Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Amanea.com

Started by MintFairy , Oct 29 2006 12:05 AM

  • This topic is locked This topic is locked

#1
MintFairy
Posted 29 October 2006 - 12:05 AM

MintFairy

    Member

  • Member
  • PipPip
  • 12 posts
Hi, I keep getting popups saying my computer is unsafe, etc. and after my computer starts up, a little green and red shield with a yellow "?" appears in the taskbar. When I click on the popups or the shield, it takes me to amanea.com to download some spyware fix program. I'm also having trouble rebooting and shutting down my computer. I'm afraid I'm gonna really stuff up the computer because so far I've had to turn it off at the CPU like 3 or 4 times today! :blink:

HijackThis log;

Logfile of HijackThis v1.99.1
Scan saved at 5:03:37 PM, on 29/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
c:\Program Files\Microsoft Works\MSWorks.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\873374_eng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myplace.westnet.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myplace.westnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myplace.westnet.com.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://myplace.westnet.com.au
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nero.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C567E2B-1BDF-0867-97C3-077AD1418475} - C:\WINDOWS\System32\dxhzxqm.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvfux.dll,startup
O4 - HKLM\..\Run: [mcvqxnb.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\mcvqxnb.dll,clryxae
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://www.neopets.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162081783234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162081762109
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Yeah, I know I only have XP Service Pack 1, but this is only because just yesterday I've had to do a partial system recovery on my computer because a windows file became corrupted. :whistling: I read somewhere that I shouldn't install SP 2 until I can get rid of the spy/malware...?

I ran vundofix...

VundoFix V6.2.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.8

Scan started at 12:20:18 PM 29/10/2006

Listing files found while scanning....

C:\WINDOWS\system32\dxhzxqm.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dxhzxqm.dll
C:\WINDOWS\system32\dxhzxqm.dll Has been deleted!

Performing Repairs to the registry.
Done!

I've also tried to download the AVG antispyware programme... however it doesn't install on my computer for some reason; the setup file starts up, then nothing happens. If I look at system processes I can see the setup file running in the background, but it doesn't do anything!
  • 0

Advertisements

#2
Trevuren
Posted 29 October 2006 - 12:21 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi MintFairy and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.


Yeah, I know I only have XP Service Pack 1, but this is only because just yesterday I've had to do a partial system recovery on my computer because a windows file became corrupted. dry.gif I read somewhere that I shouldn't install SP 2 until I can get rid of the spy/malware...?


That is the correct procedure to follow. Well done. :whistling:


Inasmuch as you are not having much success with Avg AntiSpyware, we will use another very powerful tool in its stead:

Please download WebRoot SpySweeper from HERE (It's a 14-day trial):
  • Click Download Now to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply along with a fresh HJT log.
Regards,

Trevuren
  • 0

#3
MintFairy
Posted 29 October 2006 - 02:55 AM

MintFairy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey Trevuren,

I'm really scared... not only am I unable to restart my PC, but I can't shut it down either! And on top of that WebRoot SpySweeper's setup didn't work; it barely starts up! It comes up with "Setup" at the bottom of the taskbar and stays there, but when I hit Ctrl-Alt-Dlt, it says Setup isn't responding. :whistling: Could this be a side effect of any spyware?
  • 0

#4
Trevuren
Posted 29 October 2006 - 09:16 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Do you have a "Clean" restore point that you can fall back on?

Trevuren
  • 0

#5
MintFairy
Posted 29 October 2006 - 10:57 PM

MintFairy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Unfortunately, I don't have a clean restore point to fall back on. I got infected with the spyware on Saturday night after doing a partial system recovery. Nevertheless, I tried restoring the computer back to the earliest restore point - Sunday night. It didn't really solve anything; I still have trouble shutting down and restarting and I can't install AVG antispyware or WebRoot SpySweeper!

EDIT: Sorry, I'm not trying to bump my post or anything... Anyway, since it's exam time and all, I'm on here reading these forums instead of studying! :whistling: Anyway, I read another thread where someone's been having a problem with Amanea.com and they were told to download SmitfraudFix. So I downloaded it and did a search with it and it came up with some bad files... :blink: *sigh*

SmitFraudFix v2.117

Scan done at 16:57:15.92, Mon 30/10/2006
Run from C:\Documents and Settings\Owner\Desktop\File\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ismini.exe FOUND !
C:\WINDOWS\system32\drvfux.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


I don't know if this helps any further... But just thought I should mention it...

Edited by MintFairy, 29 October 2006 - 11:58 PM.

  • 0

#6
Trevuren
Posted 30 October 2006 - 12:12 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.



Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Run Smitfraud Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.


Run SmitfraudFix. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.


Post Logs. Please post:
*c:\rapport.txt
*A new HijackThis log


Trevuren
  • 0

#7
MintFairy
Posted 30 October 2006 - 12:56 AM

MintFairy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey Trevuren,

I did what you said... and
* I wasn't asked to replace 'wininet.dll' in SmithFraudFix.
* I didn't find anything called 'security info' in display properties (attached pic just in case I stuffed up, LOL).
I had my ADSL router turned off when I was doing all this, so I wasn't connected to the internet, I hope this doesn't make a difference?
* When I put in option #3 in SmithFraudFix I got asked something else... I didn't do anything. I attached a pic..
* I rebooted in normal mode and that annoying little security icon didn't come up next to the time!
* However, I still got a popup (see pic) >_<

New HijackThis log (done in normal mode after reboot). I decided to call HijackThis 'mushrooms' if you were wondering...

Logfile of HijackThis v1.99.1
Scan saved at 5:44:36 PM, on 30/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\mushroons\mushrooms.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nero.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C567E2B-1BDF-0867-97C3-077AD1418475} - C:\WINDOWS\System32\dxhzxqm.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mcvqxnb.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\mcvqxnb.dll,clryxae
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://www.neopets.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162081783234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162081762109
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Rapport.txt

SmitFraudFix v2.117

Scan done at 17:29:52.03, Mon 30/10/2006
Run from C:\Documents and Settings\Owner\Desktop\File\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\drvfux.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Attached Thumbnails

  • display_properties.JPG
  • trusted_zone.JPG
  • stupid_annoying_popup.JPG

  • 0

#8
Trevuren
Posted 30 October 2006 - 08:36 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
A. Run SmitfraudFix. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer YES to the question "Restore Trusted Zone" by Typing Y and hit Enter.


B. We need do get a scan in there somehow. We will use another tool for this:

Please download this file - combofix.exe by sUBs
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

If the tool won't run or if you get an error message please take note of the exact message and post it in your next reply. It may tell us why the other scanners won't work properly.

Regards,

Trevuren
  • 0

#9
MintFairy
Posted 30 October 2006 - 04:08 PM

MintFairy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey Trevuren,

Good news; I can finally shutdown and restart my computer! :whistling:

I deleted my trusted zone in safemode using SmithFraudFix.

Combofix worked... this is the log

Owner - 06-10-31 9:02:40.10 Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Owner\Desktop\Downloads"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{FC8B87E5-081F-1033-1015-03030403003d}


((((((((((((((((((((((((((((((( Files Created from 2006-09-31 to 2006-10-31 ))))))))))))))))))))))))))))))))))


2006-10-29 15:42 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-29 11:40 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-29 11:35 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-10-29 11:35 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-10-29 11:35 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2006-10-29 11:35 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-29 11:35 158,720 --------- C:\WINDOWS\system32\xpob2res.dll
2006-10-29 11:30 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-10-29 10:44 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-29 10:43 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-29 10:43 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-29 10:43 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-29 00:40 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-29 00:40 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-29 00:02 93,696 --a------ C:\WINDOWS\system32\mcvqxnb.dll
2006-10-28 22:54 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2006-10-28 22:35 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-10-28 22:32 90,240 --a------ C:\WINDOWS\system32\drivers\sptd9741.sys
2006-10-28 22:32 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-28 22:19 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-28 22:19 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-10-28 22:19 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-28 22:19 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-28 22:19 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-28 21:56 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-10-28 21:56 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2006-10-28 21:56 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2006-10-28 21:56 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-10-28 21:56 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-10-28 21:56 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2006-10-28 21:56 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2006-10-28 21:56 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2006-10-28 21:56 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-10-28 21:56 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-10-28 21:56 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2006-10-28 21:56 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-10-28 21:56 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-10-28 21:56 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2006-10-28 21:56 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2006-10-28 21:56 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2006-10-28 21:56 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-10-28 21:56 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2006-10-28 21:56 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2006-10-28 21:56 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2006-10-28 21:56 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2006-10-28 21:56 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2006-10-28 21:56 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2006-10-28 21:56 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2006-10-28 21:56 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2006-10-28 21:56 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2006-10-28 21:56 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2006-10-28 21:56 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2006-10-28 21:56 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-10-28 21:56 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2006-10-28 21:56 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-10-28 21:56 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2006-10-28 21:56 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2006-10-28 21:06 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
2006-10-28 20:13 532,480 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-10-28 20:13 260,608 --a------ C:\WINDOWS\system32\rpcss.dll
2006-10-28 20:13 1,172,992 --a------ C:\WINDOWS\system32\ole32.dll
2006-10-28 20:10 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2006-10-28 20:10 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2006-10-28 20:10 0 --a------ C:\WINDOWS\system32\iAlmcoin.dll
2006-10-28 20:09 9,856 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2006-10-28 20:09 81,920 --a------ C:\WINDOWS\system32\mplaw7.dll
2006-10-28 20:09 81,920 --a------ C:\WINDOWS\system32\mplaa6.dll
2006-10-28 20:09 69,632 --a------ C:\WINDOWS\system32\mplapx.dll
2006-10-28 20:09 69,632 --a------ C:\WINDOWS\system32\mplam6.dll
2006-10-28 20:09 49,152 --a------ C:\WINDOWS\system32\cpuinf32.dll
2006-10-28 20:09 1,675,264 --a------ C:\WINDOWS\system32\mplva6.dll
2006-10-28 20:09 1,630,208 --a------ C:\WINDOWS\system32\mplvw7.dll
2006-10-28 20:09 1,581,056 --a------ C:\WINDOWS\system32\mplvm6.dll
2006-10-28 20:09 1,150,976 --a------ C:\WINDOWS\system32\mplvpx.dll
2006-10-28 20:07 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-10-28 20:07 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-31 09:03 -------- d-------- C:\Program Files\Common Files
2006-10-31 08:59 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-30 15:36 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-29 14:51 -------- d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2006-10-29 12:34 -------- d-------- C:\Program Files\Java
2006-10-29 12:18 -------- d-------- C:\Program Files\Windows NT
2006-10-29 12:18 -------- d-------- C:\Program Files\Windows Media Player
2006-10-29 12:18 -------- d-------- C:\Program Files\Outlook Express
2006-10-29 12:17 -------- d-------- C:\Program Files\NetMeeting
2006-10-29 12:17 -------- d-------- C:\Program Files\Movie Maker
2006-10-29 12:17 -------- d-------- C:\Program Files\Messenger
2006-10-29 12:17 -------- d-------- C:\Program Files\Internet Explorer
2006-10-29 12:17 -------- d-------- C:\Program Files\Common Files\System
2006-10-29 12:17 -------- d-------- C:\Program Files\Common Files\Services
2006-10-29 10:43 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-10-29 01:22 -------- d-------- C:\Program Files\EA GAMES
2006-10-29 00:12 -------- d-------- C:\Program Files\Lavasoft
2006-10-28 22:52 -------- d-------- C:\Program Files\WordWeb
2006-10-28 22:51 -------- d-------- C:\Documents and Settings\Owner\Application Data\Google
2006-10-28 22:50 -------- d-------- C:\Program Files\Google
2006-10-28 22:19 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-28 21:50 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-28 21:42 76936 --a--c--- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-10-28 21:35 -------- d-------- C:\Program Files\BitComet
2006-10-28 21:26 -------- d-------- C:\Program Files\7-Zip
2006-10-28 21:25 -------- d-------- C:\Program Files\Sure Delete
2006-10-28 21:20 -------- d-------- C:\Program Files\Norton Personal Firewall
2006-10-28 21:01 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-10-28 20:54 -------- d-------- C:\Program Files\Symantec
2006-10-28 20:48 -------- d-------- C:\Program Files\LimeWire PRO
2006-10-28 20:47 -------- d-------- C:\Program Files\Easy Internet signup
2006-10-28 20:44 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-28 20:13 -------- d-------- C:\Program Files\Java Web Start
2006-09-29 20:43 -------- d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2006-09-29 20:42 -------- d-------- C:\Program Files\QuickTime
2006-09-29 20:41 -------- d-------- C:\Program Files\iTunes
2006-09-29 20:39 -------- d-------- C:\Program Files\iPod
2006-09-13 16:27 -------- d-------- C:\Program Files\LIVEUPDATE
2006-09-09 17:40 -------- d-------- C:\Documents and Settings\Owner\Application Data\Registry Booster


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"AlcxMonitor"="ALCXMNTR.EXE"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"mcvqxnb.dll"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\mcvqxnb.dll,clryxae"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"StorageGuard"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HPHUPD05"="c:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"HP Software Update"="\"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"CamMonitor"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpdc32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-10-31 9:03:43.09
C:\ComboFix.txt ... 06-10-31 09:03

New HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 9:04:22 AM, on 31/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\mushroons\mushrooms.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nero.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C567E2B-1BDF-0867-97C3-077AD1418475} - C:\WINDOWS\System32\dxhzxqm.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mcvqxnb.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\mcvqxnb.dll,clryxae
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162081783234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162081762109
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#10
Trevuren
Posted 30 October 2006 - 06:38 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
A. I notice that you are using more than one antivirus program. This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you either (1) configure only one antivirus program to enable automatic realtime scanning, and leave the rest disabled most of the time, or (2) go to Start -> Control Panel -> Add/Remove Programs and uninstall all but one antivirus program.


B. While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

C. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • First we need to make all files and folders VISIBLE:
    • Go to start>control panel>folder options>view (tab)
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with ok
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    O2 - BHO: (no name) - {1C567E2B-1BDF-0867-97C3-077AD1418475} - C:\WINDOWS\System32\dxhzxqm.dll (file missing)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [mcvqxnb.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\mcvqxnb.dll,clryxae
    O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing)

  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode menu item
    • Press Enter.
  • Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):

    C:\WINDOWS\system32\mcvqxnb.dll<==File
    C:\WINDOWS\system32\drivers\sptd9741.sys<==File
    ALCXMNTR.EXE<==File. Please do a Search for this file using Windows Search Function


  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.
Regards,

Trevuren
  • 0

Advertisements

#11
MintFairy
Posted 30 October 2006 - 07:49 PM

MintFairy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey,

* I've disabled Norton Antivirus' "Autoprotect" and made it so it doesn't start up when Windows does. Is that alright? Or do you think I should just uninstall Norton? My subscription ran out a couple of years ago and I hardly ever use it to scan things. However, I use Norton Firewall... would I still be able to use it without Norton AntiVirus?

* I found multiple copies of ALCXMNTR.EXE (see pic) and deleted them all. Currently all those files you told me to delete are sitting in the recycle bin... should I permanently delete them using "Sure Delete"?

HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 12:43:23 PM, on 31/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\mushroons\mushrooms.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nero.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162081783234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162081762109
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Attached Thumbnails

  • alcxmntr.JPG

Edited by MintFairy, 30 October 2006 - 07:50 PM.

  • 0

#12
Trevuren
Posted 30 October 2006 - 08:32 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. First download and install ZoneAlarm Free (You can find the link in my signature block under firewalls. I use the free version myself.

2. Now, in Safe Mode, UNINSTALL every bit of Norton/Symantec that appears in your Add/Remove Programs.

3. Once uninstalled, restart your system and post a fresh HJT log.

Regards,

Trevuren

Edited by Trevuren, 30 October 2006 - 08:33 PM.

  • 0

#13
MintFairy
Posted 30 October 2006 - 08:34 PM

MintFairy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
:whistling: Are you sure I should uninstall Norton Firewall? It's been good to me.. LOL.. it blocks a lot of ads and popups! Does ZoneAlaram do that too?
  • 0

#14
Trevuren
Posted 30 October 2006 - 08:42 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
If I wasn't sure I wouldn't have asked you to do so.

Trevuren
  • 0

#15
MintFairy
Posted 30 October 2006 - 08:58 PM

MintFairy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I am unable to install ZoneAlaram, just like I couldn't install the other programmes. :whistling:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP