\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

MicroBell · 10-21-2005, 03:11 AM

Disable Norton:

Click Start,,,Run..type in msconfig. Once that opens....click on the startup tab. Uncheck any box that says Norton/Symantec and click ok. It will ask you to reboot for the new settings to take effect. On the reboot you'll get a message about using "Selective Startup". Just click the box that says "Don't remind me any more"

Then test your system. Please note that while this disables Norton from starting...some of it's services will still start. To totally disable it all...you would need to go through the services and disable everything related to Norton/Symantec

As POADB suggested...don't run around on the net without some sort of virus protection as thats asking for trouble. You can disable and test OFFLINE to confirm it's slowing you down.

10-04-2005, 04:06 PM	#1 (permalink)
dani2828 Member Join Date: May 2005 Posts: 20 OS: XP	HJT Log Please Help Hello, my computer is extremely when I just started it. I seem to be unable to update Adaware although I've downloaded a newer version. Coul you please check my Log if there's anything suspicious? Thanks! Daniela Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 8:02:13 a.m., on 5/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.au R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtra.co.nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.xtra.co.nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/re...c=3C01&lc=6809 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.au R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.studentmail.otago.ac.nz/ O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [BrowserBrand] C:\Program Files\ONLINE~1\XTRA\brand.exe O4 - HKCU\..\Run: [SDR6252-1A14] C:\DOCUME~1\Owner\LOCALS~1\Temp\pft34.tmp\SDR6252-1A14.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\Windows\system32\HPConfig.exe End of KRC HijackThis Analyzer Log. ======================

10-05-2005, 11:23 AM	#2 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,030 OS: WinXP and Vista	Hi Daniela, Please print out or copy this page to Notepad since you will not have any of browsers open while you are fixing this. You'll need this program again. In case you uninstalled it since May, here are the links and instructions again. Download CleanUp! (Alternate Link if main link doesn't work) and install it. Do not run it yet. Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm and then click OK. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): O4 - HKCU\..\Run: [SDR6252-1A14] C:\DOCUME~1\Owner\LOCALS~1\Temp\pft34.tmp\SDR6252-1A14.exe CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: -Empty Recycle Bins -Temporary Internet Files -Delete Cookies -Delete Prefetch files -[X]Scan local drives for temporary files* (Please uncheck this option) -Cleanup! All Users Click OK Press the CleanUp! button to start the program. Reboot/logoff when prompted. From Normal Mode: Perform an online scan using Internet Explorer with Panda ActiveScan - requires Internet Explorer Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it Click On 'Scan Now' Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB Begin the scan by selecting My Computer * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. If it finds any malware, it will offer you a report. Click on see report Then click Save report Post the contents of the report in your next reply along with a new HijackThis log. * Turn off the real time scanner of any existing antivirus program while performing the online scan __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

10-07-2005, 01:12 AM	#4 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,482 OS: XP SP2	What are your system specs? Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button). Save it to your desktop. Double-click the new icon on your desktop (tmas-web-scan.exe) It will say "Loading TrendMicro definitions". Once the definitions are loaded, the program will appear to close then re-open. Click "Start Scan" After it's done scanning, click "Scan Results" Make sure all items found have a check next to them, then click "Clean Threats Now". Click Exit. Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post. __________________

10-10-2005, 12:55 AM	#6 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,482 OS: XP SP2	What I mean is - what speed is the CPU, how much RAM, Hard drive capacity.. that sort of thing. __________________

10-11-2005, 03:33 AM	#8 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,482 OS: XP SP2	That's fine, thanks. Could you run TMAS? (as in post 4) __________________

10-06-2005, 09:20 PM	#3 (permalink)
dani2828 Member Join Date: May 2005 Posts: 20 OS: XP	Hi Ried, I did everything you said (I think). Panda did not find anything at all. Here's my new HJT log, I hope it's clean. However, my computer is still so very slow. Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 1:09:10 p.m., on 7/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.au R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/re...c=3C01&lc=6809 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.au R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.studentmail.otago.ac.nz/ O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [BrowserBrand] C:\Program Files\ONLINE~1\XTRA\brand.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\Windows\system32\HPConfig.exe End of KRC HijackThis Analyzer Log.

10-09-2005, 07:23 PM	#5 (permalink)
dani2828 Member Join Date: May 2005 Posts: 20 OS: XP	My system is XP Home edition 2002 service pack 2. TrendMicro did not find anything either. I don't know what could be the problem..

10-10-2005, 05:09 PM	#7 (permalink)
dani2828 Member Join Date: May 2005 Posts: 20 OS: XP	All right sorry!! Intel Pentium 4 (2.80 GHz I think) 512 MB RAM; 40 GB hard drive

10-11-2005, 03:42 PM	#9 (permalink)
dani2828 Member Join Date: May 2005 Posts: 20 OS: XP	I just ran TMAS again, and as last time it said 'no spyware found'..

10-12-2005, 01:16 AM	#10 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,482 OS: XP SP2	It appears you're clean. Can you tell me what BrowserBrand is, please? __________________

10-12-2005, 03:39 PM	#11 (permalink)
dani2828 Member Join Date: May 2005 Posts: 20 OS: XP	BrowserBrand? I have no idea... It appears to be related to Xtra which is a ISP I no longer use and thought I had deleted. Should I get rif of it, and if yes, how? Thanks for your help!!!

10-13-2005, 02:03 AM	#12 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,482 OS: XP SP2	Uninstall, via Add/Remove Programs in Control Panel: BrowserBrand or Online(something) or Xtra Run hJT and fix: O4 - HKLM\..\Run: [BrowserBrand] C:\Program Files\ONLINE~1\XTRA\brand.exe And delete this folder: C:\Program Files\ONLINE~1\ __________________

10-13-2005, 03:46 PM	#13 (permalink)
dani2828 Member Join Date: May 2005 Posts: 20 OS: XP	Hi POADB. Thanks, I've deleted it. I just saw something when I connected to the forum: on the bottom of the Firefox page where you can see the webaddress you're trying to connect to, there was 'tribalfusion' for a second! I remember I used to have tribalfusion on my computer some months ago and deleted it with Spybot, I think. Here's the new log: Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 7:36:18 a.m., on 14/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.au R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/re...c=3C01&lc=6809 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.au R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.studentmail.otago.ac.nz/ O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\Windows\system32\HPConfig.exe End of KRC HijackThis Analyzer Log. =========

10-14-2005, 01:16 AM	#14 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,482 OS: XP SP2	Tribalfusion is just the ad server. Can you see the banners at the top of this page? Move your mouse over it (do not click) and you'll see tribalfusion appear in the same place again. Spybot will clean any cookies left by tribal fushion off your computer. TSF doesn't offer Popups or websites that are malicious - these are safe advertisements. TSF has to generate funding from somewhere to stay up and running. Banner advertisements is a step in that perspective. Back to the log... It looks clean. All all honesty, I think it's Norton slowing your computer down. It's common with Symantec users - since Norton hogs a lot of resources to run. Just look at the Analyzer results in the top section. It's a lot for one program. Disconnect from the Internet and disable everything Norton, shut it down. Also shut down Microsoft Antispyware and see if the performance improves. __________________

10-14-2005, 01:48 AM	#15 (permalink)
dani2828 Member Join Date: May 2005 Posts: 20 OS: XP	Oh yes that might be it. I think I'll get rid of Norton alltogether.. But it's already performing a bit better since I've uninstalled the Xtra stuff this morning. Thanks so much for your help!!! You guys are great. I'm a poor student but I promise I'll donate something next time (I'm sure there will be a next time .. unfortunately).

10-14-2005, 09:00 AM	#16 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,482 OS: XP SP2	Dani2828, Do not leave your system without Anti virus protection. Try my suggestion first. Disable Norton as a test run - let me know if it improves. If it does, and you decide to remove Norton - I can offer you some 'student discounted' free AV alternatives, along with a complete guide to protect your computer Let me know. __________________

10-18-2005, 05:48 PM	#17 (permalink)
dani2828 Member Join Date: May 2005 Posts: 20 OS: XP	Hi, could you please tell me how to disable Norton until after reboot? As my computer is only slow right after start-up, I would need Norton to be off then. I disabled it, but it enabled itself when I rebooted. Thanks!

10-19-2005, 01:08 AM	#18 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,482 OS: XP SP2	I will need to see the HJT log without the analyzer being used. At the moment there is only one startup for Norton showing in the analyzer results. If I can see a complete list of startup entries I can see which ones are not needed. Thanks. __________________

10-19-2005, 10:40 PM	#19 (permalink)
dani2828 Member Join Date: May 2005 Posts: 20 OS: XP	Here it is: Logfile of HijackThis v1.99.1 Scan saved at 2:36:51 p.m., on 20/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Windows\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\carpserv.exe C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.au R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/re...c=3C01&lc=6809 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.au R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.studentmail.otago.ac.nz/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\Windows\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

10-21-2005, 03:11 AM	#20 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Disable Norton: Click Start,,,Run..type in msconfig. Once that opens....click on the startup tab. Uncheck any box that says Norton/Symantec and click ok. It will ask you to reboot for the new settings to take effect. On the reboot you'll get a message about using "Selective Startup". Just click the box that says "Don't remind me any more" Then test your system. Please note that while this disables Norton from starting...some of it's services will still start. To totally disable it all...you would need to go through the services and disable everything related to Norton/Symantec As POADB suggested...don't run around on the net without some sort of virus protection as thats asking for trouble. You can disable and test OFFLINE to confirm it's slowing you down. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder