Now, I still don't know if you have been turning off services. Have
you, or have you been hacking your registry? I need to know that...
Also, is your OS up to date, and are any/all MS products, like Office
for example, up to date. You'd be surprised what can happen to you just
because your MS products aren't updated. 99% of the world's threats are
written for Windows and there are also MS Office vulnerabilities that
can get you infected and in deep trouble quick. Please answer the
question.
Since I don't have all the info yet, let's do this. Put Spysweeper on
your box, update it, and then scan. You want to scan within compressed
files and folders. Go to the Options panel, then Sweep options tab,
check off all the "what to sweep boxes"
run a scan.
Spysweeper can detect and remove some rootkits- some! - but
professionally, when a rootkit is suspected, you need to run a scan
from either another OS (I have my hard drives partitioned on all my
boxes and have multiple OS's installed, so I can just boot up into
another OS and scan with anti-virus) Rootkits are very difficult to
detect, they are hidden from the Win API, so scanning from within an
infected OS is pretty much futile. Without the option of scanning from
another OS, you should do an online scan. I know I have a link for an
online on my downloads page, but I'll give you a link here to that
online scan
http://security.symantec.com/ssc/home.asp?j=1&langid=us&venid=sym&plfid=23&pkj=OMISKVYRMHCGVRVRMNR
Ran the virus & security checks, nothing was found.
Also, download and run Hijack This, post a log file and I'll take a
look. All this stuff is linked on my downloads page, and there's some
good basic info there. here it is again
http://www.websitesnservices.com/securitydownloads.php
Also, you really should switch to Firefox if you're not already using
it.
Now, I also asked you what OS. Are you running xp Home or Pro, and what
Service Pack? Now see, here I missed something, you told me in the
thread start that you have xp sp1. You should've rubbed my nose in it
LOL.
It is important what SP, as there issues specific to the service packs.
For example, if you run sp1, and you do any file sharing apps like
Limewire, etc... there's a huge security issue with the maximum number
of incoming connections per Port. SP2 fixed that vulnerability. And in
regards to that fix, some folks find that they just have to hack that
fix so they can get better download speeds from their file sharing
apps. And there may be some of those apps that are patching the OS so
they can connect better.
I could write a book on this stuff. I'm skipping a lot of stuff here.
I'll help you to the best of my ability if you answer the questions I
have. I do this professionally, and I charge for it unless you belong
to Speedguide, or if I see someone needs help in a forum like this (and
if I feel like it).
After you scan with Spysweeper, and run Hijack This and post a log
file, we can go from there. And please, make sure everything is updated
first, including your OS and Office products.
As far as services go, I used the list and disabled things not needed,
only it didn't improve much.
Used this list to check
http://majorgeeks.com/page.php?id=12
HERE is the other information you asked about.
---
The only Office product I have is MS OFFICE 97 [97]
I know of no updates MS would offer for such an outdated/old product?
----------------
Also, I am using SP1 because there are a lot of software that even the
microsoft says will either no longer work or will cause
errors in. I chose not to update past SP1 for this reason. Also read a
ton of posts on forums/usenet where people, upon patching
to SP2, could not connect to the internet even after attempting many
workarounds for several days. Also read about how hard it
was to revert back to SP1 if SP2 was an issue.
I know I could simply re-install winxp and stick with SP1 as a repair
to SP2, but my average time from start to finish, including
re-installing all my personal stiff and certain software, would be
around 4 hours.
-------------------
Note: I use Firefox/Mozilla about 99.99% of the time. Only if a
website cannot be viewed by those two will I use IE on my
machine.
HijackThis Logs Are Listed:
Logfile of HijackThis v1.99.1
Scan saved at 5:59:21 PM, on 2/23/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.drudgereport.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common
Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft
SmartIssue) -
http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script
Runner Class) -
http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control)
-
http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130034037718
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
-
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130034030265
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX
6.5) -
http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
Class) -
http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner -
C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton
AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental)
(rpcapd) - Unknown owner -
%ProgramFiles%\WinPcap\rpcapd.exe" -d -f
"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program
Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common
Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown
owner - (no file)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
End of Log
-------------
SpySweeper scan found nothing [scanned everything including archives,
compressed files, hidden/system files]
-----
CPU resources, nothing about 1% ever [except the process viewer when
viewed/task manager thing]
----
Do you have any ideas/ clues as to what may be going wrong or what I
can do at this point?
thanks,