Puleeeeese, I need help!

Discussion in 'other firewalls' started by annie62, May 28, 2004.

Thread Status:
Not open for further replies.
  1. annie62

    annie62 Registered Member

    Joined:
    May 18, 2004
    Posts:
    6
    I posted a couple of weeks ago and didn't get an answer. I finally got the msn.com straightened out with help at another forum. However, things are happening with my computer which may only be attributed to my bad computer habits. But I keep getting kicked off line, computer is so slow even I can keep up with it and other odd things happening.

    A quick check would be greatly appreciated!
    Thanks in advance.

    Logfile of HijackThis v1.97.7
    Scan saved at 4:28:02 PM, on 5/28/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISSERV.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
    C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\SYMPROXYSVC.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\BELLSOUTH INTERNET TOOLS\BLSLOADER.EXE
    C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\IAMAPP.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\HPZTSB04.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\HPHMON03.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\HPHIPM09.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    D:\HIJACKTHIS.EXE\HIJACKTHIS.EXE

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\PROGRAM FILES\BELLSOUTH INTERNET TOOLS\BLSPC.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [blspcloader] "C:\PROGRAM FILES\BELLSOUTH INTERNET TOOLS\BLSLOADER.EXE"
    O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
    O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\SYSTEM\HPHMON03.EXE
    O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRAM FILES\BELLSOUTH ACCELERATOR TECHNOLOGY\PROPELAC.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
    O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Personal Firewall\NISSERV.EXE
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
    O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
    O4 - HKCU\..\Run: [AIM] D:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.accelerator.bellsouth.net/sdccommon/download/tgctlcm.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = bellsouth.net
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 207.203.32.20
     
  2. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Annie,

    From a quick look through your HJT log, I do believe you have the Norton Personal Firewall (2002, right?) blues. :D

    Will try to see if I can't get this thread moved over to the "Other Firewalls" forum here, so you won't feel so lonely. ;)
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    You are welcome to any thread you want to have. ;)

    Regards,

    Pieter
     
  4. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Spoken like a man who has seen more HJT logs than they ever envisioned could exist! :cool:
     
  5. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Annie,

    There are two threads here that are already talking about this problem.

    One is at https://www.wilderssecurity.com/showthread.php?t=32511 . You can follow that one for some quick background down to Sam Vimes' post (where we end up talking about another issue afterwards).

    Also, the thread at https://www.wilderssecurity.com/showthread.php?t=31945 , which gets right on the issue from the very beginning . Now, I would suggest you read all the way through that thread before you actually start doing any thing. We went through lots of dead ends before we started getting closer to a solution here. And, down near the end of that thread, you'll find a reference to a thread at BBR/DSLR Security Forum, where we actually managed to land a Symantec employee -- briefly, I fear :eek:

    I would suggest you beginning posting in the second thread above. I'd like to sort of consolidate places I have to look (otherwise I start overlooking things and people get irritated with me).

    Finally, the most recent thread at BBR/DSLR Security Forum can be found at http://www.dslreports.com/forum/remark,10357746~mode=flat is starting to get very interesting. Indeed, I need to spend some time over there at the moment digesting the significance of some of the overnight postings.

    As you read through these threads and posts, you will see several occasions in which people have found temporary solutions that work -- for them. Well, we're still looking for a permanent solution that also provides protection against the vulnerabilities identified by eEYE over a month ago -- and it was the Symantec 'patch' of 12 May to address those vulnerabilities that started this headache.

    Read on; take your time. . . .
     
  6. annie62

    annie62 Registered Member

    Joined:
    May 18, 2004
    Posts:
    6

    Thanks you guys, I'll be moving on down!
    Annie
     
  7. browneagle52

    browneagle52 Registered Member

    Joined:
    May 26, 2004
    Posts:
    5
    Annie62

    If you recently downloaded the LiveUpdates from Symantec (Norton SystemWorks) that is probably your problem. I recently downloaded the updates and came up with the same problems you did. Here is the fix.
    I uninstalled the Norton Personal Firewall. Re-installed it and then went back and got the Live Updates. Currently all is working greate.
     
  8. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Quick question:

    Do you find SYMIDS.* and SYMIDSCO.* BOTH installed at the current time? If so, could you please tell me the file versions -- probably 5.3.1.53, 5.3.1.54, or 5.3.1.55 . If you've got some other build, I'll have another question.
     
Loading...
Thread Status:
Not open for further replies.