Puleeeeese, I need help!

I posted a couple of weeks ago and didn't get an answer. I finally got the msn.com straightened out with help at another forum. However, things are happening with my computer which may only be attributed to my bad computer habits. But I keep getting kicked off line, computer is so slow even I can keep up with it and other odd things happening.

A quick check would be greatly appreciated!
Thanks in advance.

Logfile of HijackThis v1.97.7
Scan saved at 4:28:02 PM, on 5/28/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISSERV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\SYMPROXYSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\BELLSOUTH INTERNET TOOLS\BLSLOADER.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\IAMAPP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\HPHMON03.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\HPHIPM09.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\HIJACKTHIS.EXE\HIJACKTHIS.EXE

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\PROGRAM FILES\BELLSOUTH INTERNET TOOLS\BLSPC.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [blspcloader] "C:\PROGRAM FILES\BELLSOUTH INTERNET TOOLS\BLSLOADER.EXE"
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\SYSTEM\HPHMON03.EXE
O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRAM FILES\BELLSOUTH ACCELERATOR TECHNOLOGY\PROPELAC.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Personal Firewall\NISSERV.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKCU\..\Run: [AIM] D:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.accelerator.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = bellsouth.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 207.203.32.20

 

Annie,

From a quick look through your HJT log, I do believe you have the Norton Personal Firewall (2002, right?) blues.

Will try to see if I can't get this thread moved over to the "Other Firewalls" forum here, so you won't feel so lonely.

 

You are welcome to any thread you want to have.

Regards,

Pieter

 

Spoken like a man who has seen more HJT logs than they ever envisioned could exist!

 

Annie,

There are two threads here that are already talking about this problem.

One is at https://www.wilderssecurity.com/showthread.php?t=32511 . You can follow that one for some quick background down to Sam Vimes' post (where we end up talking about another issue afterwards).

Also, the thread at https://www.wilderssecurity.com/showthread.php?t=31945 , which gets right on the issue from the very beginning . Now, I would suggest you read all the way through that thread before you actually start doing any thing. We went through lots of dead ends before we started getting closer to a solution here. And, down near the end of that thread, you'll find a reference to a thread at BBR/DSLR Security Forum, where we actually managed to land a Symantec employee -- briefly, I fear

I would suggest you beginning posting in the second thread above. I'd like to sort of consolidate places I have to look (otherwise I start overlooking things and people get irritated with me).

Finally, the most recent thread at BBR/DSLR Security Forum can be found at http://www.dslreports.com/forum/remark,10357746~mode=flat is starting to get very interesting. Indeed, I need to spend some time over there at the moment digesting the significance of some of the overnight postings.

As you read through these threads and posts, you will see several occasions in which people have found temporary solutions that work -- for them. Well, we're still looking for a permanent solution that also provides protection against the vulnerabilities identified by eEYE over a month ago -- and it was the Symantec 'patch' of 12 May to address those vulnerabilities that started this headache.

Read on; take your time. . . .

 

Thanks you guys, I'll be moving on down!
Annie

 

Annie62

If you recently downloaded the LiveUpdates from Symantec (Norton SystemWorks) that is probably your problem. I recently downloaded the updates and came up with the same problems you did. Here is the fix.
I uninstalled the Norton Personal Firewall. Re-installed it and then went back and got the Live Updates. Currently all is working greate.

 

Quick question:

Do you find SYMIDS.* and SYMIDSCO.* BOTH installed at the current time? If so, could you please tell me the file versions -- probably 5.3.1.53, 5.3.1.54, or 5.3.1.55 . If you've got some other build, I'll have another question.