win min w-find.com

Rose53562 · 07-08-2005, 05:27 AM

On shut down, I get a Win Min error and my brower is reset to W-find.com. I have tried to follow other resolutions but do not find the same programs or reg setting.

Would you please take a look at my HijackThis Log and point out what needs to be removed. Thank you for all your help.

Rose

Logfile of HijackThis v1.99.1
Scan saved at 9:45:30 PM, on 7/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\windows\bfmkbak.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\tttw\arso.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\LaForest\My Documents\Downloads\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [vllhuxp] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [wsvimlc] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [tjkxtxd] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [sfkkmui] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [uyhbehw] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [exabqvh] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [lnqqbwu] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [jcccihb] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [gnbtoln] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [wgmwhxn] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [tndcmbp] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [fpyfxik] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [kxyrfju] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [dbrvwln] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [xvptxlc] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [filkbkm] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [xhyijrl] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [nhuclhr] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [pwbcads] c:\windows\najtyuh.exe
O4 - HKCU\..\Run: [anlipps] c:\windows\najtyuh.exe
O4 - HKCU\..\Run: [knjfgbh] c:\windows\najtyuh.exe
O4 - HKCU\..\Run: [ilxtyys] c:\windows\najtyuh.exe
O4 - HKCU\..\Run: [wrkpfcs] c:\windows\uomxbbo.exe
O4 - HKCU\..\Run: [ahxmijb] c:\windows\wrpcrhi.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - HKCU\..\Run: [umouymj] c:\windows\ginbwrs.exe
O4 - HKCU\..\Run: [vsuebbn] c:\windows\ginbwrs.exe
O4 - HKCU\..\Run: [ckyaifh] c:\windows\ginbwrs.exe
O4 - HKCU\..\Run: [lcffair] c:\windows\ginbwrs.exe
O4 - HKCU\..\Run: [pciuukr] c:\windows\khxfyyg.exe
O4 - HKCU\..\Run: [ayqmewd] c:\windows\khxfyyg.exe
O4 - HKCU\..\Run: [wlsxyil] c:\windows\khxfyyg.exe
O4 - HKCU\..\Run: [qtltbml] c:\windows\noohwna.exe
O4 - HKCU\..\Run: [opnwdmu] c:\windows\noohwna.exe
O4 - HKCU\..\Run: [tudbflt] c:\windows\noohwna.exe
O4 - HKCU\..\Run: [odrymox] c:\windows\noohwna.exe
O4 - HKCU\..\Run: [ihynlwy] c:\windows\noohwna.exe
O4 - HKCU\..\Run: [ftlwcfw] c:\windows\noohwna.exe
O4 - HKCU\..\Run: [cqsywfg] c:\windows\noohwna.exe
O4 - HKCU\..\Run: [ijbjtuh] c:\windows\wjninlo.exe
O4 - HKCU\..\Run: [ndgjuoe] c:\windows\youxoat.exe
O4 - HKCU\..\Run: [uhlrhrg] c:\windows\lsnextn.exe
O4 - HKCU\..\Run: [pidlkeg] c:\windows\eopqoiq.exe
O4 - HKCU\..\Run: [wogvipa] c:\windows\eopqoiq.exe
O4 - HKCU\..\Run: [buewkxs] c:\windows\eopqoiq.exe
O4 - HKCU\..\Run: [rkwkfri] c:\windows\vwnaiww.exe
O4 - HKCU\..\Run: [jtikuuv] c:\windows\vwnaiww.exe
O4 - HKCU\..\Run: [ngaarrt] c:\windows\vwnaiww.exe
O4 - HKCU\..\Run: [niekgva] c:\windows\vwnaiww.exe
O4 - HKCU\..\Run: [ctuxsdu] c:\windows\xaikuhj.exe
O4 - HKCU\..\Run: [njxngnd] c:\windows\ekftigd.exe
O4 - HKCU\..\Run: [Eshh] C:\Program Files\tttw\arso.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120508471046
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {FCC56E79-0FA2-4969-9164-06F140763455} (ActiveFormX Control) - http://klikw.com/awd/cabs/10110.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

**jgvernonco** · 07-08-2005, 07:34 AM

Greetings, and welcome to TSF!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

===============

Download, unzip to your desktop CWShredder and run it, then:

1. Click "Check For Update"

(If an update isn't available, skip to step #4.)

2. Click "Click here to Download the upate".
3. When the new version has been downloaded, click "Save".
4. Click "Fix ->"

===============

Download LSPFix and unzip to your desktop, then run it. Now, we need to:

1. check(tick) "I know what i'm doing".
2. click on (highlight) each occurance of the following, one at a time:

flsmngr.dll

3. then click ">>", mo'ing each one, individually, to the 'Remove' pane.
4. (double-check, and make sure that only the above files are in the 'Remove'pane.)
5. click "Finish >>"

===============

Run HiJackThis then:

1. Click "Config..."
2. Click "Misc Tools"
3. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\windows\bfmkbak.exe
C:\Program Files\tttw\arso.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/

O4 - HKCU\..\Run: [vllhuxp] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [wsvimlc] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [tjkxtxd] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [sfkkmui] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [uyhbehw] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [exabqvh] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [lnqqbwu] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [jcccihb] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [gnbtoln] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [wgmwhxn] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [tndcmbp] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [fpyfxik] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [kxyrfju] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [dbrvwln] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [xvptxlc] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [filkbkm] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [xhyijrl] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [nhuclhr] c:\windows\bfmkbak.exe
O4 - HKCU\..\Run: [pwbcads] c:\windows\najtyuh.exe
O4 - HKCU\..\Run: [anlipps] c:\windows\najtyuh.exe
O4 - HKCU\..\Run: [knjfgbh] c:\windows\najtyuh.exe
O4 - HKCU\..\Run: [ilxtyys] c:\windows\najtyuh.exe
O4 - HKCU\..\Run: [wrkpfcs] c:\windows\uomxbbo.exe
O4 - HKCU\..\Run: [ahxmijb] c:\windows\wrpcrhi.exe
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - HKCU\..\Run: [umouymj] c:\windows\ginbwrs.exe
O4 - HKCU\..\Run: [vsuebbn] c:\windows\ginbwrs.exe
O4 - HKCU\..\Run: [ckyaifh] c:\windows\ginbwrs.exe
O4 - HKCU\..\Run: [lcffair] c:\windows\ginbwrs.exe
O4 - HKCU\..\Run: [pciuukr] c:\windows\khxfyyg.exe
O4 - HKCU\..\Run: [ayqmewd] c:\windows\khxfyyg.exe
O4 - HKCU\..\Run: [wlsxyil] c:\windows\khxfyyg.exe
O4 - HKCU\..\Run: [qtltbml] c:\windows\noohwna.exe
O4 - HKCU\..\Run: [opnwdmu] c:\windows\noohwna.exe
O4 - HKCU\..\Run: [tudbflt] c:\windows\noohwna.exe
O4 - HKCU\..\Run: [odrymox] c:\windows\noohwna.exe
O4 - HKCU\..\Run: [ihynlwy] c:\windows\noohwna.exe
O4 - HKCU\..\Run: [ftlwcfw] c:\windows\noohwna.exe
O4 - HKCU\..\Run: [cqsywfg] c:\windows\noohwna.exe
O4 - HKCU\..\Run: [ijbjtuh] c:\windows\wjninlo.exe
O4 - HKCU\..\Run: [ndgjuoe] c:\windows\youxoat.exe
O4 - HKCU\..\Run: [uhlrhrg] c:\windows\lsnextn.exe
O4 - HKCU\..\Run: [pidlkeg] c:\windows\eopqoiq.exe
O4 - HKCU\..\Run: [wogvipa] c:\windows\eopqoiq.exe
O4 - HKCU\..\Run: [buewkxs] c:\windows\eopqoiq.exe
O4 - HKCU\..\Run: [rkwkfri] c:\windows\vwnaiww.exe
O4 - HKCU\..\Run: [jtikuuv] c:\windows\vwnaiww.exe
O4 - HKCU\..\Run: [ngaarrt] c:\windows\vwnaiww.exe
O4 - HKCU\..\Run: [niekgva] c:\windows\vwnaiww.exe
O4 - HKCU\..\Run: [ctuxsdu] c:\windows\xaikuhj.exe
O4 - HKCU\..\Run: [njxngnd] c:\windows\ekftigd.exe
O4 - HKCU\..\Run: [Eshh] C:\Program Files\tttw\arso.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?

O16 - DPF: {FCC56E79-0FA2-4969-9164-06F140763455} (ActiveFormX Control) - http://klikw.com/awd/cabs/10110.cab

Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

C:\Program Files\tttw
C:\Program Files\rdso

files...

C:\windows\bfmkbak.exe
c:\windows\najtyuh.exe
c:\windows\uomxbbo.exe
c:\windows\wrpcrhi.exe
c:\windows\ginbwrs.exe
c:\windows\khxfyyg.exe
c:\windows\noohwna.exe
c:\windows\wjninlo.exe
c:\windows\youxoat.exe
c:\windows\lsnextn.exe
c:\windows\eopqoiq.exe
c:\windows\vwnaiww.exe
c:\windows\xaikuhj.exe
c:\windows\ekftigd.exe
c:\windows\system32\flsmngr.dll

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

===============

Post back a new log, and let us know how everything goes.

Rose53562 · 07-12-2005, 10:02 AM

Thanks for the quick response. You are better than Norton's support techs and a lot more helpful.

I walk through the step as you suggested. Now I have a new set of problems. My system cannot connect to the internet or my network. On start up, the system is super slow and the service svchost.exe is eating up all the available cpu processing. There is also an error displayed about the Cisco Systems VPN.

When I try to repair the network connection the error, "TCP/IP is not enable for this connection". I run Norton's, Ad-ware and Spybot. Everything but Spybot is clean. It is unable to remove "Xuron55" because other process is accessing it. Below is my latest HiJackThis Log.

If you have any additional advise that can help me out of this dilemma, it would be greatly appreciated.

Rose

Logfile of HijackThis v1.99.1
Scan saved at 6:55:46 AM, on 7/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\LaForest\My Documents\Downloads\hijackthis_199\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120508471046
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

MicroBell · 07-12-2005, 08:01 PM

Did you run LSP fix before deleting the flsmngr.dll file? Your winsock layer may be corrupt...hence you can't get on the internet. Lets try to repair that.

Download Winsock2Fix and unzip it. Then double-click on it to run it.

Download and install CleanUp! but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups

Download, install, and update Ewido Security Suite

Install ewido security suite
Launch ewido, there should be a big E icon on your desktop, double-click it.
The program will prompt you to update click the OK button
The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update
Click on Start

The update will start and a progress bar will show the updates being installed.
After the updates are installed, exit Ewido

Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Run Ewido:

Click [Scanner]
Click [Complete System Scan] to begin scanning.
Click [OK] when prompted to clean files
With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
Once finished, click the [Save report] button
Save the report to your desktop

Close Ewido

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
[X]Scan local drives for temporary files (Please uncheck this option)
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Once back to normal mode (asumming your internet connection is ok) do an online scan from http://www.pandasoftware.com/actives..._principal.htm
Select the "Autofix/Clean" option and save the activescan log. Then post the following logs.

Panda scan log
Ewido log

Rose53562 · 07-13-2005, 03:56 PM

THANK YOU!!!!! My system is backup and in working order. I followed you recommedations. Winsock2Fix repaired the internet and network access issue. Ewido founds some additional spyware. The log below. However Pandas ActiveScan would not run.

Thanks again, Rose

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:43:02 PM, 7/13/2005
+ Report-Checksum: C0B1F169

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{16097036-894C-4C00-A61F-93CA0D49A70E} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2ED5AF98-9258-45BA-B79B-06625C92F662} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D273D427-57C6-4B12-860F-BBB8195F6E2A} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{F720B40F-3A38-4B22-B30D-DCF095D42498} -> Spyware.P2PNetworking : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1A2FA94E-42D5-42CB-A191-DD6661\06B9E16F-D0DE-4E6B-ABCF-B2E6EF -> Spyware.P2PNetworking : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1A2FA94E-42D5-42CB-A191-DD6661\67065028-181E-435E-9334-3EA156 -> Spyware.P2PNetworking : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\AF68FDAE-784A-4437-A966-1951C0\DC03D3E0-43EA-488F-880B-4A5D16 -> Dialer.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B10C2B76-0CE1-4353-A977-7CD8FD\4CFA555C-D1C0-48EB-92D1-42A931 -> Spyware.MyWay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B10C2B76-0CE1-4353-A977-7CD8FD\644A530D-9472-44ED-AD73-2006DA -> Spyware.MyWay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B10C2B76-0CE1-4353-A977-7CD8FD\E8949278-A8D3-4703-9236-79D8FE -> Spyware.MyWay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FAF7FBB2-5145-4E06-92ED-CAD959\5237321A-98C6-4383-94BD-A1C067 -> Spyware.RXBar : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\sywer.exe -> TrojanDownloader.Delf.p : Cleaned with backup
C:\WINDOWS\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\mxaaaaaa.exe -> Spyware.Hijacker.Generic : Cleaned with backup

::Report End

MicroBell · 07-13-2005, 05:32 PM

It appears that Ewido cleaned those files. Please post another hijackthis log and let me know of any problems. Also make sure these files have been deleted.

C:\Program Files\Need2Find <--folder
C:\sywer.exe
C:\WINDOWS\bbchk.exe
C:\WINDOWS\SYSTEM32\mxaaaaaa.exe

Rose53562 · 07-17-2005, 08:51 AM

Below my latest HijackThis log. Only the Need2Find folder was on my system the three file could not be found.

One last question, what security s/w and firewall do you recommend? Eventhrough I have Notorn, I feeling very exposed.

Thank you again.

Rose

Logfile of HijackThis v1.99.1
Scan saved at 9:02:32 AM, on 7/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\LaForest\My Documents\Downloads\hijackthis_199\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120508471046
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

MicroBell · 07-17-2005, 07:32 PM

Your log is clean. Open system restore and disable it. Then re-enable it. This will clear the infection out of your restore folder. Please read through the spyware prevention section on how to protect yourself from spyware/adware Here and use the recommend programs and methods to protect yourself!

There is a few links on that page I posted about firewalls. I use Zonealarm on my PC. Also visit microsofts windows update page and install the latest service packs and security updates. Please reply back one more time..so I can move this thread to resolved.

Rose53562 · 07-19-2005, 05:17 AM

Thank you for the recommedations and all your help...............Rose

07-08-2005, 05:27 AM	#1 (permalink)
Rose53562 Registered User Join Date: Jul 2005 Posts: 5 OS: XP	win min w-find.com On shut down, I get a Win Min error and my brower is reset to W-find.com. I have tried to follow other resolutions but do not find the same programs or reg setting. Would you please take a look at my HijackThis Log and point out what needs to be removed. Thank you for all your help. Rose Logfile of HijackThis v1.99.1 Scan saved at 9:45:30 PM, on 7/7/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\windows\bfmkbak.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\tttw\arso.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Documents and Settings\LaForest\My Documents\Downloads\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/ F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKCU\..\Run: [vllhuxp] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [wsvimlc] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [tjkxtxd] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [sfkkmui] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [uyhbehw] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [exabqvh] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [lnqqbwu] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [jcccihb] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [gnbtoln] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [wgmwhxn] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [tndcmbp] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [fpyfxik] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [kxyrfju] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [dbrvwln] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [xvptxlc] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [filkbkm] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [xhyijrl] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [nhuclhr] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [pwbcads] c:\windows\najtyuh.exe O4 - HKCU\..\Run: [anlipps] c:\windows\najtyuh.exe O4 - HKCU\..\Run: [knjfgbh] c:\windows\najtyuh.exe O4 - HKCU\..\Run: [ilxtyys] c:\windows\najtyuh.exe O4 - HKCU\..\Run: [wrkpfcs] c:\windows\uomxbbo.exe O4 - HKCU\..\Run: [ahxmijb] c:\windows\wrpcrhi.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe O4 - HKCU\..\Run: [umouymj] c:\windows\ginbwrs.exe O4 - HKCU\..\Run: [vsuebbn] c:\windows\ginbwrs.exe O4 - HKCU\..\Run: [ckyaifh] c:\windows\ginbwrs.exe O4 - HKCU\..\Run: [lcffair] c:\windows\ginbwrs.exe O4 - HKCU\..\Run: [pciuukr] c:\windows\khxfyyg.exe O4 - HKCU\..\Run: [ayqmewd] c:\windows\khxfyyg.exe O4 - HKCU\..\Run: [wlsxyil] c:\windows\khxfyyg.exe O4 - HKCU\..\Run: [qtltbml] c:\windows\noohwna.exe O4 - HKCU\..\Run: [opnwdmu] c:\windows\noohwna.exe O4 - HKCU\..\Run: [tudbflt] c:\windows\noohwna.exe O4 - HKCU\..\Run: [odrymox] c:\windows\noohwna.exe O4 - HKCU\..\Run: [ihynlwy] c:\windows\noohwna.exe O4 - HKCU\..\Run: [ftlwcfw] c:\windows\noohwna.exe O4 - HKCU\..\Run: [cqsywfg] c:\windows\noohwna.exe O4 - HKCU\..\Run: [ijbjtuh] c:\windows\wjninlo.exe O4 - HKCU\..\Run: [ndgjuoe] c:\windows\youxoat.exe O4 - HKCU\..\Run: [uhlrhrg] c:\windows\lsnextn.exe O4 - HKCU\..\Run: [pidlkeg] c:\windows\eopqoiq.exe O4 - HKCU\..\Run: [wogvipa] c:\windows\eopqoiq.exe O4 - HKCU\..\Run: [buewkxs] c:\windows\eopqoiq.exe O4 - HKCU\..\Run: [rkwkfri] c:\windows\vwnaiww.exe O4 - HKCU\..\Run: [jtikuuv] c:\windows\vwnaiww.exe O4 - HKCU\..\Run: [ngaarrt] c:\windows\vwnaiww.exe O4 - HKCU\..\Run: [niekgva] c:\windows\vwnaiww.exe O4 - HKCU\..\Run: [ctuxsdu] c:\windows\xaikuhj.exe O4 - HKCU\..\Run: [njxngnd] c:\windows\ekftigd.exe O4 - HKCU\..\Run: [Eshh] C:\Program Files\tttw\arso.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120508471046 O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab O16 - DPF: {FCC56E79-0FA2-4969-9164-06F140763455} (ActiveFormX Control) - http://klikw.com/awd/cabs/10110.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

07-08-2005, 07:34 AM	#2 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,958 OS: Vista Home Premium, SP 27	Greetings, and welcome to TSF! Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked. For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep). =============== Download, unzip to your desktop CWShredder and run it, then: 1. Click "*Check For Update" (If an update isn't available, skip to step #4.) 2. Click "Click here to Download the upate". 3. When the new version has been downloaded, click "Save". 4. Click "Fix ->" =============== Download LSPFix and unzip to your desktop, then run it. Now, we need to: 1. check(tick) "I know what i'm doing". 2. click on (highlight) each occurance of the following, one at a time: flsmngr.dll* 3. then click ">>", mo'ing each one, individually, to the 'Remove' pane. 4. (double-check, and make sure that only the above files are in the 'Remove'pane.) 5. click "*Finish >>" =============== Run HiJackThis* then: 1. Click "*Config..." 2. Click "Misc Tools" 3. Click "Open Process manager" - Next, while holding down the CTRL* key, locate (if present) and click on (highlight) each of the following: C:\windows\bfmkbak.exe C:\Program Files\tttw\arso.exe Now double-check and make sure that only those item(s) above are highlighted, then click "*Kill process". Now, click "Refresh", check again, and repeat this step if any remain. =============== Run HiJackThis* and click "*Scan", then check(tick) the following, if present: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm* R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/ O4 - HKCU\..\Run: [vllhuxp] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [wsvimlc] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [tjkxtxd] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [sfkkmui] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [uyhbehw] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [exabqvh] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [lnqqbwu] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [jcccihb] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [gnbtoln] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [wgmwhxn] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [tndcmbp] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [fpyfxik] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [kxyrfju] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [dbrvwln] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [xvptxlc] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [filkbkm] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [xhyijrl] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [nhuclhr] c:\windows\bfmkbak.exe O4 - HKCU\..\Run: [pwbcads] c:\windows\najtyuh.exe O4 - HKCU\..\Run: [anlipps] c:\windows\najtyuh.exe O4 - HKCU\..\Run: [knjfgbh] c:\windows\najtyuh.exe O4 - HKCU\..\Run: [ilxtyys] c:\windows\najtyuh.exe O4 - HKCU\..\Run: [wrkpfcs] c:\windows\uomxbbo.exe O4 - HKCU\..\Run: [ahxmijb] c:\windows\wrpcrhi.exe O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe O4 - HKCU\..\Run: [umouymj] c:\windows\ginbwrs.exe O4 - HKCU\..\Run: [vsuebbn] c:\windows\ginbwrs.exe O4 - HKCU\..\Run: [ckyaifh] c:\windows\ginbwrs.exe O4 - HKCU\..\Run: [lcffair] c:\windows\ginbwrs.exe O4 - HKCU\..\Run: [pciuukr] c:\windows\khxfyyg.exe O4 - HKCU\..\Run: [ayqmewd] c:\windows\khxfyyg.exe O4 - HKCU\..\Run: [wlsxyil] c:\windows\khxfyyg.exe O4 - HKCU\..\Run: [qtltbml] c:\windows\noohwna.exe O4 - HKCU\..\Run: [opnwdmu] c:\windows\noohwna.exe O4 - HKCU\..\Run: [tudbflt] c:\windows\noohwna.exe O4 - HKCU\..\Run: [odrymox] c:\windows\noohwna.exe O4 - HKCU\..\Run: [ihynlwy] c:\windows\noohwna.exe O4 - HKCU\..\Run: [ftlwcfw] c:\windows\noohwna.exe O4 - HKCU\..\Run: [cqsywfg] c:\windows\noohwna.exe O4 - HKCU\..\Run: [ijbjtuh] c:\windows\wjninlo.exe O4 - HKCU\..\Run: [ndgjuoe] c:\windows\youxoat.exe O4 - HKCU\..\Run: [uhlrhrg] c:\windows\lsnextn.exe O4 - HKCU\..\Run: [pidlkeg] c:\windows\eopqoiq.exe O4 - HKCU\..\Run: [wogvipa] c:\windows\eopqoiq.exe O4 - HKCU\..\Run: [buewkxs] c:\windows\eopqoiq.exe O4 - HKCU\..\Run: [rkwkfri] c:\windows\vwnaiww.exe O4 - HKCU\..\Run: [jtikuuv] c:\windows\vwnaiww.exe O4 - HKCU\..\Run: [ngaarrt] c:\windows\vwnaiww.exe O4 - HKCU\..\Run: [niekgva] c:\windows\vwnaiww.exe O4 - HKCU\..\Run: [ctuxsdu] c:\windows\xaikuhj.exe O4 - HKCU\..\Run: [njxngnd] c:\windows\ekftigd.exe O4 - HKCU\..\Run: [Eshh] C:\Program Files\tttw\arso.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O16 - DPF: {FCC56E79-0FA2-4969-9164-06F140763455} (ActiveFormX Control) - http://klikw.com/awd/cabs/10110.cab Now, with all windows closed except HiJackThis, click "*Fix checked". =============== Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders: folders...* C:\Program Files\tttw C:\Program Files\rdso files... C:\windows\bfmkbak.exe c:\windows\najtyuh.exe c:\windows\uomxbbo.exe c:\windows\wrpcrhi.exe c:\windows\ginbwrs.exe c:\windows\khxfyyg.exe c:\windows\noohwna.exe c:\windows\wjninlo.exe c:\windows\youxoat.exe c:\windows\lsnextn.exe c:\windows\eopqoiq.exe c:\windows\vwnaiww.exe c:\windows\xaikuhj.exe c:\windows\ekftigd.exe c:\windows\system32\flsmngr.dll - Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode". =============== Post back a new log, and let us know how everything goes. __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt

07-12-2005, 08:01 PM	#4 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,965 OS: Windows XP-Pro SP2	Did you run LSP fix before deleting the flsmngr.dll file? Your winsock layer may be corrupt...hence you can't get on the internet. Lets try to repair that. Download Winsock2Fix and unzip it. Then double-click on it to run it. Download and install CleanUp! but do not run it yet. NOTE Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups Download, install, and update Ewido Security Suite Install ewido security suite Launch ewido, there should be a big E icon on your desktop, double-click it. The program will prompt you to update click the OK button The program will now go to the main screen You will need to update ewido to the latest definition files. On the left hand side of the main screen click update Click on Start The update will start and a progress bar will show the updates being installed. After the updates are installed, exit Ewido Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Run Ewido: Click [Scanner] Click [Complete System Scan] to begin scanning. Click [OK] when prompted to clean files With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK]. Once finished, click the [Save report] button Save the report to your desktop Close Ewido Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files [X]Scan local drives for temporary files (Please uncheck this option) Cleanup! All Users Click OK Press the CleanUp!* button to start the program. Reboot/logoff when prompted. Once back to normal mode (asumming your internet connection is ok) do an online scan from http://www.pandasoftware.com/actives..._principal.htm Select the "Autofix/Clean" option and save the activescan log. Then post the following logs. Panda scan log Ewido log __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

07-13-2005, 05:32 PM	#6 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,965 OS: Windows XP-Pro SP2	It appears that Ewido cleaned those files. Please post another hijackthis log and let me know of any problems. Also make sure these files have been deleted. C:\Program Files\Need2Find <--folder C:\sywer.exe C:\WINDOWS\bbchk.exe C:\WINDOWS\SYSTEM32\mxaaaaaa.exe __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

07-17-2005, 07:32 PM	#8 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,965 OS: Windows XP-Pro SP2	Your log is clean. Open system restore and disable it. Then re-enable it. This will clear the infection out of your restore folder. Please read through the spyware prevention section on how to protect yourself from spyware/adware Here and use the recommend programs and methods to protect yourself! There is a few links on that page I posted about firewalls. I use Zonealarm on my PC. Also visit microsofts windows update page and install the latest service packs and security updates. Please reply back one more time..so I can move this thread to resolved. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

07-12-2005, 10:02 AM	#3 (permalink)
Rose53562 Registered User Join Date: Jul 2005 Posts: 5 OS: XP	Thanks for the quick response. You are better than Norton's support techs and a lot more helpful. I walk through the step as you suggested. Now I have a new set of problems. My system cannot connect to the internet or my network. On start up, the system is super slow and the service svchost.exe is eating up all the available cpu processing. There is also an error displayed about the Cisco Systems VPN. When I try to repair the network connection the error, "TCP/IP is not enable for this connection". I run Norton's, Ad-ware and Spybot. Everything but Spybot is clean. It is unable to remove "Xuron55" because other process is accessing it. Below is my latest HiJackThis Log. If you have any additional advise that can help me out of this dilemma, it would be greatly appreciated. Rose Logfile of HijackThis v1.99.1 Scan saved at 6:55:46 AM, on 7/12/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\LaForest\My Documents\Downloads\hijackthis_199\HijackThis.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120508471046 O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

07-13-2005, 03:56 PM	#5 (permalink)
Rose53562 Registered User Join Date: Jul 2005 Posts: 5 OS: XP	THANK YOU!!!!! My system is backup and in working order. I followed you recommedations. Winsock2Fix repaired the internet and network access issue. Ewido founds some additional spyware. The log below. However Pandas ActiveScan would not run. Thanks again, Rose --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 4:43:02 PM, 7/13/2005 + Report-Checksum: C0B1F169 + Scan result: HKLM\SOFTWARE\Classes\Interface\{16097036-894C-4C00-A61F-93CA0D49A70E} -> Spyware.TOPicks : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{2ED5AF98-9258-45BA-B79B-06625C92F662} -> Spyware.TOPicks : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{D273D427-57C6-4B12-860F-BBB8195F6E2A} -> Spyware.TOPicks : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099} -> Spyware.TOPicks : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{F720B40F-3A38-4B22-B30D-DCF095D42498} -> Spyware.P2PNetworking : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\1A2FA94E-42D5-42CB-A191-DD6661\06B9E16F-D0DE-4E6B-ABCF-B2E6EF -> Spyware.P2PNetworking : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\1A2FA94E-42D5-42CB-A191-DD6661\67065028-181E-435E-9334-3EA156 -> Spyware.P2PNetworking : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\AF68FDAE-784A-4437-A966-1951C0\DC03D3E0-43EA-488F-880B-4A5D16 -> Dialer.Generic : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\B10C2B76-0CE1-4353-A977-7CD8FD\4CFA555C-D1C0-48EB-92D1-42A931 -> Spyware.MyWay : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\B10C2B76-0CE1-4353-A977-7CD8FD\644A530D-9472-44ED-AD73-2006DA -> Spyware.MyWay : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\B10C2B76-0CE1-4353-A977-7CD8FD\E8949278-A8D3-4703-9236-79D8FE -> Spyware.MyWay : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\FAF7FBB2-5145-4E06-92ED-CAD959\5237321A-98C6-4383-94BD-A1C067 -> Spyware.RXBar : Cleaned with backup C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL -> Spyware.MyWebSearch : Cleaned with backup C:\sywer.exe -> TrojanDownloader.Delf.p : Cleaned with backup C:\WINDOWS\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup C:\WINDOWS\SYSTEM32\mxaaaaaa.exe -> Spyware.Hijacker.Generic : Cleaned with backup ::Report End

07-17-2005, 08:51 AM	#7 (permalink)
Rose53562 Registered User Join Date: Jul 2005 Posts: 5 OS: XP	Below my latest HijackThis log. Only the Need2Find folder was on my system the three file could not be found. One last question, what security s/w and firewall do you recommend? Eventhrough I have Notorn, I feeling very exposed. Thank you again. Rose Logfile of HijackThis v1.99.1 Scan saved at 9:02:32 AM, on 7/17/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Documents and Settings\LaForest\My Documents\Downloads\hijackthis_199\HijackThis.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120508471046 O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

07-19-2005, 05:17 AM	#9 (permalink)
Rose53562 Registered User Join Date: Jul 2005 Posts: 5 OS: XP	Thank you for the recommedations and all your help...............Rose