Any help would be greatly appreciated

psychonaut · 08-09-2005, 06:53 AM

My wifes puter has caught a bug somewhere, probably from the kids playing downloaded games on it

, she now gets pop ups, screen freeze and programs stop and get the internet explorer error send box, I ran all the checks you advised in your link and here is the hijack log

Logfile of HijackThis v1.99.1
Scan saved at 8:38:23 AM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\dan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qshfzhmoyfacmdngbkehou.co...1R7/hweef.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: CleanMyPCPopupBlocker Class - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {981BA35C-EE6B-4E78-2B71-952077148D61} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C3D856FA-73B5-4A20-7D48-8EC6B3C115AD} - C:\DOCUME~1\dan\APPLIC~1\ownsatom\Axis Grim.exe (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [cakeidolhelpdash] C:\Documents and Settings\All Users\Application Data\Dale Rdr Cake Idol\SLOW DELETE.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Newplan] C:\DOCUME~1\dan\APPLIC~1\BARBCA~1\Kind Shim Stop.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

any help would be greatly appreciated

tetonbob · 08-09-2005, 11:27 AM

You have a nifty little LOP infection there.....

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Make sure you downloaded, installed, updated and ran these programs already - Ad-aware, Spybot and CWShredder. If you didn't, do them now. For more information, go to http://www.greyknight17.com/spyware.htm

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qshfzhmoyfacmdngbkehou.c...j1R7/hweef.html
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {981BA35C-EE6B-4E78-2B71-952077148D61} - (no file)
O2 - BHO: (no name) - {C3D856FA-73B5-4A20-7D48-8EC6B3C115AD} - C:\DOCUME~1\dan\APPLIC~1\ownsatom\Axis Grim.exe (file missing)
O4 - HKLM\..\Run: [cakeidolhelpdash] C:\Documents and Settings\All Users\Application Data\Dale Rdr Cake Idol\SLOW DELETE.exe
O4 - HKCU\..\Run: [Newplan] C:\DOCUME~1\dan\APPLIC~1\BARBCA~1\Kind Shim Stop.exe

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\DOCUME~1\dan\APPLIC~1\ownsatom
C:\Documents and Settings\All Users\Application Data\Dale Rdr Cake Idol
C:\DOCUME~1\dan\APPLIC~1\BARBCA~1<<<this will be a folder which begins with BARBCA

Restart and run a new HijackThis scan. Save the log file and post it here.

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).

Save it to your desktop.
Double-click the new icon on your desktop (tmas-web-scan.exe)
It will say "Loading TrendMicro definitions".
Once the definitions are loaded, the program will appear to close then re-open.
Click "Start Scan"
After it's done scanning, click "Scan Results"
Make sure all items found have a check next to them, then click "Clean Threats Now".
Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post.

Run an online virus scan at Panda ActiveScan. Post the log from the Panda scan here.

If you have one of these, you will most likely have the other. Either way, here are some information on them:

BroadJump - Newer name for BroadJump Foundation Client (BJCFD) from BroadJump.com, now Motive. The software collects information on your Internet activity and sends it to your ISP so that your ISP can serve you advertisements related to the type of sites you visit.

Support.com - Spyware from SupportSoft provided to manufacturers, such as Sony (Vaio Support Agent) and Toshiba (Virtual Tech), and ISPs, such as Comcast, Cox and Charter (Pipeline Support Agent), that allows them to offer on-line support. This part ensures that software is installed correctly. Regarded as spyware as it has the ability to retrieve user information.

I would ask your ISP on how to remove it and why they installed it in the first place. Please do not uninstall the program, since it looks like it is required for your internet connection. This especially applies to those who use SBC as their ISP (Internet Service Provider). If they can't/won't resolve this problem for you, then it's time to switch to another provider that don't embed this spyware in their program. You will most likely also have BroadJump installed. The same situation applies here also. Try to find out how to remove it from your ISP. Don't uninstall it yourself.

MicroSoft AntiSpyware Program:

Because of recent changes in the way this program now defines and detects spyware/adware it is no longer recommend as a spyware removal tool. Microsoft as downgraded several adware/spyware programs that it used to detect and remove and now lists them simply as “Ignore”

These are some of the adware/spyware programs that this program will NOT prompt you to remove. Claria, 180Solutions, WhenU, New.net, most WhenU apps, eZula,TopText, Gain/Gator, and Webhancer. These are all known adware/spyware programs and hijackers. Basically this product can no longer be trusted!! I recommend you remove it

Here are some other tools which will do the job quite well:

AdawareSE (free)
Spybot Search and Destroy (Teatimer Enabled) (free)
IESpy-Ad (free)
SpywareBlaster (free)
WinPatrol (free)
CounterSpy (free trial).

psychonaut · 08-09-2005, 01:20 PM

things are looking good, here are the logs you asked for

Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 2:27:23 PM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\dan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: CleanMyPCPopupBlocker Class - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

trend scan

Started Scanning
Internet Cookies
Found 'com.com' in 'Internet Explorer Cache'
Found 'a.websponsors.com' in 'Internet Explorer Cache'
Found 'ads.cc214142.com' in 'Internet Explorer Cache'
Found 'azjmp.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Classes\AppID\DMServer.EXE'
Found '' in 'SOFTWARE\Classes\Interface\{04D7391C-AB32-4921-84F3-B63FC0EEDF43}'
Found '' in 'SOFTWARE\Classes\Interface\{04D7391C-AB32-4921-84F3-B63FC0EEDF43}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{04D7391C-AB32-4921-84F3-B63FC0EEDF43}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{04D7391C-AB32-4921-84F3-B63FC0EEDF43}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{09F19D39-3084-47B0-B1CE-26581074BC36}'
Found '' in 'SOFTWARE\Classes\Interface\{09F19D39-3084-47B0-B1CE-26581074BC36}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{09F19D39-3084-47B0-B1CE-26581074BC36}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{09F19D39-3084-47B0-B1CE-26581074BC36}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{2CEC1D83-1F31-41A7-B2BC-A2FE25E3BF34}'
Found '' in 'SOFTWARE\Classes\Interface\{2CEC1D83-1F31-41A7-B2BC-A2FE25E3BF34}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{2CEC1D83-1F31-41A7-B2BC-A2FE25E3BF34}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{2CEC1D83-1F31-41A7-B2BC-A2FE25E3BF34}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{41943AC1-46DC-41EF-A365-713C14C50A06}'
Found '' in 'SOFTWARE\Classes\Interface\{41943AC1-46DC-41EF-A365-713C14C50A06}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{41943AC1-46DC-41EF-A365-713C14C50A06}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{41943AC1-46DC-41EF-A365-713C14C50A06}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{439508F6-E48B-4095-B000-ADC7A02AB29E}'
Found '' in 'SOFTWARE\Classes\Interface\{439508F6-E48B-4095-B000-ADC7A02AB29E}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{439508F6-E48B-4095-B000-ADC7A02AB29E}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{439508F6-E48B-4095-B000-ADC7A02AB29E}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{4E86A93F-4E89-45FD-866B-80D25B0F21A6}'
Found '' in 'SOFTWARE\Classes\Interface\{4E86A93F-4E89-45FD-866B-80D25B0F21A6}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{4E86A93F-4E89-45FD-866B-80D25B0F21A6}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{4E86A93F-4E89-45FD-866B-80D25B0F21A6}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{C7E7863D-2EF7-46F9-A2C2-DD08B2B3C0A5}'
Found '' in 'SOFTWARE\Classes\Interface\{C7E7863D-2EF7-46F9-A2C2-DD08B2B3C0A5}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{C7E7863D-2EF7-46F9-A2C2-DD08B2B3C0A5}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{C7E7863D-2EF7-46F9-A2C2-DD08B2B3C0A5}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{CA74A032-869B-4752-927E-D0DA5677DC23}'
Found '' in 'SOFTWARE\Classes\Interface\{CA74A032-869B-4752-927E-D0DA5677DC23}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{CA74A032-869B-4752-927E-D0DA5677DC23}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{CA74A032-869B-4752-927E-D0DA5677DC23}\TypeLib'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMX'
Internet URL Shortcuts
Files and Directories
Found 'TFR83.dat' in 'C:\Documents and Settings\dan\Application Data\Microsoft\MSN Messenger\2853612106\CustomEmoticons'
Found 'winmx353.exe' in 'C:\Documents and Settings\dan\My Documents\My Downloads'
Found '' in 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX'
Found 'aurl.dat' in 'C:\Program Files\180 Solutions\nCASE3'
Found 'registryCleaner.ico' in 'C:\Program Files\Free Offers from Freeze.com'
Found 'B192D067-F21B-46AA-B973-B62BCF' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\0ED97E80-AAAC-40F0-A7F6-10C178'
Found '' in 'C:\Program Files\WinMX'
Found 'errcatch.exe' in 'C:\Program Files\WinMX'
Found 'uninstall.exe' in 'C:\Program Files\WinMX'
Found 'WinMX.exe' in 'C:\Program Files\WinMX'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\dan\Application Data\Microsoft\MSN Messenger\2853612106\CustomEmoticons\TFR83.dat' in shortcut areas.
Checking for 'C:\Documents and Settings\dan\Application Data\Microsoft\MSN Messenger\2853612106\CustomEmoticons\TFR83.dat' in startup areas.
Cleaning 'C:\Documents and Settings\dan\Application Data\Microsoft\MSN Messenger\2853612106\CustomEmoticons\TFR83.dat'
Checking for 'C:\Documents and Settings\dan\My Documents\My Downloads\winmx353.exe' in shortcut areas.
Checking for 'C:\Documents and Settings\dan\My Documents\My Downloads\winmx353.exe' in startup areas.
Cleaning 'C:\Documents and Settings\dan\My Documents\My Downloads\winmx353.exe'
Checking for 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX' in shortcut areas.
Checking for 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX' in startup areas.
Cleaning 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX'
Checking for 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX\WinMX.lnk' in shortcut areas.
Checking for 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX\WinMX.lnk' in startup areas.
Cleaning 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX\WinMX.lnk'
Checking for 'C:\Program Files\180 Solutions\nCASE3\aurl.dat' in shortcut areas.
Checking for 'C:\Program Files\180 Solutions\nCASE3\aurl.dat' in startup areas.
Cleaning 'C:\Program Files\180 Solutions\nCASE3\aurl.dat'
Checking for 'C:\Program Files\Free Offers from Freeze.com\registryCleaner.ico' in shortcut areas.
Checking for 'C:\Program Files\Free Offers from Freeze.com\registryCleaner.ico' in startup areas.
Cleaning 'C:\Program Files\Free Offers from Freeze.com\registryCleaner.ico'
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\0ED97E80-AAAC-40F0-A7F6-10C178\B192D067-F21B-46AA-B973-B62BCF' in shortcut areas.
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\0ED97E80-AAAC-40F0-A7F6-10C178\B192D067-F21B-46AA-B973-B62BCF' in startup areas.
Checking for 'C:\Program Files\WinMX' in shortcut areas.
Checking for 'C:\Program Files\WinMX' in startup areas.
Cleaning 'C:\Program Files\WinMX'
Checking for 'C:\Program Files\WinMX\colors.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\colors.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\colors.dat'
Checking for 'C:\Program Files\WinMX\contacts.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\contacts.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\contacts.dat'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
Checking for 'C:\Program Files\WinMX\library.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\library.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\library.dat'
Checking for 'C:\Program Files\WinMX\license.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\license.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\license.txt'
Checking for 'C:\Program Files\WinMX\settings.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\settings.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\settings.dat'
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX\'
[SCANMODS] The file 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\wpnpchannelcmds.txt'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\errcatch.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\uninstall.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX\'
[SCANMODS] The file 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\WinMX.exe' was not found. Most likely already cleaned by another scanner module.
Finished Cleaning
Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning

Panda scan

Detected Disinfected
Virus 0 0
Spyware 0 0
Hacking Tools 0 0
Dialers 0 0
Security Risks 0 0
Suspicious files 0 0

no nasty pop ups or freezes so far

looking good, ty

tetonbob · 08-09-2005, 05:00 PM

Congratulations.....your logs are clean!

Any more issues? If not you should be good to go. We still have a few items to address.

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Create a new System Restore point

click Start >> Run - type SYSDM.CPL & press Enter
select the System Restore Tab
tick on the checkbox - "Turn off System Restore on all drives"
click Apply
then untick the same checkbox & click OK

Enable Windows Auto Update

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard to catch and block spyware before it can execute.
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

If you do not have a firewall, here are 3 free ones available for personal use:

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

Please respond to this thread one more time so we can mark this thread as resolved.

psychonaut · 08-10-2005, 07:40 AM

everything seems to be work going ok ty, the links at the end were of use too, once again, ty very much

08-09-2005, 06:53 AM	#1 (permalink)
psychonaut Registered User Join Date: Aug 2005 Location: Originaly UK, now US Posts: 3 OS: XP	Any help would be greatly appreciated My wifes puter has caught a bug somewhere, probably from the kids playing downloaded games on it , she now gets pop ups, screen freeze and programs stop and get the internet explorer error send box, I ran all the checks you advised in your link and here is the hijack log Logfile of HijackThis v1.99.1 Scan saved at 8:38:23 AM, on 8/9/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Dell AIO Printer A940\dlbabmon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe C:\Program Files\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Documents and Settings\dan\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qshfzhmoyfacmdngbkehou.co...1R7/hweef.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local> R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll O2 - BHO: CleanMyPCPopupBlocker Class - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {981BA35C-EE6B-4E78-2B71-952077148D61} - (no file) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C3D856FA-73B5-4A20-7D48-8EC6B3C115AD} - C:\DOCUME~1\dan\APPLIC~1\ownsatom\Axis Grim.exe (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [cakeidolhelpdash] C:\Documents and Settings\All Users\Application Data\Dale Rdr Cake Idol\SLOW DELETE.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [Newplan] C:\DOCUME~1\dan\APPLIC~1\BARBCA~1\Kind Shim Stop.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe any help would be greatly appreciated

08-09-2005, 11:27 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,576 OS: 2000 Pro; XP Pro; XP Home	You have a nifty little LOP infection there..... Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm and then click OK. For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep). Make sure you downloaded, installed, updated and ran these programs already - Ad-aware, Spybot and CWShredder. If you didn't, do them now. For more information, go to http://www.greyknight17.com/spyware.htm Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qshfzhmoyfacmdngbkehou.c...j1R7/hweef.html R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {981BA35C-EE6B-4E78-2B71-952077148D61} - (no file) O2 - BHO: (no name) - {C3D856FA-73B5-4A20-7D48-8EC6B3C115AD} - C:\DOCUME~1\dan\APPLIC~1\ownsatom\Axis Grim.exe (file missing) O4 - HKLM\..\Run: [cakeidolhelpdash] C:\Documents and Settings\All Users\Application Data\Dale Rdr Cake Idol\SLOW DELETE.exe O4 - HKCU\..\Run: [Newplan] C:\DOCUME~1\dan\APPLIC~1\BARBCA~1\Kind Shim Stop.exe Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist: C:\DOCUME~1\dan\APPLIC~1\ownsatom C:\Documents and Settings\All Users\Application Data\Dale Rdr Cake Idol C:\DOCUME~1\dan\APPLIC~1\BARBCA~1<<<this will be a folder which begins with BARBCA Restart and run a new HijackThis scan. Save the log file and post it here. Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button). Save it to your desktop. Double-click the new icon on your desktop (tmas-web-scan.exe) It will say "Loading TrendMicro definitions". Once the definitions are loaded, the program will appear to close then re-open. Click "Start Scan" After it's done scanning, click "Scan Results" Make sure all items found have a check next to them, then click "Clean Threats Now". Click Exit. Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post. Run an online virus scan at Panda ActiveScan. Post the log from the Panda scan here. If you have one of these, you will most likely have the other. Either way, here are some information on them: BroadJump - Newer name for BroadJump Foundation Client (BJCFD) from BroadJump.com, now Motive. The software collects information on your Internet activity and sends it to your ISP so that your ISP can serve you advertisements related to the type of sites you visit. Support.com - Spyware from SupportSoft provided to manufacturers, such as Sony (Vaio Support Agent) and Toshiba (Virtual Tech), and ISPs, such as Comcast, Cox and Charter (Pipeline Support Agent), that allows them to offer on-line support. This part ensures that software is installed correctly. Regarded as spyware as it has the ability to retrieve user information. I would ask your ISP on how to remove it and why they installed it in the first place. Please do not uninstall the program, since it looks like it is required for your internet connection. This especially applies to those who use SBC as their ISP (Internet Service Provider). If they can't/won't resolve this problem for you, then it's time to switch to another provider that don't embed this spyware in their program. You will most likely also have BroadJump installed. The same situation applies here also. Try to find out how to remove it from your ISP. Don't uninstall it yourself. MicroSoft AntiSpyware Program: Because of recent changes in the way this program now defines and detects spyware/adware it is no longer recommend as a spyware removal tool. Microsoft as downgraded several adware/spyware programs that it used to detect and remove and now lists them simply as “Ignore” These are some of the adware/spyware programs that this program will NOT prompt you to remove. Claria, 180Solutions, WhenU, New.net, most WhenU apps, eZula,TopText, Gain/Gator, and Webhancer. These are all known adware/spyware programs and hijackers. Basically this product can no longer be trusted!! I recommend you remove it Here are some other tools which will do the job quite well: AdawareSE (free) Spybot Search and Destroy (Teatimer Enabled) (free) IESpy-Ad (free) SpywareBlaster (free) WinPatrol (free) CounterSpy (free trial). __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

08-09-2005, 05:00 PM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,576 OS: 2000 Pro; XP Pro; XP Home	Congratulations.....your logs are clean! Any more issues? If not you should be good to go. We still have a few items to address. Reset hidden/system files and folders Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide file extensions for known types option. Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Create a new System Restore point click Start >> Run - type SYSDM.CPL & press Enter select the System Restore Tab tick on the checkbox - "Turn off System Restore on all drives" click Apply then untick the same checkbox & click OK Enable Windows Auto Update Go to Start>Run - type wuaucpl.cpl tick on the checkbox - "Keep my computer up to date" Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. If you do not have a firewall, here are 3 free ones available for personal use: Sygate Personal Firewall Kerio Personal Firewall ZoneAlarm In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

08-09-2005, 01:20 PM	#3 (permalink)
psychonaut Registered User Join Date: Aug 2005 Location: Originaly UK, now US Posts: 3 OS: XP	things are looking good, here are the logs you asked for Hijack log Logfile of HijackThis v1.99.1 Scan saved at 2:27:23 PM, on 8/9/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Dell AIO Printer A940\dlbabmon.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\dan\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local> R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll O2 - BHO: CleanMyPCPopupBlocker Class - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe trend scan Started Scanning Internet Cookies Found 'com.com' in 'Internet Explorer Cache' Found 'a.websponsors.com' in 'Internet Explorer Cache' Found 'ads.cc214142.com' in 'Internet Explorer Cache' Found 'azjmp.com' in 'Internet Explorer Cache' Programs in Memory Windows Registry Found '' in 'SOFTWARE\Classes\AppID\DMServer.EXE' Found '' in 'SOFTWARE\Classes\Interface\{04D7391C-AB32-4921-84F3-B63FC0EEDF43}' Found '' in 'SOFTWARE\Classes\Interface\{04D7391C-AB32-4921-84F3-B63FC0EEDF43}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{04D7391C-AB32-4921-84F3-B63FC0EEDF43}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{04D7391C-AB32-4921-84F3-B63FC0EEDF43}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{09F19D39-3084-47B0-B1CE-26581074BC36}' Found '' in 'SOFTWARE\Classes\Interface\{09F19D39-3084-47B0-B1CE-26581074BC36}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{09F19D39-3084-47B0-B1CE-26581074BC36}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{09F19D39-3084-47B0-B1CE-26581074BC36}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{2CEC1D83-1F31-41A7-B2BC-A2FE25E3BF34}' Found '' in 'SOFTWARE\Classes\Interface\{2CEC1D83-1F31-41A7-B2BC-A2FE25E3BF34}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{2CEC1D83-1F31-41A7-B2BC-A2FE25E3BF34}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{2CEC1D83-1F31-41A7-B2BC-A2FE25E3BF34}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{41943AC1-46DC-41EF-A365-713C14C50A06}' Found '' in 'SOFTWARE\Classes\Interface\{41943AC1-46DC-41EF-A365-713C14C50A06}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{41943AC1-46DC-41EF-A365-713C14C50A06}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{41943AC1-46DC-41EF-A365-713C14C50A06}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{439508F6-E48B-4095-B000-ADC7A02AB29E}' Found '' in 'SOFTWARE\Classes\Interface\{439508F6-E48B-4095-B000-ADC7A02AB29E}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{439508F6-E48B-4095-B000-ADC7A02AB29E}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{439508F6-E48B-4095-B000-ADC7A02AB29E}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{4E86A93F-4E89-45FD-866B-80D25B0F21A6}' Found '' in 'SOFTWARE\Classes\Interface\{4E86A93F-4E89-45FD-866B-80D25B0F21A6}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{4E86A93F-4E89-45FD-866B-80D25B0F21A6}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{4E86A93F-4E89-45FD-866B-80D25B0F21A6}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{C7E7863D-2EF7-46F9-A2C2-DD08B2B3C0A5}' Found '' in 'SOFTWARE\Classes\Interface\{C7E7863D-2EF7-46F9-A2C2-DD08B2B3C0A5}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{C7E7863D-2EF7-46F9-A2C2-DD08B2B3C0A5}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{C7E7863D-2EF7-46F9-A2C2-DD08B2B3C0A5}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{CA74A032-869B-4752-927E-D0DA5677DC23}' Found '' in 'SOFTWARE\Classes\Interface\{CA74A032-869B-4752-927E-D0DA5677DC23}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{CA74A032-869B-4752-927E-D0DA5677DC23}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{CA74A032-869B-4752-927E-D0DA5677DC23}\TypeLib' Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1' Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMX' Internet URL Shortcuts Files and Directories Found 'TFR83.dat' in 'C:\Documents and Settings\dan\Application Data\Microsoft\MSN Messenger\2853612106\CustomEmoticons' Found 'winmx353.exe' in 'C:\Documents and Settings\dan\My Documents\My Downloads' Found '' in 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX' Found 'aurl.dat' in 'C:\Program Files\180 Solutions\nCASE3' Found 'registryCleaner.ico' in 'C:\Program Files\Free Offers from Freeze.com' Found 'B192D067-F21B-46AA-B973-B62BCF' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\0ED97E80-AAAC-40F0-A7F6-10C178' Found '' in 'C:\Program Files\WinMX' Found 'errcatch.exe' in 'C:\Program Files\WinMX' Found 'uninstall.exe' in 'C:\Program Files\WinMX' Found 'WinMX.exe' in 'C:\Program Files\WinMX' Finished Scanning Started Backup Finished Backup Started Cleaning Checking for 'C:\Documents and Settings\dan\Application Data\Microsoft\MSN Messenger\2853612106\CustomEmoticons\TFR83.dat' in shortcut areas. Checking for 'C:\Documents and Settings\dan\Application Data\Microsoft\MSN Messenger\2853612106\CustomEmoticons\TFR83.dat' in startup areas. Cleaning 'C:\Documents and Settings\dan\Application Data\Microsoft\MSN Messenger\2853612106\CustomEmoticons\TFR83.dat' Checking for 'C:\Documents and Settings\dan\My Documents\My Downloads\winmx353.exe' in shortcut areas. Checking for 'C:\Documents and Settings\dan\My Documents\My Downloads\winmx353.exe' in startup areas. Cleaning 'C:\Documents and Settings\dan\My Documents\My Downloads\winmx353.exe' Checking for 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX' in shortcut areas. Checking for 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX' in startup areas. Cleaning 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX' Checking for 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX\WinMX.lnk' in shortcut areas. Checking for 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX\WinMX.lnk' in startup areas. Cleaning 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX\WinMX.lnk' Checking for 'C:\Program Files\180 Solutions\nCASE3\aurl.dat' in shortcut areas. Checking for 'C:\Program Files\180 Solutions\nCASE3\aurl.dat' in startup areas. Cleaning 'C:\Program Files\180 Solutions\nCASE3\aurl.dat' Checking for 'C:\Program Files\Free Offers from Freeze.com\registryCleaner.ico' in shortcut areas. Checking for 'C:\Program Files\Free Offers from Freeze.com\registryCleaner.ico' in startup areas. Cleaning 'C:\Program Files\Free Offers from Freeze.com\registryCleaner.ico' Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\0ED97E80-AAAC-40F0-A7F6-10C178\B192D067-F21B-46AA-B973-B62BCF' in shortcut areas. Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\0ED97E80-AAAC-40F0-A7F6-10C178\B192D067-F21B-46AA-B973-B62BCF' in startup areas. Checking for 'C:\Program Files\WinMX' in shortcut areas. Checking for 'C:\Program Files\WinMX' in startup areas. Cleaning 'C:\Program Files\WinMX' Checking for 'C:\Program Files\WinMX\colors.dat' in shortcut areas. Checking for 'C:\Program Files\WinMX\colors.dat' in startup areas. Cleaning 'C:\Program Files\WinMX\colors.dat' Checking for 'C:\Program Files\WinMX\contacts.dat' in shortcut areas. Checking for 'C:\Program Files\WinMX\contacts.dat' in startup areas. Cleaning 'C:\Program Files\WinMX\contacts.dat' Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas. Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\errcatch.exe' Checking for 'C:\Program Files\WinMX\library.dat' in shortcut areas. Checking for 'C:\Program Files\WinMX\library.dat' in startup areas. Cleaning 'C:\Program Files\WinMX\library.dat' Checking for 'C:\Program Files\WinMX\license.txt' in shortcut areas. Checking for 'C:\Program Files\WinMX\license.txt' in startup areas. Cleaning 'C:\Program Files\WinMX\license.txt' Checking for 'C:\Program Files\WinMX\settings.dat' in shortcut areas. Checking for 'C:\Program Files\WinMX\settings.dat' in startup areas. Cleaning 'C:\Program Files\WinMX\settings.dat' Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas. Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\uninstall.exe' Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas. Found 'WinMX.lnk' in 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX\' [SCANMODS] The file 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\WinMX.exe' Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in shortcut areas. Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in startup areas. Cleaning 'C:\Program Files\WinMX\wpnpchannelcmds.txt' Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas. Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\errcatch.exe' [SCANMODS] The file 'C:\Program Files\WinMX\errcatch.exe' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas. Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\uninstall.exe' [SCANMODS] The file 'C:\Program Files\WinMX\uninstall.exe' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas. Found 'WinMX.lnk' in 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX\' [SCANMODS] The file 'C:\Documents and Settings\dan\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\WinMX.exe' [SCANMODS] The file 'C:\Program Files\WinMX\WinMX.exe' was not found. Most likely already cleaned by another scanner module. Finished Cleaning Started Scanning Internet Cookies Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Panda scan Detected Disinfected Virus 0 0 Spyware 0 0 Hacking Tools 0 0 Dialers 0 0 Security Risks 0 0 Suspicious files 0 0 no nasty pop ups or freezes so far looking good, ty

08-10-2005, 07:40 AM	#5 (permalink)
psychonaut Registered User Join Date: Aug 2005 Location: Originaly UK, now US Posts: 3 OS: XP	everything seems to be work going ok ty, the links at the end were of use too, once again, ty very much