Norton 360: Auto-Protect won't stay on!

  1. 03-09-2007  #1
    confusedguy89
    confusedguy89 is offline Newbie

    Norton 360: Auto-Protect won't stay on!

    Hello,

    I posted yesterday but removed it because I don't think I followed directions clearly. I did today and hope that makes whoever looks at this job easier.

    First off, when I start up my computer it goes into this Intel screen telling me to enter Dos mode or something.. I always have to hit escape before the computer will start loading up. Nothing big, but I wonder if there is a way to turn that off?

    Ok, so I have Norton 360 installed on my computer. I start up the computer and everything loads up ok. Then after about 2 mins the Norton Auto-Protect randomly shuts off. It says, 'Your computer is not protected against blah blah blah'. So I hit fix, and it doesn't do anything. I go into Advanced Settings and try to turn it on and it won't regardless of what I do.

    Is there any way I can get that Norton 360 to stay turned on indefinately?

    I also am wondering what the csrss.exe is and if there is a way to determine if the file is infected and how to clean it up?

    I apologize if there is a ton of processes on..this computer is very old. I am open to suggestions for turning off a lot of them when starting up.

    Here is the HiJack log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:37:09 AM, on 9/3/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\WINNT\System32\NMSSvc.exe
    C:\WINNT\system32\HPZipm12.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\wdfmgr.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINNT\System32\alg.exe
    C:\WINNT\GWMDMMSG.exe
    C:\WINNT\System32\hkcmd.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://charter.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

    provided by Charter featuring MSN
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common

    Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft

    Money\System\mnyside.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program

    Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program

    Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program

    Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator

    5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft

    Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [EPSON Stylus C42 Series]

    C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC1. EXE /P23 "EPSON Stylus C42 Series" /O6

    "USB001" /M "Stylus C42"
    O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2L1. EXE

    /P19 "EPSON Stylus CX6400" /O6 "USB002" /M "Stylus CX6400"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

    -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [morphstb] C:\WINNT\morphstb.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX6400 (Copy 1)]

    C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2L1. EXE /P28 "EPSON Stylus CX6400 (Copy 1)" /O6

    "USB002" /M "Stylus CX6400"
    O4 - HKLM\..\Run: [EPSON Stylus CX6400 (Copy 2)]

    C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2L1. EXE /P28 "EPSON Stylus CX6400 (Copy 2)" /O5

    "LPT1:" /M "Stylus CX6400"
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe

    /inspect
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common

    Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe"

    /hide
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec

    Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common

    Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [MBKWBarManager] C:\Program Files\MBKWBar\TManager.exe
    O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning]

    C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning]

    C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

    Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital

    Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint

    Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

    C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program

    Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://charter.msn.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

    http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

    http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program

    Files\Gateway\Do More\DoMoreRunExe.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -

    http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -

    http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
    O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) -

    http://19.sharedsource.org/html/UDConn.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program

    Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

    http://a1540.g.akamai.net/7/1540/52/...in/QuickTimeIn

    staller.exe
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) -

    file://C:\Program Files\gateway\helpspot\TechTools.CAB
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -

    http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) -

    http://appdirectory.messenger.msn.co...haringctrl.cab
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program

    Files\gateway\helpspot\RunExeActiveX.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

    http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -

    http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary...tatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) -

    http://www.napster.com/client/isetup.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -

    http://www.sibelius.com/download/sof...iveXPlugin.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

    http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

    http://zone.msn.com/binFramework/v10...o.cab34246.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -

    http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -

    http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -

    http://messenger.zone.msn.com/binary...reShowdown.cab
    O23 - Service: Blink2PnP - Unknown owner - C:\WINNT\twain_32\SiPix\SCBlink2\Srvany.exe (file

    missing)
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

    Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file

    missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common

    files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common

    Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

    Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 13686 bytes

    I ran SpyBot just before doing the log. I hope some can help me.. And if you do, many thanks.


  3. 03-09-2007  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    I also am wondering what the csrss.exe is
    It is a legitimate Windows component when that file is in folder Windows\System32. Csrss stands for client/server run-time subsystem and is an essential subsystem that must be running at all times. Csrss is responsible for console windows, creating and/or deleting threads.


    I see that you have used MSCONFIG to selectively disable certain running programs. That could be hiding problems issues if you are not certain what such files were specifically doing. You can re-enable such processes or we can run a diagnostic tool to determine what has been disabled.



    Uninstall the following application in Add/Remove Programs (Control Panel):

    Viewpoint




    Read over the following directions. Ask if anything appears unclear to you.



    Clean out TEMPORARY FILES procedures:
    To clean your temp folder, recycle bin, etc..please download this free tool:

    CCleaner http://www.ccleaner.com/downloadbuilds.asp

    Install Options:
    • Don't install any Toolbars, or other programs, should it ask you!
    • Just uncheck the option of installing the Yahoo toolbar.

    It will put a shortcut on your Desktop.

    Do not run CCleaner until requested later.




    We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.

    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

    O4 - HKLM\..\Run: [MORPHSTB] C:\WINNT\morphstb.exe
    O4 - HKCU\..\Run: [MBKWBARMANAGER] C:\Program Files\MBKWBar\TManager.exe

    O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://19.sharedsource.org/html/UDConn.cab

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.



    HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

    SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).



    Delete TEMPORARY FILES: Now, use CCleaner to hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):

    Run CCleaner.

    FIRST-TIME USE:
    Select the ”Options” BUTTON option (top LEFT), ”Advanced” BUTTON, and then UNCHECK the ”Only delete files in Windows Temp Folders older than 48 hours”. Set back to default afterwards.

    Select the ”Cleaner” BUTTON option (top LEFT), if not already selected. Use the ”Windows” TAB up front by default.
    • Uncheck ”Cookies” option (advisable)
    • Optionally, Uncheck ”Recently Typed URLs” option (potentially still useful)
    • Click the ”Analyse” button.
    • Thereafter, click ”Run Cleaner” after you have reviewed what it proposes to clean.

    ***** Clean out the Recycle Bin for items removed below, ONLY once you have regained the full functional use of your PC.




    Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


    DELETE FILES:

    C:\WINNT\morphstb.exe



    DELETE FOLDERS:

    C:\Program Files\MBKWBar



    POST A REVISED HIJACKTHIS LOG for review:
    • Reboot.
    • Let us see/review what is loaded on your PC:
      • Run HijackThis and Click Open the Misc Tools section button.
      • Then click the Open Uninstall Manager… button.
      • Click the Save list… button. Save uninstall_list to your desktop.

      • Open the Uninstall list file and post in your next reply, please.

    • Post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
  4. 03-09-2007  #3
    confusedguy89
    confusedguy89 is offline Newbie
    Thanks for helping VopThis,

    It now takes a little longer for the Auto-Protect to shut off, but it still shuts off and I cannot get it to turn back on.

    Here are some files when I searched for morphstb:
    C:\Documents and Settings\All Users\Application Data\SecTaskMan\_morphstb9820
    C:\WINNT\inf\morphstb (setup notepad)
    C:\WINNT\inf\morphstb.PNF

    Should I delete those or leave them alone?

    Also the Intel Boot Agent when I start up the computer still pops on. It says to enter MAC Adress: (A bunch of numbers). Then it has this P.......\: And when I press escape it says Network Boot Canceled by Keystroke. Is there a way to get rid of that?

    On a last note whenever I shut down my computer there is always an end task for ccApp and hpquimzone. Is that supposed to happen?

    Anyway, here is the uninstall list:

    ABBYY FineReader 5.0 Sprint Plus
    ACTive Prep
    Ad-aware 6 Personal
    Adobe Acrobat 5.0
    Adobe Flash Player ActiveX
    Age of Empires II - The Conquerors - 1.0e Patch
    AppCore
    ArcSoft Collage Creator
    AV
    Camfrog Video Chat 3.90 (remove only)
    ccCommon
    CCleaner (remove only)
    Digital Photo Navigator 1.0
    DivX Codec
    DivX Content Uploader
    DivX Player
    DivX Web Player
    Do More 7.0
    DVD
    Easy CD Creator 5 Basic
    EPSON CardMonitor
    EPSON Copy Utility
    EPSON ES CX6400 Manual
    EPSON Photo Print
    EPSON PhotoStarter3.0
    EPSON Printer Software
    EPSON Scan
    EPSON Smart Panel
    FinePixViewer Ver.4.0
    FUJIFILM USB Driver
    GamePark
    Gateway Rhapsody
    GearDrvs
    GTW V.92 Voicemodem
    HijackThis 2.0.2
    Hooked on Phonics Learn to Read
    Hotfix for Windows XP (KB926239)
    HP Document Viewer 5.3
    HP Extended Capabilities 5.3
    HP Image Zone 5.3
    HP Imaging Device Functions 5.3
    HP PSC & OfficeJet 5.3.A
    HP Software Update
    HP Solution Center & Imaging Support Tools 5.3
    ImageMixer VCD for FinePix
    Intel(R) Extreme Graphics Driver
    Intel(R) PRO Ethernet Adapter and Software
    Intel(R) PROSet II
    InterActual Player
    iTunes
    iTunes
    Java(TM) SE Runtime Environment 6 Update 1
    LiveReg (Symantec Corporation)
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Logitech Audio Echo Cancellation Component
    Logitech Desktop Messenger
    Logitech iTouch Software
    Logitech MouseWare 9.71
    Logitech QuickCam
    Logitech Video Enumerator
    Logitech® Camera Driver
    Microbuddy
    Microsoft .NET Framework (English)
    Microsoft .NET Framework (English) v1.0.3705
    Microsoft .NET Framework 1.1
    Microsoft Age of Empires
    Microsoft Age of Empires Expansion Trial
    Microsoft Age of Empires II
    Microsoft Age of Empires II: The Conquerors Expansion
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Encarta Encyclopedia Standard 2003
    Microsoft Learning and Research Plus Support Files
    Microsoft Money 2003
    Microsoft Money 2003 System Pack
    Microsoft Office XP Media Content
    Microsoft Office XP Standard for Students and Teachers
    Microsoft Picture It! Photo 7.0
    Microsoft Streets and Trips 2002
    Microsoft Word 2002
    Microsoft Works 2003 Setup Launcher
    Microsoft Works 7.0
    Microsoft Works Suite Add-in for Microsoft Word
    MicroStaff WINASPI NT
    mIRC
    Mozilla Firefox (2.0.0.1)
    MS The Dolphin Assistant(Remove only)
    MSN Gaming Zone
    MSN Internet Software
    MSN Messenger 7.5
    MSN Music Assistant
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MUSICMATCH® Jukebox
    MVision
    NetBattle
    Network Play System (Patching)
    NEW TAUNTS FROM 1 to 42
    Nintendo Wi-Fi USB Connector Registration Tool
    Nokia USB Drivers
    Norton 360
    Norton 360
    Norton 360
    Norton 360 (Symantec Corporation)
    Norton 360 Help
    Norton Confidential Browser Component
    Norton Confidential Web Authentification Component
    Norton Confidential Web Protection Component
    PC-Doctor for Windows
    PhoneTools
    Poker Stars
    PSS Plex 1.1.0
    Quicken 2003 New User Edition
    QuickTime
    RealPlayer
    RegCure 1.5.0.0
    ScanToWeb
    Security Task Manager 1.7e
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938829)
    Shockwave
    SiPix StyleCam CAMeleon
    SLD CODEC PACK 1.5.3
    SPBBC 32bit
    Spybot - Search & Destroy 1.4
    SuppSoft
    Symantec Real Time Storage Protection Component
    Symantec Technical Support Controls
    SymNet
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    VideoEdit ActiveX Control
    VideoEdit Converter
    Winamp (remove only)
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888240
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    WinZip
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger

    Also here is the HiJack this log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:33:57 PM, on 9/3/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\WINNT\System32\NMSSvc.exe
    C:\WINNT\system32\HPZipm12.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\GWMDMMSG.exe
    C:\WINNT\System32\hkcmd.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://charter.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

    provided by Charter featuring MSN
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common

    Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft

    Money\System\mnyside.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program

    Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator

    5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft

    Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [EPSON Stylus C42 Series]

    C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC1. EXE /P23 "EPSON Stylus C42 Series" /O6

    "USB001" /M "Stylus C42"
    O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2L1. EXE

    /P19 "EPSON Stylus CX6400" /O6 "USB002" /M "Stylus CX6400"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

    -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [EPSON Stylus CX6400 (Copy 1)]

    C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2L1. EXE /P28 "EPSON Stylus CX6400 (Copy 1)" /O6

    "USB002" /M "Stylus CX6400"
    O4 - HKLM\..\Run: [EPSON Stylus CX6400 (Copy 2)]

    C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2L1. EXE /P28 "EPSON Stylus CX6400 (Copy 2)" /O5

    "LPT1:" /M "Stylus CX6400"
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe

    /inspect
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common

    Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe"

    /hide
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec

    Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common

    Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning]

    C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning]

    C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

    Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital

    Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

    C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program

    Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://charter.msn.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

    http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

    http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program

    Files\Gateway\Do More\DoMoreRunExe.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -

    http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -

    http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program

    Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

    http://a1540.g.akamai.net/7/1540/52/...in/QuickTimeIn

    staller.exe
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) -

    file://C:\Program Files\gateway\helpspot\TechTools.CAB
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -

    http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) -

    http://appdirectory.messenger.msn.co...haringctrl.cab
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program

    Files\gateway\helpspot\RunExeActiveX.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

    http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -

    http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary...tatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) -

    http://www.napster.com/client/isetup.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -

    http://www.sibelius.com/download/sof...iveXPlugin.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

    http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

    http://zone.msn.com/binFramework/v10...o.cab34246.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -

    http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -

    http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -

    http://messenger.zone.msn.com/binary...reShowdown.cab
    O23 - Service: Blink2PnP - Unknown owner - C:\WINNT\twain_32\SiPix\SCBlink2\Srvany.exe (file

    missing)
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

    Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file

    missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common

    files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common

    Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 11736 bytes


    I didn't enable/disable anything from the last time on the MSCONFIG.

    Thanks for the help!
  5. 03-09-2007  #4
    VopThis
    VopThis is offline Senior Member (Canada)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://charter.msn.com
    Please do not remove more items than is requested by my directions. That could introduce complicating issues that I might not be able to anticipate.

    Also, please do not use wordwrap in NOTEPAD - it makes the logs very difficult to read.



    Also the Intel Boot Agent when I start up the computer still pops on.
    How long has this been going on? Do you have an INTEL Network Card? Which exact model?:

    Start (BUTTON)>My Computer>View System Information>Hardware (TAB)>Device Manager>click the + box beside Network adapters.




    Here are some files when I searched for morphstb:
    C:\Documents and Settings\All Users\Application Data\SecTaskMan\_morphstb9820
    C:\WINNT\inf\morphstb (setup notepad)
    C:\WINNT\inf\morphstb.PNF

    Should I delete those or leave them alone?
    Delete them but leave them in the 'Recycle Bin' for now.


    For your DOS problem:

    Goto Start (button)>Run>(type the following) MSCONFIG (and then hit 'Enter' KEY).
    Click the 'BOOT.INI' tab.
    In the 'Boot Options' BOX, ensure that none of the option boxes are ticked.
    Click 'OK' Button and then REBOOT.



    Did you install 'Norton 360' yourself? If so, it may be best to completely uninstall it (Add/Remove Programs - Control Panel) while disconnected from the Internet. Then REBOOT and do a clean re-install.
    Last edited by VopThis; 03-09-2007 at 10:11 PM.
  6. 03-09-2007  #5
    confusedguy89
    confusedguy89 is offline Newbie
    Did you want me to remove those items? The R0 and R1 you had in quotes from the last post? Or do you want me to leave them alone?

    Sorry about word-wrap..

    The Intel thing has been going on for about 1-2 months. The device is:
    Intel(R) PRO/100 VE Network Connection

    I deleted the 3 files and they are now in the recycle bin.

    None of the boxes are ticked in the boot options box.

    I did install the Norton 360 myself. I will reinstall it once I find my product key in a pile of papers in the kitchen.
  7. 03-09-2007  #6
    VopThis
    VopThis is offline Senior Member (Canada)
    Did you want me to remove those items? The R0 and R1 you had in quotes from the last post? Or do you want me to leave them alone?
    Sorry for my mistake. You only fixed what I had asked for. Leave those items alone.
  8. 09-09-2007  #7
    confusedguy89
    confusedguy89 is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    Ok, I reinstalled Norton 360 and all seems to be working fine. I guess that did the trick. Thank you!

    My last item of interest is the Intel Boot Agent. Why is that continuing to show up when I turn on the computer? I would like to make that stop, but I have no idea what is triggering it.

    The model is in my last post. Thanks!
+ Reply to Thread
« Need help on my Dad's PC | SLOOOOOOW Computer! »