[ming]

i need help pls my norton antivirus keep on pop up a window say tat it detect trojan.adclicker (access denied, quarantine failed, repair failed) i try to repair it but it can't be repair, so i try other spyware remover like adaware & spybot but it still the same. sometime when i not touching my com(disconnected) it auto run some software like paint(it draw a star in it), culcalator(type number in it) cursor move automaticly, if seach yahoo for 'spyware remover' it close the window i don't noe wat going on to my com  pls help me

below are my logfile
=========================

Logfile of HijackThis v1.99.1
Scan saved at 3:48:58 AM, on 1/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\DOCUME~1\MINGZH~1\LOCALS~1\Temp\22.tmp.exe
C:\DOCUME~1\MINGZH~1\LOCALS~1\Temp\23.tmp.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\sdkut.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\winem.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\sxsof.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sxsof.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\sxsof.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\sxsof.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sxsof.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\sxsof.dll/sp.html#88449%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\sxsof.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {124A4263-2E16-F5FE-B4ED-8F846E177090} - C:\WINDOWS\system32\appxz32.dll (file missing)
O2 - BHO: Class - {12560FD0-2D24-CE5F-05C1-805E95B9124E} - C:\WINDOWS\system32\d3xg.dll (file missing)
O2 - BHO: Class - {2B2C0C44-9ED6-FEE0-320E-C3E92FC4F83F} - C:\WINDOWS\mfcmh.dll (file missing)
O2 - BHO: Class - {2DA507CE-21F0-C241-2AA6-C3371265751B} - C:\WINDOWS\addyc32.dll (file missing)
O2 - BHO: Class - {4FC94B1F-F066-F80C-485F-C0DA5FF9D913} - C:\WINDOWS\system32\d3xg.dll (file missing)
O2 - BHO: Class - {59322D9F-65F2-D1F3-21B9-B9DA8AFF2428} - C:\WINDOWS\system32\appxz32.dll (file missing)
O2 - BHO: Class - {72ABC15D-374F-A188-8A46-3C99F8A0FD00} - C:\WINDOWS\system32\appxz32.dll (file missing)
O2 - BHO: Class - {72D70F1B-789A-8B73-AC15-C4F8DF6D7963} - C:\WINDOWS\system32\netiu.dll
O2 - BHO: Class - {787FB093-E2B5-6992-DF72-BBF77FA795BB} - C:\WINDOWS\system32\appxz32.dll (file missing)
O2 - BHO: Class - {7CF47589-316A-74D3-D4CC-8FB404FC8D4B} - C:\WINDOWS\system32\appxz32.dll (file missing)
O2 - BHO: Class - {91F313AF-0DA2-D562-C8BC-A1A68E88C88A} - C:\WINDOWS\system32\appxz32.dll (file missing)
O2 - BHO: Class - {9ABD69B7-3078-E340-94CB-F16AA6983B61} - C:\WINDOWS\system32\appxz32.dll (file missing)
O2 - BHO: Class - {9B49F1C4-4452-5210-291B-499D69815E2D} - C:\WINDOWS\system32\mslk.dll (file missing)
O2 - BHO: Class - {A2FBE3A0-A708-AF3A-EDD6-D569D53EC38B} - C:\WINDOWS\mfcym.dll (file missing)
O2 - BHO: Class - {B01E86CF-2ABC-8ADA-6A6E-F4B0D202B1D0} - C:\WINDOWS\system32\appxz32.dll (file missing)
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {D1B2A675-458A-EE06-C3D2-3986E0634551} - C:\WINDOWS\system32\appko32.dll
O2 - BHO: Class - {E7CDBD7E-95AF-3901-5DD9-2B6F09B1E88F} - C:\WINDOWS\system32\appxz32.dll (file missing)
O2 - BHO: Class - {F6A21324-06ED-7E12-7314-2E0D9AE90873} - C:\WINDOWS\iexl.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [sysev32.exe] C:\WINDOWS\system32\sysev32.exe
O4 - HKLM\..\Run: [22.tmp] C:\DOCUME~1\MINGZH~1\LOCALS~1\Temp\22.tmp.exe
O4 - HKLM\..\Run: [23.tmp] C:\DOCUME~1\MINGZH~1\LOCALS~1\Temp\23.tmp.exe
O4 - HKLM\..\Run: [22.tmp.exe] C:\DOCUME~1\MINGZH~1\LOCALS~1\Temp\22.tmp.exe
O4 - HKLM\..\Run: [23.tmp.exe] C:\DOCUME~1\MINGZH~1\LOCALS~1\Temp\23.tmp.exe
O4 - HKLM\..\Run: [sysmq32.exe] C:\WINDOWS\sysmq32.exe
O4 - HKLM\..\Run: [nette.exe] C:\WINDOWS\system32\nette.exe
O4 - HKLM\..\Run: [msoz32.exe] C:\WINDOWS\msoz32.exe
O4 - HKLM\..\Run: [atlhv32.exe] C:\WINDOWS\atlhv32.exe
O4 - HKLM\..\Run: [aping.exe] C:\WINDOWS\aping.exe
O4 - HKLM\..\Run: [iezm.exe] C:\WINDOWS\system32\iezm.exe
O4 - HKLM\..\Run: [apifk32.exe] C:\WINDOWS\apifk32.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [d3vz.exe] C:\WINDOWS\d3vz.exe
O4 - HKLM\..\Run: [mfcqr32.exe] C:\WINDOWS\system32\mfcqr32.exe
O4 - HKLM\..\Run: [sdkut.exe] C:\WINDOWS\system32\sdkut.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/229?3e6ad6127a1148099a9546b13555d859
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/230?3e6ad6127a1148099a9546b13555d859
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Workstation NetLogon Service ( 11F

[Pancake]

Hi and Welcome
It may help to print out or copy this page as you will be working in Safe Mode.. Make sure to work through the fixes in the exact order its listed..

Download any of the required programs before attempting to start any of the fixes.




SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
 ------------------------------------------------------------------

Files highlighted in BLACK  will need to be removed from your hard drive.

------------------------------------------------------------------

Go to Start > Run and type

cmd

and OK. Copy and paste the below commands and hit "Enter" after each line

sc stop 11F

[ming]

this part i can't get it done it fail to stop n delete

Files highlighted in BLACK  will need to be removed from your hard drive.

------------------------------------------------------------------

Go to Start > Run and type

cmd

and OK. Copy and paste the below commands and hit "Enter" after each line

sc stop 11F

[Pancake]

Ok.Just carry on with the rest of the instructions

[ming]

alast i remove the trojan thank you very much for your great help
sorry for the late reply i was too busy lately really thank you very much

[Pancake]

Ok.Glad it is all working ok..