[nothsur]

When I try to run FixSQ.reg it tells me it is not a valid Win2 application and won't go any further.
Could someone help me out here because I know there is something blocking my computer from getting onto certain web sites....eg..Panda Software, Symantec, McAfee Virus Scan.

[Advertisements]

Hi nothsur

Welcome to GTG!

Please do this:

* Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

[Flrman1]

Hi nothsur

Welcome to GTG!

Please do this:

* Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

[nothsur]

Logfile of HijackThis v1.99.1
Scan saved at 10:33:42 PM, on 19/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\Program Files\NuCam\CamCheck\CamCheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRAM FILES\WILDTANGENT\APPS\CDA\GAMEDRVR.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\ALIANT\NETASS~1\SMARTB~1\MOTIVESB.EXE
C:\PROGRA~1\ALIANT\NETASS~1\SMARTB~1\MOTIVESB.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yczimocut...7VOLNLi530.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.ubbjobjfr...7VOLNLi530.htm"); (C:\Documents and Settings\Joan Rushton\Application Data\Mozilla\Profiles\default\pxrmqr82.slt\prefs.js)
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {B91EAD8D-1E71-84B0-BC8E-E83D8AA50AE2} - (no file)
O2 - BHO: (no name) - {BDBB645F-001D-4D9C-54E1-541B703F9ABE} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [CamCheck] C:\Program Files\NuCam\CamCheck\CamCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [DrawCash] C:\DOCUME~1\JOANRU~1\APPLIC~1\MODESH~1\Find Type Size.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Documents and Settings\Joan Rushton\My Downloads\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Documents and Settings\Joan Rushton\My Downloads\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Netscape\Netscape Browser\PLUGINS\nppdf32.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip....ro64_loader.dll
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101916111750
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1147482104312
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://data6.archive..._cab/MrSIDI.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://www.flipside....cherControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zon...ro.cab34246.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://real.gamehous...ed/launcher.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.co...aploader_v5.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/.../RumbleCube.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtange...soft/wtinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Blink2PnP - Unknown owner - C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GBPoll - Unknown owner - C:\Program Files\Roxio\GoBack\GBPoll.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

[Flrman1]

* Click here to download findlop.zip and save it to your desktop.

Unzip it to extract the finlop.bat file it contains. Doubleclick the findlop.bat file to run it.

It will run and open a text file called directory.txt. Copy and paste the contents of the directory.txt file here please.

[nothsur]

Volume in drive C has no label.
Volume Serial Number is FCB5-0CBC

Directory of C:\Documents and Settings\Joan Rushton\Application Data

18/02/2006 05:12 PM <DIR> 7Wonders
26/01/2006 09:27 PM <DIR> Adobe
26/01/2006 09:24 PM <DIR> AdobeAUM
26/01/2006 09:20 PM 1,232 AdobeDLM.log
06/04/2006 10:21 PM <DIR> AdobeUM
14/01/2006 06:18 PM <DIR> alawar
04/05/2006 10:07 PM <DIR> APPLEC~1 Apple Computer
20/11/2003 09:03 AM 1,406 DIAMON~2.ICO diamonddeal_16x16.ico
20/11/2003 09:03 AM 2,238 DIAMON~1.ICO diamonddeal_32x32.ico
26/01/2006 09:20 PM 0 dm.ini
25/04/2006 07:19 PM <DIR> EACCEL~1 eAcceleration
25/12/2005 03:37 PM <DIR> FUJIFILM
25/12/2005 04:08 PM <DIR> FUNKIT~1 funkitron
26/03/2006 10:56 PM 79,832 GDIPFO~1.DAT GDIPFONTCACHEV1.DAT
06/12/2002 08:43 PM <DIR> Help
11/11/2002 11:40 AM <DIR> IDENTI~1 Identities
19/05/2006 10:49 PM <DIR> Lavasoft
03/12/2005 11:53 AM <DIR> LOUDPR~1 Loud proxy
06/12/2005 08:59 PM <DIR> MACROM~1 Macromedia
31/12/2005 09:41 PM <DIR> MAGICM~1 Magic Match
10/05/2006 09:07 PM <DIR> MODESH~1 Mode show meal
17/08/2004 08:03 PM <DIR> Mozilla
31/03/2005 09:49 PM <DIR> MSN6
13/05/2006 12:04 AM <DIR> Netscape
28/04/2005 10:59 PM <DIR> PIXELS~1 pixelStorm
19/11/2003 11:31 PM <DIR> Real
05/03/2003 08:15 PM <DIR> SMARTD~1 SmartDraw
17/11/2003 01:22 AM 894 SPORTS~1.ICO SportsInteractions.ico
18/04/2005 08:09 PM <DIR> Sun
18/09/2005 09:12 AM <DIR> Webroot
6 File(s) 85,602 bytes
24 Dir(s) 38,022,041,600 bytes free
Volume in drive C has no label.
Volume Serial Number is FCB5-0CBC

Directory of C:\Documents and Settings\All Users\Application Data

06/04/2006 10:18 PM <DIR> Adobe
04/05/2006 10:01 PM <DIR> APPLEC~1 Apple Computer
03/12/2005 11:52 AM <DIR> BOLDLO~1 bold love hope coal
11/11/2002 11:08 AM <DIR> BVRPSO~1 BVRP Software
27/04/2003 02:42 PM 14 DIRECT~1.TXT DirectCDUserNameD.txt
03/01/2005 06:46 PM <DIR> GAMEHO~1 GameHouse
02/05/2006 06:07 PM <DIR> JOLLYB~1 JollyBear
29/09/2005 08:37 PM <DIR> Motive
29/09/2005 09:46 PM <DIR> MOTIVE~1 MotiveSysIDs
18/11/2002 08:40 PM <DIR> MSN6
16/02/2004 12:01 AM <DIR> PopCap
25/12/2002 01:22 PM <DIR> QUICKT~1 QuickTime
26/10/2005 10:08 PM <DIR> SANDLO~1 Sandlot Games
11/11/2002 11:07 AM <DIR> SBSI
06/10/2005 12:55 AM <DIR> SOAPLI~1 Soap license 16 army
16/04/2006 11:46 PM <DIR> Symantec
03/10/2004 10:16 PM <DIR> VIEWPO~1 Viewpoint
04/04/2006 09:28 PM <DIR> WINDOW~1 Windows Genuine Advantage
1 File(s) 14 bytes
17 Dir(s) 38,022,041,600 bytes free
Volume in drive C has no label.
Volume Serial Number is FCB5-0CBC

Directory of C:\Program Files

19/05/2006 10:48 PM <DIR> .
19/05/2006 10:48 PM <DIR> ..
10/04/2005 09:26 PM <DIR> 3BSOFT~1 3B Software
25/04/2006 07:16 PM <DIR> ACCELE~1 Acceleration Software
28/01/2006 07:23 PM <DIR> Adobe
10/05/2006 09:03 PM <DIR> Aliant
03/11/2004 08:39 PM <DIR> ArcSoft
16/01/2004 07:59 PM <DIR> Blwin
20/03/2003 07:19 PM <DIR> BRODER~1 Broderbund
25/04/2006 11:06 PM <DIR> CLASSI~1 Classic PhoneTools
19/05/2006 10:17 PM <DIR> CleanUp!
25/04/2006 07:15 PM <DIR> COMMON~1 Common Files
11/11/2002 11:40 AM <DIR> COMPLU~1 ComPlus Applications
11/11/2002 11:07 AM <DIR> Dell
11/11/2002 11:13 AM <DIR> DELLCO~1 Dell Computer
25/04/2006 11:06 PM <DIR> DELLMO~1 Dell Modem-On-Hold
11/11/2002 11:08 AM <DIR> DIGITA~1 Digital Line Detect
25/12/2002 01:14 PM <DIR> directx
18/04/2006 10:04 AM <DIR> DYNAMI~1 Dynamic Toolbar
25/12/2002 12:08 PM <DIR> EAGAME~1 EA Games
07/02/2003 08:08 PM <DIR> eGames
21/09/2004 07:00 PM <DIR> Excite
02/05/2006 05:52 PM <DIR> FINEPI~1 FinePixViewer
15/08/2003 10:44 AM <DIR> HEXACT~1 Hexacto Games
19/05/2006 10:33 PM <DIR> HIJACK~1 Hijackthis
25/12/2002 03:17 PM <DIR> INFOGR~1 Infogrames Interactive
11/11/2002 11:08 AM <DIR> intel
19/04/2006 07:58 AM <DIR> INTERN~1 Internet Explorer
04/05/2006 10:41 PM <DIR> iPod
04/05/2006 11:01 PM <DIR> iTunes
11/11/2002 11:09 AM <DIR> JASCSO~1 Jasc Software Inc
22/11/2005 08:22 PM <DIR> Java
10/05/2006 06:06 PM <DIR> JAVAWE~1 Java Web Start
19/05/2006 10:48 PM <DIR> Lavasoft
19/11/2005 12:53 PM <DIR> LEXMAR~1 LexmarkX84-X85
10/05/2006 11:35 PM <DIR> Logitech
01/04/2005 08:44 PM <DIR> Maxis
10/05/2006 07:57 PM <DIR> MESSEN~1 Messenger
03/12/2002 08:03 PM <DIR> MGI
11/11/2002 11:10 AM <DIR> MICROS~4 Microsoft ActiveSync
11/11/2002 11:11 AM <DIR> MIF408~1 Microsoft Encarta
11/11/2002 11:40 AM <DIR> MICROS~1 microsoft frontpage
02/01/2003 11:45 AM <DIR> MI9A48~1 Microsoft Games
11/11/2002 11:11 AM <DIR> MICAC0~1 Microsoft Money
29/09/2003 10:51 AM <DIR> MICROS~3 Microsoft Office
10/06/2004 07:20 PM <DIR> MI5310~1 Microsoft Picture It! 2002
11/11/2002 11:11 AM <DIR> MIFAE3~1 Microsoft Streets & Trips
10/05/2006 07:57 PM <DIR> MICROS~2 Microsoft Works
10/05/2006 09:07 PM <DIR> MODESH~1 Mode show meal
10/05/2006 06:11 PM <DIR> MODEMH~1 Modem Helper
10/05/2006 09:03 PM <DIR> Motive
10/05/2006 11:35 PM <DIR> MOUSEW~1 MouseWare
10/05/2006 07:57 PM <DIR> MOVIEM~1 Movie Maker
17/04/2005 01:57 PM <DIR> MSN
22/09/2003 07:59 PM <DIR> MSNGAM~1 MSN Gaming Zone
05/09/2005 10:38 AM <DIR> MSNMES~1 MSN Messenger
18/11/2002 06:55 PM <DIR> NET2PH~1 Net2Phone
01/12/2004 07:58 PM <DIR> NETMEE~1 NetMeeting
13/05/2006 12:04 AM <DIR> Netscape
12/05/2006 11:45 PM <DIR> NETSCA~1 Netscape(2)
03/11/2004 08:40 PM <DIR> NuCam
03/11/2004 08:40 PM <DIR> NUCAMC~1 NuCam Corp
05/10/2005 10:02 PM <DIR> ONLINE~1 Online Services
19/04/2006 07:57 AM <DIR> OUTLOO~1 Outlook Express
10/05/2006 10:17 PM <DIR> PCTOOL~1 PC Tools AntiVirus
12/03/2006 07:46 PM <DIR> PCSTIT~1 PCStitch 7
25/12/2005 01:22 PM <DIR> PIXELA
23/11/2004 07:20 PM <DIR> POPCAP~1 PopCap Games
25/12/2002 02:14 PM <DIR> Puzz3DTK
04/05/2006 11:08 PM <DIR> QUICKT~1 QuickTime
11/02/2005 09:45 PM <DIR> Real
25/12/2005 01:18 PM <DIR> REGSHAVE
08/10/2005 12:17 AM <DIR> Roxio
14/09/2003 10:35 AM <DIR> TAKE2I~1 Take2 Interactive
20/02/2006 08:24 PM <DIR> TAXWIZ~3 TAXWIZ 2005
10/05/2006 06:06 PM <DIR> TAXWIZ~1 Taxwiz2003
10/05/2006 06:06 PM <DIR> TAXWIZ~2 TAXWIZ2004
08/05/2006 10:45 PM <DIR> TRENDM~1 Trend Micro
15/08/2003 09:58 AM <DIR> TryMedia
11/11/2002 11:08 AM <DIR> TURTLE~1 Turtle Beach
22/08/2004 07:37 PM <DIR> Ubisoft
18/11/2002 06:56 PM <DIR> VIEWPO~1 Viewpoint
18/09/2005 09:12 AM <DIR> Webroot
18/08/2005 09:55 AM <DIR> WILDTA~1 WildTangent
09/10/2005 12:27 PM <DIR> Winamp
17/04/2006 07:55 PM <DIR> WINDOW~4 Windows Installer Clean Up
10/05/2006 06:06 PM <DIR> WI4DF6~1 Windows Media Connect 2
10/05/2006 06:06 PM <DIR> WINDOW~3 Windows Media Player
09/04/2005 11:29 AM <DIR> WINDOW~1 Windows NT
03/03/2003 04:35 PM <DIR> WON
17/03/2003 10:29 AM <DIR> WS_FTP
11/11/2002 11:40 AM <DIR> XEROX
05/12/2005 12:01 AM <DIR> Yahoo!
11/02/2005 09:04 PM <DIR> _ARCAD~1 _ArcadeDownloadFolder
0 File(s) 0 bytes
94 Dir(s) 38,022,029,312 bytes free

[Flrman1]

* Click here to download ATF Cleaner by Atribune and save it to your desktop.


* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yczimocut...7VOLNLi530.html

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {B91EAD8D-1E71-84B0-BC8E-E83D8AA50AE2} - (no file)

O2 - BHO: (no name) - {BDBB645F-001D-4D9C-54E1-541B703F9ABE} - (no file)

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.

• Put a tick by Standard File Kill.
• In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:
  
  C:\Documents and Settings\Joan Rushton\Application Data\Loud proxy
  
  C:\Documents and Settings\Joan Rushton\Application Data\Mode show meal
  
  C:\Documents and Settings\All Users\Application Data\Soap license 16 army
  
  C:\Program Files\Mode show meal
  
  c:\counter.cab
  
  
• Click on the button that has the red circle with the X in the middle after you enter each file.
• It will ask for confimation to delete the file.
• Click Yes.
• Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
• Killbox may tell you that one or more files do not exist.
• If that happens, just continue on with all the files. Be sure you don't miss any.
• Exit the Killbox.

* Run ATF Cleaner:

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.
• If you use Firefox:
• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

• If you use Opera:
• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

[*]Click Exit on the Main menu to close the program.
[/list]
* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Post a new HiJackThis log along with the results from ActiveScan


* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.

[nothsur]

Was unable to run an Active Scan online virus scan as IE can not find server. This is one of the problems I have been having.

Logfile of HijackThis v1.99.1
Scan saved at 12:47:04 AM, on 20/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\Program Files\NuCam\CamCheck\CamCheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRAM FILES\WILDTANGENT\APPS\CDA\GAMEDRVR.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\ALIANT\NETASS~1\SMARTB~1\MOTIVESB.EXE
C:\PROGRA~1\ALIANT\NETASS~1\SMARTB~1\MOTIVESB.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yczimocut...7VOLNLi530.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.ubbjobjfr...7VOLNLi530.htm"); (C:\Documents and Settings\Joan Rushton\Application Data\Mozilla\Profiles\default\pxrmqr82.slt\prefs.js)
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [CamCheck] C:\Program Files\NuCam\CamCheck\CamCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [DrawCash] C:\DOCUME~1\JOANRU~1\APPLIC~1\MODESH~1\Find Type Size.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Documents and Settings\Joan Rushton\My Downloads\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Documents and Settings\Joan Rushton\My Downloads\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Netscape\Netscape Browser\PLUGINS\nppdf32.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip....ro64_loader.dll
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101916111750
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1147482104312
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://data6.archive..._cab/MrSIDI.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://www.flipside....cherControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zon...ro.cab34246.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://utu.popcap.co...aploader_v5.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/.../RumbleCube.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtange...soft/wtinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Blink2PnP - Unknown owner - C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GBPoll - Unknown owner - C:\Program Files\Roxio\GoBack\GBPoll.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.7
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
ATI Display Driver
BCM V.92 56K Modem
Calculator Powertoy for Windows XP
ccCommon
Classic PhoneTools
CleanUp!
Dell Modem-On-Hold
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Digital Line Detect
eAcceleration
Easy CD Creator 5 Basic
Family Tree Maker 9.0
FinePixViewer Resource
FinePixViewer Ver.5.0
FUJIFILM USB Driver
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hoyle Puzzle Games 2003
ICQ
ImageMixer VCD2 for FinePix
ImageMixer VCD2 LE for FinePix
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II
Internet Worm Protection
iPod for Windows 2005-09-23
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Library System
LiveReg (Symantec Corporation)
Logitech iTouch Software
Logitech User's Guide
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Shockwave Player
Mall Tycoon
MGI PhotoSuite 8.1 (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Combat Flight Simulator 3.0
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office PowerPoint Viewer 2003
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft Word 2002
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MicroStaff WINASPI
Mini Golf Master 2
Modem Helper
Monopoly
MouseWare 9.41 .3
MSN Gaming Zone
MSN Messenger 7.0
MSRedist
Net Assistant
Net2Phone
Netscape (7.0)
Netscape (7.2)
Netscape Browser (remove only)
NSW_DRM_COLLECTION
Paint Shop Pro 7
PC Tools AntiVirus 2.0
PCStitch
PopCap Browser Plugin
QuickTime
RAW FILE CONVERTER LE
RealArcade
RealPlayer
Sandlot Games Client Services
Santa Cruz
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Shockwave
Sid Meier's SimGolf
SiPix StyleCam CAMeleon
Spy Sweeper
SysSnap
Taxwiz - Impôtmatique 2003
TAXWIZ 2004
TAXWIZ 2005
Taxwiz'2002
The Print Shop Photo Workshop
Translation Services Provided by Bowne Global Solutions for Microsoft Word
Trend Micro PC-cillin Internet Security 2006
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Viewpoint Media Player (Remove Only)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WingMan Software

[nothsur]

finally got into Panda to run Active Scan..here are the results


Incident Status Location

Adware:adware/ncase Not disinfected c:\windows\msbb.exe.temp
Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall4_80.exe
Dialer:dialer.bny Not disinfected c:\windows\pcconfig.dat
Adware:adware/lop Not disinfected C:\Documents and Settings\Joan Rushton\Favorites\ Computers
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Spyware:spyware/clipgenie Not disinfected Windows Registry
Adware:adware/novo Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Joan Rushton\Application Data\Netscape\NSB\Profiles\5rmi5zmg.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Joan Rushton\Application Data\Netscape\NSB(2)\Profiles(2)\z4tn38hf.default\cookies.txt[.2o7.net/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Joan Rushton\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Joan Rushton\Desktop\smitRem.exe[smitRem/Process.exe]




Logfile of HijackThis v1.99.1
Scan saved at 12:11:58 AM, on 21/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\Program Files\NuCam\CamCheck\CamCheck.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\ALIANT\NETASS~1\SMARTB~1\MOTIVESB.EXE
C:\PROGRA~1\ALIANT\NETASS~1\SMARTB~1\MOTIVESB.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yczimocut...7VOLNLi530.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.ubbjobjfr...7VOLNLi530.htm"); (C:\Documents and Settings\Joan Rushton\Application Data\Mozilla\Profiles\default\pxrmqr82.slt\prefs.js)
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [CamCheck] C:\Program Files\NuCam\CamCheck\CamCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [DrawCash] C:\DOCUME~1\JOANRU~1\APPLIC~1\MODESH~1\Find Type Size.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Documents and Settings\Joan Rushton\My Downloads\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Documents and Settings\Joan Rushton\My Downloads\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Netscape\Netscape Browser\PLUGINS\nppdf32.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip....ro64_loader.dll
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101916111750
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1147482104312
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://data6.archive..._cab/MrSIDI.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://www.flipside....cherControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zon...ro.cab34246.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://utu.popcap.co...aploader_v5.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/.../RumbleCube.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtange...soft/wtinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Blink2PnP - Unknown owner - C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GBPoll - Unknown owner - C:\Program Files\Roxio\GoBack\GBPoll.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.7
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
ATI Display Driver
BCM V.92 56K Modem
Calculator Powertoy for Windows XP
ccCommon
Classic PhoneTools
CleanUp!
Dell Modem-On-Hold
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Digital Line Detect
Easy CD Creator 5 Basic
Family Tree Maker 9.0
FinePixViewer Resource
FinePixViewer Ver.5.0
FUJIFILM USB Driver
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hoyle Puzzle Games 2003
ICQ
ImageMixer VCD2 for FinePix
ImageMixer VCD2 LE for FinePix
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II
Internet Worm Protection
iPod for Windows 2005-09-23
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Library System
LiveReg (Symantec Corporation)
Logitech iTouch Software
Logitech User's Guide
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Shockwave Player
Mall Tycoon
MGI PhotoSuite 8.1 (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Combat Flight Simulator 3.0
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office PowerPoint Viewer 2003
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft Word 2002
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MicroStaff WINASPI
Mini Golf Master 2
Modem Helper
Monopoly
MouseWare 9.41 .3
Mozilla Firefox (1.5)
MSN Gaming Zone
MSN Messenger 7.0
MSRedist
Net Assistant
Net2Phone
Netscape (7.0)
Netscape (7.2)
Netscape Browser (remove only)
NSW_DRM_COLLECTION
Paint Shop Pro 7
Panda ActiveScan
PC Tools AntiVirus 2.0
PCStitch
PopCap Browser Plugin
QuickTime
RAW FILE CONVERTER LE
RealArcade
RealPlayer
Sandlot Games Client Services
Santa Cruz
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Shockwave
Sid Meier's SimGolf
SiPix StyleCam CAMeleon
Spy Sweeper
Taxwiz - Impôtmatique 2003
TAXWIZ 2004
TAXWIZ 2005
Taxwiz'2002
The Print Shop Photo Workshop
Translation Services Provided by Bowne Global Solutions for Microsoft Word
Trend Micro PC-cillin Internet Security 2006
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Viewpoint Media Player (Remove Only)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WingMan Software

[Flrman1]

* Copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Go to Add/Remove programs and uninstall these:

J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
Java 2 Runtime Environment, SE v1.4.1_02
Viewpoint Media Player (Remove Only)


** Before you proceed with the removal directions below you need to turn off SpySweeper's realtime protection as it will interfere with the changes we are trying to make.

• Open Spysweeper and click on the "Options" button on the left.
• Click on the "Program Options" tab and uncheck "Load at windows startup".
• On the left click on the "Shields" button.
• Click the "Internet Explorer" tab and then uncheck everything there.
• Click on the "Startup Programs" tab and uncheck "Startup Shield"
• Click on the "Browser Add-ons" tab and uncheck "Browser Helper Object (BHO) Shield"
• Exit Spysweeper.
• Leave them disabled until we are finished here.
• Important! Make sure you remember to re-enable these options when we are finished.

* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yczimocut...7VOLNLi530.html

O4 - HKCU\..\Run: [DrawCash] C:\DOCUME~1\JOANRU~1\APPLIC~1\MODESH~1\Find Type Size.exe


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.

• Put a tick by Standard File Kill.
• In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:
  
  c:\windows\msbb.exe.temp
  
  c:\windows\NDNuninstall4_80.exe
  
  c:\windows\pcconfig.dat
  
  C:\Documents and Settings\Joan Rushton\Application Data\Loud proxy
  
  C:\Documents and Settings\Joan Rushton\Application Data\Mode show meal
  
  C:\Documents and Settings\All Users\Application Data\Soap license 16 army
  
  C:\Documents and Settings\Joan Rushton\Favorites\Computers
  
  C:\Program Files\Mode show meal
  
  
• Click on the button that has the red circle with the X in the middle after you enter each file.
• It will ask for confimation to delete the file.
• Click Yes.
• Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
• Killbox may tell you that one or more files do not exist.
• If that happens, just continue on with all the files. Be sure you don't miss any.
• Exit the Killbox.

* Restart back into Windows normally now.


* Now go here and install the latest version of Java.


* Run Kaspersky online virus scan here.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan

[nothsur]

Kaspersky online virus scan - tried to run but when I hit to install Active X it just went back to first screen.
Didn't allow any updates or scanning to take place.

Logfile of HijackThis v1.99.1
Scan saved at 5:08:03 PM, on 21/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\Program Files\NuCam\CamCheck\CamCheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALIANT\NETASS~1\SMARTB~1\MOTIVESB.EXE
C:\PROGRA~1\ALIANT\NETASS~1\SMARTB~1\MOTIVESB.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.ubbjobjfr...7VOLNLi530.htm"); (C:\Documents and Settings\Joan Rushton\Application Data\Mozilla\Profiles\default\pxrmqr82.slt\prefs.js)
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [CamCheck] C:\Program Files\NuCam\CamCheck\CamCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Documents and Settings\Joan Rushton\My Downloads\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Documents and Settings\Joan Rushton\My Downloads\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Netscape\Netscape Browser\PLUGINS\nppdf32.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip....ro64_loader.dll
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101916111750
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1147482104312
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://data6.archive..._cab/MrSIDI.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://www.flipside....cherControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zon...ro.cab34246.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://utu.popcap.co...aploader_v5.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/.../RumbleCube.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtange...soft/wtinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Blink2PnP - Unknown owner - C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GBPoll - Unknown owner - C:\Program Files\Roxio\GoBack\GBPoll.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

[Flrman1]

How is your computer running now?

[nothsur]

Computer is running good.....I can now get into sites I couldn't before.

Can you tell me how I would go about removing all Symantec and Norton information off my computer.
As you can see from last thing I posted there is alot of entries for them and I would like to clean it all out.

[Flrman1]

Sorry for the long delay in reply, but I have been too busy with work to be here.

Please post a new Hijack This log and I'll help you remove what's l;eft of Norton. What version of Norton do you have?

[nothsur]

I have Norton Sytemworks 2005.

Logfile of HijackThis v1.99.1
Scan saved at 5:41:44 PM, on 25/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\Program Files\NuCam\CamCheck\CamCheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALIANT\NETASS~1\SMARTB~1\MOTIVESB.EXE
C:\PROGRA~1\ALIANT\NETASS~1\SMARTB~1\MOTIVESB.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.ubbjobjfr...7VOLNLi530.htm"); (C:\Documents and Settings\Joan Rushton\Application Data\Mozilla\Profiles\default\pxrmqr82.slt\prefs.js)
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [CamCheck] C:\Program Files\NuCam\CamCheck\CamCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Documents and Settings\Joan Rushton\My Downloads\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Documents and Settings\Joan Rushton\My Downloads\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Netscape\Netscape Browser\PLUGINS\nppdf32.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip....ro64_loader.dll
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101916111750
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1147482104312
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://data6.archive..._cab/MrSIDI.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://www.flipside....cherControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zon...ro.cab34246.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://utu.popcap.co...aploader_v5.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/.../RumbleCube.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtange...soft/wtinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Blink2PnP - Unknown owner - C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GBPoll - Unknown owner - C:\Program Files\Roxio\GoBack\GBPoll.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

[Flrman1]

* Go to Add/Remove programs and uninstall these:

ccCommon
eAcceleration
LiveReg (Symantec Corporation)

Restart your computer then post a new Hijack This log.