|
Windows XP Problem solving for the Windows XP Operating System |
|
Topic Tools |
#1
|
|||
|
|||
Something is just not right - moved by Tom
I have a new (Nov 2006) Dell XPS410 computer running Trend Micro PC CILLin for security. It does most things I have expected of it but something is just not right! I get weird glitches (loss of desktop photo, weird problems with Pinnacle Studio 10 Plus - won't write to a disk - error message saying that the inserted media is not right ! I use the media and burner a lot with other programs. I haven't a clue as to what may be happening. I would greatly appreciate your help !
Logfile of HijackThis v1.99.1 Scan saved at 10:04:28 AM, on 3/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe C:\Program Files\Norton Ghost\Agent\GhostTray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e C:\Program Files\Codessentials\Yadis\Yadis.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe c:\program files\common files\installshield\updateservice\isuspm.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\WINDOWS\system32\wuauclt.exe C:\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=3061120 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myfamily.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=3061120 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [TClockEx] C:\TClockEx\TCLOCKEX.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /DropDisc O4 - HKCU\..\Run: [Yadis] C:\Program Files\Codessentials\Yadis\Yadis.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.0.6.5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166327854500 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://beta.myfamily.com/Controls/Up...eUploader4.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (file missing) O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe |
#2
|
||||
|
||||
Howdy Dr J,
No infection showing here, and the scenario you describe, especially on such a new system, does not ring of infection activity. I will move this thread and it's info to the CTH XP forum for review by others to determine perhaps some software change needed. |
#3
|
|||
|
|||
Hello, welcome to CTH,
How long has this problem been going on? I would maybe suggest that you try to restore your computer back to a date before you were having the problem. To do this.... Click on Start >>> All Programs >>> Accessories >>> System Tools >>> System Restore Here are some screen shots I made..... Click on System Restore.... Click on next.... Choose a date that was before you starting having problems.... Click next and the system restore will start and you computer will restart after the restore is done. Let me know if this helps Last edited by XOTREVOR; March 22nd, 2007 at 02:17 PM. |
#4
|
||||
|
||||
Both Symantec (Norton) and PC Cillin are showing in the Hijack This log.
Did you uninstall Norton? If so, there's still plenty of it hanging on...enough of it that it's possible Norton and PC Cillin are conflicting. That may be causing some, maybe all, of the problems you're having. |
#5
|
|||
|
|||
Good catch Miz, I did not see that right away but now I do.
|
#6
|
|||
|
|||
No, the Norton program that is on this computer is Norton Ghost - Has to do with the double harddrive set up and protection against losing the info stored on either disk. The only security software is PC-Cillin. Thanks for your help Miz. I have tried to use the restore feature Trevor but all my restore points have gone missing - one of the things that had me wondering if I had an infection- one of the Just aint right syndrome. I still have not figured out what I have done wrong on the restore settings ! Thanks for your help too, Trevor! This has been problematic since about January - and the latest restore points are in March ! I am beginning to wonder about a reformat but this puter has so many things new to me, I worry about getting it all back together again<G>! The most bothersome itch is the glitch with Pinnacle Studio 10 Plus - I have been working with Pinnacle for several months and they finally sent me a new dvd - to no avail - am considering another video editing software now. I am extremely pleased to hear the assessment that there are no "bad actors" present.
Last edited by Dr J; March 22nd, 2007 at 07:39 PM. |
#7
|
||||
|
||||
Yes, I saw that Ghost is running but ccsetmgr and ccevtmgr are both associated with Norton Antivirus, which is why I asked.
|
#8
|
|||
|
|||
Miz , as far as I know, Norton Anti-virus has never been on this computer( I am the only user) - I don't know enough about such things to be able to detect the files you mention. Do you think I should remove them? I have used NAV on earlier computers but, for me, the more recent NAV programs have caused more grief than they do good, so I avoid Norton products - just personal preference. This computer, however, came with the Ghost program as part of the Dell Raid setup, whatever they call it.
|
#9
|
|||
|
|||
Quote:
ccsetmgr.exe is a process associated with the Symantec Internet Security Suite and is essential to it's functioning. This program is important for the stable and secure running of your computer and should not be terminated ccevtmgr.exe is a process belonging to Norton Internet Security Suite. This process acts as a logger for the AntiVirus and firewall application installed. This program is important for the stable and secure running of your computer and should not be terminated You may want to check in the control panel under your add and remove programs section for Norton Antivirus Last edited by XOTREVOR; March 22nd, 2007 at 08:44 PM. |
#10
|
|||
|
|||
Trevor, I just checked in the control panel, under Add /Remove Programs. The only Norton program listed as such is Norton Ghost which is an integral part of the setup of my Dell. Thanks for the hint!
|
#11
|
|||
|
|||
I would try to do the system restore and see where that gets us.
Restore it back to a date before the problem started. Let me know what the results are. |
#12
|
|||
|
|||
Trevor, I have thought of the system restore but somehow I have lost all the system restore points on this machine except those for March - and I would need to go back to Dec or January I think! It seems that years ago, Dell had a "magic word" that would take their computers back to the factory release condition - wish I had that now<G>!!
|
#13
|
||||
|
||||
Hi
Dell computer bundles Norton Antivirus Symantec offers a removal tool http://service1.symantec.com/SUPPORT...05033108162039 I know somebody who used it on a DELL, and Dell's ghost was not removed by this tool (DELL system restore still worked). |
#14
|
|||
|
|||
jtdoom- I made a system restore point on my computer then started to run the Symantec removal tool, with a bit of trepidation. When it loaded, a window came up that gave a list of programs that it removes - it definitely said it removed Norton Ghost - several versions, so I terminated the tool immediately since I do not want to uninstall Ghost at this time!
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Help Please! - moved from XP | DDHarris | Malware Removal | 1 | January 25th, 2009 06:35 AM |
A little help please.... {moved by PL} | n0b0dy | Malware Removal | 7 | November 11th, 2007 04:03 AM |
I just moved | SeijinAlmasy | The Anything Else Board | 0 | August 13th, 2007 12:02 PM |
pop ups - moved by Tom | bol1 | Internet / Browsers | 3 | July 5th, 2007 10:34 PM |
All times are GMT +1. The time now is 05:40 AM.