This past week my Norton SystemWorks 2004 refuses to run auto-protect. It says the auto-protect driver could not be loaded. I figured it might be malware so I ran spybot search and destroy, adaware, cwshredder, I did a temporary files clean up and I did a virus scan on Trendmicro. Trendmicro came up clean but spybot search and destroy found:

Windows Security Center.AntiVirusDisableNotify:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

I have tried fixing it with spyboy and I did an immunization but it still comes up. Spybot is not fixing it.

I also had a Dr. Watson's Postmortem Debugger show up the week before but I think I got rid of that with system restore. I think my only problem now is the Windows Security Center.AntiVirusDisableNotify

I downloaded and ran Ewido. It found 9 problems and cleaned them but auto-protect still fails to work.

Since I first posted this I have done another Hijackthis log. This is the current one:

Logfile of HijackThis v1.99.1
Scan saved at 11:48:20 PM, on 11/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\wmconnect\wwm.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Gaim\gaim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_3_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Register.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\Register.exe
O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe
O4 - Global Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: First Class Solitaire by pogo - http://solitaire26.pogo.com/applet/solitai...2-ob-assets.cab
O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtn_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.3.1.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {4FCE7460-D289-4037-A570-4E4DED74ADC9} (WebTrackOCXX4.WebTrackOCX4) - http://www.mediatechnics.net/np5cd/files/WebTrackOCX4.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/28575c6fec5e7b427302/...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {BD70B8AE-CE34-11D5-9F7A-0090F50400FE} (PlayIt7Student.PlayIt7e) - file://D:\content\PlayIt7e.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (SoundCtl Class) - http://www.buzme.com/ActiveX/NPBMCtrl.cab
O16 - DPF: {D94B2F87-CE31-11D5-9F7A-0090F50400FE} (NP5Sample.docBookNP5) - file://D:\content\bwnp5s.CAB
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_3_0.cab
O16 - DPF: {F7E3BB7B-9B9F-11D5-9F7A-0090F50400FE} (PlayIt7Student.PlayIt7d) - file://D:\content\PlayIt7d.CAB
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{689E37C8-952F-4695-823F-D1ACC05B8B7F}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

And this is the Ewido report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:19:22 PM, 11/28/2005
+ Report-Checksum: F96E7C59

+ Scan result:

HKLM\SOFTWARE\ISP50RegistryBackup\HKCR\CLSID\{3DE88907-3E38-11D4-BEB2-CBE76C0598DD} -> Spyware.BandObjects : Cleaned with backup
HKLM\SOFTWARE\ISP50RegistryBackup\HKCR\PeoplePC.FixedBandBHO\CLSID\\ -> Spyware.BandObjects : Cleaned with backup
HKLM\SOFTWARE\ISP50RegistryBackup\HKCR\PeoplePC.FixedBandBHO.1\CLSID\\ -> Spyware.BandObjects : Cleaned with backup
C:\Documents and Settings\ArethaNick\Cookies\arethanick@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\ArethaNick\Cookies\arethanick@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\ArethaNick\Cookies\arethanick@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\ArethaNick\Cookies\arethanick@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\ArethaNick\Cookies\arethanick@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\ArethaNick\Cookies\arethanick@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup


::Report End

This post has been edited by nappychick: Nov 29 2005, 01:04 AM

Hi nappychick and welcome to Geeks.


The entries Spybot is flagging are telling you that something has disabled one or more of the notifications in the Windows Security Center for SP2. Spybot is reporting that the registry settings are different from the expected defaults in its database which are set to show the Security Center alerts are on. If you have intentionally set them this way, then you can safely right click and tell Spybot to exclude them in future scans. I personally have the exact same value set for that registry key on my machine.


I notice you have Quicken and the AzureBay Screen Saver installed. Have a look here for a possible cause for this appearing.


Step 1

Disable Ewido's Guard:

• Open Ewido and select "Deactivate Guard" under the 'Additional' menu.
• Reboot to complete the change.

Configure Windows to Show all hidden files & folders and ensure you're familiar with rebooting into Safe Mode.

Download and install System Security Suite.


Step 2

Run HJT again and checkmark the boxes next to the following:-

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)

O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/28575c6fec5e7b427302/...ip/RdxIE601.cab

Close ALL OPEN WINDOWS/BROWSERS and click Fix Checked


Step 3

Reboot into Safe Mode and use Windows Explorer to locate & delete the following folder in bold:

C:\freescan\ <-- rogue anti-spyware program (Spyware Begone)


Step 4

Close ALL other windows and open System Security Suite.

• On the Items to Clear tab select Cookies & Temporary Files under Internet Explorer.
• Select Temporary Files & Recycle Bin under My Computer.
• Press the Clear Selected Items button.
• Restart the machine when prompted.

Step 5

Then run either of the following online virus scans with Internet Explorer (saving the scan report when complete):

Kaspersky On-line Scanner

• Accept the Active X object and download the latest definitions.
• When the scanner is ready, click Scan Settings.
• Select the Extended anti-virus database.
• Select Scan Archives & Scan Mail Bases and then ok.
• Click My Computer to run a full system scan.
• When complete, choose Save as Text and save the log to your desktop.

Panda ActiveScan

• Once on the Panda site click the Scan your PC button and then the Check Now button on the nex screen.
• Enter your details in the required fields.
• Then click the big Scan Now button.
• Allow the Active X component to install and download the necessary files. (Note: It may take a couple of minutes)
• When the download is complete, click on Local Disks to start the scan.
• Upon scan completion, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Step 6

Reboot and post a fresh HJT log and online scan results please.

* Let me know if Norton's Auto-Protect is working again please.



Keeping Track of Your Topic

• Please subscribe to this thread by clicking 'Track this topic' at the top of the thread.
• Enable email notification to subscribed threads via the My Controls link above.
• Keep ALL future replies in this thread please.

This post has been edited by John McKenna: Dec 2 2005, 04:34 PM

Thank you John Mckenna for your time and effort.

I have done everything that you asked above. Norton's auto-protect is still not working. I did a Kasperksy online scan and it found three things. I'm guessing Kaspersky finds it but it doesn't fix them? Because there wasn't an option to fix it. I did save the report as directed.

This is the Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:52:36 AM, on 12/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\wmconnect\wwm.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_3_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Register.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\Register.exe
O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe
O4 - Global Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: First Class Solitaire by pogo - http://solitaire26.pogo.com/applet/solitai...2-ob-assets.cab
O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtn_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.3.1.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {4FCE7460-D289-4037-A570-4E4DED74ADC9} (WebTrackOCXX4.WebTrackOCX4) - http://www.mediatechnics.net/np5cd/files/WebTrackOCX4.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {BD70B8AE-CE34-11D5-9F7A-0090F50400FE} (PlayIt7Student.PlayIt7e) - file://D:\content\PlayIt7e.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (SoundCtl Class) - http://www.buzme.com/ActiveX/NPBMCtrl.cab
O16 - DPF: {D94B2F87-CE31-11D5-9F7A-0090F50400FE} (NP5Sample.docBookNP5) - file://D:\content\bwnp5s.CAB
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_3_0.cab
O16 - DPF: {F7E3BB7B-9B9F-11D5-9F7A-0090F50400FE} (PlayIt7Student.PlayIt7d) - file://D:\content\PlayIt7d.CAB
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{689E37C8-952F-4695-823F-D1ACC05B8B7F}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

This is the Kaspersky report:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, December 04, 2005 01:18:45
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 4/12/2005
Kaspersky Anti-Virus database records: 163160
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 72147
Number of viruses found: 3
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 10277 sec

Infected Object Name - Virus Name
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\29FC080D.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2DA72E31.class Infected: Trojan.Java.ClassLoader.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP124\A0051423.dll Infected: not-a-virus:AdWare.Win32.BHO.h

Scan process completed.

How do I get rid of those three viruses? Thank you again for your help.

Ok nappychick, your log is clean now.

I've double-checked the logs you've posted and Norton Auto-Protect is running in both of them.

These are the entries related to it:

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

Have you manually restarted it? Have a look at the link below for what Symantec say about this error message:

http://service1.symantec.com/SUPPORT/nav.n...o&seg=hho&tpre=


With regards the Kaspersky detections, two are already in Norton's Quarantine and the other is in a previous System Restore point which poses no threat unless you revert the machine back to this point in the future. We'll flush your restore points before we're done though.

Let me know if the Symantec link remedies the problem.

Gods bless you John McKenna!

The symantec site you gave above solved the problem. The red X is gone from the startup icon, I didn't get a driver error message upon the restart, and it now says norton auto-protect is enabled.

Thank you for helping me solve a headache of a problem.

I am ready to flush the restore points, however that is done.

I'm glad it's sorted.

Now that you're clean again, please follow these simple steps to keep yourself safe and secure in the future.


Re-enable Your Protection

If asked to reveal your hidden system files and folders during the course of the fix, please rehide those now by reversing the steps here.

Please also re-enable the real-time protection for any anti-spyware programs I asked you to disable before proceeding with the fix.


Disable and Re-enable System Restore to Flush Infected Restore Points

If you are using Windows ME or XP, you should disable and re-enable system restore to make sure there are no infected files found in your restore points.

You can find instructions on how to disable and re-enable system restore here:

Windows XP System Restore Guide

or

Managing Windows Millenium System Restore

Re-enable System Restore with instructions from the tutorial above and create a new Restore point.


Block Access to Untrustworthy Sites

You can prevent your computer from visiting a myriad of untrustworthy sites and ad-servers by installing a customised hosts file. One of the best available is the MVPS Hosts File. Simply follow the instructions to install the file in the correct location. This will not only make surfing safer but will improve website load times and block popups from many of the large ad-servers.


Clean out ALL Temp Files

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1: Delete Temp Files
To clean out your temp files, click on Start > Run, and type %temp% and press ok.

This should open up the temp directory that your machine uses. Please delete all files in this directory. If you get an error when deleting a file, skip that file and delete the rest. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the 'Delete Files' button and put a checkmark in 'Delete Offline Content'. Then press the OK button. This may take quite a while!

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet



Safe Surfing

HJM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.