9 replies to this topic

[gadi]

Hi, Randomly, when my internet connection dialer is disconnected, I'm getting an error message saying: "you (or a program) is trying to connect.... to www.symantec.com." I used once norton internet security but I uninstalled it several days ago. I'm still using winfax. I currently use AVG free addition and zone alarm. I ran the online symantec virus detection, and no virus was found. please help me to solve this problem. Thanks in advance, Gadi

[Micah_6:8]

Sounds like the Norton uninstall isn't complete.

Please do this:

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Download HijackThis into this folder.

If required a tutorial is here = Hijackthis Folder Tutorial

Links to Hijack This! v 1.99.1:

Hijack This! (© Merijn) at tools.radiosplace.com

Hijack This! (© Merijn) at spywarewarrior.com

Run it from that folder.

Click "Do a system scan and save a log file".

DO NOT "FIX" ANYTHING WITH IT YET!!!
FIXING THE WRONG THING COULD RENDER YOUR SYSTEM INOPERABLE!!!

Most of the things in the log will be benign, or even necessary.

Reply to this thread, and "copy/paste" the ENTIRE CONTENTS of the log file into this thread.

[gadi]

Thank you for your fast response.
I could not follow your instructions untill now because my computer could not connect to the internet.
I had to call someone to restore my coputer using a ghost clone.
However the problem reappeared immediately.
The HijackThis v1.99.1 is attached.
Sorry again for the delay in my response and thanks in advance for your help.
Gadi.


Logfile of HijackThis v1.99.1
Scan saved at 17:24:07, on 27/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\012Net\012Net-Cable dialer\fts.exe
C:\Program Files\012Net\012Net-Cable dialer\FWPortal.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ScannerU\AM32.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\DOCUME~1\gadi\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O5 "LPT1:" /M "Stylus C42"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [%FP%012-L2TP fts.exe] "C:\Program Files\012Net\012Net-Cable dialer\fts.exe"
O4 - HKLM\..\Run: [%FP%012-L2TP FWPortal.exe] "C:\Program Files\012Net\012Net-Cable dialer\FWPortal.exe" -no_dialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109202990780
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E51FC2C-F4B1-41CC-A54F-E39F5106F710}: NameServer = 84.95.14.250 212.116.161.39
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

[Micah_6:8]

Here's the culprit:

C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

Please make a PERMANANT folder for Hijack This!

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. MOVE (drag-and-drop) HijackThis into this folder.

If required a tutorial is here = Hijackthis Folder Tutorial

CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!

Run Hijack This!
Click "Do a systen scan only".
Then "check" the box to the left of these item(s):

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Then click "Fix checked" and close Hijack This!.

Reboot.

Run HijackThis!

Click the "Open the Misc Tools section" Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.

[gadi]

Hi, THis the contents: 012Net Adobe Acrobat 5.0 Adobe Photoshop 7.0 ArcSoft PhotoBase 3 ArcSoft PhotoImpression ArcSoft PhotoPrinter 4 ArcSoft VideoImpression 1.6 AVG Free Edition Canon PIXMA iP1000 Concord WinFax Plugin v3.0 DivX 5.0.2 Bundle EPSON PhotoQuicker3.2 EPSON Printer Software HijackThis 1.99.1 LiveReg (Symantec Corporation) LiveUpdate 2.6 (Symantec Corporation) Microsoft Office Professional Edition 2003 Nero - Burning Rom On2 VP3 Video for Windows Codec Palm Desktop Plustek USB Scanner Sprint & FineReader 5.0 Office Try&Buy Spybot - Search & Destroy 1.4 Symantec WinFax PRO USB Driver Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB823559 Windows XP Hotfix - KB828741 Windows XP Hotfix - KB833407 Windows XP Hotfix - KB833987 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB835732 Windows XP Hotfix - KB840987 Windows XP Hotfix - KB841356 Windows XP Hotfix - KB841533 Windows XP Hotfix - KB842773 Windows XP Hotfix - KB873376 Windows XP Hotfix - KB887822 Windows XP Hotfix (SP1) [See Q329048 for more information] Windows XP Hotfix (SP1) [See Q329390 for more information] Windows XP Hotfix (SP1) [See Q329441 for more information] Windows XP Hotfix (SP1) [See Q329834 for more information] Windows XP Hotfix (SP1) Q329170 Windows XP Hotfix (SP1) Q810577 Windows XP Hotfix (SP1) Q810833 Windows XP Hotfix (SP1) Q815021 Windows XP Hotfix (SP1) Q817606 Windows XP Hotfix (SP2) [See Q329115 for more information] XviD Video Codec 04092002-1 (Koepi's build with EPSZ ME) ZoneAlarm ארכיונר WinRAR I found another problem: when I try to search I get: "A file that is required to run search companion cannot be found. You may need to run setup". But if I am connected to the internet while trying the search, there is no problem and I can make the search. So, at this moment I have to be connected to the internet in order to make a search. Thanks, Gadi

[Micah_6:8]

I was going to have you uninstall Symantec's Liveupdate.

But, now, seeing that you have other Symantec software installed, I do not think that is a good idea.

So your "mysterious" program is not mysterious any longer - It's part of Symantec.

I found another problem: when I try to search I get: "A file that is required to run search companion cannot be found. You may need to run setup".
But if I am connected to the internet while trying the search, there is no problem and I can make the search.
So, at this moment I have to be connected to the internet in order to make a search.

What are you searching for, what program are you using to search with, and where are you searching (your PC, or the Internet)?

[gadi]

It happens when I am in the explorer and click search. I do that to find files in " search companion" and then in:"all files and folders". It also happens when I click on start and then on search.

[Micah_6:8]

Read this page:

Error Message: "A File That Is Required to Run Search Companion Cannot Be Found"

[gadi]

Thank you. I do not read English so well, so it will take me sometime to understand the articles and to reply.

[Micah_6:8]

This topic is now closed.

If you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.

If this is not your thread please start a New Topic.