help with scrollbar and crashes

mbanks · 04-01-2006, 08:54 AM

I know I need to get rid of ME, but I was wondering if anyone could help me. The computer is crashing quite often and the scrollbar is often uncontrollable. I ran Lavasoft, spybot, and active scan. Here's the reports and the hijack this log. Any help would be very much appreciated. Thanks.

Incident Status Location

Adware:adware/sheldor Not disinfected C:\WINDOWS\SYSTEM\windll.ini
Dialer:dialer.bb Not disinfected HKEY_CLASSES_ROOT\TypeLib\{8EA362BD-39CB-40F5-9226-73CD40999095}
Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Cookies\default@realmedia[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hhui7lms.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hhui7lms.default\cookies.txt[.zedo.com/]
Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hhui7lms.default\cookies.txt[]
Spyware:Cookie/RealMedia

Logfile of HijackThis v1.99.1
Scan saved at 10:44:03 AM, on 4/1/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\LOTUS\ORGANIZE\EASYCLIP.EXE
C:\LOTUS\SMARTCTR\SUITEST.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
O4 - HKLM\..\Run: [ACCIBM] C:\IBMTOOLS\Access IBM\bin\AccLaunch.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O4 - Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

greyknight17 · 04-01-2006, 11:34 AM

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKEY_CLASSES_ROOT\TypeLib\{8EA362BD-39CB-40F5-9226-73CD40999095}]

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

Delete this file:

C:\WINDOWS\SYSTEM\windll.ini

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Make sure you turn off any antivirus programs you have running while performing the online scan below. Using Internet Explorer, run a virus scan at http://www.kaspersky.com/virusscanner Click on 'Launch Kaspersky Anti-Virus Web Scanner' and install the ActiveX component from Kaspersky. Click Yes and it will begin downloading the latest definition files. Once that's done, click on 'Scan Settings' and make sure the following are selected:

Scan using the following Anti-Virus database:
- Extended

Scan Options:
- Scan Archives
- Scan Mail Bases

Click OK. Now under select a target to scan, select 'My Computer'. It will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the 'Save as Text' button. Save the file to your desktop. Copy and paste that information in your next post.

mbanks · 04-01-2006, 06:12 PM

Thanks for your quick reply. I followed your instructions. The info. from the Kaspersky scan is below. Thanks again for your help.

KASPERSKY ON-LINE SCANNER REPORT
Saturday, April 01, 2006 7:57:29 PM
Operating System: Microsoft Windows Millennium Edition
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 2/04/2006
Kaspersky Anti-Virus database records: 185495
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
a:\
c:\
g:\
h:\
Scan Statistics
Total number of scanned objects 28784
Number of viruses found 8
Number of infected objects 33
Number of suspicious objects 1
Duration of the scan process 00:52:08

Infected Object Name Virus Name Last Action
c:\Program Files\Norton AntiVirus\Quarantine\50954CC8.cla.mwt Infected: Exploit.Java.ByteVerify skipped
c:\Program Files\Norton AntiVirus\Quarantine\783014EC.htm Infected: Exploit.HTML.Mht skipped
c:\Program Files\Norton AntiVirus\Quarantine\71D214D3.jar.mwt/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
c:\Program Files\Norton AntiVirus\Quarantine\71D214D3.jar.mwt/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
c:\Program Files\Norton AntiVirus\Quarantine\71D214D3.jar.mwt/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
c:\Program Files\Norton AntiVirus\Quarantine\71D214D3.jar.mwt ZIP: infected - 3 skipped
c:\Program Files\Norton AntiVirus\Quarantine\71D214D3.jar.mwt CryptFF: infected - 3 skipped
c:\Program Files\Norton AntiVirus\Quarantine\73561927.gif.mwt Infected: Exploit.HTML.Mht skipped
c:\Program Files\Norton AntiVirus\Quarantine\4F0A263D.gif.mwt Infected: Exploit.HTML.Mht skipped
c:\Program Files\Norton AntiVirus\Quarantine\0ACA45D8.htm Infected: Exploit.HTML.Mht skipped
c:\Program Files\Norton AntiVirus\Quarantine\647504AB.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.w skipped
c:\Program Files\Norton AntiVirus\Quarantine\647504AB.exe/stream Infected: not-a-virus:AdWare.Win32.PurityScan.w skipped
c:\Program Files\Norton AntiVirus\Quarantine\647504AB.exe NSIS: infected - 2 skipped
c:\Program Files\Norton AntiVirus\Quarantine\647504AB.exe CryptFF: infected - 2 skipped
c:\Program Files\Norton AntiVirus\Quarantine\6D3E0E0B.htm Infected: Exploit.HTML.Mht skipped
c:\Program Files\Norton AntiVirus\Quarantine\0ACD6FD4.htm Infected: Exploit.HTML.Mht skipped
c:\Program Files\Norton AntiVirus\Quarantine\0AF13DAD.htm Infected: Exploit.HTML.Mht skipped
c:\Program Files\Norton AntiVirus\Quarantine\394648A2.htm Infected: Exploit.HTML.Mht skipped
c:\Program Files\Norton AntiVirus\Quarantine\397B6869.htm Infected: Exploit.HTML.Mht skipped
c:\Program Files\Norton AntiVirus\Quarantine\792549FE.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped
c:\Program Files\Norton AntiVirus\Quarantine\79D27B40.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped
c:\Program Files\Norton AntiVirus\Quarantine\7A8C5473.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped
c:\Program Files\Norton AntiVirus\Quarantine\7AB34C48.htm Infected: Exploit.HTML.Mht skipped
c:\Program Files\Norton AntiVirus\Quarantine\5FDF4216.htm Infected: Exploit.JS.CVE-2005-1790.q skipped
c:\Program Files\Norton AntiVirus\Quarantine\602009CE.htm Infected: Exploit.HTML.Mht skipped
c:\Program Files\Norton AntiVirus\Quarantine\1E171DE2.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped
c:\Program Files\Norton AntiVirus\Quarantine\618607F6.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped
c:\Program Files\Norton AntiVirus\Quarantine\618931F3.htm Infected: Exploit.HTML.Mht skipped
c:\Program Files\Norton AntiVirus\Quarantine\618931F3.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped
c:\Program Files\Norton AntiVirus\Quarantine\02D13F5E.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped
c:\Program Files\Norton AntiVirus\Quarantine\53CE59E3.wmf Suspicious: Exploit.Win32.IMG-WMF skipped
c:\My Documents\DivXPlayerInstaller.exe/stream/data0033 Infected: not-a-virus:Downloader.Win32.Nsis.a skipped
c:\My Documents\DivXPlayerInstaller.exe/stream Infected: not-a-virus:Downloader.Win32.Nsis.a skipped
c:\My Documents\DivXPlayerInstaller.exe NSIS: infected - 2 skipped
Scan process completed.

greyknight17 · 04-01-2006, 10:03 PM

Delete all your Norton Quarantined files or delete everything inside this folder:

c:\Program Files\Norton AntiVirus\Quarantine\

Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.

mbanks · 04-04-2006, 02:48 PM

Thanks for your help.

It seems to be better today, but it crashed
several times yesterday, and the vertical scroll bar was still moving on its own up to the top.

Let me know if there's anything else I can do. Thanks!

mbanks · 04-06-2006, 09:41 PM

The computer is now crashing a few minutes after starting up, and the scrollbar is acting up again. Sometimes I can get online for a short time, but it always freezes up after a period of time. I would really appreciate any help. Should I try to restore to an earlier time? Let me know. Thanks again.

mbanks · 04-06-2006, 09:47 PM

Here's the latest log. I described the problem in the previous post. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 11:40:23 PM, on 4/6/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\LOTUS\ORGANIZE\EASYCLIP.EXE
C:\LOTUS\SMARTCTR\SUITEST.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
O4 - HKLM\..\Run: [ACCIBM] C:\IBMTOOLS\Access IBM\bin\AccLaunch.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O4 - Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...bscan_ansi.cab

greyknight17 · 04-08-2006, 12:35 PM

Did you install anything new before this problem occurred?

I'm thinking it might be Norton causing the crashing part as that program guzzles your resources. Try uninstalling Norton and install Grisoft AVG to see if it makes a difference.

mbanks · 04-09-2006, 01:04 AM

Actually, since my last post, the computer has been working fine.
I will try your suggestion if I continue to have problems. Thanks again for all your help.

04-01-2006, 08:54 AM	#1 (permalink)
mbanks Registered User Join Date: Aug 2005 Posts: 39 OS: Win ME	help with scrollbar and crashes I know I need to get rid of ME, but I was wondering if anyone could help me. The computer is crashing quite often and the scrollbar is often uncontrollable. I ran Lavasoft, spybot, and active scan. Here's the reports and the hijack this log. Any help would be very much appreciated. Thanks. Incident Status Location Adware:adware/sheldor Not disinfected C:\WINDOWS\SYSTEM\windll.ini Dialer:dialer.bb Not disinfected HKEY_CLASSES_ROOT\TypeLib\{8EA362BD-39CB-40F5-9226-73CD40999095} Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Cookies\default@realmedia[1].txt Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hhui7lms.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hhui7lms.default\cookies.txt[.zedo.com/] Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hhui7lms.default\cookies.txt[] Spyware:Cookie/RealMedia Logfile of HijackThis v1.99.1 Scan saved at 10:44:03 AM, on 4/1/2006 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE C:\WINDOWS\SYSTEM\PELMICED.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\PRINTRAY.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE C:\LOTUS\ORGANIZE\EASYCLIP.EXE C:\LOTUS\SMARTCTR\SUITEST.EXE C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\EXPLORER.EXE C:\MY DOCUMENTS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.com/ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N O4 - HKLM\..\Run: [ACCIBM] C:\IBMTOOLS\Access IBM\bin\AccLaunch.exe O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O4 - Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe O4 - Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe O4 - Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

04-01-2006, 11:34 AM	#2 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad: REGEDIT4 [-HKEY_CLASSES_ROOT\TypeLib\{8EA362BD-39CB-40F5-9226-73CD40999095}] Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards. Delete this file: C:\WINDOWS\SYSTEM\windll.ini Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff. Make sure you turn off any antivirus programs you have running while performing the online scan below. Using Internet Explorer, run a virus scan at http://www.kaspersky.com/virusscanner Click on 'Launch Kaspersky Anti-Virus Web Scanner' and install the ActiveX component from Kaspersky. Click Yes and it will begin downloading the latest definition files. Once that's done, click on 'Scan Settings' and make sure the following are selected: Scan using the following Anti-Virus database: - Extended Scan Options: - Scan Archives - Scan Mail Bases Click OK. Now under select a target to scan, select 'My Computer'. It will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the 'Save as Text' button. Save the file to your desktop. Copy and paste that information in your next post. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools

04-01-2006, 06:12 PM	#3 (permalink)
mbanks Registered User Join Date: Aug 2005 Posts: 39 OS: Win ME	here's the Kaspersky log Thanks for your quick reply. I followed your instructions. The info. from the Kaspersky scan is below. Thanks again for your help. KASPERSKY ON-LINE SCANNER REPORT Saturday, April 01, 2006 7:57:29 PM Operating System: Microsoft Windows Millennium Edition Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 2/04/2006 Kaspersky Anti-Virus database records: 185495 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer a:\ c:\ g:\ h:\ Scan Statistics Total number of scanned objects 28784 Number of viruses found 8 Number of infected objects 33 Number of suspicious objects 1 Duration of the scan process 00:52:08 Infected Object Name Virus Name Last Action c:\Program Files\Norton AntiVirus\Quarantine\50954CC8.cla.mwt Infected: Exploit.Java.ByteVerify skipped c:\Program Files\Norton AntiVirus\Quarantine\783014EC.htm Infected: Exploit.HTML.Mht skipped c:\Program Files\Norton AntiVirus\Quarantine\71D214D3.jar.mwt/BlackBox.class Infected: Exploit.Java.ByteVerify skipped c:\Program Files\Norton AntiVirus\Quarantine\71D214D3.jar.mwt/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped c:\Program Files\Norton AntiVirus\Quarantine\71D214D3.jar.mwt/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped c:\Program Files\Norton AntiVirus\Quarantine\71D214D3.jar.mwt ZIP: infected - 3 skipped c:\Program Files\Norton AntiVirus\Quarantine\71D214D3.jar.mwt CryptFF: infected - 3 skipped c:\Program Files\Norton AntiVirus\Quarantine\73561927.gif.mwt Infected: Exploit.HTML.Mht skipped c:\Program Files\Norton AntiVirus\Quarantine\4F0A263D.gif.mwt Infected: Exploit.HTML.Mht skipped c:\Program Files\Norton AntiVirus\Quarantine\0ACA45D8.htm Infected: Exploit.HTML.Mht skipped c:\Program Files\Norton AntiVirus\Quarantine\647504AB.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.w skipped c:\Program Files\Norton AntiVirus\Quarantine\647504AB.exe/stream Infected: not-a-virus:AdWare.Win32.PurityScan.w skipped c:\Program Files\Norton AntiVirus\Quarantine\647504AB.exe NSIS: infected - 2 skipped c:\Program Files\Norton AntiVirus\Quarantine\647504AB.exe CryptFF: infected - 2 skipped c:\Program Files\Norton AntiVirus\Quarantine\6D3E0E0B.htm Infected: Exploit.HTML.Mht skipped c:\Program Files\Norton AntiVirus\Quarantine\0ACD6FD4.htm Infected: Exploit.HTML.Mht skipped c:\Program Files\Norton AntiVirus\Quarantine\0AF13DAD.htm Infected: Exploit.HTML.Mht skipped c:\Program Files\Norton AntiVirus\Quarantine\394648A2.htm Infected: Exploit.HTML.Mht skipped c:\Program Files\Norton AntiVirus\Quarantine\397B6869.htm Infected: Exploit.HTML.Mht skipped c:\Program Files\Norton AntiVirus\Quarantine\792549FE.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped c:\Program Files\Norton AntiVirus\Quarantine\79D27B40.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped c:\Program Files\Norton AntiVirus\Quarantine\7A8C5473.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped c:\Program Files\Norton AntiVirus\Quarantine\7AB34C48.htm Infected: Exploit.HTML.Mht skipped c:\Program Files\Norton AntiVirus\Quarantine\5FDF4216.htm Infected: Exploit.JS.CVE-2005-1790.q skipped c:\Program Files\Norton AntiVirus\Quarantine\602009CE.htm Infected: Exploit.HTML.Mht skipped c:\Program Files\Norton AntiVirus\Quarantine\1E171DE2.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped c:\Program Files\Norton AntiVirus\Quarantine\618607F6.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped c:\Program Files\Norton AntiVirus\Quarantine\618931F3.htm Infected: Exploit.HTML.Mht skipped c:\Program Files\Norton AntiVirus\Quarantine\618931F3.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped c:\Program Files\Norton AntiVirus\Quarantine\02D13F5E.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped c:\Program Files\Norton AntiVirus\Quarantine\53CE59E3.wmf Suspicious: Exploit.Win32.IMG-WMF skipped c:\My Documents\DivXPlayerInstaller.exe/stream/data0033 Infected: not-a-virus:Downloader.Win32.Nsis.a skipped c:\My Documents\DivXPlayerInstaller.exe/stream Infected: not-a-virus:Downloader.Win32.Nsis.a skipped c:\My Documents\DivXPlayerInstaller.exe NSIS: infected - 2 skipped Scan process completed.

04-01-2006, 10:03 PM	#4 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	Delete all your Norton Quarantined files or delete everything inside this folder: c:\Program Files\Norton AntiVirus\Quarantine\ Your log is clean. To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided. Are there any problems now? If not, you should be set to go. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools

04-04-2006, 02:48 PM	#5 (permalink)
mbanks Registered User Join Date: Aug 2005 Posts: 39 OS: Win ME	still having some issues Thanks for your help. It seems to be better today, but it crashed several times yesterday, and the vertical scroll bar was still moving on its own up to the top. Let me know if there's anything else I can do. Thanks!

04-06-2006, 09:41 PM	#6 (permalink)
mbanks Registered User Join Date: Aug 2005 Posts: 39 OS: Win ME	Help! Computer acting worse than before The computer is now crashing a few minutes after starting up, and the scrollbar is acting up again. Sometimes I can get online for a short time, but it always freezes up after a period of time. I would really appreciate any help. Should I try to restore to an earlier time? Let me know. Thanks again.

04-06-2006, 09:47 PM	#7 (permalink)
mbanks Registered User Join Date: Aug 2005 Posts: 39 OS: Win ME	New hijack log Here's the latest log. I described the problem in the previous post. Thanks. Logfile of HijackThis v1.99.1 Scan saved at 11:40:23 PM, on 4/6/2006 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE C:\WINDOWS\SYSTEM\PELMICED.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\PRINTRAY.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE C:\LOTUS\ORGANIZE\EASYCLIP.EXE C:\LOTUS\SMARTCTR\SUITEST.EXE C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\MY DOCUMENTS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.com/ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N O4 - HKLM\..\Run: [ACCIBM] C:\IBMTOOLS\Access IBM\bin\AccLaunch.exe O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O4 - Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe O4 - Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe O4 - Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...bscan_ansi.cab

04-08-2006, 12:35 PM	#8 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	Did you install anything new before this problem occurred? I'm thinking it might be Norton causing the crashing part as that program guzzles your resources. Try uninstalling Norton and install Grisoft AVG to see if it makes a difference. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools

04-09-2006, 01:04 AM	#9 (permalink)
mbanks Registered User Join Date: Aug 2005 Posts: 39 OS: Win ME	Thanks Actually, since my last post, the computer has been working fine. I will try your suggestion if I continue to have problems. Thanks again for all your help.