Here's My LOG - eeek

babyoh · June 30, 2007, 07:47:47 AM

about a week ago, my computer started acting up.
now, 1) it's VERY slow when i'm online -- about 5-10x slower, and 2) the Saved Password features in both OPERA and FIREFOX either work poorly or not at all.
- these following things happened a little before the problems:
1) i upgraded from FIREFOX 1.5 to FF 2
2) i started messing around with MySpace China (I Know, I Know... never again), and
3) the electricity went out, causing my computer to shut off abruptly

- i'm clean in Spybot and symantec norton av. (it didn't sound like i had smit-fraud, so i didn't download for that, per the instructions for s-fraud.)

*anyway, here's my log. (please tell me the chinese aren't hiding in here, k?)
:sinking:

*
Logfile of HijackThis v1.99.1
Scan saved at 12:15:04 AM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\System32\igfxext.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted IP range: http://192.168.1.254
O15 - Trusted IP range: http://204.60.203.227
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

SpyDie · June 30, 2007, 09:30:22 PM

Quote*anyway, here's my log. (please tell me the chinese aren't hiding in here, k?)

LOL. I'm sorry but I found that funny.

Nothing jumps out at my in that logfile. I'd be pointing to Norton firstly.

When you are using Firefox or Opera what's the CPU usage like? When you are using Firefox/Opera and you notice things are grinding to a halt, open up Task Manager (press Ctrl + Alt + Delete) and see what it using the most CPU and what process has the most memory usage.

babyoh · July 01, 2007, 05:11:39 AM

no, CPU usage is FINE.
that's very strange, by the way: i don't think i've ever had slowdowns this major, without also having spikes in CPU usage.
(my hard drive light doesn't even turn ON. and Task Manager shows all is quiet.)
:blink:
i'd gotten norton NIS months ago, and kept re-configuring it, since it had been slowing me down with its processes (LUCOMSproxy, etc.)
* i turned off its' FIREWALL, and use XP's instead. i also turned off automatic updates, and do those by hand now. -- which made me ALOT faster, by the way
:Win73:
my connection is much faster today, but i still have problems with my auto-passwords not working right in either OPERA or FIREFOX.
i haven't re-built those files, because i thought it's very unlikely that both got corrupted at the same time.
...i read online, that some page's code can interfere with that password function.
*this problem began AFTER i upgraded to FIREFOX 2 -- could this be the problem?--
http://it.slashdot.org/article.pl?sid=06/11/21/2319243&from=rss

(Has the BUG been PATCHED, does anyone know?)

...if there was some new chinese keylogger etc, there'd be SOME evidence you'd see in my log, right??

(i emptied each browser's caches separately, and used Ccleaner. FIREFOX showed that all my passwords in password manager were DELETED -- but they re-appeared after a re-boot. - so, SOMETHING is messed up.)
:confused:

Ripley · July 01, 2007, 10:33:07 PM

babyoh,

I went from 1.5 to 2. a while ago, but didn't have any problems with passwords in Fx. I did a new install of Fx as opposed to installing over the top. I have updated thru all 2. versions and am 2.0.0.4 now and haven't seen these problems.

Here are the security fixes with Fx versions 2.0.0.1, 2.0.0.2, 2.0.0.3, and 2.0.0.4
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.4

As far as the specific "bug" reported as 360493 referenced in the Slashdot article...here's what I read:

QuoteStatus: RESOLVED FIXED

https://bugzilla.mozilla.org/show_bug.cgi?id=360493

At the link below are release notes with some known issues listed and some basic troubleshooting recs.
Release notes
http://en-us.www.mozilla.com/en-US/firefox/2.0.0.4/releasenotes/

Hopefully, some of this will help in narrowing this down.

Corrine · July 01, 2007, 11:53:30 PM

Quotei also turned off automatic updates, and do those by hand now. -- which made me ALOT faster, by the way

Turning off Automatic Updates is not going to affect your speed. Updates are only issued once a month, the second Tuesday of the month.

babyoh · July 07, 2007, 05:19:07 AM

hi corinne.

are you referring to microsoft auto-updates -- or symantec's?

i meant the norton symantec auto-updates.

since updating to the newer NIS, i started getting terrible freezes - when i checked task manager, i saw that norton processes were running in the background at these times.

it may have been coincidence, but when i disabled norton's auto-updates, i stopped getting those horrendous freezes (although, LUCOMS etc still become active, they use less CPU power).

i read somewhere that norton auto-checks in the background for updates every 4 hours- i'd rather update on my own, than having the "surprise" freeze when i'm in the middle of working, and everything comes to a grinding halt.

* strangely, my saved passwords in opera and firefox are slowly coming back from the dead.

the mysteries of computers.
:blink:

Corrine · July 07, 2007, 12:06:46 PM

I thought you meant Microsoft updates. Regardless, you do need to get Norton updates daily.

Paddy · July 07, 2007, 01:17:03 PM

Not sure if this work around will help or not worth having a look though

http://service1.symantec.com/SUPPORT/sharedtech.nsf/0/ccefb6e6839e912488256b2600713c9d?OpenDocument

Quote

Computer stops responding when Automatic LiveUpdate runs
Situation:
You are using Norton AntiVirus and have Automatic LiveUpdate enabled. When Automatic LiveUpdate runs, the computer stops responding.

Solution:
This problem has been reported to Symantec Technical Support, but we have not been able to reproduce the problem. The cause is unknown, and there is no solution at this time. This document will be updated if new information or a solution is found.

As a workaround, you can change the Automatic LiveUpdate Option setting to "Notify me when Updates are Available" to allow Automatic LiveUpdate to complete. Changing the option will cause Automatic LiveUpdate to prompt you to run LiveUpdate manually, which should download the virus definitions successfully.

To change the option for Automatic LiveUpdate
1.   Start Norton AntiVirus (NAV). If NAV is part of Norton SystemWorks (NSW), then start NSW.
2.   Click Options. If you have NSW, then click Norton AntiVirus.
3.   Click LiveUpdate under the Internet section.
4.   Click "Notify me when updates are available."
5.   Click OK.

Automatic LiveUpdate should now prompt you to run LiveUpdate when there are new virus definitions available. When you see the prompt, choose to run LiveUpdate and download the virus definitions.

Technical Information:
This can happen if the file Lucomserver runs but does not terminate. This can cause the computer to run low on resources and stop responding.

numbnuts.. :Hammys pint: