services.msc help ?

I did as instructed and this is what I got, from Run typed services.msc and it opened a window, with a list of stuff. Didn't see "Network Security Survices " Listed, but I did look at the Network services listed. I didn't like what I saw in them. This is that typed not loaded from my pc ok.

Netmeeting Remote Desktop Shared
startup type = manual
I disabled it becaause I don't use netmeeting anyway.

Network Connections Properties
startup type = started
path to executable=
c:\windows\system32\svchost.exe-k netsvcs
was manual = now disabled

Network Local Awareness Properties
same as above. = now disabled

Then I looked at this one.

NT LM Security Support Provider
path to executable=
c\windows\system32\lsass.exe
was stopped = now disabled

Did I do wrong ?
was affraid to reboot even in safe mode for fear they might be virus that can restart after shut down. I tried the online scaner from MicroTrend , but I just shut down for some reason.
I have major trouble huh !
Still dodn't see Sysclean on this site, give a link please. Help asap ! Carl

 

Well excuse me, I am not sure of this stuff myself. I can undo what I did no problem at all. When I did not see that security services name loaded. I just thought that maybe it might be named differently on my pc. And when I saw "NT LM Security Support" I thought that maybe it really was named differently. That's all, and that's why I came back to ask before I went on ahead with the rest of the instructions. I have not changed anything that is set in stone. I am here because I need help, I cannot afford to lose my pc now, and sure don't want to have to load all my software again on it. Please be patient with me, I am learning, and learning alot from this site. But time is not on my side at all. I am self employed and time is money for me, big time. I wrote everything down that I saw and did in that area. I will change it back, but next question is, In the Remote Access my pc is enabled for remote access. And I looked at that in the past and I know it was not enabled before, because it made me curious about that. Should I change that or not ? I have been here waiting for a response before proceding further, I have the downloads that were mentioned, but I have one other question in that regard as well. I didn't know that my documents and settings was a temp folder, nor the desktop. And I am not real sure how to move hijackthis from there to a "c:" folder. Is it best just to delete the files and start over ? Or am I off base and misunderstanding something ?
I wish I had started trying to understand this all when I was younger, but I didn't and know I am trying to play catch up as best I can. Please don't get upset at me, I am trying. Carl

 

Attn: chaslang

This might help. Carl seems to be getting a lot of differing advice on a lot of different threads in the software forum (something having to do with sysclean, etc...) Frankly, I'm not so sure he had much of a problem to begin with. At some point, somebody told him to post a HJT log and he did and here is where this new mess started.

It seems he hit step 3 in the getting prepared section of 35407 and went haywire. He probably missed the About:blank or Homesearch part and went looking for NSS. In the tutorial, it does NOT say that if you don't find NSS to continue on (it probably should). However, it does not say to go nuts and start turning things off, either!

Carl, again man, hang in there! You're in good hands with chaslang.

 

It's clearly my fault, I messed up, trying to hurry and get this done. Didn't want to spend another allniter working on pc's. Had been fixing problems on my sisters compaq all weekend, and now this one of mine. I'm self employed and just really getting started good with it, it comsumes most of my time and I get a lot of static from my wife about my time I work anyway. Ever been there ? It's not fun, I have worked my tail off to try and build this up for us, and I catch it from her, when I am doing it for her. The extra stress I do not need right now, and then I let my step daughter use my pc and she gets it loaded with trash and worms. Seems I can't win for losing right now. Oh well today is another day.
I am moving or rather reloading the programs needed to fix now to a folder on C: just for them alone. I guess it will be okay to delete what I have already loaded in the temp folders I put them in. Right ? I have suredelete on my pc also, I guess it is okay to use that to remove them ?
Thanks for your help guys, over look me please, I am just learning how to do this stuff. I have a long ways to go yet. Carl

 

I still have the log on my pc, the original log I ran with hijackthis. I can post it as an attachment if you like ? I think I can figure that out anyway. My OS is XP home, my pc is not that great a one, it's an emachine T1090.
I have only seen that about blank screen a couple times, not many. My problem is that I have Free Ram Pro for XP on this and I know my ram is way low when I access the net. And at times it seems to take forever to even bring up my home page. I have had my pages redirected several times lately to sites I did not go to intentionally. Even while I was downloading these programs I have been told to get in this forum, I got a page that was way off base. My settings on ZoneAlarm have been changed several times without loading any new software or anything. And Auto Protect in Norton 03 was disabled several times without warning. I have kept all my updates fresh sense I discovered Windows XP had the ability to do so. Which as been quite a long time ago. Granted, at first when I started using this system I did not know that feature was on it. But I didn't notice any thing strange happening then either. I have had other people use my pc also, and I am not completely sure, they did not go somewhere or do something to it they were not supposed to do. But for the biggest part my step daughter and I are the main people who use the pc. I will not tell you I have never been to a porn site, that would be a lie, but I don't frequent them, and when I do it is just for laughs. And the porn files I have on my pc have been sent to me by my brother or a friend of mine, and I used hotmail virus scaner to check them before downloading them, plus I had Norton scan them as well. And I haven't been to any of those sites lately either.
When I ran Norton it didn't find any problems at all. But my ram was so low and with the settings being changed as they have been. I felt sure there was a virus or something on my pc. I found this site and downloaded AntiVir, when I came accross a post on another forum where someone had said they ran two AV programs on their pc. I never knew that it is best to run AV programs from safe mode, and I have never tried that. None of the programs readme files I have noticed have mentioned that even. So I am curious now as to what AV will pick up in safe mode. But I didn't want to do anything more until I got more info from you. I don't know who it was that said I had bad stuff on my pc from reading the log file I posted. But I believe he was right. When I open ZAlarm and check the programs access, I find several files that all read mirosoft update files, with just a small veriance to them. and they have not been on there for very long. That seems wrong to me, maybe not but I didn't have them before I really started noticing problems. Would you like to see the log I ran ? I was going to go to the link you placed in the forum that said it would anylize the log, but I wanted to talk with someone before I did. Maybe I should just run McAfee AV in safe mode first and see what it turns up ? I went ahead and placed it on this pc, after AntiVir found what it did the other day, it should be updated if it is all working as it says it is now. Hopefully they have patched it up well. It's McAfee Pro 6.0 fully updated as of this week I guess. I have done as instructed and unchecked the hiden folders and extentions. I have sysclean loaded, with the patch files also, but have a small question as to that also. I placed them in a folder with the other programs on C: that were mentioned earlier, do I need to place the patch files directly into sysclean or just leave them in the folder ? It wasn't real clear on that part from what I read. I'll close this and wait for your reply before proceding futher. Thanks Chaslang I do appreciate your time and effort you put into this site and helping others.

 

Well I did have AntiVir and McAfee loaded together, AntiVir was only set for scan only option, no guard protection on it at all, I was letting McAfee's Vshield run like Auto Protect in Norton. I had uninstalled Norton 03 after the virus' were found. Someone mentioned running two AV scaners at the same time to detect my problems, and I have read in other forums where people have done this also. I was going to try it for myself. But now I have only AntiVir installed, as I just went and uninstalled McAfee. Oh and I did install "a2" also as per instructed, so now I have "a2" and AntiVir only installed as AV protection. My pc is 128 MB of Ram, And I know that ZAlarm consumes a lot of ram also, with spybot and spyblaster, ad-aware se, and these new programs I have just installed to check this problem out, I am loaded real heavy with my other software I have loaded. And I will uninstall some it later after I run this scan. But I have most of set to run on command, not on start. At least it was, as of lately I would not swear to anything. LOL Right this moment Free Ram Pro is regestering 13 MB of free Ram. And it is just staying right there, ops now it jumped to 26 MB, And now 19 MB and falling. Quite often lately it stays around 7 to 15 MB, and I have seen it bottom out out zero more times than I can count. It just jumped to 34 and now falling again. ZoneAlarm shows me that Generic Host Process' for Win32 Svsc. Is accessing the net along with AntiVir scaning I guess, and my sbcyahoo browser. It dropped to 7 MB and now reloaded auto free to 33 MB. Well I am going to run this now and see what happens, I think I have all the info I need printed incase of trouble. I'll be back with the results later I hope. LOL And by the way, I keep messenger svcs blocked in ZoneAlarm, both yahoo and msn. I don't use them anymore sense the out breaks in problems got bad with those. As of reloading windows after removing McAfee just now, I have Ad-aware and SpyBot shut down, they are not running right now and my Ram is still this low. Later CT

 

Oh yeah sbcyahoo has it's very own browser. Just like AOL. It list it on my system just as sbcyahoo browser. At least that is what it says. Right at this moment I have only this browser open, and my Ram is at 23 MB. Now shutting down ZAlarm and I will tell you what that does. Went up to 26 MB now at 25 MB and holding there. The network monitor I guess you call it, the two little monitor screens in the system tray, are active more now, data transfer I am asuming, now at 26 MB. Holding at 26 MB, maybe someone is watching what I type and not draining the system to avoid detection, only guessing. If I close this browser I'll lose my connection to the site. I'll attach the log I recorded earlier. See what you make of this stuff, you know more about it than I do, whats up with this ? I had to use Properties Plus to add the .txt extention, for some reason my system doesn't add the file extention anymore. Or maybe never did not really sure now, been too long. But I changed the name of a tad bit also, so maybe that's why. That was wierd, I had to load it three times before I could get it to work. Scan it before you open it, I hope your scaner is better than Norton, this could be infected right ? Here it is, I'll wait around until I hear back from you, before I go any further in this stuff. Thanks CT

 

Okay let me do this and I'll be back.

 

While I was in SpyBot, I looked at the starup programs, to see if they were still the same. I noticed something I had seen earlier on the forum hijackthis files list, I thought, I can't remember just extacly what I saw now and might not even ba able to get to it any time soon. But this looked familar to me. And is loaded to start when windows does. HotKeys Cmd---- c:\windows\system32\hkcmd.exe\logon

Maybe that's okay, I just remember seening Cmd somewhere earlier, and I am pretty sure it was in one of the log files hijack or one of the programs. I didn't mess with it because I am thinking that if it is a bad file, SpyBot will pick it up.
Teatimer is off, my Ram is up to 32 MB. Gona run the other program now. brb I should still do this from safe mode right ? But you didn't specify it so ?

 

Well I am back again, got the requested log for you. And more info too. I spent many hours reading and checking things out. It seems to me that I have programs reloaded on my pc that I removed in the past. Well in fact I know I do because McAfee and Norton are reinstalled again. Along with AV6.0. I found a folder in my program files called AutoExe.Bat, I know that's not right. And I read over this log also, this is some strange stuff. Seems I have a mirrored C: drive or another copy of it or something. This is not my field of experptise, it's yours, so just figure out what I need to do and I will print it up and follow it to the tee. And if all else fails I do have the the original computer disc that came with this pc, and I will just reload the entire drive. I hope that's not going to have to happen, but I am prepared. Thanks for your time and help.
CT

 

I also went back and did as you instructed in that last post,steps one and two. My memory usage jumped to 43 MB, just out of curiousity I exited all programs and only left PCBoost running to clock memory, at first it made no change, then I hit the free ram button and it went to 71 MB. it stayed there for a while then dropped down to 45 MB. So that's how that went also.
Have a great day ! I'll check back later, more reading to do now. CT

 

Unless the pc is not telling me correctly, sys restore is disabled, and has been for a while. I turned it off upon disovery of the trojans and other virus'. Actually I turned it off before the scan. I will double check it anyway. Does this log tell you that is on ? Let me know please....
CT

 

Also I do not use a proxy server. That'a probably what the trojan did to my system, reset that in internet options. Just guessing.... CT

I do remember when that problen occured however, and funny my isp didn't mention what might have occured, they just showed my how to reset it.

 

Huuummmmm...... That make me more curious then, because if you are not seeing a reason for the items reinstalling, then whats up with that ? MSCONFIG from run will show me for sure if restore is active right ? ( In services).... How far does system clean go to fix these sort of problems ? Maybe I need to ask that in the software forum. And I will, if you don't have time to mess with it, then don't. I defenitly have all the rsources here I need to resolve these issues. And I will get to the bottom of it all eventually. Thanks Chas

 

Okay Mastertech,
1. AntiVir, and a2, are removed Norton and McAfee were false positives I guess that's the correct term. Upon trying to uninstall, Windows could not locate the programs. Now they are even gone from all locations I was seeing them.

2. AVG 6.0 will not allow me to remove at all, I get this error message. =
An error has occured in your application.
If you choose Ignor, you should save your work in a new file
If you choose close, your application will terminate.

When I choose either choice I get this message. =

Setup caused a General Protection Fault in module
Setup.EXE at 0001:OEDC
Choose close. Setup will close.

I had forgtton that I downloaded AVG 6.0 , but I do not remember installing the application. I did not see it in the "add/remove programs" in the Control Panel before I saw Norton and McAfee's programs back on my system, nor did I see it in the menu bar programs.

3. I cannot remember the exact error message displayed when Housecall termintated. I will re-run it as you instructed and get that for you. But should I try that before correcting this AVG 6.0 problem ?

4. Yes scaned, Updated Ad-aware SE scan did not return any problems I can recall. But I ran the 6.0 regularly prior to installing SE.

5. Yes scaned, Updated SpyBot S&D returned many problems.

 

Hey Chas, Thanks for the reply.

1. I was waiting to hear back from one of you before running Houscall again. With the problem with AVG 6.0, I didn't want to make things worse.

2. Here is the error message from AVG 6.0 =

AVG 6.0 will not allow me to remove at all, I get this error message. =
An error has occured in your application.
If you choose Ignor, you should save your work in a new file
If you choose close, your application will terminate.

When I choose either choice I get this message. =

Setup caused a General Protection Fault in module
Setup.EXE at 0001:OEDC
Choose close. Setup will close.

3. SpyBot returned only one cookie, the rest were MRU's =
note : I didn't fix them, just saved a report of the log just incase.

4. I did run hijackthis again, and I did fix the errors you had told me to earlier in the other reply. I haven't noticed any change yet really. Ram is at 17 MB right now.

5. If I reinstall AVG 6.0 to the same directory it should overwrite the first install ? I am going to try now, and then run Housecall again also. Make sense ? CT

 

Hey Chaslang, Mastertech,

1. I finally got AVG6.0 fixed. So disreguard the error code and issue with that.

2. Using FireFox browser to run Housecall makes me have to load additional software that I really don't want on my pc right now. So I tried to complete the installation of SysClean, and that hasn't gone well either. Not sure I understand how to load patch update for it so it can read from it.
3. When clicked on TrendMirco link to get the base download that goes okay, when I try to get the patern files, and install it, that's where I am having trouble.
4. I did as instructed, created a folder on C: drive seprate from all other folders and have the tools you have instructed me to get, along with sysclean.com. It shows me a "DOS application" when I move my mouse over it. I loaded the patern zip file to the fiolder itself, and opened it there, that didn't work. Then I removed the patern zip file and the folder it created upon opening it. Then went back to site and downloaded again, this time I tryed to open sysclean.com and download it that way. That didn't work either. Help !

 

08-19-04, 01:22
Mastertech's Avatar
Mastertech Mastertech is offline
Major Geek

Join Date: Jul 2002
Location: NJ
Posts: 1,458
Default Re: Virus Found Norton Missed-2
1. Did you run Sysclean?
2. Did you run Sysclean in safemode?
3. Did it find anything?

1. I think that was before you got involved in this with me.
2. Others have said also that hijack is the last resort. It's in a read post here correct ?
3. The online page at Trend Micro says that if you have trouble getting the online version to work to download the program.
4. I know you have your hands full dude, I noticed the other night you were here most of the night. And because of my inexperience with these forums, and computers, I didn't know where to post my first request for help.
5. I read that if we should happen to post in the wrong place, that it was no problem, someone would move it to the correct location.
6. Yes, reinstalling the program AVG6.0 fixed it. But I had two different installations in different places. And I know that I did not do that..... So I had to reinstall it twice.
7. It's killing my pocket book not being able to have this this computer functioning like it should now. I have more in this now with my lose of time, than this thing was worth in the first place. I have pdf forms waiting for me to download, so I can take care of my clients. 3 days at $300.00 a day roughly.

 

Okay, well thanks for the help, I am lost without you guys.

1. Yes AVG 6.0 is the only anti-v on my system now. Running, anyway. I have a2 not installed, but kept the exe for later if needed.

2. No one from this forum told me to use FireFox, but at the same time. I did tell someone I thought, that I had been using it.

3. No one told me to use IE to run Trend Micro, not that I can recall anyway.

4. that's besides the point anyway now. I will run Housecall in IE and see what happens. I will post my finding before proceeding any futher. Then I will finish with what you instructed. Sorry for the confussion....

 

1. When opening forums page just now with IE, got a message: "SpyBot has blocked "doubleclick" download"

2. What is that ?

3. Do I need it ?

4. Do I need to shut down SpyBot before running Housecall ?

5. Do I need to shut down AVG 6.0 before running Housecall ?

6. I have purchased a new pc to do my work with, so that will elimimate my rush to fix this pc now. I will work on it as I get time now.

 

Chas I saw you here reading my new post I asume, will you instruct me as what to do with SpyBot and AVG running while trying to run Housecall please.

 

Thanks for getting back to me Mastertech,

1. I am running Housecall at this moment, it's not finished. I am asuming it needs constant internet connection to perform it's duty.

2. My dail-up to sbc times out if I do not browse or something more than just download or use it in this manner. Disconnected twice thus far. So I had to start over. So I am using my sbc browser now to tell you this.
Hope that will not affect the results, but it seems to be functioning okay thus far.

3. I went ahead and tried to run housecall without removing or disabling anything. So far so good I think. except when I minused the screen it seems to be gone completely, but by the load on the activity light on the pc itself, it's red and flashes when you do anything at all, but it's constantly red now. I do still have the page open to Trend Micro, just don't see the scan window now, and can't get it back. That Okay ?

 

After restoring the housecall page back to full screen this time, it brought back the scan window as well. didn't do that the first time I tried it, but it's still running just as it was to start with. I will limit my activity only to keep the connection up.

Just didn't want to get DSL right now, still a ways to go before I am comfortable with income and expense concerning my business.

 

Just comments not important.

Yes I will eventually get DSL, and I am aware of the speed differences. But as of now, I don't feel I understand and have had this pc safe enough for DSL. I want to make sure I know more, and have the best tools in place prior to DSL installation.
I thought I was on top of my security, but now I know differently. I make substancial income in my business, but I am not clear yet as of my total investment yet either. Last year I took a pretty good loss and I need to recover from that before I go on into spending money I can get around other wise. That's why I was attempting to correct this myself. A reliable connection is more important now than speed. And I am not happy with sbc at this point either. My old isp never disconnected me with downloading or uploading to the net.

 

Okay finished the housecall scan.

1. didn't find anything at all.

2. only scanned 49631 files, checked My Computer as it recommended. However =

3. I have over 110,000 files my resident anti-v scanner, Norton 03 was scanning.

4. will continue on with your previous instructions now.

5. what about ADS ? I have been reading some about that.

6. Ad-aware SE now gives the option to scan ADS, I do not understand it all, but I did notice post reading about ADS that the option is on the Ad-aware software now.

 

Mastertech,

As I mentioned, I did run Housecall in IE, but I have my connection to sbc set so I cannot close the sbc browser without losing my connection to the net. I have tried every way I can find to reset the browser to stay connected when the browser is closed. But It hasn't worked so far. If it is important to this to the point of absolute, then I will contact sbc and let them help me figure it out. Waiting to hear from you okay..... CT

 

Okay well I went and called sbc to see if they could help me fix the disconnect issue when closing the sbc browser. I now have the issue corrected. I had to setup a manual connection so that it would over ride the browsers default settings.

I will now re-run housecall with all other browsers closed. brb

 

Okay finished all of that.

1. Uninstalled SpyBot to be sure not interferring with scan. Didn't change number of files scanned with housecall.

2. Housecall didn't find anything post 2nd scan.

3. McAfee stinger scan = set option to scan all files. Nothing found. stinger scanned over 127,000 files.

4. Using the manual connection now eliminates sbc connection time out now.

5. Re-installing SpyBot now. No teatimer activation.

6. Want to know who told me to activate teatimer ? Same person who sugested loading SpyBot, and SpyBlaster. Directed me to this sight also.

 

I hope I didn't offend anyone in my haste and inexperience. Chaslang, if I did seem rude or unappreciative or not wanting to follow your directions I do appolgize to you. I am doing my best with this please understand, I guess I had too much info to follow and in too big a rush to keep up with it all. I applogize for the confusion I caused. I hope you realize I meant no harm, or bad feelings, certainly didn't mean to cause any confusion. I do appreciate all the effort each one of you have given me, I could not have gotten this far without all of you. Thanks for your patients and time to help me. I still have no idea how I could have installed AVG 6.0 in two locations. But I have been under so much stress and spent so much time without sleep this past week, nothing I do will suprize me now. My wive gave birth to our newest family member this weekend also, I now have my second beautiful baby girl.
Thanks to all of you, I really mean that !

CT

 

I went to double check all my security programs updates tonight.

1. Ad-aware SE launched an alert for "NCLAUNCH.EXe", read an attempt to delete regestry value. Not sure what NCLAUNCH.EXe is ? Is that something I need or something bad ?

2. If it is bad, how do I get back to take it out ?

3. Will Ad-aware take it out if I run a new scan ?

4. My ram usage is better than before we started this, but when I connect to internet it drops drasticly still.

5. What is normal Ram usage on average ?

6. I am not sure what accounts for Ram usage on a pc, hard drive disc space ?

6. (a) programs running process' ?

7. I have a 40gb hard drive with approx. 12gb used.

 

I got the VX2 installed into SE, was not already installed by the way. Ran it and it said my pc was clean. Worked fine I guess, didn't have any problems with it at all. I just hope that all these things work as they are supposed too. Ran scan for ADS with SE also, came back clean as well. I guess that Anti-Vir did it's job correctly. Found the bugs and got them off my system. I am very glad I found Anti-Vir and it worked. Norton S**KS I will not re-install it any of my pc's, wish I could get my money back now.

My hat goes off to you guys, I could not have learnt this much about all this on my own in such short a time. Thank You Very Much ! I will now go to the software forum and see if I can get some help getting my memory up on my older pc. It's better than it was now, but I am not satisfied, reads 22MB at this moment.
You guys are great, thanks so much ! CT

 

I keep all programs updated regularly now that I know more about what's out there. I have been keeping up with all updates for my programs weekly. But that still wasn't enough to protect me either. Oh well I am learning, and this has been great experience for me. Thanks Chaslang, And Thank You Mastertech ! I am glad I found this site and forum. I have already recommended it to many people. Carl_Tapp_775

 

Hmmmmm..... Well, I don't know ! I went to the location given. Downloaded the file and it showed up inside the addon's in SE once extracted from the zip file. It gave me the option to run it and I did. It looked just like the snapshot of the way it should according to what I saw. It came back with another screen that stated my system was clean. But it ran really fast also, that made me wonder, but I was taking it for what I was told. So I will double check and download from the link you gave me Chas. Thanks Again...... CT