# Several programs not working or even loading: Including Norton Anti-Virus etc



## Tevor the Third (Oct 29, 2006)

I'm using Windows XP first of all.

So when I turned on my computer yesterday evening I discovered that several programs that normally activate upon boot up were not loading. The programs that I've noticed as being inactive so far are;

ASUS Probe V2.22.06
Norton Internet Security 2004
Norton Antivirus 2004
Logitech iTouch

I also can not manually activate any of these programs. Asus and iTouch just won't do anything if I try and run them while Norton Internet security will open, but all features are disabled and I can not enable them. Norton Anti-Virus won't open on it's own, but I can access it through Internet Security. It also won't activate it's disabled features.

I initially tried Symantec's own trouble shooting guide for activating Norton when it won't enable (http://service1.symantec.com/SUPPOR...ent&ExpandSection=5,4,3,2,1&Src=sg#_Section5), but it didn't work.

I then thought it might be a virus or spyware of some kind, so I first ran Ad-Aware to no result. After this I did a full system scan using Norton Anti-Virus (which as I said can be opened through Norton Internet Security, but none of it's features enabled) which turned up dry as well.

However my Norton has been expired for quite some time (going on a year perhaps?), but working fine despite an inability to access Live Update, so I downloaded and attempted to run AVG Anti-Virus Free Edition.

However most times the program would just close itself mid scan.

After repeated attempts however I did get it to run for over an hour and scan the majority of my computer. At this point however the program not only crashed, but invoked the Blue Screen of Death and crashed my computer outright where upon it rebooted.

Before this last crash however I did notice something of interest: 7 or so threats were identified as the program scanned my computer, and three of them were attached to files that I could identify as being related to the programs in question that would not function properly.

Example: 
ASUS.EXE

Also files within the Symantec folders that had some relation to Norton Internet Security, but I can't remember the exact file names. Sorry.

There were other files I didn't recognize as anything also infected and all the identified threats were labeled with the same descriptor, that of some kind of Trojan. "Downloader.agent.GJW" was what it was called.

I can only assume this is related to my problem.

I've exhausted my limited troubleshooting abilities I'm afraid and must throw myself upon the mercy of the Tech Support Guys.

While the lack of ASUS Probe and my iTouch features are a mere annoyance, my concern is that unless I can get Norton to work again I'll merely be exposing my computer to even greater threats.

Any help that can be offered me in this situation will be greatly appreciated. Thanks in advance.


----------



## Simulated (Sep 14, 2006)

While I can't help you with your problems as far as ASUS and iTouch go. I do know that even with your Norton's Antivirus needing to work, you should buy a new one or subscribe to get the new updates. An outdated virus and internet security won't protect your machine.There are a couple of good anitvirus programs you can use that I've seen recommended many times on this site. The one antivirus is called Avast. I can't remember the name of the other, sorry.
You should run a scan with an updated antivirus.


----------



## JayT (Apr 15, 2003)

You are obviously infected with some sort of malware (virus-trojan-worm, etc.). That is why your antivirus was disabled (in addition to not being updated for almost a year, I think you said). I could give you all kinds of suggestions as to what to do, but I think the most helpful suggestion I can give you it to repost this plea for help in the Security Forum of Tech Support Guy. They will be able to help you I am sure.


----------



## dvk01 (Dec 14, 2002)

go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. * DO NOT just press run from the website* Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop. 
Click on the entry in start menu or on the desktop to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log. 
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, 
so *do NOT fix anything yet.*
Someone here will be happy to help you analyze the results.

and


Download *WinPFind*
*Right Click* the Zip Folder and Select "*Extract All*"
Extract it somewhere you will remember like the *Desktop*
Dont do anything with it yet!

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick *WinPFind.exe*
Click "* Configure Scan Options*"
Select " *Run Add ONs*" and then select *ALL* the options in the box below it, Press Apply 
Now Click "*Start Scan*"
*It will scan the entire System, so please be patient!*
Once the Scan is Complete
Reboot back to Normal Mode!
Go to the *WinPFind folder*
Locate *WinPFind.txt*
Place those results in the next post!. It will be too big to post so you will need to attach it to your reply


----------



## Tevor the Third (Oct 29, 2006)

Hi again. First of all thanks to everyone who's replied, your help is all appreciated 

Ok so I've been attempting to follow the steps outlined in dvk01's post and thus far I have my HijackThis logfile ready to go but I'm having difficulties with WinPFind.

I've run it several times but it consistently hangs once it gets to a certain point.

In the "Registry Run Keys" section of the scan it reaches the line...

"Quick Time Task C:\Program Files\Quicktime\qttask.exe"

... and then just sits there doing nothing for ten to fifteen minutes. At least that's when I kept giving up and restarted the program.

I'm going to reboot to Safe Mode again right now and run it again. I have to leave for work in a few minutes so hopefully it'll somehow sort itself out between now and when I get home this morning. Maybe qttask.exe is just a huge file that takes a _really_ long time to scan. Here's hoping.

Please don't give up on me yet. Your help is, well as I already said, very truly appreciated. I know that sounds hollow, but I don't know how to express it any better 

Ok, here we go. WinPFind Round 5, go!


----------



## Tevor the Third (Oct 29, 2006)

Ok so I'm back and it's about 9 hours later. Sadly when I turned on my monitor WinPFind was still apparently running, but all it was showing in the main window was blank space while the top title bar was saying "Scanning Registry".

So it really doesn't seem like WinPFind is going to run. Any suggestions?

I don't know if you can do anything with the one and not the other, but for what it's worth here's my hijackthis file:

Logfile of HijackThis v1.99.1
Scan saved at 2:22:53 PM, on 29/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gdsmg.dll/sp.html#63796
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gdsmg.dll/sp.html#63796
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gdsmg.dll/sp.html#63796
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gdsmg.dll/sp.html#63796
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {B1B856A8-E2CF-6D0D-E2E2-6F519F010848} - C:\WINDOWS\wingx32.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [apivj32.exe] C:\WINDOWS\system32\apivj32.exe
O4 - HKLM\..\Run: [addnk.exe] C:\WINDOWS\addnk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: E3TV Tray App.lnk = ?
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/tramper/us/win/QuickTimeInstaller.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {FFFFFFFF-3C18-4A7E-A29D-E24F84B79BF1} - http://64.7.220.98/downloads/pi1_20.exe
O20 - AppInit_DLLs: 
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I await any help that can be given. Thanks to all.


----------



## Tevor the Third (Oct 29, 2006)

Tried running WinPFind again last night. This morning it was the same thing again. Scanning Registry with an empty white screen.


----------



## dvk01 (Dec 14, 2002)

ok then lets try this

run this & post it's log as a first step

http://noahdfear.geekstogo.com/FindAWF.exe


----------



## Tevor the Third (Oct 29, 2006)

Thanks agian. Here you go:


Find AWF report by noahdfear ©2006


21504 byte files found
~~~~~~~~~~~~~

21504 C:\WINDOWS\PREFETCH\WORDPA~1.PF


21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



25600 byte files found
~~~~~~~~~~~~~

25600 C:\PROGRA~1\NORTON~1\URLLSTCK.EXE
25600 C:\PROGRA~1\QUICKT~1\QTTASK.EXE
25600 C:\PROGRA~1\SYMNET~1\SNDMON.EXE
25600 C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPP.EXE
25600 C:\PROGRA~1\COMMON~1\ROXIOS~1\SYSTEM\ENGUTIL.EXE
25600 C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\USRPRMPT.EXE
25600 C:\PROGRA~1\JAVA\JRE15~2.0_0\BIN\JUSCHED.EXE
25600 C:\PROGRA~1\NORTON~1\NORTON~1\ADVTOOLS\ADVCHK.EXE


25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



26450 byte files found
~~~~~~~~~~~~~



26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



bak folders found
~~~~~~~~~~~


Directory of C:\BAK

01/07/2004 03:20 PM 212,992 Updater.exe
1 File(s) 212,992 bytes

Directory of C:\WINDOWS\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\NORTON~1\BAK

11/12/2003 07:35 PM 70,800 UrlLstCk.exe
1 File(s) 70,800 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

10/12/2005 01:14 AM 155,648 qttask.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\SYMNET~1\BAK

13/05/2005 07:32 PM 100,056 SNDMon.exe
1 File(s) 100,056 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

23/08/2001 06:00 AM 13,312 ctfmon.exe
1 File(s) 13,312 bytes

Directory of C:\PROGRA~1\ASUS\PROBE\BAK

06/12/2002 04:07 PM 617,984 AsusProb.exe
1 File(s) 617,984 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

12/12/2005 02:37 PM 71,328 ccApp.exe
1 File(s) 71,328 bytes

Directory of C:\PROGRA~1\LOGITECH\ITOUCH\BAK

18/03/2004 08:33 AM 892,928 iTouch.exe
1 File(s) 892,928 bytes

Directory of C:\PROGRA~1\COMMON~1\ROXIOS~1\SYSTEM\BAK

13/01/2003 02:05 PM 69,632 EngUtil.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\BAK

02/11/2004 04:59 PM 218,240 UsrPrmpt.exe
1 File(s) 218,240 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~2.0_0\BIN\BAK

03/06/2005 02:52 AM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\NORTON~1\NORTON~1\ADVTOOLS\BAK

17/08/2003 11:33 PM 74,920 ADVCHK.EXE
1 File(s) 74,920 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

212992 Jul 1 2004 "C:\bak\Updater.exe"
25600 Oct 11 2006 "C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe"
70800 Dec 11 2003 "C:\Program Files\Norton Internet Security Professional\bak\UrlLstCk.exe"
25600 Oct 11 2006 "C:\Program Files\QuickTime\qttask.exe"
155648 Dec 10 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
25600 Oct 11 2006 "C:\Program Files\SymNetDrv\SNDMon.exe"
100056 May 13 2005 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
13312 Aug 23 2001 "C:\WINDOWS\system32\ctfmon.exe"
13312 Aug 23 2001 "C:\WINDOWS\system32\bak\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe"
617984 Dec 6 2002 "C:\Program Files\ASUS\Probe\bak\AsusProb.exe"
25600 Oct 11 2006 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
71328 Dec 12 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
892928 Mar 18 2004 "C:\Program Files\Logitech\iTouch\bak\iTouch.exe"
25600 Oct 11 2006 "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
69632 Jan 13 2003 "C:\Program Files\Common Files\Roxio Shared\System\bak\EngUtil.exe"
25600 Oct 11 2006 "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"
32881 Mar 4 2005 "C:\j2sdk1.4.2_08\jre\bin\jusched.exe"
36975 Jun 3 2005 "C:\Program Files\Java\jre1.5.0_04\bin\bak\jusched.exe"
25600 Oct 11 2006 "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\ADVCHK.EXE"
74920 Aug 17 2003 "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\bak\ADVCHK.EXE"


end of report


----------



## dvk01 (Dec 14, 2002)

next step

* Download the Trial/Demo version of AVG Anti-Spyware 7.5 When the trial period expires it becomes freeware with reduced functions but still worth keeping or you have the option of buying a licence for the full version

 AVG Anti-Spyware 7.5 Download 

* Install AVG Anti-Spyware 7.5.
* Launch AVG Anti-Spyware 7.5
* It will prompt you to update click the OK button and it will go to the main screen
* On the top of the main screen click update
* Click on Start and let it update.
* now boot to safe mode by following advice here http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam
* Now run AVG Anti-Spyware 7.5:
* Click on scanner then click on settings tab , select all options allowed & select recommended actions and set recommended actions to quarantine then set automatically generate reports after every scan & only if threats were found 
* Now press the scan tab. Click the Complete System Scan button to start the scan.
* When the scan is done you will see a list of infected objects (if any found) At the bottom of the list, Please click on "recommended action"/and choose to Set all Elements to quarantine and check the box "Perform action with all infections".
If you get a warning about a file being in an archive, please choose *yes* to quarantine the entire archive
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Post back with the AVG Anti-Spyware 7.5 scan log


----------



## Tevor the Third (Oct 29, 2006)

When I attempt to update AVG Anti-Spyware 7.5 comes back with "Error: failed to connect to server update.ewido.net" each and every time.

Should I go through with the rest of the steps reguardless?


----------



## Tevor the Third (Oct 29, 2006)

Ok so I figured I'd go ahead and scan in Safe Mode using AFG Anti-Spyware anyways just incase you said to do so eventually anyways.

However, there's that word again, the program behaved in the exact same way as AFG Anti-Virus Free Edition did, which I mentioned in my first post.

The program ran perfectly fine for about 20 minutes and then suddenly the screen went black, the blue screen of death appear for a few seconds (two quick for me to read) and the computer automatically rebooted itself.

I'd like to quickly point out that I don't typically have a problem running software of any kind on my computer. I can only assume that the failures to operate that AFG Anti-Virus, AFG Anti-Spyware and WinPFind have been presenting have to do with the infection in some way. It seems to me that they get to a certain point in the scan, encounter whatever is at the cause, and the damn thing forces a crash rather then allow itself to be deleted/fixed/etc.

One last thing; now that I do have the AFG software running on my computer however there have been pop ups from AFG saying that they've detected threats and ask me what to do. I've been going with the "Heal" response of course. However I did notice that one of the files that was considered a threat was the "qttask.exe" which I mentioned earlier as seemingly being the file that caused WinPFind to hang. So I guess that too is infected in some way.

So what next?


----------



## Tevor the Third (Oct 29, 2006)

Just curious if anyone was still following this thread


----------



## Tevor the Third (Oct 29, 2006)

Now just a second ago my computer started to randomly install Easy CD. From the CD. Which wasn't in the computer. And Easy CD is already installed on my Computer.

I had to cancel it five times because it kept trying to do it.

I need help :down:


----------



## dvk01 (Dec 14, 2002)

it is this infection that is causing teh problem & it replaces genuine files with copies of itself & moves the genuine ones to a backup storage( the BAK folders as shown in awf find log)

Now it's easy to restore the genuine ones but until we kill the actual infection it is pointless as it will immediately do the same again

We need to use something taht isn't started with windows to clean it

lets try this

Click *here* to download *Dr.Web CureIt *and save it to your desktop.

Doubleclick the *drweb-cureit.exe *file and allow to run the express scan
This will scan the files currently running in memory and when something is found, click the *yes* button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click *'Yes to all' *if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: 








If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: 








This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the *Dr.Web CureIt *menu on top, click file and choose save report list
Save the report to your desktop. The report will be called *DrWeb.csv*
*Close Dr.Web Cureit*.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from *Dr.Web *you saved previously in your next reply along with a new *HijackThis log*.


----------



## Tevor the Third (Oct 29, 2006)

Hi again.

Ok so the initial quick scan worked fine, though found nothing wrong, however the main scan resulted in the same problem that the last several programs have.

It get's to about 50% complete, and around half way through scanning the Program Files folder as well, and then suddenly the screen goes black, the blue screen pops up for a second and the an automatic reboot. This time the last file displayed as being scanned was "messenger.exe".

Before the crash however it had detected three files. Though while one was a Trojan none of them were identified as the "Downloader.agent.GJW" from my initial scans with AVG(before those programs also crashed), which I thought was odd since Dr.Web CureIt had already scanned other folders that are apparently infected with it. (iTouch, Symantec, etc)


----------



## dvk01 (Dec 14, 2002)

I've just spotted something 

as well as this downloader pest that disables your antivirus etc you also have the gromozon rootkit which in it's latest variation prevents just about all antivirus & cleaning or registry tools working 

The only guaranteed way with this one is to format & reinstall

The previous versions of it we had a bout a 70% chance of fixing however the latest version so far has proved impossible to fix


----------



## Tevor the Third (Oct 29, 2006)

So that's it then huh. I'm doomed and have no choice but to reformat my computer?

That's terrible  

Are you certain that there's nothing else I can do?

A question then if you could indulge me; See a friend (who now lives in another country BTW) of mine built my computer for me about a year and a half ago, so I really don't know in detail about how it was all put together. Do you think that there'd be any danger if I just did a standard reformat and reinstall of Windows of it not working for some technical reason? Any reason at all? I don't know a lot about that aspect of computers after all, and frankly I can't afford to buy a new one if there's some technical jiggering that I'd need to do to get it too function properly.


----------



## dvk01 (Dec 14, 2002)

i am sending you a pm about it


----------



## dvk01 (Dec 14, 2002)

also if we can manage it I want copies of all these files so we can add them to the fix as some seem to be not being detected well

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html

Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/forum/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file

*
C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SymNetDrv\SNDMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\ADVCHK.EXE
C:\Updater.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
*


----------



## Tevor the Third (Oct 29, 2006)

Done with much thanks :up:


----------

