Malware Removal

Welcome to Major Geeks!

Your problems do not appear to be malware. You may need to post any error messages (exact messages) you are getting in the Software Forum. I do see a bunch of non-malware issues, but I don't believe they are the cause of your problems. The should however be fix.

First you did not do some steps of the READ ME properly:

• step 2 was not done properly. File extensions are still hidden.
• you are using Spybot's Teatimer which we specifically say not to use. And to make matters worse, you are running multiple other tools
• you seem to have multiple antivirus programs running although you may have tried to uninstall two of the three. I see ZoneAlarm Security Suite, AVG7, and Symantec although you may have attempted to uninstall AVG7 and Symantec. But the uninstalls were incomplete and no other antivirus should ever be installed while another is still trying to run.

You should do the below and see if it improves anything for you.

Now Disable Spybot's TeaTimer

• Run Spybot and click Mode
• Select Advanced Mode.
• Then click Tools and select Resident.
• Now in the right window pane, uncheck TeaTimer.
• Also while this is open, in the left column now select IE Tweaks
• and then in the right pane make sure all the Miscellaneous locks are unchecked.
• Now quit Spybot!
• Uninstall AVG Anti-Spyware if it is the free version.
• Uninstall Spyware Doctor if it is the free version.

However if both AVG Antispyware and Spyware Doctor are paid versions, only keep one of them installed.

Now run this Norton Removal Tool (SymNRT)

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v46/brickout/brickout.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://www.worldwinner.com/games/v42/shape/shape.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v47/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1118721604387
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v40/freecell/freecell.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142543822706
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinner.com/games/v44/wordcube/wordcube.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v46/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://www.worldwinner.com/games/v43/solotriv/solotriv.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://royaljoker.microgaming.com/royaljoker/FlashAX.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v42/golfsol/golfsol.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v46/wwspades/wwspades.cab

After clicking Fix, exit HJT.

I'm not sure if your problems will stop you from doing the next step. See if you can do them!

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

After attaching new logs we will see if anything else from Symantec needs to be removed. I would bet that there are still things to remove.

 

Your HJT log appears to be from normal boot mode so I'm not sure what you mean that you cannot boot in safe mode. Do you mean it worked okay at first, but then after further reboots you had a problem? If so, what did you do after first getting the logs and attaching them.

Try doing the below (preferably from normal boot mode but use safe mode if that is all you can do).

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Symantec Event Manager
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Now repeat the above to Stop and Disable the below two Services (if you do not find them or get any errors, just continue):
  • Symantec Password Validation Service
  • Norton AntiVirus Auto Protect Service
  • Norton Unerase Protection
  • ScriptBlocking Service
  • Speed Disk service
  • SymWMI Service
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/paste ccEvtMgr into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now repeat the above to delete the below two Services (if you do not find them or get any errors, just continue):
  • ccPwdSvc
  • navapsvc
  • NProtectService
  • SBService
  • Speed Disk service
  • SymWSC
• Now exit HJT and reboot when it tells you it needs to.

After reboot attach a new HJT log.

Have any of your problems changed?

 

You're welcome but you still need to do what I gave you in message number 5. You need to get the Symantec services removed.