Cyber Tech Help Support Forums

Cyber Tech Help Support Forums (https://www.cybertechhelp.com/index.php)
-   Windows XP (https://www.cybertechhelp.com/forumdisplay.php?f=26)
-   -   Something is just not right - moved by Tom (https://www.cybertechhelp.com/showthread.php?t=150778)

Dr J March 21st, 2007 07:16 PM

Something is just not right - moved by Tom
 
I have a new (Nov 2006) Dell XPS410 computer running Trend Micro PC CILLin for security. It does most things I have expected of it but something is just not right! I get weird glitches (loss of desktop photo, weird problems with Pinnacle Studio 10 Plus - won't write to a disk - error message saying that the inserted media is not right ! I use the media and burner a lot with other programs. I haven't a clue as to what may be happening. I would greatly appreciate your help !


Logfile of HijackThis v1.99.1
Scan saved at 10:04:28 AM, on 3/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e
C:\Program Files\Codessentials\Yadis\Yadis.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=3061120
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myfamily.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=3061120
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TClockEx] C:\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /DropDisc
O4 - HKCU\..\Run: [Yadis] C:\Program Files\Codessentials\Yadis\Yadis.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.0.6.5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166327854500
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://beta.myfamily.com/Controls/Up...eUploader4.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

Jintan March 22nd, 2007 03:12 AM

Howdy Dr J,


No infection showing here, and the scenario you describe, especially on such a new system, does not ring of infection activity. I will move this thread and it's info to the CTH XP forum for review by others to determine perhaps some software change needed.

XOTREVOR March 22nd, 2007 02:08 PM

Hello, welcome to CTH,

How long has this problem been going on?

I would maybe suggest that you try to restore your computer back to a date before you were having the problem.


To do this....

Click on Start >>> All Programs >>> Accessories >>> System Tools >>> System Restore

Here are some screen shots I made.....

http://www.gooyah.net/test/system_restore_01.jpg


Click on System Restore....


http://www.gooyah.net/test/system_restore_02.jpg



Click on next....



http://www.gooyah.net/test/system_restore_03.jpg



Choose a date that was before you starting having problems....



http://www.gooyah.net/test/system_restore_04.jpg




Click next and the system restore will start and you computer will restart after the restore is done.


Let me know if this helps

Miz March 22nd, 2007 02:25 PM

Both Symantec (Norton) and PC Cillin are showing in the Hijack This log.

Did you uninstall Norton? If so, there's still plenty of it hanging on...enough of it that it's possible Norton and PC Cillin are conflicting. That may be causing some, maybe all, of the problems you're having.

XOTREVOR March 22nd, 2007 03:32 PM

Good catch Miz, I did not see that right away but now I do.

Dr J March 22nd, 2007 06:20 PM

No, the Norton program that is on this computer is Norton Ghost - Has to do with the double harddrive set up and protection against losing the info stored on either disk. The only security software is PC-Cillin. Thanks for your help Miz. I have tried to use the restore feature Trevor but all my restore points have gone missing - one of the things that had me wondering if I had an infection- one of the Just aint right syndrome. I still have not figured out what I have done wrong on the restore settings ! Thanks for your help too, Trevor! This has been problematic since about January - and the latest restore points are in March ! I am beginning to wonder about a reformat but this puter has so many things new to me, I worry about getting it all back together again<G>! The most bothersome itch is the glitch with Pinnacle Studio 10 Plus - I have been working with Pinnacle for several months and they finally sent me a new dvd - to no avail - am considering another video editing software now. I am extremely pleased to hear the assessment that there are no "bad actors" present.

Miz March 22nd, 2007 06:53 PM

Yes, I saw that Ghost is running but ccsetmgr and ccevtmgr are both associated with Norton Antivirus, which is why I asked.

Dr J March 22nd, 2007 07:33 PM

Miz , as far as I know, Norton Anti-virus has never been on this computer( I am the only user) - I don't know enough about such things to be able to detect the files you mention. Do you think I should remove them? I have used NAV on earlier computers but, for me, the more recent NAV programs have caused more grief than they do good, so I avoid Norton products - just personal preference. This computer, however, came with the Ghost program as part of the Dell Raid setup, whatever they call it.

XOTREVOR March 22nd, 2007 08:41 PM

Quote:

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccevtmgr.exe

ccsetmgr.exe is a process associated with the Symantec Internet Security Suite and is essential to it's functioning. This program is important for the stable and secure running of your computer and should not be terminated


ccevtmgr.exe is a process belonging to Norton Internet Security Suite. This process acts as a logger for the AntiVirus and firewall application installed. This program is important for the stable and secure running of your computer and should not be terminated


You may want to check in the control panel under your add and remove programs section for Norton Antivirus

Dr J March 22nd, 2007 11:49 PM

Trevor, I just checked in the control panel, under Add /Remove Programs. The only Norton program listed as such is Norton Ghost which is an integral part of the setup of my Dell. Thanks for the hint!

XOTREVOR March 23rd, 2007 12:24 AM

I would try to do the system restore and see where that gets us.

Restore it back to a date before the problem started.


Let me know what the results are.

Dr J March 23rd, 2007 05:20 PM

Trevor, I have thought of the system restore but somehow I have lost all the system restore points on this machine except those for March - and I would need to go back to Dec or January I think! It seems that years ago, Dell had a "magic word" that would take their computers back to the factory release condition - wish I had that now<G>!!

jtdoom March 23rd, 2007 05:30 PM

Hi
Dell computer bundles Norton Antivirus
Symantec offers a removal tool

http://service1.symantec.com/SUPPORT...05033108162039

I know somebody who used it on a DELL, and Dell's ghost was not removed by this tool (DELL system restore still worked).

Dr J March 24th, 2007 06:04 PM

jtdoom- I made a system restore point on my computer then started to run the Symantec removal tool, with a bit of trepidation. When it loaded, a window came up that gave a list of programs that it removes - it definitely said it removed Norton Ghost - several versions, so I terminated the tool immediately since I do not want to uninstall Ghost at this time!


All times are GMT +1. The time now is 02:29 PM.

Copyright © Cyber Tech Help. All rights reserved. All other trademarks are the property of their respective owners.