Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MSN Messenger Virus; Please Help Me


  • Please log in to reply

#1
Everet

Everet

    New Member

  • Member
  • Pip
  • 6 posts
Hello all,

I am a first time poster here, and I feel bad for having to ask for assistance, but I am in a terrible jam. Here is the story, one of which I am sure many of you have heard a number of times. Yesterday morning, a good friend of mine sends me a message on MSN about some sort of file that I should see. Stupid move #1 - I DL it and run it. I thought it was a gag program or something. However now, my antivirus software does not work and if I log onto MSN I start sending out a mass messages to everyone else. So, I now have to stay off MSN for good or at least until this problem is fixed. If I can even fix it...

Now, I have a bit of a tricky situation. Currently, I am working in Japan and I use my laptop to contact my family back home and talk to them. With my laptop being messed up I am utterly frustrated and lost. Hopefully, someone will be kind enough to give me a hand.

This is what I have done so far. Updated my Norton Anti-Virus software and run a scan in safe mode. It fixed 3 files and had about 7 or 8 other files that Norton Anti-Virus recommended to be deleted, which I did. However, there were about 4 files that it could not delete, even when the laptop was in safe mode.

I am not the most computer literate person, but I think I can read and work my way through this problem. So, if anyone could please help me with this problem, I would be so grateful and in your debt.

Thanks for any assistance,
Everet
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hey Everet,

Are you able to download at all???

If so,please get HijackThis from here:
http://www.geekstogo..._Log-t2852.html

Its in there,along with loads of other excellent programs!!

Lets start this by Removing all MSN Messanger Programs from Add\Remove Programs,You are going to need a New Version anyways!!!

DO NOT try to remove Windows Messanger!!

Once you have Uninstalled them Via Add\Remove,I want you to go to the Program Files Folder and Delete all MSN Messanger Folders that exist!!

Next,I want you to look under Documents and Settings for a folder labeled "My Received Files"<<< Delete that Sucker!!!

I need to know the Name of the Files that you said wouldnt Delete in any mode!!!

Now,once HijackThis is downloaded to its own folder!

Click Scan and Save a log,This will produce a Notepad page,Copy&Paste the entire contents of that page to the nect post,along with any Info I asked you for!

Now,I will try to get you back MSNing ASAP but bear with me for the next day!

If you have to,resort to Yahoo or AIM until we get ya cleaned up!
  • 0

#3
Everet

Everet

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Cretemonster,

Thanks for the reply. I really appreciate it. Ok, I have done the things you ask. This is the information/concerns as follows:

1. I have turned off the System Restore for my computer, as advised by my Norton Antivirus. I made this move before I contacted you. Is it ok to turn it back on?

2. I add/removed MSN Messenger (not Windows Messenger). Also, I was wondering if I should delete the MSN Gaming Zone Folder as well, as I think it is related with MSN Messenger?

3. I removed the My Received Files Folder as well.

4. I did another scan with Norton Antivirus and this time it picked up 10 files. It fixed 6 of the files, but the same four remained. They are named as follows: navapp.exe, NHelper.dll, NHUninstaller.exe, and NHUpdater.exe.

5. Lastly, here is my HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:08:56 AM, on 5/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: 12Ghosts Popup-Killer - {00000000-0007-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll (file missing)
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll (file missing)
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Windows Mouse Utilities] mouseutils.exe
O4 - HKLM\..\RunServices: [Windows Mouse Utilities] mouseutils.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: 12Ghosts Popup-Killer.lnk = C:\Program Files\12Ghosts\12popup.exe
O4 - Startup: Neverwinter Nights_ Platinum Edition Registration.lnk = C:\Program Files\NeverwinterNights\NWN\ereg\ATR1.EXE
O4 - Startup: Sid Registration.lnk = D:\ATR1.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O18 - Protocol: bw+0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Once again, I would like to thank you for all your help so far. I really appreciate the assistance.

Have a nice day,
Everet
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,Leave System Restore be fo now,its off,turing it back on is not going to help any thing!

While Online,Go to Add\Remove Programs and Remove:

NavExcel\NavHelper<<< Not Norton!!
NavExcel Toolbar
NavExcel Search Toolbar


Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

O2 - BHO: 12Ghosts Popup-Killer - {00000000-0007-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll (file missing)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll (file missing)

O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll (file missing)

O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)

O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe

O4 - HKLM\..\Run: [Windows Mouse Utilities] mouseutils.exe

O4 - HKLM\..\RunServices: [Windows Mouse Utilities] mouseutils.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: 12Ghosts Popup-Killer.lnk = C:\Program Files\12Ghosts\12popup.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab

O18 - Protocol: bw+0 - {54684723-65B3-4A63-A790-B52A27588649} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll<<< All the 018s

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!
Here is a link to help with that:
http://www.bleepingc...showtutorial=62

Locate and Delete:

C:\system32\mouseutils.exe<< File Only!

C:\Program Files\NavExcel<< Entire NavExcel Folder!

C:\Program Files\NavExcel Search Toolbar<< Entire NavExcel Search Toolbar Folder!

C:\Program Files\MSN Messenger<< Entire MSN Messenger Folder!

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Make Sure Normal Startup is Checked!!

Select the tab labeled Startup and put a Check by every box there!!

Restart Normal,Download Mcafee Stinger from here:
http://vil.nai.com/vil/stinger/
Scan the PC with it and Delete all it Finds!

Once Completed,Scan the PC here:
http://www.pandasoft...n_principal.htm
and
http://support.f-sec.../home/ols.shtml

Save the Reports from both and place them in the next post!!

Scan the PC with HijackThis again and post those results along with both Online Scan Reports!

Click Apply>>OK>>Follow the Prompts to Restart!!
  • 0

#5
Everet

Everet

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok Cretemonster,

Thanks again for the help, however I ran into a few problems and will list all the info below:

1. When I tried to add/remove the programs Nav Excel Toolbar and NavHelper a message said it was already deleted and asked if I wanted to delete from the list, which I did. So, the two are no longer on my program list.

2. Ok now, as for deleting the files in safemode, two files gave me some trouble. The first, C:\system32\mouseutils.exe, I searched for it and the only name that came up was C:\windows\Prefetch\mouseutils.exe-1150D422.pf. Since it was in a different location then you specified, I did not delete it. However, I can upon request. The second file that caused a problem was c:\Program Files\MSN Meesnger, because it was not there, which I take it as a good sign.

3. Now in MSNCONFIG (in safe mode too), everything in the startup (normal mode) was highlighted. However, I noticed Norton Antivirus was not even there. Strange to say the least.

4. I ran the scans as per requested and here they are as follows. Although, I am worried about the findings:

Stinger Results:
McAfee AVERT Stinger Version 2.5.4 built on May 2 2005

Copyright © 2005 Networks Associates Technology, Inc. All Rights Reserved.

Virus data file v1000 created on May 2 2005.

Ready to scan for 53 viruses, trojans and variants.

Scan initiated on Tue May 03 20:59:57 2005

Number of clean files: 96554

Panda Scan:
Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader1.jar-e7ffcec-46d0b3cc.zip[Gummy.class]
Virus:Trj/Shinwow.E Disinfected C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv581.jar-553e4486-1e5af4ff.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv581.jar-553e4486-1e5af4ff.zip[Dummy.class]
Adware:Adware/NavHelper No disinfected C:\RECYCLER\S-1-5-21-2799611580-2846885003-507177108-1007\Dc1\NavHelper\v2.0.4d\v2.0.4d.cab[NHelper.dll]
Adware:Adware/NavHelper No disinfected C:\RECYCLER\S-1-5-21-2799611580-2846885003-507177108-1007\Dc1\NavHelper\v2.0.4d\v2.0.4d.cab[NHUninstaller.exe]

F-Secure Scan:
Finished: 7 viruses found

Scanned files: 50327 Warning: 7 file(s) still infected!


C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\13322DB4 Trojan.Java.Femad

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\253F69A3 Trojan.Java.ClassLoader.h

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B7D3D0B Trojan.Java.ClassLoader.d

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4AEA1FBC Trojan.Java.Femad

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4AED49B8 Trojan.Java.Femad

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5F770BA4 Trojan.Java.Femad


5. Lastly, here is the new HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:50:22 PM, on 5/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Apoint\Apntex.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Video\AlbumDB2.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Neverwinter Nights_ Platinum Edition Registration.lnk = C:\Program Files\NeverwinterNights\NWN\ereg\ATR1.EXE
O4 - Startup: Sid Registration.lnk = D:\ATR1.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



Thanks again for all your help and assistance thus far,
Everet
  • 0

#6
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hey Evert,

Sorry about the Delay,Work kept me out late the last 2 nights!!!

Make sure the Recyle Bin is Emptied!!!

Download Pocket KillBox from here:
http://www.bleepingc...les/killbox.php
There is a Direct Download and a description of what the Program does inside this link.

Open up Pocket KillBox,In the Open box labeled "Full Path of File to Delete"

Copy&Paste this into it:

C:\windows\Prefetch\mouseutils.exe-1150D422.pfC:\windows\Prefetch\mouseutils.exe-1150D422.pf

Now put a Tick by these:

"Standard File Delete"
"End Explorer Shell while Killing File"

Now Click the Red Circle with the White X in the middle to Delete!

You shoud get a message saying File was deleted successfully!!!
If not,let me know in the next post!

Follow the exact same process for these:

C:\RECYCLER\S-1-5-21-2799611580-2846885003-507177108-1007\Dc1\NavHelper\v2.0.4d\v2.0.4d.cab

C:\RECYCLER\S-1-5-21-2799611580-2846885003-507177108-1007\Dc1\NavHelper\v2.0.4d

C:\RECYCLER\S-1-5-21-2799611580-2846885003-507177108-1007\Dc1\NavHelper

Once thats Completed,disable the System Restore feature in Windows XP
Here's a link on how to do this:
http://service1.syma...src=sec_doc_nam

Once Disabled,Restart the PC and Renable System Restore!!!

Now,you can redownload MSN Messanger and See if it works corrrectly!

Post back and let me know!!
  • 0

#7
Everet

Everet

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi again Cretemonster,

Ok I did what you said, but for all of the files, it said that they did not exist, and I know they are there... Any other options?

Thanks for the help again,
Everet
  • 0

#8
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Now dont that just Suck wind!!!!!

OK,lets get these 2 Cleaning Utilities:

CCleaner:
http://www.filehippo...d_ccleaner.html
This is to help keep those Temporary Files Cleaned Up,all you will want to use on this is the Opening Page(Windows Tab)Just Click Run Cleaner and let it do its thing!

CleanUp! 4.0:
http://cleanup.stevengould.org/
or
http://downloads.ste...p/CleanUp40.exe
Just Scroll through the Page and locate this Line:
So download CleanUp! now and reap the benefits of a clean machine.

If that Link doesnt work,just go to Google.com and Search for CleanUp!
It should be the First Return!!

Once Installed,Open and Click CleanUp! and When Prompted to Log Off,do so!

Dont Run these just yet!!!

Click Start>>Click Run>>Type in CMD and Click OK!

At the Command Prompt Screen type in cd C:\ and Click Enter

Now type in attrib -h -s c:\recycler and click Enter

Now type in del c:\recycler and click Enter

Exit the Command Prompt!

Now Open and Run CCleaner,remember ClickRun Cleaner only!

Now Open and Run CleanUp!,Click the Cleanup Tab and when prompted to log off to finish cleaning,do so!!!

Scan the PC again at Panda and Post those results if there are any!!!

Have you tried Re Downloading Messanger Yet?
  • 0

#9
Everet

Everet

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hiya Cretemonster,

Thanks for the reply. Ok, I did what you requested, and here is the results of the latest Panda Scan:

Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry


Not too bad, I don't think. Well, better then the last scan. I have a couple questions though. Firstly, my Norton Anti-Virus software is still down, so I was wondering if there was a way to get it back on its feet. Also, the Norton has quarentined a good number of the files we wanted deleted off the system. So, should I try and get those files off completley?

As for reinstalling MSN Messenger, I haven't yet, just because I am afraid to send out any more messages to my friends. However, if you think it is ok to give it I try, I will install it.

Thanks again for all your help,
Everet.
  • 0

#10
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hey Evert,

Sorry it took so long to reply!!!!

I think it will be safe at this point to reinstall Messanger,I have Installed the Beta Version 7.0 and actually kinda like it!!!

If for some reason,you begin to experience the same problem with messanger just disable it and post back ASAP!!

I believe you will be fine though!!!

Post back and let me know how it goes!!
  • 0

#11
Everet

Everet

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Heya Cretemonster,

So far so good. Talked with my folks last night for about an hour via webcam, and it was real nice to see them and hear them via MSN messenger. It was kind of like having the lights turned back on. I guess you are right, it might be gone I believe, because no messages have been sent thus far.

However, I have two small questions. Do you think I need to reinstall my Norton Antivirus Software? And the other question, after the virus first hit, I kept getting the following error message upon startup, "Quickset MFC Application could not start up." I was just wondering what the heck Quickset actually is?

Thanks again for all your help, I really appreciate it.

Everet.
  • 0

#12
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Howdy Evert!!!!!

Thats just too cool,I am glad you got to see and speak to the folks!!!!

To answer your question:
http://www.file.net/...ickset.exe.html

Note the comments about location,I spec you are using a Dell Laptop??

If you locate the quickset folder\file anywhere other than Program Files,please let me know!!!

The other question,"YES" ReInstall and Update Norton ASAP!!!

WHat other protection is on the PC???

I have a boatload of links to all different kinds of protection programs,you just let me know what ya got or what ya need!!!

Dont forget to tell Mom "Happy Mothers Day"!!!!!!!!!!!!!!!!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP