PDA

View Full Version : the problem is blue screen than restart



snow rose
12-03-2008, 04:03 AM
Hi everyone

The problem happened when my friend install kaspersky, than she made restart than blue screen appear than it restart automatically... i can open the PC only in safe mode

and i delete the kaspersky in safemode
but it still occur the problem for the blue screen and restart

and when i tried to reinstall the kaspersky it appears for me this messege ((the system administrator has set policies to prevent this installation))

So plzzzzzzzz help to solve this problem

wainuitech
12-03-2008, 08:24 AM
Welcome to Press F1 Snow_ rose.

Looks like Kaspersky is causing all sorts of problem.

You can try running system restore back to before you installed the software to see if that fixes it, or go to This page here (http://support.kaspersky.com/faq/?qid=193239279) down near the bottom is instructions on how to force Kaspersky out of your system. That should fix it.


Use a different Antivirus - something like Nod32 (http://www.eset.com/)

pctek
12-03-2008, 09:42 AM
and i delete the kaspersky in safemode
but it still occur the problem for the blue screen and restart


Whats the blue screen error exactly?

Should say STOP: 0xsomething.......

bevy121
12-03-2008, 12:29 PM
If it's not staying on the BSOD long enough to write down the

" STOP: 0xsomething....... "

Then do this :

1. Go to Start -> Control Panel -> System
2. Go to Advanced
3. Under the Startup and Recovery section, click Settings...
4. Under System Failure un-check "Automatically restart"

I'd try Wainuitech's suggestion's of system restore and the Kaspersky link he posted first tho :)

snow rose
12-03-2008, 08:08 PM
Welcome to Press F1 Snow_ rose.

Looks like Kaspersky is causing all sorts of problem.

You can try running system restore back to before you installed the software to see if that fixes it, or go to This page here (http://support.kaspersky.com/faq/?qid=193239279) down near the bottom is instructions on how to force Kaspersky out of your system. That should fix it.


Use a different Antivirus - something like Nod32 (http://www.eset.com/)

yeah i uninstall it from the PC ,, and i delete all files for it by regfinder Program

but still the problem :(

snow rose
12-03-2008, 08:10 PM
Whats the blue screen error exactly?

Should say STOP: 0xsomething.......

Yes its like that

snow rose
12-03-2008, 08:11 PM
If it's not staying on the BSOD long enough to write down the

" STOP: 0xsomething....... "

Then do this :

1. Go to Start -> Control Panel -> System
2. Go to Advanced
3. Under the Startup and Recovery section, click Settings...
4. Under System Failure un-check "Automatically restart"

I'd try Wainuitech's suggestion's of system restore and the Kaspersky link he posted first tho :)

i did what u said exactly but nothing change :(

wainuitech
12-03-2008, 09:27 PM
Okay - it starts OK in safe mode - so that means theres still some sort of driver issue (usually)

Did you try system restore from safe mode till before Kaspersky was installed ?? - if so ------- Restart in safe mode, click start/run type in msconfig press enter or OK - on the startup tab look through and look for ANYTHING relating to Kaspersky in its name. Untick them if you find any and reboot.

Also try this - These will work in safe mode - download Ccleaner from my sig, load it to a pen drive, install on the PC. Run it, look in Tools/startup look for Kaspersky remove entries, -- under registry - tell it to scan and fix the faults - reboot - if still no good load Hijack this (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) run and select save a log file, copy/ save and paste back the log file.

snow rose
12-03-2008, 09:51 PM
Okay - it starts OK in safe mode - so that means theres still some sort of driver issue (usually)

Did you try system restore from safe mode till before Kaspersky was installed ?? - if so ------- Restart in safe mode, click start/run type in msconfig press enter or OK - on the startup tab look through and look for ANYTHING relating to Kaspersky in its name. Untick them if you find any and reboot.

Also try this - These will work in safe mode - download Ccleaner from my sig, load it to a pen drive, install on the PC. Run it, look in Tools/startup look for Kaspersky remove entries, -- under registry - tell it to scan and fix the faults - reboot - if still no good load Hijack this (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) run and select save a log file, copy/ save and paste back the log file.

but what if there is not a restore point?? what shall i do
how to restore?

wainuitech
12-03-2008, 09:52 PM
Update to above >>> start the PC in safe mode again, click start/run type in eventvwr look through the system logs, there should be something that coincides with the BSOD, double click the entry and post back the complete message.

Edited:
but what if there is not a restore point?? what shall i do
how to restore? Have you looked to see if there is a restore point to before the event ?? if there is no point, then its manually removing the problems files, but with out knowing whats loading its all guess work - hence those logs are a huge help. Esp the Hijackthis.

snow rose
12-03-2008, 10:29 PM
no i tried the restore pint in other pc

but in dull pc(( which have the problem)) is not working the restore in safe mode

and i made with winDbg scan for the problem i found this
1) Probably caused by : klif.sys ( klif+d9a9 ) >>>>>> this is by kasper but there is no kaspersky

2) Probably caused by : SYMEVENT.SYS ( SYMEVENT+ed80 )>>>>>> i don't know how to fix this problem

and about Hijackthis i will make the report and post it in the next reply

snow rose
12-03-2008, 11:25 PM
oh no

The Hijackthis programs is not working in safe mode
i can't open it :(

snow rose
13-03-2008, 12:56 AM
yeeeees it works now

and this is the report

http://www.zshare.net/download/8822219ef105bd/

zqwerty
13-03-2008, 01:12 AM
Everyone sleeping now, it is after midnight here in New Zealand. Wait for 6 hours then you will get help.

Post Hijackthis log onto this thread please.

apsattv
13-03-2008, 01:36 AM
I had a quick skim through it, you have a number of spyware /toolbars along with an out of date 1.5 version java. Along with what seems to be multiple virus scanners.

I will post your log in here below and speedy can give you the list of what to remove.

Logfile of HijackThis v1.99.1
Scan saved at 3:46:43 PM, on 3/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Restore\rstrui.exe
C:\PROGRA~1\WINZIP\winzip32.exe
D:\Documents and Settings\200003779\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - Startup: iWin Desktop Alerts.lnk = D:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm185YYAE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?ab4e994dadb54d46b8bd082ce68d2e35
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?ab4e994dadb54d46b8bd082ce68d2e35
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157439001296
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - (no file)
O23 - Service: Eset Service (ekrn) - Unknown owner - (no file)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

wainuitech
13-03-2008, 09:13 AM
that PC has lots of spyware - thats whats causing most of your problems I suspect.

1st go and download Norton Removal tool (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039) - this PC has had Nortons, Nod32 and Kaspersky - no wonder its playing sillies- Norton could be causing the problems. SYMEVENT.SYS Belongs to Nortons. ( surprise) ;) Install and run the removal tool in safe mode then do the following ---- ( norton removal tool will take some of these out.)

Rerun HJT - tick the following and remove.

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.

O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - Startup: iWin Desktop Alerts.lnk = D:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm185YYAE

O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll

O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFW BInitialSetup1.0.0.15-3.cab

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Hopefully it will now run - if not restart in safe mode ---

Then download Spybot S&D load it and run in safe mode - it may complain but it should run.


Once it get running then we can do a proper clean out.

Speedy Gonzales
13-03-2008, 09:43 AM
And if myway / mywebsearch are in add/remove programs uninstall them.

And uninstall all versions of Sun Java, yours is out of date. Update is in my sig below.

snow rose
13-03-2008, 09:00 PM
after i delete some from HjT its work :) (( thanx for all of u guys))

but i can't delete the symantic by NORTON REMOVAL TOOL and i can't delete it from add/remove prgrams because it request passward!!! :badpc:

Speedy Gonzales
13-03-2008, 09:06 PM
Type in symantec for the password

snow rose
13-03-2008, 11:06 PM
Type in symantec for the password

I tried but it's Wrong passward :(

Speedy Gonzales
13-03-2008, 11:13 PM
What version is it?? 2001? other? corporate version?

Is it the antivirus or Internet security version?

Speedy Gonzales
13-03-2008, 11:31 PM
If youre using a corporate version Of Symantec try this

(Be careful what you delete)

1) Open Regedit

2) Browse to HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusPro tect6\CurrentVersion\Administrator Only\Security\

3) Change the value for this key from 1 to 0

useVPuninstallpassword

4) Close the registry and retry the uninstall

snow rose
13-03-2008, 11:46 PM
yes its Symantec AntiVirus - Symantec Corporation

Speedy Gonzales
13-03-2008, 11:48 PM
Try what I posted in the previous post.. Go into the registry

bevy121
14-03-2008, 12:27 AM
Don't know if this relates to your symantec product or not...

-----

In the Symantec System Center console :

right-click a server, server group, or a client group.

Then click :

All Tasks > Symantec AntiVirus > Client Administrator Only Options.

On the Security tab, uncheck :

"Ask for password to allow uninstall of Symantec AntiVirus Client."

snow rose
14-03-2008, 02:25 AM
If youre using a corporate version Of Symantec try this

(Be careful what you delete)

1) Open Regedit

2) Browse to HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusPro tect6\CurrentVersion\Administrator Only\Security\

3) Change the value for this key from 1 to 0

useVPuninstallpassword

4) Close the registry and retry the uninstall

OK i did all of that steps but finally #3 i didn't fond number 1 to change it to 0
i just found this # 20CA737A8537345C442D8912DCADD82D0CA2E030E5E

and (( even i don't know exactly how to change the value))

thanx for helping me and i am waiting for ur reply

snow rose
14-03-2008, 02:45 AM
yeees i find it now

but can u tell me how to change the value pleaseee

snow rose
14-03-2008, 04:58 AM
woooooooooow i changed the value and i uninstall it

Thank you soooooo much for all of you