Is Norton broken on my pc?

Joy · 2007/10/19

Hi,

I'm worried that there may be something wrong with Norton and that I might be unprotected as a result of this. My computer has been slow and a few strange things have been happening.

When I try to look at the logs in Norton a couple of weird things happen. When I ask to view the Quarantined Items it says there was a problem and that I should uninstall and reinstall Norton. It also comes up with an Internet Explorer script error on the screen if I try to look at the Alerts section, and asks if I want to keep running scripts on the page.

I have up to date Norton but it's the 2005 Internet Security package which someone told me is a bad release (?) and I have Spybot which I use pretty frequently.

My computer has been getting slower lately, and then today I found this in the system log, and it seems to have been happening daily for a while:

Details: Firewall setting "Port Block Allow NetBIOS" changed.
Old Value: 1.
New Value: 0.

I also got an alert that Norton had stopped a Trojan a couple of days ago, but I assumed that since it stopped it, it would be fine.

Details: Rule "Default Block Senna Spy Trojan horse" blocked (201.51.237.76,13000).
Inbound TCP connection.

I ran Deckard and this is the log from main.txt:

Deckard's System Scanner v20071014.68
Run by Joyce on 2007-10-19 12:07:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2007-10-19 11:07:43 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis (run as Joyce.exe) ---------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-10-19 12:16:43
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1142352576\ee\aolsoftware.exe
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Common Files\AOL\1142352576\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1142352576\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Common Files\Symantec Shared\CCLGVIEW.EXE
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Documents and Settings\Joyce\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142352576\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Pop-Up Stopper Free Edition\PSFree.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\nwprovau.dll
O15 - Trusted Zone: *.courses.learndirect.co.uk (HKCU)
O15 - Trusted Zone: http://www.learndirect.co.uk (HKCU)
O15 - Trusted Zone: *.sulc.ac.uk (HKCU)
O16 - DPF: Yahoo! Backgammon () - http://download2.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downl...-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119999364171
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152915555453
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} () - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{91C24469-0E0B-4A31-907B-0EAEB114B09A}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSVC - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13839 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - unable to read value
.js - JSFile - shell\open\command - unable to read value

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>

S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-10-19 12:00:00 280 --ah----- C:\WINDOWS\Tasks\AE77BD9591843151.job
2007-10-19 12:00:00 280 --ah----- C:\WINDOWS\Tasks\AAE7AFE091842818.job
2007-10-19 12:00:00 280 --ah----- C:\WINDOWS\Tasks\A8AFFBF091847378.job
2007-10-19 12:00:00 280 --ah----- C:\WINDOWS\Tasks\A5C7B659918432B1.job
2007-09-29 19:13:55 564 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Joyce.job

-- Files created between 2007-09-19 and 2007-10-19 -----------------------------

2007-10-19 12:16:42 218112 --a------ C:\Documents and Settings\Joyce\Joyce.exe <Not Verified; Soeperman Enterprises Ltd.; HijackThis>
2007-10-19 11:53:32 218112 --a------ C:\Documents and Settings\Joyce\HijackThis.exe <Not Verified; Soeperman Enterprises Ltd.; HijackThis>
2007-10-14 01:53:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-04 00:42:00 0 d-------- C:\Program Files\QAvimator

-- Find3M Report ---------------------------------------------------------------

2007-10-19 12:12:02 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-19 11:11:18 0 d-------- C:\Program Files\Common Files
2007-10-18 14:09:54 0 d-------- C:\Program Files\Paint Shop Pro 7
2007-10-18 04:12:53 0 d-------- C:\Documents and Settings\Joyce\Application Data\SecondLife
2007-10-17 08:04:26 0 d-------- C:\Program Files\BGBlitz
2007-10-13 08:34:51 0 d-------- C:\Program Files\Common Files\AOL
2007-10-10 13:34:01 0 d-------- C:\Documents and Settings\Joyce\Application Data\Skype
2007-10-04 13:03:05 0 d-------- C:\Program Files\Norton Internet Security

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [23/01/2005 10:36]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [23/01/2005 10:31]
"SoundMAXPnP "= "C:\Program Files\Analog Devices\Core\smax4pnp.exe" [14/10/2004 14:42]
"IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 20:12]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [17/04/2004 21:41]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [27/07/2004 16:50]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/01/2007 18:03]
"DSLSTATEXE "= "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [28/06/2003 17:10]
"DSLAGENTEXE "= "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [19/08/2003 14:47]
"Symantec NetDriver Monitor "= "C:\PROGRA~1\SYMNET~1\SNDMon.exe" [06/04/2007 11:16]
"KernelFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -k" []
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [29/03/2007 22:16]
"HostManager "= "C:\Program Files\Common Files\AOL\1142352576\ee\AOLSoftware.exe" [17/11/2006 14:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition "= "C:\Program Files\Pop-Up Stopper Free Edition\PSFree.exe" [07/10/2004 09:38]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator "=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Broadband Check-Up.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Broadband Check-Up.lnk
backup=C:\WINDOWS\pss\AOL Broadband Check-Up.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
"C:\Program Files\Kontiki\KHost.exe" -all

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1142352576\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\Program Files\Kontiki\KHost.exe -all

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

*Newly Created Service* - ATWPKT2

-- End of Deckard's System Scanner: finished at 2007-10-19 12:18:02 ------------

I hope someone can help me. Thank you.

Joy

Joy · 2007/10/19

Help with a slugish PC and possibly broken Norton please

Should I just upgrade Norton? I have no idea if anything that came from Deckard looks supicious but I'd rather be safe than sorry.

If I do upgrade Norton should I uninstall the old one before I install the new one?

Please help,
Joy

PeteC · 2007/10/19

Joy - Welcome to the Board

Hold fire on doing anything until one of our experts has a chance to read your thread - they will, but it may take a while as they are kept very busy

Joy · 2007/10/19

Thank you for the welcome and the reassurance. I guess I was either thinking I'm worrying about nothing, or my main.txt file was so bad everyone is leaving me to someone else!

Joy

noahdfear · 2007/10/19

Hi Joy

I only see a couple of things in the Deckard's log that concern me. They are hidden scheduled tasks. Lets unhide them and see what they are. Please click Start>Run and type cmd then hit Enter to open a command window. Highlight and copy the first bolded line below, then right click the command window and paste it in, then hit Enter. Do the same for the other 3 bolded lines.

attrib -h C:\WINDOWS\Tasks\AE77BD9591843151.job
attrib -h C:\WINDOWS\Tasks\AAE7AFE091842818.job
attrib -h C:\WINDOWS\Tasks\A8AFFBF091847378.job
attrib -h C:\WINDOWS\Tasks\A5C7B659918432B1.job

Now close the command window and open C:\Windows\Tasks
Right click each of the above named scheduled tasks and select Properties.
Copy the information listed in the Run: section on the Task tab and post that back here please.

Joy · 2007/10/20

Hi Dave,

Thank you very much for helping. I ran the commands and they all came back as:

c:\docume~1\shelle~1\applic~1\intern~1\hidemp3link.exe
c:\docume~1\shelle~1\applic~1\intern~1\hidemp3link.exe
c:\docume~1\shelle~1\applic~1\intern~1\hidemp3link.exe
c:\docume~1\shelle~1\applic~1\intern~1\hidemp3link.exe

It said 'Could Not Start' by all of them, and three say they have never run, but one had a Last Run Time of 12.00 16/08/2005. Should I delete these tasks?

Thanks,
Joy

noahdfear · 2007/10/20

Copy the bolded command below.

c:\docume~1\shelle~1\applic~1\intern~1

Click Start>Run and paste it in then hit enter. Is the file hidemp3link.exe visible? If not, copy the next command.

attrib -h c:\docume~1\shelle~1\applic~1\intern~1\hidemp3link.exe

Open a command window and paste the command, then hit enter. Refresh the explorer window where the file should be. Is the file now visible? If it is, please go to my submission channel and paste in this command for the file to be uploaded.

c:\docume~1\shelle~1\applic~1\intern~1\hidemp3link.exe

Leave a link to this topic and click Submit.

I'm inclined to say Yes, delete those tasks.

Did you add the 3 entries shown in your log to your Internet Explorer Trusted Zone?

O15 - Trusted Zone: *.courses.learndirect.co.uk (HKCU)
O15 - Trusted Zone: http://www.learndirect.co.uk (HKCU)
O15 - Trusted Zone: *.sulc.ac.uk (HKCU)

Scan again with HijackThis and place a check next to the following entry, close all open browser windows then click Fix Checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Have you uninstalled MessengerPlus3, or just disabled it from running at startup?

Joy · 2007/10/23

Hi Dave,

I tried the first two things and nothing was visible for either. I've deleted those items from the scheduled tasks list.

I added those 3 sites as trusted a while ago for an online course. Would it be best to remove them now?

I ran HijackThis again and fixed the entry as you said. It was a while ago, but I'm pretty sure I did ask MessengerPlus3 not to start at start-up. I checked it and it looks like it's running fine.

I decided to upgrade Norton to Norton 360, since it was due for a renewal next month anyway. Any advice on how best to install it considering I had a few weird things happen to the current copy? Would it be best to just run the new disk or to uninstall and reinstall afresh?

Thank you so much for your help,
Joy

noahdfear · 2007/10/23

It's at your option whether or not to keep those sites in your trusted zone. I just wanted to verify that you placed them there.

I asked about MessengerPlus3 because it is known to install an infection if, when installed, also installing the sponsors software is chosen. Uninstalling the application, then re-installing and choosing to omit the sponsors will generally remove the infection. If you've had it installed for some time now I'd say there's no need to fret about it.

I'd recommend uninstalling previous versions of Norton prior to an update installation. I would take it a step further and download the Norton Removal Tool, then run it to clean up any leftovers when done uninstalling the old version. Be sure to reboot when done.

Log in or Sign up

Is Norton broken on my pc?

Joy Inactive Thread Starter

Joy Inactive Thread Starter

PeteC SuperGeek Staff

Joy Inactive Thread Starter

noahdfear Inactive

Joy Inactive Thread Starter

noahdfear Inactive

Joy Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Is Norton broken on my pc?

Joy Inactive Thread Starter

Joy Inactive Thread Starter

PeteC SuperGeek Staff

Joy Inactive Thread Starter

noahdfear Inactive

Joy Inactive Thread Starter

noahdfear Inactive

Joy Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches