Norton AV errors, Explorer.exe error

Hi, I have just recently come back into the country and found my computer in a sad state. I had no time to try and work on it before moving for a job and have finally finished unpacking and firing up this PC. Now that it's up and running, I really need some assistance.

First, there is an issue with opening folders, any folders. It appears that after I update Norton AV 8 corporate with the latest virus definitions something happens with Explorer.exe. I'll try to open a folder and just receive an <unknown> Explorer error. I have, in the past, found a way around this by using system restore. This lets me once again open folders but then I have an aging version of Norton.

Another error, but one off the same page is this: I can't scan for viruses with Norton antivirus after it’s been updated to the most recent defs. If I so much as click on 'scan computer' I receive a webshell.dll error (that is from the top of my head, I can't check for accuracy because of yet another error).

Another fix that I have used in the past was to remove Norton and reinstall. This would allow me to scan for viruses using the original defs, or even the updated defs but once they were updated, no folders could be opened. A circle of death for a novice such as myself.

The most recent error is seemingly worse. Something happened last night and now the Norton AV icon is not in the system tray. I have tried using the programs manager to uninstall Norton but revive an error and it won’t uninstall. I have tried using the original installer to uninstall, but that wont work either. I have received an updated version, NAV9 Corporate from my university and that cannot install because it cannot remove NAV8. I'm at a loss here.

Sorry for writing so much, I hope a few of you have made it this far. I'll join the gang and post this Hijack This log below so those more knowledgeable than myself can have a look.

I am able to open folders at the moment.
I have run spybot, and adaware but found nothing.
I’m using ME. (Installation disc is 300 miles West of here in a drawer…)

Thank you to anyone who can offer some sort of help.


Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\VISIONEER ONETOUCH\ONETOUCHMON.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src "); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\m7fp63fr.slt\prefs.js)
O2 - BHO: SafeGuard Popup Blocker - {B824E7B0-E8E3-4D75-895E-2C309EA4CC5D} - C:\PROGRAM FILES\SAFEGUARD POPUP BLOCKER PRO\SGPOPUPBLOCKER.DLL
O2 - BHO: Core Library - {6CDF3C49-20E6-48d7-811B-9F5DD17F1D90} - C:\WINDOWS\SYSTEM\SFG3009.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [SafeGuard Popup Blocker Updater (required)] regsvr32 /s C:\WINDOWS\SYSTEM\SFG3009.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: Resume Windows Update Installation.lnk = C:\WINDOWS\Windows Update Setup Files\ie6setup.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Popup Blocker Options (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://E:\Autocad2002\AcPreview.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://E:\Autocad2002\AcDcToday.ocx
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38075.5287962963
O16 - DPF: {970C7E08-05A7-11D0-89AA-00A0C9054129} (XWebCtl Object) - http://www.smokeypoint.com/xweb.ocx
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E17E606A-9836-4619-A249-F40D5D2E812A} - http://member.eops.de/CuConnectorSendServlet/cu12067335.exe
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2e529727a6ef04/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

 

Hi Ianthromire...

Welcome to the WindowsBBS...

Here is a link from Symantec to manually remove SAVCE (Syamntec Antivirus Corporate Edition) 8.x...http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002081217373848?.

Make sure you run the Windows Installer CleanUp Utility...From Symantec "Note: Running the Windows Installer CleanUp Utility removes additional settings that could interfere with reinstalling Symantec AV. "

I'm sure one of the resident experts on HijackThis will take a look at your log.

 

I have an addtional suggestion which doesn't have anythig to do with Syamantec:

Inoticed these running:

O4 - HKLM\..\Run: [LoadQM] loadqm.exe This is like an anchor on the OS.

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE

If not burning a CD - no point in having it running.

O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

Go thru all your startups:
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

Regards - Charles

 

O4 - Startup: Resume Windows Update Installation.lnk = C:\WINDOWS\Windows Update Setup Files\ie6setup.exe

Do you have problems installing IE6?

 

Unfortunately I do have problems installing IE. I have a current version on my computer but somewhere I acquired the idea that it would be a good thing to reinstall IE, and then update it to the current security settings. I tried this once but received an error and the process halted. Now, every time I restart my computer I get that window asking if I'd like to reinstall IE. No matter which option I pick, the window will reappear later. Cancel makes it come back to ask again, Continue generates an error which causes it to ask the next time.

A little update on my situation, and thank you to all who are trying to help me. After an aggravating evening of a stale mate with my computer, I turned the thing off using the power button, knowing it's not so good for the computer of course but beyond the point of caring. Upon restart, I ran scan disk and this time an error showed up. I fixed the file that had trouble, something that seemed to be only a long list of numbers. After this, I could, and did, reinstall Norton, which worked finally. Explorer.exe errors were gone. I thought in my moment of idiocy I had actually fixed the problem! No. No I didn't. Now, if I reload a game my girlfriend likes to play I get another error when trying to open folders, yet the antivirus continues to work. I'm almost certain this game is the culprit, although I'm probably wrong.

Now, I have a question for those of you who know more than I on this subject, presumably all of you. Which antivirus program would you personally recommend for use with windows ME, Norton Corporate 9, or Mcafee? I've just recently been told by a neighbor in the computer industry that Mcafee is what he uses personally, and that his company has switched over to this leaving Norton behind because of improved security.

Thanks for any help.

 

Lets get IE straghtend out first
Set windows to show all hidden files and folders (if its not already set)
Click Start. Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
===========
Do a file search for "wininit.ini" leave the quotes if it exists rename it to wininit.old or bak
then fix this with hijackthis
O4 - Startup: Resume Windows Update Installation.lnk = C:\WINDOWS\Windows Update Setup Files\ie6setup.exe
===========
delete the contents of
C:\WUTemp < is there are any

Restart the PC

Now repair MS internet explorer via addremove programs.
write down any errors. if any for us.

Then Go to windows update <<<<<<< restart if prompted

Post another log and we need to see the header info to

 

I'll do this as soon as I get home from work, Lonny Jones, it should be about 6 hours from now. Thanks for the help.

 

why are you using the corporate version as opposed to off the shelf.

for me it's too robust/protective.

i can send myself something with an attachment that has been scanned and is ok and when opened, real time protection will remove it.

i like nav and have 2003/4 pro on different machines, just wanted to try the corp version.

i have no problems with updating or scanning.

you might want to uninstall/re-install if your insistent upon keeping it.