Strange events indicate problem?

Status
Not open for further replies.

captainrob

Posts: 9   +0
Hello,
Any thoughts/ideas on Norton Internet Security 2008?

I'm suspicious it may have let something through, and wondering if I need supplemental protection.

CaptRob
 
You're going to have to be more specific. IF you just want an opinion on Norton, I can give you one- I prefer other products over Norton.

Now, what is your problem?
 
Bobbye,
Thanks for the reply. I had typed out a very detailed account of the problem, but since I'm new to TechSpot, I have to post 5 times before I can paste a link! The HiJackThis log is of links, so I'll have to post later.

I just returned home from work, so I'll post my other 3 or 4 responses, then I'll be able to give you the details.

Annoying, but I understand TechSpot has to protect itself against becoming abused for marketing ...
CaptRob
 
The reason I'm asking about Norton... I've read some remarks that it is not as good as its marketing.

I'm wondering if there is a higher level of protection afforded via supplementing Norton with other software.

CaptRob
 
Here's the first part of the story:

Good morning,
Several recent red flags are suspicious. First, some background.

I bought new HP pc Dec'07 & installed Norton Internet Security 2008. The pc is for home/family use, and I set high levels of parental contols for the kids and wife (you can imagine how the wife likes that!). I switched to Firefox Beta 3 about a month ago.

Last night, Firefox blocked my daughter from Wunderground. When I tried to give permission via the pop-up, Firefox began opening tabs in rapid succession. When I finally was able to stop it, more than 80 tabs had to be deleted when Firefox closed.

I logged on & checked Norton; it did not indicate a problem. I commanded a Live Update, then a full system scan. I left it running & went to bed. When I awoke this am, I woke up the pc, but it l locked up in the "Loffing Off" mode. I evnetually had to do a hard shutdown by powering off.

I powered up, then did a normal shut down. After the successful shutdown, I turned pc on & checked the Norton Log. Apparently last night's Full System Scan didn't complete; there was no record in the Log. I noticed a "Launcher.exe" made 105 changes to Windows Startup Settings this morning.
 
the rest of the story:
I googled launcher.exe and discovered Techspot. I am impressed by the technical proficiency of members, and took the advice to use HiJackThis. Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:01:54 AM, on 4/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8382 bytes



I have two questions:
1. Anything suspicious in the HJT log?
2. Any suggestions regarding supplemental security software in addition to Norton?

Thanks very much,
CaptRob
 
Okay, I'm follow you here. about Norton, I twice got the free version with 2 new Dell systems. Replaced NIS on laptop as quickly as possible. My personal choice is for separate, free-standing programs, rather that a security suite- from anyone. IF there is a problem and you have a suite, it is often difficult to find the part that is causing it.

Many "loyal" Norton users have given it up in favor of other security software. I think it was about 2 years ago that those users realized what a 'resource hog' the Norton programs are. IT was that and difficulties getting the Live Updates in a timely manner and without problems.

I have been using Firefox for 3 years- I have the latest full release, v2.0.0.13. I don't get beta versions- why ask for trouble?! I opened the Wunderground site in Firefox with no problems or warnings. But I did use the Adblock extension so I checked it. There are a ton of icon ads on the site and Adblock blocked 7 of them. I did not gt any notice of a blocked pop-up so think it must be a beta 'thing'.

Go back tot he current full release of Firefox. Use the Adblock extension and it's companion Filterset updater:
For Adblock:
https://addons.update.mozilla.org/en-US/firefox/addon/10?id=10&application=firefox

For Adblock Filterset G:
https://addons.mozilla.org/en-US/firefox/addon/1136

I went to a router for added security. I also have AVG AV (paid) 2 spyware/adware programs and use the Windows Firewall. That has kept me safe, along with safe surfing habits. II don't have to use the Content section.

Re: Launcher.exe: launcher.exe is an executable belonging to many applications including Webshots- a Windows desktop downloader, Uinterface Mouselaunch- a file and application initiator, and also a hardware interface for Samsung products. Note: launcher.exe is an advertising program by Intercort Systems. (From Uniblue Process Library)

This smacks of spyware. I suggest you get Spybot & Destroy on board:
http://www.safer-networking.org/en/index.html

And SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
 
Bobbye,
Thanks a bunch! I appreciate your advice, and I guess I should have the hjt log reviewed further. Any suggestions where I should send it?
CaptRob
 
Hey Bobbye, I guess I am ignorant regarding the Firefox Beta... I had Beta 2 until recently upgraded to Beta 3. I didn't know there was a difference...
CaptRob
 
captainrob said:
Here's the first part of the story:

Good morning,
Several recent red flags are suspicious. First, some background.

I bought new HP pc Dec'07 & installed Norton Internet Security 2008. The pc is for home/family use, and I set high levels of parental contols for the kids and wife (you can imagine how the wife likes that!). I switched to Firefox Beta 3 about a month ago.

Last night, Firefox blocked my daughter from Wunderground. When I tried to give permission via the pop-up, Firefox began opening tabs in rapid succession. When I finally was able to stop it, more than 80 tabs had to be deleted when Firefox closed.

I logged on & checked Norton; it did not indicate a problem. I commanded a Live Update, then a full system scan. I left it running & went to bed. When I awoke this am, I woke up the pc, but it l locked up in the "Loffing Off" mode. I evnetually had to do a hard shutdown by powering off.

I powered up, then did a normal shut down. After the successful shutdown, I turned pc on & checked the Norton Log. Apparently last night's Full System Scan didn't complete; there was no record in the Log. I noticed a "Launcher.exe" made 105 changes to Windows Startup Settings this morning.

https://www.techspot.com/vb/showthread.php?p=605184#post605184

Go to the reference site I left for the malware cleaning process. Follow the directions for scanning and posting the logs as attachments. You won't have to go through all you posted except what I have quoted above. The URL above references this thread.

As for Firefox, v2 has been out of beta for a long time. You should have been getting notice of updates, some of which were for security and updating to the most current version of v2.0.0.13. Please go back an reload that version and make sure the following setting is checked:

Tools> options> Advanced> Update tab> 'when here is an update' section> check 'automatically download and install the update'. You will then get notice, but the update won't be installed until you close, then reopen Firefox. IF you only had the beta v2, you were at a security risk.

Wait for v3 to come out in full release.
 
Yes, it does. I also equate 'beta' with the term 'bugs'- Betas are testing versions of software, better used by those who are 'testers' and they are specifically put out to work out as many 'bugs' as possible before the Final Release to the public.
 
Bobbye,
Thanks; live & learn... or as Homer Simpson eloquently states: "Doh!!"
Thanks again for all your help.
CaptRob
 
You're welcome. Please go ahead with the malware cleaning. There are some entries you need to deal with.
 
Status
Not open for further replies.
Back