Problem with window firewall.

Mandingos · 2006/11/23

Alright, the other day I was going to connect my computer to my xbox 360 and I had to open up some ports on windows firewall to allow it. When I tried to open the firewall settings I first got the message, "Due to an unidentified error, Firewall settings cannot be changed" or something similar. So I did a search on google and found a few methods to fix this. I tried everyone I found and none worked. Now I get the message "Windows Firewall settings cannot be displayed because the associated service is not running ". When I click yes to start the service I get the message "Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service." I looked on the internet once again and still nothing worked. I even tried removing and installing SP2 again, but that didn't work either.

I recently had the trojan.small.fb, and I think I removed it successfully, but it must have done some damage to a few files. I also had the agent.uj spyware right before that, again I think I removed it successfully. I should also note that my network connections folder shows no connections as well. Also, when I try to run fixwareout, I get a log saying that I am missing Windows/system32/autoexec.nt. When I run hijackthis, I get a message near the end of the scan saying "An unexpected error has occurred at procedure: modMain_CheckOther14Item() Error #62 Input past end of file ". However, the scan still completes and outputs a log file.

Whew, I think that's all the details on the problem. Sorry, I know its a doozy, but I've tried everything and I'm getting quite frustrated. Help would be absolutely appreciated.

TonyT · 2006/11/23

I'd wager that your system is still infected. The HjT error message is an error as a result of installing or starting an msdos or 16bit windows based program. There are viruses that specificallt target hijackThis, other antispyware apps and antivirus apps in an effort to render them unusable.

Bill Castner · 2006/11/23

Firewall issues:

Download the SharedAccess.reg file and double click to merge it with your registgry: http://windowsxp.mvps.org/sharedaccess.htm

Then Start, Run, and Enter each of these lines. (You can copy/paste them from here:

regsvr32 %windir%\system32\atl.dll
regsvr32 %windir%\system32\hnetcfg.dll
regsvr32 %windir%\system32\netshell.dll
regsvr32 %windir%\system32\netcfgx.dll
regsvr32 %windir%\system32\netman.dll

Reboot.

Restore Autoexec.nt:

Browse to "%windir%/repair/" (usually "C:\WINDOWS\repair ")
Right-Click and Copy the AUTOEXEC.NT file
Browse to "%windir%/system32/" (usually "C:\WINDOWS\System32 ")
Right-Click inside the window and Paste the file

Question: What made you think you had Wareout?

HijackThis error

The message occurs when it is issues reading the older *.ini files. It is harmless, but should not occur with the current version of HJT: http://www.spywareinfo.com/~merijn/downloads.html

Make sure HJT this is run from its own folder, and not from the desktop or the user My Documents folder.

Mandingos · 2006/11/24

Ok, I followed the steps you gave Bill. I still have no luck opening the firewall settings, and my network connections still aren't showing up. Replacing the autoexec.nt worked fine though. I had fixwareout from a previous infection, and I figured I should just note that my autoexec.nt was missing.

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:32:22 PM, on 11/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\AlienAutopsy\Test_BS.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com
O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AlienAutopsy] "C:\Program Files\AlienAutopsy\Test_BS.exe" -h
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe "
O4 - HKLM\..\Run: [dmkts.exe] C:\WINDOWS\system32\dmkts.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.0) -
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program Files\Norton Internet Security\ISSVC.exe (file missing)

TonyT · 2006/11/24

Use HjT to Fix:
leftover spyware toolbar
O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)

this is Trojan.Pakes:
O4 - HKLM\..\Run: [dmkts.exe] C:\WINDOWS\system32\dmkts.exe

optional:
some versions of WeatherBug have spyware.

First, download, install & update Adaware:
http://www.download.com/3000-2144-10045910.html

Adaware should clean up the trojan, but before scanning or using HjT, boot the comp in Safe Mode (press F8 key at restart). Once booted, delete all file and folders in:
c:/documents & settings/user_name/local settings/temp
c:/documents & settings/user_name/local settings/temporary internet files
c:/windows/temp

Turn off System Restore:
http://support.microsoft.com/kb/310405

Run HjT and remove the above items.

Scan w/ Adaware.

Scan w/ av pgm.

Reboot & rescan with HjT. Post new log here.

If all OK for a day or two, turn System Restore back on.

Mandingos · 2006/12/06

Ok, I followed all the steps and AVG detected trojan.small and trojan.small.fb, and successfully quarantined them. After doing all this, I retried the steps given in the 2nd reply for fixing my firewall problem. I still have no luck in opening my firewall settings. My HJT log looked alright, here it is:

Logfile of HijackThis v1.99.1
Scan saved at 2:07:00 AM, on 12/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\AlienAutopsy\Test_BS.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com
O1 - Hosts: localhost 127.0.0.1
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AlienAutopsy] "C:\Program Files\AlienAutopsy\Test_BS.exe" -h
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe "
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.0) -
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program Files\Norton Internet Security\ISSVC.exe (file missing)

I realize I waited awhile to do all this, but I went out of town for a week and a half and then forgot all about it. Do you have any other suggestions on what I should try?

TonyT · 2006/12/06

Which firewall are you trying to configure? You have 2 firewalls, one that comes w/ windows and one from Norton. Be sure to enable one or the other, never both at same time. To use Nortons you have to completely disable windows firewall in Control Panel/Windows Firewall as well as Admin Tools/ Services/Windows Firewall.

Rockster2U · 2006/12/06

I pose this as a question - shouldn't the 09 entries for ICQ and Weatherbug also be removed along with their respective folders. And, I believe you are going to need to run a registry search using something like RegSeeker or JV16 PowerTools to find and remove the leftover Symantec and Norton entries which can be quite problematic.

Mandingos - wait for confirmation from Tony or Bill.

Mandingos · 2006/12/06

I am trying to configure the windows firewall, just so I can open up some ports or perhaps turn it off completely. However, I cannot even open up the settings of the firewall, my first post details what is says when I try. I no longer use the norton firewall, because it was corrupted awhile back. As you noticed rockster, there are still leftover files from norton because I wasn't able to uninstall it normally because of the corruption. I should also point out that my network connections folder is showing up as empty, and I know there should be at least 2 connections displayed in there. Do you think this could be a trojan causing this, or maybe the leftover Norton files?

TonyT · 2006/12/06

Unlikely that Norton caused missing network items.
However, I would reinstall Norton newly, configure the Norton firewall to allow everything or remove any existing items in it, and then uninstall it. When Norton got installed. it "took over" for windows firewall. Because it was not cleanly uninstalled, it actually may be still running or in effect, and is preventing windows firewall from functioning.

Mandingos · 2006/12/06

Is there any other possible way to get rid of the files? I used a friend's disc to install norton, and I don't think I would be able to get a hold of it.

TonyT · 2006/12/07

Norton Uninstaller
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

Rockster2U · 2006/12/07

Hehehe .......... and you said you already borked the removal? Me thinks its going to take a bit of manual work but I'll await your comments and absent a CD (oh, to "borrow " software) to install and then uninstall as Tony suggested, he's given you the next best thing with that tool.

Mandingos · 2006/12/07

I think that got rid of all the files successfully. I don't see any leftovers. However, I'm still not able to access the windows firewall settings. Also, now when I try to open my network connections, I get a message telling me to start the Networking service. Sorry, I know this is a hassle for you guys, I just have no idea on what to do about it anymore. Oh yea, heres my HJT log just in case:

Logfile of HijackThis v1.99.1
Scan saved at 11:26:36 PM, on 12/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AlienAutopsy\Test_BS.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com
O1 - Hosts: localhost 127.0.0.1
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AlienAutopsy] "C:\Program Files\AlienAutopsy\Test_BS.exe" -h
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe "
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.0) -
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

TonyT · 2006/12/08

Control Panel > Administrative Tools > Services
DHCP
Network Location Awareness service
Probably some Norton + Symantec stuff there too, disable them.

Rockster2U · 2006/12/08

First, create a new restore point
Then look for the following:
C:\Program Files\Symantec
C:\Program Files\Norton
C:\Program Files\Common\Symantec
C:\Documents and Settings\UserName\Application Data\Symantec
C:\Documents and Settings\EachOtherUserName\Application Data\Symantec
C:\Documents and Settings\AllUsers\Application Data\Symantec
Delete them all
Download, Install and Run the newest version of RegSeeker
Clean the registry using this tool (make sure backup before deletion is checked)
Using RegSeeker, do a search for Symantec - delete them all
Using RegSeeker, do a search for Norton - delete them all
Reboot

Now, you have most of Norton cleaned up and perhaps Tony or Bill can help you from here.

Log in or Sign up

Problem with window firewall.

Mandingos Inactive Thread Starter

TonyT SuperGeek Staff

Bill Castner Inactive

Mandingos Inactive Thread Starter

TonyT SuperGeek Staff

Mandingos Inactive Thread Starter

TonyT SuperGeek Staff

Rockster2U Geek Member

Mandingos Inactive Thread Starter

TonyT SuperGeek Staff

Mandingos Inactive Thread Starter

TonyT SuperGeek Staff

Rockster2U Geek Member

Mandingos Inactive Thread Starter

TonyT SuperGeek Staff

Rockster2U Geek Member

Share This Page

Log in or Sign up

Problem with window firewall.

Mandingos Inactive Thread Starter

TonyT SuperGeek Staff

Bill Castner Inactive

Mandingos Inactive Thread Starter

TonyT SuperGeek Staff

Mandingos Inactive Thread Starter

TonyT SuperGeek Staff

Rockster2U Geek Member

Mandingos Inactive Thread Starter

TonyT SuperGeek Staff

Mandingos Inactive Thread Starter

TonyT SuperGeek Staff

Rockster2U Geek Member

Mandingos Inactive Thread Starter

TonyT SuperGeek Staff

Rockster2U Geek Member

Share This Page

Useful Searches