1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hi again need help bad

Discussion in 'Virus & Other Malware Removal' started by 0maga6, Feb 10, 2005.

Thread Status:
Not open for further replies.
  1. 0maga6

    0maga6 Thread Starter

    Joined:
    Feb 10, 2005
    Messages:
    5
    :confused: when i start boot up my internet wont work i have to go into task manager and stop wxmvt.exe i have gone into msconfig and try and stop it but once i start up its there again before there use to be five of them but after some spybot scans and other virus scans iv gotten it to just on but now im stuck any help would be great well here is my log

    Logfile of HijackThis v1.99.0
    Scan saved at 5:30:15 AM, on 2/10/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\Omaga6\Desktop\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] Winregs32.exe
    O4 - HKLM\..\RunServices: [Help Temp Files] emp32.exe
    O4 - HKLM\..\RunServices: [*windows update] wxmvt.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: *windows update - Unknown - C:\WINDOWS\system32\wxmvt.exe (file missing)
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  2. The_Egg

    The_Egg

    Joined:
    Sep 16, 2002
    Messages:
    1,157
    First, please temporarily disable SpybotSD's Tea Timer
    Open SpybotSD
    Go to: "Mode" menu at the top and checkmark "Advanced mode"
    Click "Tools" in the left pane
    Then click "Resident"
    Uncheck "Resident Tea Timer"

    Now go to Windows "Start" button
    Click "Run"
    Type in: services.msc
    Click OK

    In the Services window
    Scroll down the list
    and if it's listed, hi-lite "*Windows Update"
    Then on the left, click on "Stop the service"
    Then right click on "*Windows Update", select "Properties"
    and change "Startup Type" to "Disabled" (c/o drop-down menu)
    OK everything
    Close the Services window

    Important: Never run HijackThis from within the zip file, or from a temp location.
    Please store HijackThis in a permanent folder.
    Create a new folder for HijackThis, eg.
    Desktop\HijackThis
    or
    ...\My Documents\HijackThis
    Redownload HJT v1.99 and place it in this new folder.

    Now reopen HijackThis.
    Close all browser/email/explorer windows (print out these instructions first).
    Run the Scan
    Place a checkmark next to the following entries only
    and click "Fix checked"

    O4 - HKLM\..\RunServices: [Microsoft Update Machine] Winregs32.exe
    O4 - HKLM\..\RunServices: [Help Temp Files] emp32.exe
    O4 - HKLM\..\RunServices: [*windows update] wxmvt.exe
    O23 - Service: *windows update - Unknown - C:\WINDOWS\system32\wxmvt.exe (file missing)

    Reboot into Safe Mode
    How to reboot into Safe Mode in Windows XP

    Locate and delete the following files:
    Winregs32.exe
    emp32.exe
    wxmvt.exe

    I'm assuming here that all 3 files are in the "C:\Windows\System32" dir.

    Note: You may need to first go to:
    Control Panel > Folder Options > View tab
    and checkmark "show hidden files", uncheck "hide extensions for known filetypes", and uncheck "hide protected operating system files".

    Technical references
    Winregs32.exe = WORM_RBOT.DN
    emp32.exe = unknown (suggests it's related to World Empire IV game)
    wxmvt.exe = unknown (no results)

    I've also attached a registry fix to undo the modifications to the registry caused by the RBOT.DN Worm.
    Download the attachment
    Unzip "rdbot_worm_regfix.reg"
    Right click the .reg file and select "Merge"

    Download the attachment now, and then merge it with the registry after you've booted into safe mode.

    Empty your Temp folder
    start > run
    type in: %temp%
    delete all files

    Empty the Internet Cache
    Control Panel > Internet Options > Temp Internet Files > Delete > OK

    Now reboot back into Normal Mode

    Run a free online virus scan at the following sites:
    http://housecall.trendmicro.com
    http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

    Re-enable SpybotSD Tea Timer

    Post a new HJT log here when done.

    ----------------------------------
     

    Attached Files:

  3. 0maga6

    0maga6 Thread Starter

    Joined:
    Feb 10, 2005
    Messages:
    5
    :eek: lol well i did what you told me to word for word and guess what happend my cpu crashed and this is what it said when i restarted NTLDR is missing press ctrl alt del to reset so i did that and it rebooted and then it just said it again and again so i reformated and now i have all the updates up pls sp2 and i had that problem at the start were it resets you know the one were it says you have 60 secs to save your stuff and then it resets
    well that stoped after some updates and then i ran house call it found a worm and couldnt fix it so i deleted it then a panda scan online one that is and it found nothing then i did the other online scan you told me to and that found nothing so i got ad-aware and did a scan it found some stuff i got rid of them then i did a spybot it also found some stuff and got rid of them to i also put teatimer on the one thing i have yet done is put norton 2003 on witch i did first the last time i dont see that wxmvt.exe this time around so now i am going to give you a hjthis list that i just got

    Logfile of HijackThis v1.99.0
    Scan saved at 4:34:15 AM, on 2/11/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planethalflife.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1108116019328
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: Intel NCS NetService - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/328839

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice