By kl8on
Mar 8, 2008
  1. i have ran the 15 step process and here are the results....
  2. kl8on

    kl8on TS Rookie Topic Starter

    i forgot to mention

    i think it fixed the virus but im not sure.
  3. kritius

    kritius TS Guru Posts: 2,084

    Run HJT and do a system scan only,
    have it fix these entries,

    O2 - BHO: RDL Rolex - {5BDFEFB8-2E48-40AC-B22B-CC96DBA71FDF} - C:\WINDOWS\dkxrstqxqp.dll (file missing)
    O3 - Toolbar: enlfxgw - {D2F58A1B-3FF2-4789-824F-F6000B9E9A78} - C:\WINDOWS\enlfxgw.dll (file missing)
    O21 - SSODL: btrklfr - {F9F207BB-A8AC-4FC4-8A68-49F44F048AB5} - C:\WINDOWS\btrklfr.dll (file missing)
    O21 - SSODL: apdqnxp - {5764AC2B-9F94-43FD-B1DD-7E27D2991497} - C:\WINDOWS\apdqnxp.dll (file missing)

    Do not fix these yet!
    O15 - Trusted Zone:
    O15 - Trusted Zone:
    O15 - Trusted Zone:

    Did you add these sites to your trusted zone?

    You also appear to have a couple of different antivirus programs, get rid of all but one, I would recommend keeping AVG and ditching Norton, You should also get a seperate firewall, Comodo, Kerio, or zonealarm are all good free ones.

    What were the original problems that you were having? You havent mentioned what they were.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    It too bad you didn't tell us what your problem is! If it's because your computer is slow, consider the following:

    Heavy on Media programs. Are you using these programs? IF so, they do not need to be on Startup. Uncheck if they are:
    1. C:\Program Files\DAEMON Tools Lite\daemon.exe> DAEMON Tools is an advanced application for Microsoft Windows which provides THE best optical media emulation in the industry.
    2. C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe> nmindexingservice.exe is a Nero Home from Nero AG belonging to Nero Home This is often used for media files indexing.
    3. C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe> nmindexstoresvr.exe is part of Nero Scout that comes with Nero CD/DVD Burning 7. Nero Scout is a database program that catalogs all of the media files on your computer and that makes this database available to other programs in the Nero 7 product package. This process can be removed to free up system resources.
    4. C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe> nmbgmonitor.exe is a process belonging to Nero Home. Nero Home combines television and the recording of television programs with playback of DVD-Videos and audio/video files in an easy-to-use interface.

    Spyware/Adware Programs: Spyware Doctor, AVG Anti-Spyware 7.5, Ad-Aware 2007- get rid of Spyware Doctor, keep the others.

    Anti-Virus: Problem here:
    But it also looks like you have AVG v7 anti-virus program.
    1. C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe> avgamsvr.exe is a part of the Grisoft Internet Security Suite and is essential for the
    1. C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe> AVG Anti-virus-real-time updates of this software.
    1. C:\PROGRA~1\Grisoft\AVG7\avgemc.exe> AVG Anti-virus Cleaner- part the AVG Anti-Virus suite. The process scans e-mails for viruses.
    1. C:\PROGRA~1\Grisoft\AVG7\avgcc.exe> ASVG Virus Control Center
    But you also have Norton AV- STOP one if them.
    2. C:\Program Files\Norton AntiVirus\NAVW32.exe> nmain.exe is a process belonging to the Norton AntiVirus
    2. C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    2.C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    2. C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    Unknown function:
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe> ccsvchst.exe is a Symantec Service Framework Executable .Symantec Threat and Vulnerability Management Program is currently available through Symantec Global Consulting Services in North America (US & Canada) and EMEA.
  5. kritius

    kritius TS Guru Posts: 2,084

    To remove Norton

    Extra Optional Steps

    Open My Computer, double-click on Drive C
    Double-click on Program Files
    Look for any Norton or Symatec product folders that remain. Right-click on them and choose Delete. Also look in the Program Files\Common Files for the Symantec Shared folder and delete it
    Close My Computer and other folders

    Also, if you do not recognise the O15 entries that I asked about then please do this.

    Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

    Run another HJT scan and post the log once all the steps have been completed
  6. kl8on

    kl8on TS Rookie Topic Starter


    you guys know what you are talking about :) The original prob. was a red flashing x in the bottom right taskbar. and pop ups of differnt virus progs that it said i should d/l. and it was also posting shortcuts on my desktop. and i also lost my toolbar at the bottom of the screen ?? I will follow the steps and post again shortly.

    thank you
  7. kl8on

    kl8on TS Rookie Topic Starter

    One question though why should i get rid of norton when i payed for that and replace it with the FREE avg ?? just wondering what one is better,
  8. kritius

    kritius TS Guru Posts: 2,084

    AVG has a better detection rate than Norton and uses less system resources meaning that your computer will speed up a lot more.

    I also personally believe that having a seperate firewall and antivirus program is better than ones that are bundled together in a suite.

    If you dont want to get rid of Norton until your subscription is up then thats ok I wouldnt want to waste you any money but you need to get rid of at least one.

    What about those O15 entries?
  9. kl8on

    kl8on TS Rookie Topic Starter


    ya those were from the website i got my mother board from. It was some kind of auto update tool. msi is a secure site i think though.
  10. kritius

    kritius TS Guru Posts: 2,084

    Ok then, once you have gotten rid of one of the antivirus programs can I see another HJT log?
  11. kl8on

    kl8on TS Rookie Topic Starter


    i was wondering if can take off all those apps i d/l like c cleander ss&d and avg antispyware? and here is the log you asked for
  12. kritius

    kritius TS Guru Posts: 2,084

    I would recommend keeping on spybot and ccleaner as they take up little space and are highly usefull.

    Just would like to know about this?


    Also would recommend getting a firewall, zone alarm or comodo are both good free ones.
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    "One question though why should i get rid of norton when i payed for that and replace it with the FREE avg ??"

    According to your log, you have both.

    I would take those 3 Taiwan sites out of your trusted zone. If they were for the motherboard, that was a sales transaction- they shouldn't be sitting in the Trusted Zone.

    Good pickup kritius! I didn't notice the MIRC entry: mIRC is a shareware Internet Relay Chat client for Microsoft Windows. Although it is a fully functional chat utility, its integrated scripting language makes it extensible and versatile.

    kl8on,this also makes it dangerous! Did you download it? I would discourage having it on your system,

    Also, smartftp.exe is a file transfer protocol tool which allows for both scheduled and unscheduled transfer using FTP. You should be sure this isn't on startup.
  14. kritius

    kritius TS Guru Posts: 2,084

    I noticed that on the website their was lots of talk of backdoors into it and such, in my opinion never a great idea.

    Totally agree with you.
  15. kl8on

    kl8on TS Rookie Topic Starter

    i think i might have another prob. should i run another test and post the log in the same thred ??
  16. kl8on

    kl8on TS Rookie Topic Starter

    also i wanted to say i ran (xp registry cleaner 2.0) and it found 713 errors ?? is that bad ?? I will wait for you to respond befor i delete those items.
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    And what is the problem? Have you done all the cleaning suggested? Does the Registry cleaner you used that found a lot of entries require you to pay for their program to remove the entries? Don't.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...