I can't enable my norton auto protect

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rondo 60

Thread Starter
Joined
Apr 19, 2004
Messages
68
On my Norton Antivirus system status list, my "auto protect" is off and the "e-mail scanning" has error beside it. I click on enable to start auto protect and it won't do anything. When I hit options and click the setting for enable, it won't do anything again. I can not bring up anything about the error message. I can scan my computer and found nothing. I can receive live updates. I just installed norton a week ago, downloaded it from the internet, and my computer has been slow since then as well. Would this have anything to do with it being slow? Thanks, Rhonda
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Hi, I had a similar experience. I had to download the manual uninstall tool, run it about 6 times and reinstall.

Also, when you say you downloaded it from the internet, I'm assuming you downloaded from Symantec, or Buy.com etc.?
 

rondo 60

Thread Starter
Joined
Apr 19, 2004
Messages
68
Hi! I finally found the remedy after searching everywhere on Symantec's site. Dell had me to msconfig and disable systems config. utilities to make the computer faster after a call to their tech support earlier today. That turned off the NAV. I restored everything. My computer is sooooo slow. It was not this way until I installed Norton. Can that do it? I had AVG before and it was not this slow. Rhonda
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Amount of ram, programs running on startup would affect the system performance too.

Start, run, type msinfo32 and hit ok, go to software, startups, edit, select all, edit, copy and come back and paste.

Also download hijack this from the internet, scan your system and post your scan log.

http://www.spywareinfo.com/~merijn/downloads.html
 

rondo 60

Thread Starter
Joined
Apr 19, 2004
Messages
68
AGNQXEKR c:\windows\agnqxekr.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM c:\progra~1\aim\aim.exe -cnetwait.odl D15NGC31\Jim and Rhonda HKU\S-1-5-21-1538319785-1497398554-2983912157-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM c:\program files\aim\aim.exe -cnetwait.odl D15NGC31\Audra HKU\S-1-5-21-1538319785-1497398554-2983912157-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AdaptecDirectCD "c:\program files\roxio\easy cd creator 5\directcd\directcd.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DESKTOP desktop.ini NT AUTHORITY\SYSTEM Startup
DESKTOP desktop.ini D15NGC31\Jim and Rhonda Startup
DESKTOP desktop.ini D15NGC31\Audra Startup
DESKTOP desktop.ini .DEFAULT Startup
DESKTOP desktop.ini All Users Common Startup
Dell AIO Printer A920 "c:\program files\dell aio printer a920\dlbkbmgr.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Digital Line Detect c:\progra~1\digita~1\dlg.exe All Users Common Startup
DwlClient c:\program files\common files\dell\eusw\support.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ELRYFLSYF c:\windows\elryflsyf.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HotKeysCmds c:\windows\system32\hkcmd.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray c:\windows\system32\igfxtray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MCAgentExe c:\progra~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MCUpdateExe c:\progra~1\mcafee.com\agent\mcupdate.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MMTray c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MsnMsgr "c:\program files\msn messenger\msnmsgr.exe" /background D15NGC31\Audra HKU\S-1-5-21-1538319785-1497398554-2983912157-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MyWebSearch Email Plugin c:\program files\mywebsearch\bar\2.bin\mwsoemon.exe All Users Common Startup
MyWebSearch Email Plugin c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
OrbitUpdate c:\program files\orbit\update.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
OrbitView c:\program files\orbit\view.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PCDRealtime c:\windows\realtime.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickBooks Update Agent c:\progra~1\common~1\intuit\quickb~1\qbupdate\qbupdate.exe All Users Common Startup
SpyKiller c:\program files\spykiller\spykiller.exe /startup D15NGC31\Jim and Rhonda HKU\S-1-5-21-1538319785-1497398554-2983912157-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TkBellExe "c:\program files\common files\real\update_ob\realsched.exe" -osboot All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
URLLSTCK.exe c:\program files\norton internet security\urllstck.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Weather c:\program files\aws\weatherbug\weather.exe 1 D15NGC31\Jim and Rhonda HKU\S-1-5-21-1538319785-1497398554-2983912157-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
What's New in Quicken 2002 New User Edition c:\progra~1\quickenw\whatsnew.wri All Users Common Startup
Yahoo! Pager c:\program files\yahoo!\messenger\ypager.exe -quiet D15NGC31\Audra HKU\S-1-5-21-1538319785-1497398554-2983912157-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp "c:\program files\common files\symantec shared\ccapp.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
mmtask c:\program files\musicmatch\musicmatch jukebox\mmtask.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ssate.exe c:\windows\system32\irun4.exe D15NGC31\Jim and Rhonda HKU\S-1-5-21-1538319785-1497398554-2983912157-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
 

rondo 60

Thread Starter
Joined
Apr 19, 2004
Messages
68
AGNQXEKR c:\windows\agnqxekr.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM c:\progra~1\aim\aim.exe -cnetwait.odl D15NGC31\Jim and Rhonda HKU\S-1-5-21-1538319785-1497398554-2983912157-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM c:\program files\aim\aim.exe -cnetwait.odl D15NGC31\Audra HKU\S-1-5-21-1538319785-1497398554-2983912157-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AdaptecDirectCD "c:\program files\roxio\easy cd creator 5\directcd\directcd.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DESKTOP desktop.ini NT AUTHORITY\SYSTEM Startup
DESKTOP desktop.ini D15NGC31\Jim and Rhonda Startup
DESKTOP desktop.ini D15NGC31\Audra Startup
DESKTOP desktop.ini .DEFAULT Startup
DESKTOP desktop.ini All Users Common Startup
Dell AIO Printer A920 "c:\program files\dell aio printer a920\dlbkbmgr.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Digital Line Detect c:\progra~1\digita~1\dlg.exe All Users Common Startup
DwlClient c:\program files\common files\dell\eusw\support.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ELRYFLSYF c:\windows\elryflsyf.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HotKeysCmds c:\windows\system32\hkcmd.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray c:\windows\system32\igfxtray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MCAgentExe c:\progra~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MCUpdateExe c:\progra~1\mcafee.com\agent\mcupdate.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MMTray c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MsnMsgr "c:\program files\msn messenger\msnmsgr.exe" /background D15NGC31\Audra HKU\S-1-5-21-1538319785-1497398554-2983912157-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MyWebSearch Email Plugin c:\program files\mywebsearch\bar\2.bin\mwsoemon.exe All Users Common Startup
MyWebSearch Email Plugin c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
OrbitUpdate c:\program files\orbit\update.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
OrbitView c:\program files\orbit\view.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PCDRealtime c:\windows\realtime.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickBooks Update Agent c:\progra~1\common~1\intuit\quickb~1\qbupdate\qbupdate.exe All Users Common Startup
SpyKiller c:\program files\spykiller\spykiller.exe /startup D15NGC31\Jim and Rhonda HKU\S-1-5-21-1538319785-1497398554-2983912157-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TkBellExe "c:\program files\common files\real\update_ob\realsched.exe" -osboot All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
URLLSTCK.exe c:\program files\norton internet security\urllstck.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Weather c:\program files\aws\weatherbug\weather.exe 1 D15NGC31\Jim and Rhonda HKU\S-1-5-21-1538319785-1497398554-2983912157-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
What's New in Quicken 2002 New User Edition c:\progra~1\quickenw\whatsnew.wri All Users Common Startup
Yahoo! Pager c:\program files\yahoo!\messenger\ypager.exe -quiet D15NGC31\Audra HKU\S-1-5-21-1538319785-1497398554-2983912157-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp "c:\program files\common files\symantec shared\ccapp.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
mmtask c:\program files\musicmatch\musicmatch jukebox\mmtask.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ssate.exe c:\windows\system32\irun4.exe D15NGC31\Jim and Rhonda HKU\S-1-5-21-1538319785-1497398554-2983912157-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
 

rondo 60

Thread Starter
Joined
Apr 19, 2004
Messages
68
Sorry for the two identical posts above. I thought I was posting my hijack this log the second time. The first log is after doing the start>run>msinfo32.......the following is my recent hijack this log. Thanks, Rhonda







Logfile of HijackThis v1.97.7
Scan saved at 9:30:55 AM, on 4/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jim and Rhonda\Local Settings\Temp\Temporary Directory 5 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ELRYFLSYF] C:\WINDOWS\ELRYFLSYF.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AGNQXEKR] C:\WINDOWS\AGNQXEKR.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ssate.exe] C:\WINDOWS\System32\irun4.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: What's New in Quicken 2002 New User Edition.lnk = C:\Program Files\QUICKENW\whatsnew.wri
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .midi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEABFA0C-6F83-45BF-92C3-E257D54F9542}: NameServer = 12.160.140.10,12.160.140.11

Logfile of HijackThis v1.97.7
Scan saved at 9:30:55 AM, on 4/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jim and Rhonda\Local Settings\Temp\Temporary Directory 5 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ELRYFLSYF] C:\WINDOWS\ELRYFLSYF.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AGNQXEKR] C:\WINDOWS\AGNQXEKR.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ssate.exe] C:\WINDOWS\System32\irun4.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: What's New in Quicken 2002 New User Edition.lnk = C:\Program Files\QUICKENW\whatsnew.wri
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .midi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEABFA0C-6F83-45BF-92C3-E257D54F9542}: NameServer = 12.160.140.10,12.160.140.11
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Well you have quite a few items starting that we need to clean up.

Do you have any idea what this is?

O4 - HKLM\..\Run: [AGNQXEKR] C:\WINDOWS\AGNQXEKR.exe

Also, how much ram do you have.

Someone else will check your log.
 

rondo 60

Thread Starter
Joined
Apr 19, 2004
Messages
68
I don't know what that item is. My computer description is Dell Dimension 2400 series, Intel, Celeron Processor at 2.2 GHz--128 MB DDR SDRam at 333 mhz. I bought it in August 03. Rhonda
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
128 megs of ram running XP? You definitely have waaaaaaaayyyyy too much loading. Let's wait for someone to look at your hijack this log.

While you are waiting, I'd go to Symantec's website and use their virus scanner. You never answered my question about where you downloaded Norton from, so I want to be sure it is really up to date with virus definitions, etc.
 

rondo 60

Thread Starter
Joined
Apr 19, 2004
Messages
68
Hi! Sorry about not answering the question about Norton--I had gotten side tracked!! I had a computer tech guy here the day that I downloaded the Norton. He was taking a trojan off my computer and it took him three hours. It has been slow ever since. We were using AVG and my husband wanted Norton, so we changed it that day. I downloaded it from the Symantec website--the tech picked out which one he recommended--$70.00 package--firewall, autoprotect, spam detector, etc. I just checked and everything is up to date on it. I have scanned this morning with Ad-aware and norton and everything was clear. I'll keep checking this post. Thanks for your help, Rhonda
 

rondo 60

Thread Starter
Joined
Apr 19, 2004
Messages
68
Putting this back up for another look. I just scanned with Spybot and I had Xupiter. I have found it a couple of times this week. Rhonda
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
You have a bunch of other crap that needs to go too. I think the security gurus are slacking today. It may be a bit longer, sit tight.
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Actually, let me move you to security, I thought I had alread done that.
 
Joined
Apr 30, 2004
Messages
19
I spent over 5 hours getting rid of a similar issue on my computer.

It is one of the variants of the GOABOT virus.

http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afj.html

This sucker is a royal pain in the ***. Let me tell you all the issues I can without puking over the stress of it all.


1. The stupid thing clobbers your ccEvtMgr.exe (a critical norton AV task) among others.

2. It puts all the helpful antivirus websites into your hosts file, with them all pointing to 127.0.0.1 (your local machine). This kills your ability to visit grissoft.com (avg), symantec, mcafee, etc., etc. First you need to do is delete everything in your hosts file after the first "127.0.0.1 localhost" entry. You'll have to scroll down.

Hosts file ---> C:\windows\system32\drivers\etc\hosts

3. If you're using norton, you will have to go to the web site and download the very latest and greatest. This is not available through their "liveupdate" since that is published only on wednesday. Today was friday, and I needed yesterday's virus file.

4. Among the crazy thing it does is it'll put a bunch of crazy named .exe's in c:. Like xcdfvscx.exe or similar. Delete them all when you find them.

5. It also infected my c:\windows\system32\microsoft.exe. Just great.

Best of luck. Send me an email if you get stuck.

Thomas G. Marshall
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top