Tech Support banner

Status
Not open for further replies.
1 - 9 of 9 Posts

·
Registered
Joined
·
69 Posts
Discussion Starter #1
Hi. I have not had any specific problems, just very slow on start-up & shut-down, as well as with opening programs. Once a program gets up and running, it seems to be fine. I thought maybe HJT might find something that can be fixed. Thanks in advance for help interpreting my log files. I normally have the following anti-spyware/anti-virus programs running:
-Spyware Blaster
-Spyware Guard
-Norton Internet Security

Before running HJT, I updated and ran the following programs:
1. CleanUp!
2. Trendmicro online scan
3. Panda ActiveScan (unable to disinfect 1 infection - results included here)
4. ewido security scan
5. CW Shredder
6. Ad-Aware using custom settings as per KRC AntiSpyware tutorial
7. Spybot S&D


Here’s the ActiveScan log:

Incident Status Location

Adware:adware/exactsearch No disinfected Windows Registry


And here is the HJT Analyzer log:
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 5:35:30 PM, on 9/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.com/ws/eBayISAPI.dll...entPage=MyeBaySummary&ssPageName=STRK:ME:LNLK
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.com/ws/eBayISAPI.dll...entPage=MyeBaySummary&ssPageName=STRK:ME:LNLK
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4406/mcfscan.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


End of KRC HijackThis Analyzer Log.
====================================================================


Again, thanks for any help!
 

·
TSF Team Emeritus, Microsoft Support
Joined
·
15,478 Posts
I see nothing malicious in your log. Norton seems to be hogging up alot of your resources though :rolleyes:
 

·
Registered
Joined
·
6,574 Posts
Every thing is looking ship shape.

Fix these:

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


This will stop the update file for HP Photosmart launching on startup.

We can try one more Antispyware scan, this is a good tool:

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post.
 

·
Registered
Joined
·
69 Posts
Discussion Starter #4
Results

Thanks Geekgirl. I have long suspected that Norton was slowing things up, but I don't think I should remove it. Any suggestions on how I can alter the settings so that it uses less?

POADB, I fixed the 2 HJT entries you listed. I also ran Trend Micro™ Anti-Spyware for the Web Utility and the antispyware.log text file follows:

Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Internet URL Shortcuts
Files and Directories
Found '42702500.asw' in 'C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup'
Found 'unzip.exe' in 'C:\Program Files\Thomson PDR\mobilePDR\Sync\Palm\Device\Executable'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\42702500.asw' in shortcut areas.
Checking for 'C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\42702500.asw' in startup areas.
Cleaning 'C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\42702500.asw'
Checking for 'C:\Program Files\Thomson PDR\mobilePDR\Sync\Palm\Device\Executable\unzip.exe' in shortcut areas.
Checking for 'C:\Program Files\Thomson PDR\mobilePDR\Sync\Palm\Device\Executable\unzip.exe' in startup areas.
Cleaning 'C:\Program Files\Thomson PDR\mobilePDR\Sync\Palm\Device\Executable\unzip.exe'
Finished Cleaning


Thanks again!!
 

·
TSF Team Emeritus, Microsoft Support
Joined
·
15,478 Posts
I do not use Norton, mainly for that reason so I apologize for not knowing how to tweak your settings :rolleyes:
 

·
Registered
Joined
·
69 Posts
Discussion Starter #7
Thank you

OK, I will see what I can work out with Norton. Thanks again for taking the time to look this over.
 

·
Premium Member
Joined
·
14,311 Posts
FFD824, you probably heard this from a bunch of us already, but we ask users to switch to another antivirus/firewall program if they can. Get Grisoft AVG (antivirus) and ZoneAlarm (firewall) instead. Both are free for personal use and, in my opinion, does a better job than Norton (while using less resources).
 

·
TSF Team Emeritus, Microsoft Support
Joined
·
15,478 Posts
greyknight17 is correct, and we always stress, if your paying for Norton by all means let your subscription run out first, remove Norton completely from the system and then install AVG and Zone Alarm
 
1 - 9 of 9 Posts
Status
Not open for further replies.
Top