HJT says virus protection is diabled

[baseballplayer217]

I just downloaded adblock plus and flashgot for my firefox. Then i went to restart firefox, firefox wouldnt open. I then attempted to restart no luck. So i held the power button till it shut off. When it booted up again i noticed the virus wasnt loaded, also that the turnoff computer wasnt in the start menu, and the firewall was disabled. I ran ad-aware and it fixed the turn computer off and the firewall issue. What do i do here is my HJT Log hope this can be resolved!


Logfile of HijackThis v1.99.1
Scan saved at 9:13:40 PM, on 10/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tuna\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] -"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] -C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] -rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] -"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] -C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161565519515
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - -"C:\Program Files\Symantec AntiVirus\DefWatch.exe (file missing)
O23 - Service: LiveUpdate - Unknown owner - -"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: SAVRoam (SavRoam) - Unknown owner - -"C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - -C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Symantec AntiVirus - Unknown owner - -"C:\Program Files\Symantec AntiVirus\Rtvscan.exe (file missing)
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

 

[PC eye]

You have three items listed as unknowns but not pointed to as harmful.

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] -rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

There are several Symantec items of concern as well as Alcohol 120. The Symantec values show that you may have to reinstall that program to see full protection again.

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - -"C:\Program Files\Symantec AntiVirus\DefWatch.exe (file missing)
O23 - Service: LiveUpdate - Unknown owner - -"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: SAVRoam (SavRoam) - Unknown owner - -"C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec AntiVirus - Unknown owner - -"C:\Program Files\Symantec AntiVirus\Rtvscan.exe (file missing)

Somehow those were made inactive when something there clashed. You can try reinstalling the Symantec software after clicking the fix on these. Or you can go with alternative antivirus and firewall programs. AVG, Antivir, and Avast are the usual choices for freeware protection with Jetico and a few others besides Zone Free being advised for firewalls.

 

[baseballplayer217]

ok i just loaded ad-aware ad-watch and i always get a

Registry Modification Detected
Root:HKEY_CURRENT_USER
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:Config
Data:C\Program Files\Common Files\System\Win32KernelUpd.exe
New Data:

Hope this helps???

Oh and by the way i fixed those and rebooted but they were there again when it rebooted.

Also when i usually run a ad-aware scan there are 45 processes now only 22

 

[PC eye]

I would say lose the Symantec at least temporarily and try Ewido and AVG for a good run. AdAware has a summary with two small boxes to check off. One is for your passwords and things like that while the other is a list of the data miners and other crud you want to check off and remove by clicking on the next button there.

Symantec right now is corrupted to be seeing those errors. AdAware is pointing out that you need a few other removers to see the system cleaned. The third remover to try is Spybot Search & Destroy that is also a freeware. A fourth known as Webroot's Spy Sweeper is a shareware to try out. Let's start with the freewares first to see what they find.

For AVG's latest 7.5 version, http://free.grisoft.com/doc/2/lng/us/tpl/v5 The latest release also includes Linux support.
Grisoft recently bought Ewido to add to AVG, http://free.grisoft.com/doc/ewido-anti-spyware-free/lng/us/tpl/v5

Spybot's main download page is at http://www.safer-networking.org/en/download/index.html although you find this available at several freeware site that carry antispyware tools.

The last one is the shareware version of Webroot's Spy Sweeper. First run the others to see how it goes. The latest version 5.0 is available at http://www.download.com/Webroot-Spy-Sweeper/3000-8022_4-10192729.html

 

[Thomas00]

search-and-destroy

www.search-and-destroy.com is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software.

 

[PC eye]

Well I have some other news to report about the "search-and-destroy" you won't want to hear. It just got flagged when going to run the free online scan.