Go Back   Cyber Tech Help Support Forums > Operating Systems > Older Windows Versions > Windows XP

Notices

Windows XP Problem solving for the Windows XP Operating System

Reply
 
Topic Tools
  #1  
Old March 21st, 2007, 07:16 PM
Dr J Dr J is offline
Member
 
Join Date: Sep 2006
O/S: Windows XP Home
Location: I live in Juneau Alaska, arguably the most beautiful place I have ever seen.
Age: 82
Posts: 41
Something is just not right - moved by Tom

I have a new (Nov 2006) Dell XPS410 computer running Trend Micro PC CILLin for security. It does most things I have expected of it but something is just not right! I get weird glitches (loss of desktop photo, weird problems with Pinnacle Studio 10 Plus - won't write to a disk - error message saying that the inserted media is not right ! I use the media and burner a lot with other programs. I haven't a clue as to what may be happening. I would greatly appreciate your help !


Logfile of HijackThis v1.99.1
Scan saved at 10:04:28 AM, on 3/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e
C:\Program Files\Codessentials\Yadis\Yadis.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=3061120
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myfamily.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=3061120
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TClockEx] C:\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /DropDisc
O4 - HKCU\..\Run: [Yadis] C:\Program Files\Codessentials\Yadis\Yadis.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.0.6.5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166327854500
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://beta.myfamily.com/Controls/Up...eUploader4.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
Reply With Quote
  #2  
Old March 22nd, 2007, 03:12 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,259
Howdy Dr J,


No infection showing here, and the scenario you describe, especially on such a new system, does not ring of infection activity. I will move this thread and it's info to the CTH XP forum for review by others to determine perhaps some software change needed.
Reply With Quote
  #3  
Old March 22nd, 2007, 02:08 PM
XOTREVOR XOTREVOR is offline
Banned
 
Join Date: Oct 2004
O/S: Windows XP Pro
Location: Bay City, MI
Age: 49
Posts: 235
Hello, welcome to CTH,

How long has this problem been going on?

I would maybe suggest that you try to restore your computer back to a date before you were having the problem.


To do this....

Click on Start >>> All Programs >>> Accessories >>> System Tools >>> System Restore

Here are some screen shots I made.....




Click on System Restore....






Click on next....







Choose a date that was before you starting having problems....








Click next and the system restore will start and you computer will restart after the restore is done.


Let me know if this helps

Last edited by XOTREVOR; March 22nd, 2007 at 02:17 PM.
Reply With Quote
  #4  
Old March 22nd, 2007, 02:25 PM
Miz's Avatar
Miz Miz is offline
Cyber Tech Help Moderator
 
Join Date: Mar 2003
O/S: Windows 10 Home
Location: Kansas
Age: 77
Posts: 12,113
Both Symantec (Norton) and PC Cillin are showing in the Hijack This log.

Did you uninstall Norton? If so, there's still plenty of it hanging on...enough of it that it's possible Norton and PC Cillin are conflicting. That may be causing some, maybe all, of the problems you're having.
Reply With Quote
  #5  
Old March 22nd, 2007, 03:32 PM
XOTREVOR XOTREVOR is offline
Banned
 
Join Date: Oct 2004
O/S: Windows XP Pro
Location: Bay City, MI
Age: 49
Posts: 235
Good catch Miz, I did not see that right away but now I do.
Reply With Quote
  #6  
Old March 22nd, 2007, 06:20 PM
Dr J Dr J is offline
Member
 
Join Date: Sep 2006
O/S: Windows XP Home
Location: I live in Juneau Alaska, arguably the most beautiful place I have ever seen.
Age: 82
Posts: 41
No, the Norton program that is on this computer is Norton Ghost - Has to do with the double harddrive set up and protection against losing the info stored on either disk. The only security software is PC-Cillin. Thanks for your help Miz. I have tried to use the restore feature Trevor but all my restore points have gone missing - one of the things that had me wondering if I had an infection- one of the Just aint right syndrome. I still have not figured out what I have done wrong on the restore settings ! Thanks for your help too, Trevor! This has been problematic since about January - and the latest restore points are in March ! I am beginning to wonder about a reformat but this puter has so many things new to me, I worry about getting it all back together again<G>! The most bothersome itch is the glitch with Pinnacle Studio 10 Plus - I have been working with Pinnacle for several months and they finally sent me a new dvd - to no avail - am considering another video editing software now. I am extremely pleased to hear the assessment that there are no "bad actors" present.

Last edited by Dr J; March 22nd, 2007 at 07:39 PM.
Reply With Quote
  #7  
Old March 22nd, 2007, 06:53 PM
Miz's Avatar
Miz Miz is offline
Cyber Tech Help Moderator
 
Join Date: Mar 2003
O/S: Windows 10 Home
Location: Kansas
Age: 77
Posts: 12,113
Yes, I saw that Ghost is running but ccsetmgr and ccevtmgr are both associated with Norton Antivirus, which is why I asked.
Reply With Quote
  #8  
Old March 22nd, 2007, 07:33 PM
Dr J Dr J is offline
Member
 
Join Date: Sep 2006
O/S: Windows XP Home
Location: I live in Juneau Alaska, arguably the most beautiful place I have ever seen.
Age: 82
Posts: 41
Miz , as far as I know, Norton Anti-virus has never been on this computer( I am the only user) - I don't know enough about such things to be able to detect the files you mention. Do you think I should remove them? I have used NAV on earlier computers but, for me, the more recent NAV programs have caused more grief than they do good, so I avoid Norton products - just personal preference. This computer, however, came with the Ghost program as part of the Dell Raid setup, whatever they call it.
Reply With Quote
  #9  
Old March 22nd, 2007, 08:41 PM
XOTREVOR XOTREVOR is offline
Banned
 
Join Date: Oct 2004
O/S: Windows XP Pro
Location: Bay City, MI
Age: 49
Posts: 235
Quote:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccevtmgr.exe

ccsetmgr.exe is a process associated with the Symantec Internet Security Suite and is essential to it's functioning. This program is important for the stable and secure running of your computer and should not be terminated


ccevtmgr.exe is a process belonging to Norton Internet Security Suite. This process acts as a logger for the AntiVirus and firewall application installed. This program is important for the stable and secure running of your computer and should not be terminated


You may want to check in the control panel under your add and remove programs section for Norton Antivirus

Last edited by XOTREVOR; March 22nd, 2007 at 08:44 PM.
Reply With Quote
  #10  
Old March 22nd, 2007, 11:49 PM
Dr J Dr J is offline
Member
 
Join Date: Sep 2006
O/S: Windows XP Home
Location: I live in Juneau Alaska, arguably the most beautiful place I have ever seen.
Age: 82
Posts: 41
Trevor, I just checked in the control panel, under Add /Remove Programs. The only Norton program listed as such is Norton Ghost which is an integral part of the setup of my Dell. Thanks for the hint!
Reply With Quote
  #11  
Old March 23rd, 2007, 12:24 AM
XOTREVOR XOTREVOR is offline
Banned
 
Join Date: Oct 2004
O/S: Windows XP Pro
Location: Bay City, MI
Age: 49
Posts: 235
I would try to do the system restore and see where that gets us.

Restore it back to a date before the problem started.


Let me know what the results are.
Reply With Quote
  #12  
Old March 23rd, 2007, 05:20 PM
Dr J Dr J is offline
Member
 
Join Date: Sep 2006
O/S: Windows XP Home
Location: I live in Juneau Alaska, arguably the most beautiful place I have ever seen.
Age: 82
Posts: 41
Trevor, I have thought of the system restore but somehow I have lost all the system restore points on this machine except those for March - and I would need to go back to Dec or January I think! It seems that years ago, Dell had a "magic word" that would take their computers back to the factory release condition - wish I had that now<G>!!
Reply With Quote
  #13  
Old March 23rd, 2007, 05:30 PM
jtdoom's Avatar
jtdoom jtdoom is offline
Cyber Tech Help Moderator
 
Join Date: Jun 2001
O/S: Windows 8 Pro
Location: Belgium, East Flanders
Posts: 5,990
Hi
Dell computer bundles Norton Antivirus
Symantec offers a removal tool

http://service1.symantec.com/SUPPORT...05033108162039

I know somebody who used it on a DELL, and Dell's ghost was not removed by this tool (DELL system restore still worked).
Reply With Quote
  #14  
Old March 24th, 2007, 06:04 PM
Dr J Dr J is offline
Member
 
Join Date: Sep 2006
O/S: Windows XP Home
Location: I live in Juneau Alaska, arguably the most beautiful place I have ever seen.
Age: 82
Posts: 41
jtdoom- I made a system restore point on my computer then started to run the Symantec removal tool, with a bit of trepidation. When it loaded, a window came up that gave a list of programs that it removes - it definitely said it removed Norton Ghost - several versions, so I terminated the tool immediately since I do not want to uninstall Ghost at this time!
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Help Please! - moved from XP DDHarris Malware Removal 1 January 25th, 2009 06:35 AM
A little help please.... {moved by PL} n0b0dy Malware Removal 7 November 11th, 2007 04:03 AM
I just moved SeijinAlmasy The Anything Else Board 0 August 13th, 2007 12:02 PM
pop ups - moved by Tom bol1 Internet / Browsers 3 July 5th, 2007 10:34 PM


All times are GMT +1. The time now is 04:12 AM.