Firstly thanks for creating this forum for people like me who sometimes need help!!
Problem - my PC appears top have been infected with something that my set of spyware removers can't handle. 'cproc application error' pops up all the time, as do a series of highly irritating, frequent pop up ads which sit there until I manually close them (they get past Pop-Up Stopper). An unfamiliar toolbar also appeared in IE.
What I've done myself - I have Spybot S&D, Spyware Doctor, Spyware Snooper and AVG on my system. I run them regularly and have just done so again. They cleaned out the usual stuff but not the current problem I have.
I 'think' I've done everything listed in your list of do's....I downloaded and ran ATF Cleaner and HiJackThis, and ran the online Panda Activescan.
My system has SP2 installed, and has always been set for automatically installing any Windows Updates it needs. I'm using XP Pro in case you need to know.
I've copied and pasted below the logs you needed to see....Activescan, HiJackThis and the Uninstall List.
Huge thanks in advance for your invaluable assistance, it's MUCH appreciated!!
- Chris Owen
ACTIVESCAN
Incident Status Location
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Chris.OWEN-S0JMZQBWPK\Cookies\chris@888[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Chris.OWEN-S0JMZQBWPK\Cookies\chris@doubleclick[1].txt
Adware:Adware/DeluxeComunications Not disinfected C:\Program Files\Common Files\misc002\DXC.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{30B159BC-0489-1033-0428-04080603002c}\Activate.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{30B159BC-0489-1033-0428-04080603002c}\MyToolBar.dll
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{30B159BC-0489-1033-0428-04080603002c}\Uninst.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{D0B159BC-0489-1033-0428-04080603002c}\services.dll
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{D0B159BC-0489-1033-0428-04080603002c}\Update.exe
Adware:Adware/DeluxeComunications Not disinfected C:\Program Files\DeluxeCommunications\Dxc.exe
Adware:Adware/DeluxeComunications Not disinfected C:\Program Files\DeluxeCommunications\DxcBho.dll
Adware:Adware/DeluxeComunications Not disinfected C:\Program Files\DeluxeCommunications\DxcCore.dll
Adware:Adware/Maxifiles Not disinfected C:\Program Files\ipwins\Uninst.exe[˛ÜÇ\nsProcess.dll]
Potentially unwanted tool:Application/SpywareSnooper Not disinfected C:\Program Files\Spyware Snooper\SpywareSnooper.exe
Spyware:spyware/betterinet Not disinfected C:\WINDOWS\susp.exe
Dialer:dialer.xd Not disinfected C:\WINDOWS\switchagreement.txt
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\system32\5.exe
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\system32\bkd.exe
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\system32\dxclib303562752.dll
HIJACKTHIS NOTEPAD
Logfile of HijackThis v1.99.1
Scan saved at 00:36:08, on 17/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Napster\napster.exe
C:\Program Files\ipwins\ipwins.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wmp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris.OWEN-S0JMZQBWPK\Desktop\Documents\Downloaded Software Installers\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [batt] C:\WINDOWS\system32\batt.exe
O4 - HKCU\..\Run: [wmp] C:\WINDOWS\system32\wmp.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [hhsetup] C:\WINDOWS\system32\hhsetup.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrad...raderMediaX.cab
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {43331111-1111-1111-1111-611111195622} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1141702308341
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1146016606019
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38311A06-06C4-47BC-B0F8-B39CE7A938B1}: NameServer = 212.74.114.129 212.74.112.66
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: cmcfg32.exe - Unknown owner - C:\WINDOWS\system32\cmcfg32.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nvrsno.exe - Unknown owner - C:\WINDOWS\system32\nvrsno.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: wdfapi.exe - Unknown owner - C:\WINDOWS\system32\wdfapi.exe (file missing)
UNINSTALL LIST
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop 7.0
Adobe Premiere 6.0
Adobe Reader 7.0.5
Advanced RealMedia Export Plug-in for Premiere 6.0
AVG Free Edition
BlackICE
CCleaner (remove only)
Clean! 1.5
Cleaner 5 EZ
CyberScrub Trial Edition 3.5
dBpowerAMP AAC Codec
dBpowerAMP DirectShow Decoder Codec
dBpowerAMP FLAC Codec
dBpowerAMP Mp4 Codec
dBpowerAMP Music Converter
dBPowerAMP Real Audio Encoder R3
dBpowerAMP Shorten Codec
dBpowerAMP WMA V9.1 Codec
DC++ 0.674
DeluxeCommunications
DivX
DivX Player
DVD X Player Pro 1.0
DVD-lab PRO 1.00
Easy CD & DVD Creator 6
Enable S3 for USB Device
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Print CD
EPSON Printer Software
EPSON Scan Assistant
EPSON Web-To-Page
ESPR220 User's Guide
FileZilla (remove only)
Final Draft 6
Final Draft v6.0.2.5 Update
FrostWire
Hijackthis 1.99.1
HijackThis 1.99.1
IpWins
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Macromedia Flash Player 8
Macromedia FreeHand 10
MailWasher Free
Microsoft AutoRoute 2001
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Word 2000
Microsoft Works 2000 Setup Launcher
MSN Messenger 7.5
Napster
Napster Burn Engine
Nero 6 Ultra Edition
NVIDIA Windows 2000/XP Display Drivers
oggcodecs 0.69.8924
Panda ActiveScan
PIF DESIGNER
Pop-Up Stopper Free Edition
PowerDVD
QuickTime
RealPlayer
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
SAGEM F@st 800-840
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Skype 2.0
SoulSeek Client 156b
Spybot - Search & Destroy 1.4
Spyware Doctor 3.5
Spyware Snooper 1.0.1
Ulead DVD MovieFactory 4.0
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
USB 2.0 Setup program
VIA Integrated Setup Wizard
WaveLab
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Word in Works Suite add-in