Strange Windows 7 Issue 3

[missymarie1014]

Let me start by saying a few things. This is my first experience with Windows 7, and this is 64-bit Windows 7. I can't really identify whether this is an operating system issue or a virus/spyware/malware issue. I could wipe the machine and start over, but I'd really like to explore this first. I decided to post in this forum first.

I am assisting a neighbor with a tempermental machine. This is an Acer laptop that had Windows Vista and has been upgraded to Windows 7 Home Premium 64-bit. I have analyzed running processes, start up options, registry issues, etc, but I cannot determine what is going on.

The machine has some interesting symptoms. It connects successfully to the Internet and allows Internet Explorer 8 and email programs to function properly. Current versions of Mozilla Firefox and Google Chrome (I uninstalled the existing versions which were not functioning properly and downloaded current versions) install successfully and load but are unable to render any pages. After removing all virus/spyware/malware programs (Note: I disabled Norton Internet Security by uninstalling all associated programs that would allow uninstall. The main program would not allow uninstall because it requires a 32-bit operating system to be able to perform the uninstall. Don't you just love Symantec!!! The software is still present but no longer running), I have downloaded AntiMalWareBytes and Avira personal antivirus software and each program installed successfully, but when asking the programs to update definitions, each program crashed with errors and stopped running. I joined MalWareBytes forum and posted relative to the error I received ... "Error Code 732 (12029,0)". I have not heard back yet. In addition, Office 2003 is on this machine. Excel loads properly but Word hangs and does not load at all. I am now downloading Hijack This and will post a log shortly. Thanks for any assistance and guidance with this situation.

 

[missymarie1014]

Here is the Hijack this log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:25 AM, on 3/13/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Users\Tommy\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\TrueSwitchVerizon\TrueWizard.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://wapp.verizon.net/bookmarks/bmredir.asp?

region=all&bw=fiber&cd=7.0yahoo&bm=yh_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs

\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs

\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared

\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn

\YTSING~1.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec

Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn

\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr

\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin

\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchVerizon\TrueWizard.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:

\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -

https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common

\Yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -

http://www.adobe.com/products/acrobat/nos/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir

Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop

\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin

\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery

\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings

\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater

\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:

\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC

\symlcsvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9984 bytes

 

[pechenegs]

The log looks clean, it sounds more like hardware probs or incompatible hardware/software or drivers?

Would be better posting this in the win 7 forum?

Did they do a compatibility check using microsoft's tool to see if the machine is compatible for win 7 upgrade, it should be if Vista was on it but you need to check out the processor etc?

I've read you need about 4 gigs of Ram to run 64 bit.

Did they do an upgrade from Vista or a clean install, clean install is always better!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

 

[pechenegs]

If you post in the win 7 forum you should state the specs of the machine, how much Ram, harddrive size, graphics card etc and tell them you've been in here and we/I think it's a hardware or incomtability issue!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

 

[tlcscousin]

http://service1.symantec.com/support/tsgeninfo.nsf/docid/2005033108162039

Try running Nortons removal tool to see if it will remove the left overs.

 

[missymarie1014]

Thanks for the heads up on the Norton removal tool. Norton Internet Security was the issue that was mucking up the machine. I removed it properly and everything cleaned up perfectly! Thanks a lot!

 

[pechenegs]

ok, glad you got it sorted, i have been ranting for years about Norton and even wrote a little piece on how to disable and remove Norton as it causes far too many problems and is basically useless as a program and then I forgot lol!

The main problem with Norton, and also Mcafee is to disable all it's running services to stop it running and then uninstall it!

Well done to TL for pointing you in the right direction!


This is the little piece i wrote about norton and have hardly used it, it is probably a bit outdated as there are obviously newer versions since I wrote this!



Norton uninstallation guidelines!


Because of the problems encountered by many posters to this and many
other forums I have decided to write a thread on how to remove Norton
anti virus!


This guideline can also be used for the removal of McAfee or any other
anti virus program!


open Norton anti virus, click about, and obtain the version of Norton
anti virus you have, should be a year like 2002 etc!


You will need this to determine what version you have if you need to
use the Norton uninstallers!



Please download these uninstallers for whatever version of Norton
below and have them ready if needed!


Download them to somewhere you can find them like your desktop!




Uninstall Norton Anti virus. USe Norton's knowledge base.


This link below for Norton 2003-2007

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

This link below is for Norton 2000-2002

http://service1.symantec.com/SUPPORT/nsw.nsf/docid/2001101612274407

Before uninstalling Norton do these instructions first!



go to start/run/type msconfig/click ok/tick the radial dial selective
startup/click the startup tab/ uncheck any boxes to do with Symantec,
Norton and live update!

then click ok and then exit!



Also do this and disable any running Norton/Symantec services!



Click Start > Run > and type in:

services.msc

Click OK.

In the services window find Winlogon Notify: Automatic LiveUpdate Scheduler
Right click and choose "Properties". On the "General" tab under "Service
Status" click the "Stop" button to stop the service. Beside "Startup Type"
in the dropdown menu select "Disabled". Click Apply then OK. Exit the
Services utility.


Note: You may get an error here when trying to access the properties of
the service. If you do get an error, just select the service and look
there in the top left of the main service window and click "Stop" to
stop the service. If that gives an error or it is already stopped, just
skip this step and proceed with the rest.



Then disable all of these services by repeating the above!



These are optional, there maybe others not mentioned here, disable
whatever Norton/Symantec you find!


Note: you will alos do this if uninstalling McAfee or any other anti
virus!


Automatic LiveUpdate Scheduler
Symantec Event Manager (ccEvtMgr) Symantec Settings Manager (ccSetMgr)
Symantec Lic NetConnect service (CLTNetCnService) IS Password Validation
(ISPwdSvc) LiveUpdate
Norton UnErase Protection (NProtectService) -
Speed Disk service - Symantec Corporation -
Symantec AppCore Service (SymAppCore)



Then go to add/remove in control panel and click to remove Norton!


If this fails, then run the uninstaller for the version you have!


If you still have problems then post a hijack this log to the relevant
forum and await instructions!



Member of ASAP Alliance of Security Analysis Professionals

under the name khazars