Symantec Antivirus/Windows XP problem

Last night I was using my computer and all of a sudden my taskbar is flooded with lots of error messages from Symantec Antivirus. They said something about not being able to send an email to an @yahoo.com address i'd never heard of.

i closed them all and had no problems untill i started it up this morning. when windows boots up an error message comes up saying that there is a problem with the antivirus monitor and that my system must be restarted, as it will not be protected from viruses, in the hope that the program will load properly next time.

i've fixed the restarting problem by using the run>shutdown -a command. i was told my computer could have the blaster or isass viruses. i downloaded the following updates from microsoft, Windows-KB833330-ENU, WindowsXP-KB823980-x86-ENU, WindowsXP-KB824146-x86-ENU.
i also downloaded a blaster worm removal tool from Symantec, but when i go to run the tool an error informs me that i do not have the administrator rights to run the tool.
a couple of other things i noticed after i got my computer to stop restarting that might help you work out what it is were- the details of my dialup connection had been cleared, msn messenger won't sign in, telling me that the username or password i have entered are incorrect. trust me, correct. i also tried using system restore and recieved another error telling me i did not have proper adminsitrative rights to access it.
this is a log file from of a program called hijack this.. it tells you what processes have accessed your computer.
here's the log:
Logfile of HijackThis v1.97.7
Scan saved at 10:31:38 PM, on 20/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0
8.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\GetRight\GETRIGHT.EXE
C:\Program Files\GetRight\GETRIGHT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\navw32.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
E:\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://business.bigpond.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telstra Big Pond Business
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Find - {8D029AEC-E412-4948-84B5-699A740946AE} - %SystemRoot%\System32\iefind.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0
8.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Big Pond (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://business.bigpond.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2646205B-878C-11D1-B07C-0000C040BCDB} (NSIEMisc Class) -
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c....CAB?37884.1225
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{D28873AE-DEC9-47B4-AC90-BB64A2B042F3}: NameServer = 192.189.54.37 192.189.54.26

i also did a scan with adaware 6. thought it might help. here's the log:

http://www.sleepfield.live.com.au/adawarelog.TXT

sorry about the huge post, but there was a lot to explain. thanks in advance to anyone who can help.

 

knifeprty7 - I'm going to move this thread to the security section. It should get more attention from the security pros there than here.

 

Are you the only user on this computer? Do you have Administrator rights? It sounds like something, whether Norton or XP, had a hiccup!
Do you have a firewall?

Go OFFLINE and have your Norton scan your system. If it detects something, we can start there. Also, turn off auto restart
Control Panel/System/Advanced/Startup and Recovery
uncheck auto restart.

If it's clean, you need to find out why your admin rights are in dispute. This can help you take ownership of individual files or folders, but your problem sounds system wide. You might want to create a new admin account gice it full permissions, amd delete your old one.

Start with the scan first.
Johanna

 

Run some online scans. eTrust in my signature.

RAV

Housecall

 

i think i got it working. i restarted my computer in safe mode and used system restore to take it back to sunday's setting's, before i got the virus. i restarted again and it all seems to be working fine now. thanks a lot for your help!

 

Do the scans.

 

Dave is right, do the scans. And if they ALL come up clean, delete all of your prior restore points and you should be fine. Getting rid of a virus is usually not as easy as a System Restore, sadly. Do the scans.

Johanna

 

knifeprty7...

I recommend removing the Messenger Plus 2! software as per advise from LonnyJones in my thread that I posted for a friend.

Lonny quotes...