problem with topantispyware

[Guest]

hi i have problem with topantispyware, i have a black screen whenever i rebot my computer.
i have tried all antispy programs but nothing help, but i have tried hijackthis.
but i'm not sure ig my log is correct in matter of fact i don't realy know how to use that program
so if someone have patience and could explaine very well plz do it
should i check the boxes after scaning and take away the bad files if so plz tell me what i should delete.

i have my log from it right here

Logfile of HijackThis v1.99.0
Scan saved at 12:58:45, on 2005-01-11
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe
C:\Program\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\windows\vcpdll.exe
C:\windows\wutop.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program\Delade filer\Symantec Shared\ccProxy.exe
c:\Program\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program\Messenger\msmsgs.exe
C:\Documents and Settings\Ägaren\Skrivbord\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4C875F90-9AAB-47D7-9F8A-71F2224B8B98} - C:\WINDOWS\mindep.dll (file missing)
O2 - BHO: sr - {5742F79A-1D91-42c4-990C-B46CF55A6478} - C:\WINDOWS\ssysprs.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WinCinemaMgr] C:\Program\InterVideo\Common\bin\WinCinemaMgr.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program\Delade filer\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\RunOnce: [Svr32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cmsound] c:\windows\vcpdll.exe
O4 - HKCU\..\Run: [winltmpv] c:\windows\wutop.exe
O4 - HKCU\..\RunOnce: [Svr32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O12 - Plugin for .mov: C:\Program\Internet Explorer\PLUGINS\npqtplugin.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

[guestolo]

Can you try something for me please

You will have to edit the registry
It's not hard, but be very careful whenever you enter the registry to remove only what is asked
If your unsure, it's always a good idea to make a fresh restore point first

Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Create a fresh restore point>>>Name it and click Create

After you are done with that
Download and save to Desktop the Standalone version of
CWShredder.exe
Don't run this yet


Print these instructions out or save them to a Notepad file on the desktop
Close down all browsers--

Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file etypes
    * Click Yes to confirm.
    * Click OK.

Restart your computer into SAFE MODE

Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
# In the left panel, left click on and expand(+) the following
+HKEY_CURRENT_USER
+Software
+Microsoft
+Internet Explorer
+Desktop
+Components
# Still in the left panel, locate and Right click on and delete the subkey:
0
# Close Registry Editor.

Using Windows Explorer and/or Search, locate and delete the following files
they are in bold >>>Not all may exist

C:\windows\desktop.html
C:\WINDOWS\Web\desktop.html
C:\windows\SSICO.ICO
C:\Documents and Settings\Ägaren\Desktop\! Protect Your Data.url
C:\Documents and Settings\Ägaren\Favorites\! Smart Security.url
C:\Documents and Settings\Ägaren\Recent\! Smart Security.url
C:\Documents and Settings\Ägaren\Start Menu\! Secure Yourself.url

Also look for these files and delete them if they exist
C:\windows\vcpdll.exe <--this file
C:\windows\wutop.exe <--file
C:\WINDOWS\ssysprs.dll <--file
C:\WINDOWS\SETUPZMP.DLL <--file
C:\WINDOWS\WINLTMPV.EXE <--file

Look for any of these in your C:\WINDOWS folder and remove them if found
griverlcb.dll
griverlcb1.dll
griverlcb2.dll
griverlcs.dll
griverlcs1.dll
griverlcs2.dll

C:\WINDOWS\System32\spoolsrv32.exe <delete this file, exact name, don't confuse it with spoolsv.exe, which is legit

Stay in Safe mode
Do another scan with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {4C875F90-9AAB-47D7-9F8A-71F2224B8B98} - C:\WINDOWS\mindep.dll (file missing)
O2 - BHO: sr - {5742F79A-1D91-42c4-990C-B46CF55A6478} - C:\WINDOWS\ssysprs.dll

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\RunOnce: [Svr32 spool service] C:\WINDOWS\System32\spoolsrv32.exe

O4 - HKCU\..\Run: [cmsound] c:\windows\vcpdll.exe
O4 - HKCU\..\Run: [winltmpv] c:\windows\wutop.exe
O4 - HKCU\..\RunOnce: [Svr32 spool service] C:\WINDOWS\System32\spoolsrv32.exe



After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
YES and exit Hijackthis

Open up CWShredder and click on Only the FIX button, let if Fix all problems
When it's done
RESTART your computer back to Normal Mode


I'm not sure what Anti-Syware removers that you have tried, can you let me know

Also, if you haven't tried these ones, could you download them please
Ad-Aware SE Personal 1.05
Spybot 1.3
These are the latest versions of these free programs, yours to hang onto and update for free

Download and Install the free version of Ad-Aware SE Personal 1.05
Ensure you have this version or the paid version
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates

Perform a Full system scan--"Uncheck Search for Negligible Risk Entries" before scanning
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process

Download and Install Spybot S&D 1.3
When Installing, please don't enable TEA TIMER, it's a great addon to Spybot but it can get in our way to do any manual fixes.. This can be enabled at a later time if you want it
After installation--Click the Update button on the left, in the window on the right click the
SEARCH FOR UPDATES button, Check and download all updates
Click the "Search and Destroy" Button
In the right window, click the
Check for Problems Let it complete it's scanning---Ensure to FIX SELECTED PROBLEMS  everything in RED---they should be checked by default

Restart your computer again to finish the cleaning process

Post back a fresh hijackthis log afterwards