TheTechGuide Forum

General Category => Tech Clinic => Topic started by: Lidoolkitten on January 07, 2005, 07:26:27 AM

Title: Help pls
Post by: Lidoolkitten on January 07, 2005, 07:26:27 AM

I was told by "Guestolo"  to do a check with "Hijack This" and post my log file here, so i could get help on what to delete

Heres my log:
Logfile of HijackThis v1.99.0
Scan saved at 10:13:24, on 7/01/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE
C:\WINDOWS\DESKTOP\INSTALLATIONS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.anzccbuxahghcfrovldvczvz.com/yw...1EuWV27tEaV.htm (http://\"http://www.anzccbuxahghcfrovldvczvz.com/ywmcdIlPKkm1C2SsWPEf_NIooIWJNAKu9baIq3C8ZsI6ePTGs2YNz1EuWV27tEaV.htm\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirec...&query=%s&i=enu (http://\"http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&query=%s&i=enu\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.presario.net/scripts/redire...=consumer&i=enu (http://\"http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=1c99&s=consumer&i=enu\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {6E64428F-5375-1BAE-A10F-04B75F3DE182} - C:\WINDOWS\APPLICATION DATA\SEEK OBJ SHIM\ACETITLE.EXE
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Soft idol 4 16] C:\WINDOWS\Application Data\flawsafesoftidol\Aim win.exe
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE C:\WINDOWS\UAUHCCUP1.DLL,_mainRD
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [explorer] C:\WINDOWS\SYSTEM\explorer.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [each delete] C:\WINDOWS\APPLIC~1\STARTD~1\pollacid.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clie...ts/y/potd_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/potd_x.cab\")
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab (http://\"http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab\")
O16 - DPF: {90231C0E-765E-4429-8F70-F4E9A0F8D44A} (WebCtrl Class) - http://www.peeringportal.net/WebPlayerCab/...7/FandangoV.cab (http://\"http://www.peeringportal.net/WebPlayerCab/Fandango/1107/FandangoV.cab\")
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab (http://\"http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab\")
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab (http://\"http://www.errorguard.com/installation/Install.cab\")
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab (http://\"http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab\")
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab (http://\"http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab\")

Please help.  /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Thankyou~  /laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' />

Title: Help pls
Post by: guestolo on January 07, 2005, 10:35:12 PM

Please know how to start in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=2#_Section2\") ahead of time, I will be asking you to do so for part of this fix

Could you Download this  utility to help clean your temp folders,cookies,etc...
Windows Cleanup (http://\"http://www.antispyware.nextdesigns.net/installs/cleanup.php?type=exe\")
A small download, Install it for now, we'll run a scan with it later

You may also want to Print out these instructions, or save it to a Notepad file on the desktop for easy access

Please uninstall MessengerPlus3 or may be called MSN Plus 3
This is the best way of removing the Spyware that gets installed with it
When you installed it you got convinced to install the SPONSOR
You can reinstall it at a later time, but choose NOT to include the SPONSOR
The Sponsor includes Spyware called LOP
Which causes unwanted popups and slow browsing experience in general
This needs to be done

After you remove it
Set Windows To Show Hidden Files and Folders
    Open My Computer.
    * Select the View menu and click Folder Options.
    * Select the View Tab.
    * In the Hidden files section select Show all files.
    * Click OK.

Restart your computer into SAFE MODE

Find and delete these files or folders if they exist

C:\WINDOWS\SYSTEM\explorer.exe <--this file, ONLY the one in the System folder, don't delete any one in any other directory

C:\WINDOWS\APPLICATION DATA\STARTD~1\pollacid.exe <--the bolded folder, I'm unsure of the exact name, but it starts with STARTD
C:\WINDOWS\APPLICATION DATA\SEEK OBJ SHIM <--folder
C:\WINDOWS\Application Data\flawsafesoftidol <--folder
C:\Program Files\Messenger Plus <--folder
C:\PROGRAM FILES\MYWAY <--folder

Stay in safe mode
Do another scan with Hijackthis and put a check next to these entries: Not all mentioned below may exist anymore

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.anzccbuxahghcfrovldvczvz.com/yw...1EuWV27tEaV.htm (http://\"http://www.anzccbuxahghcfrovldvczvz.com/yw...1EuWV27tEaV.htm\")

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)

O2 - BHO: (no name) - {6E64428F-5375-1BAE-A10F-04B75F3DE182} - C:\WINDOWS\APPLICATION DATA\SEEK OBJ SHIM\ACETITLE.EXE

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O4 - HKLM\..\Run: [Soft idol 4 16] C:\WINDOWS\Application Data\flawsafesoftidol\Aim win.exe
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE C:\WINDOWS\UAUHCCUP1.DLL,_mainRD

O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\RunServices: [explorer] C:\WINDOWS\SYSTEM\explorer.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [each delete] C:\WINDOWS\APPLIC~1\STARTD~1\pollacid.exe

O16 - DPF: {90231C0E-765E-4429-8F70-F4E9A0F8D44A} (WebCtrl Class) - http://www.peeringportal.net/WebPlayerCab/...7/FandangoV.cab (http://\"http://www.peeringportal.net/WebPlayerCab/...7/FandangoV.cab\")
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab (http://\"http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab\")
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab (http://\"http://www.errorguard.com/installation/Install.cab\")

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab (http://\"http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab\")

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
YES and exit Hijackthis

Again, in safe mode, Open CleanUp! and click on the Cleanup button
It will scan for files, let it finish, when it's done it may prompt you to Log off
At this time simply restart back into Normal Mode

Can you go to this site please
Give the link time to load
http://virusscan.jotti.dhs.org/ (http://\"http://virusscan.jotti.dhs.org/\")
Use the Browse button at the top and navigate to this file
C:\WINDOWS\UAUHCCUP1.DLL <--this file
Right click on it and Select it
Use the Submit button on the site
Wait for the scan results and post them back here

Also, Post back a Fresh Hijackthis log

Title: Help pls
Post by: Guest on January 08, 2005, 12:01:38 AM

Well, i did ALMOST everything. But i have one problem.
Whenever i turn on my computer, it says that "UAUHCCUP1.DLL" cannot be found.
And this is the EXACT same file that you told me to put into http://virusscan.jotti.dhs.org/ (http://\"http://virusscan.jotti.dhs.org/\")

So yeah...thats my problem  /dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' />

HELP... /unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />

Title: Help pls
Post by: guestolo on January 08, 2005, 12:12:02 AM

Quote

Well, i did ALMOST everything

I need to see a new Hijackthis log
Did you delete that file?

Title: Help pls
Post by: Guest on January 08, 2005, 12:29:46 AM

I think i might have deleted it a while ago...  /dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' />

Here is my new log:

Logfile of HijackThis v1.99.0
Scan saved at 3:17:01, on 8/01/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\CSRS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MIRC\MIRC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\OPSCAN.EXE
C:\WINDOWS\DESKTOP\INSTALLATIONS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lpsjzzzmppnsj.us/ywmcdIlPKkm1C2...EuWV27tEaV.html (http://\"http://www.lpsjzzzmppnsj.us/ywmcdIlPKkm1C2SsWPEf_NIooIWJNAKu9baIq3C8ZsKAY4Ito47ZlVEuWV27tEaV.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirec...&query=%s&i=enu (http://\"http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&query=%s&i=enu\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.presario.net/scripts/redire...=consumer&i=enu (http://\"http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=1c99&s=consumer&i=enu\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clie...ts/y/potd_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/potd_x.cab\")
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab (http://\"http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab (http://\"http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab\")


Thats it...i got to your last step, but that file was missing. ><"

Title: Help pls
Post by: guestolo on January 08, 2005, 12:56:34 AM

Okay, some more cleanup needs done

Download and save to desktop these 2 uninstallers

This one (http://\"http://www.thatcomputerguy.us/downloads/lop_new_uninstall.exe\")

and

This one (http://\"http://www.thatcomputerguy.us/downloads/lop_toolbar_uninstall.exe\")

Run each, one at a time, follow the prompts and  Restart the computer if prompted

Back in Windows

Open Hijackthis>>Open Misc Tools Section>>Open Process Manager
Kill this process
C:\WINDOWS\SYSTEM\CSRS.EXE

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lpsjzzzmppnsj.us/ywmcdIlPKkm1C2...EuWV27tEaV.html (http://\"http://www.lpsjzzzmppnsj.us/ywmcdIlPKkm1C2...EuWV27tEaV.html\")

O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
YES and exit Hijackthis

Restart again into safe mode
Find and delete this file
C:\WINDOWS\SYSTEM\csrs.exe <--this file

Restart back into normal mode and post back a fresh hijackthis log

Could you also open Hijackthis>>Open Misc Tools Section>>Open Hosts file manager
Click the "Open in Notepad"
Copy and paste the Whole contents back of the Hosts notepad file

Title: Help pls
Post by: Guest on January 08, 2005, 01:28:15 AM

This is my Hijackthis logfile..


Logfile of HijackThis v1.99.0
Scan saved at 4:11:53, on 8/01/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\INSTALLATIONS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirec...&query=%s&i=enu (http://\"http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&query=%s&i=enu\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.presario.net/scripts/redire...=consumer&i=enu (http://\"http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=1c99&s=consumer&i=enu\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clie...ts/y/potd_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/potd_x.cab\")
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab (http://\"http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab (http://\"http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab\")

================================================


And this is my "hosts" log:


# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

 /wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />

Title: Help pls
Post by: guestolo on January 08, 2005, 01:32:36 AM

Looks good, how's everything running?

To enhance your privacy and security
You should set up protection against future attacks

You should install these 2 apps., they add extra security while
silently protecting you, without running in the background
Consider them silent Spyware blockers

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link==Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")
Scroll down and click on IE-SPYAD.EXE Free!


With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply enable all protection

Title: Help pls
Post by: guestolo on January 08, 2005, 01:34:38 AM

Wanted to add this, if you decide to Reinstall MSN Plus 3
Remember, WITHOUT the SPONSOR

Could I see another Hijackthis log afterwards, thanks

Title: Help pls
Post by: Guest on January 08, 2005, 02:04:54 AM

Um, ive done everything else, but now- when i try to run HijackThis, it gets stuck on "015 Trusted Zone Enumeration" while scanning.
 /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

And then it freezes, and i have to CTRL+ALT+DeL the program....   /unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />

Title: Help pls
Post by: guestolo on January 08, 2005, 02:13:24 AM

That's okay, I bet you installed IE-Spyad then, good move  /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

This adds a long list to a part of the registry of sites found bad and must follow the Restricted zones setting of IE
Hijackthis doesn't discriminate, it's checking the whole key in the Registry
Whether Trusted or Restricted

Can you do me a favor and go to C:\ie-spyad
Open the folder and double click on
ie-ads-uninst.reg
Let it merge to the registry and then try running another scan with Hijackthis

To reinstall those entries back to the registry
go back to C:\ie-spyad
and double click on ie-ads.reg
and allow to merge
Can you do that after you have run a scan

P.S That's how you can update IE-Spyad also, when there is an update
Download the .exe from the site when there's an update
Self extract the folder
Then go thru that process I just mentioned
Use ie-ads-uninst.reg and then ie-ads.reg
Done--updated

Title: Help pls
Post by: Guest on January 08, 2005, 02:31:10 AM

It still doesnt work...it gets stuck in the same place...

My computer has BAD problems...i wanna cry ='(

As soon as i turn on my computer on the desktop, it becomes VERY slow, so when i CTRL+ALT+DEL it has two programs NOT RESPONDING, these are: "Msgsrv32" and "Ddhelp", and only when i 'end' the program, my computer is not slow anymore.

When i press 'End task" a new window pops up saying "Rundll32 is not responding".

HELP.............!!  /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

Title: Help pls
Post by: guestolo on January 08, 2005, 02:47:01 AM

Let's see what going on
First---Go to C:\ie-spyad
Double click on install.bat
and choose option 1 on your Keyboard
and then 1 again
Press any key to continue and then press 2 on your key board to exit

Does hijackthis work now

If not--Open Spyware Blaster
And click on the Disable All Protection
Try Hijackthis now

Title: Help pls
Post by: Guest on January 08, 2005, 02:54:09 AM

THANKYOUUUU!! *hugs*  /laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' />  It works~

This is my log now:


Logfile of HijackThis v1.99.0
Scan saved at 5:41:31, on 8/01/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\MIRC\MIRC.EXE
C:\WINDOWS\DESKTOP\INSTALLATIONS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirec...&query=%s&i=enu (http://\"http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&query=%s&i=enu\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.presario.net/scripts/redire...=consumer&i=enu (http://\"http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=1c99&s=consumer&i=enu\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clie...ts/y/potd_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/potd_x.cab\")
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab (http://\"http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab (http://\"http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab\")

 /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Title: Help pls
Post by: guestolo on January 08, 2005, 02:58:07 AM

Is everything else running OK now
I prefer that you use those 2 programs

Try Enabling All Protection in SpywareBlaster and let me know if you have any problems

Is it just when trying to scan with Hijackthis?

Title: Help pls
Post by: Guest on January 08, 2005, 03:00:53 AM

Coooooool... /laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' />  Thankyou~~

 /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />  /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />  /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />  /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />  /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />  /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />  /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />  /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

Title: Help pls
Post by: guestolo on January 08, 2005, 03:06:23 AM

Good work Lidoolkitten

Stay safe, enable that protection with SpywareBlaster and IE-Spyad if you have no other problems
 /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

Title: Help pls
Post by: Guest on January 30, 2005, 11:43:04 PM

he's good!

Title: Help pls
Post by: guestolo on February 02, 2005, 05:08:56 PM

Closing this topic as the original posters problems are resolved, anyone else with similiar problems
Please start your own post and include a Hijackthis log