[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Steamhead got busy with school and asked me to take over...

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe.

When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.

When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

I want to thank all of you for the dedication and time you spend on helping me, I just reinstall my OS, and everything works fine... sorry I gave up on cleaning my system.

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

I need a new HJT log too.

Logfile of HijackThis v1.99.1

Scan saved at 9:46:53 PM, on 8/25/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\QUICKENW\QAGENT.EXE

C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe

C:\WINDOWS\system32\mrtMngr.EXE

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\PROGRA~1\SlimQ\Fahid.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Virtual Account Numbers\CitiUCS.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {b2b97a9f-be18-4840-92c8-dc2f5747fc91} - C:\WINDOWS\system32\logp32.dll (file missing)

O2 - BHO: (no name) - {E5D1E8C2-677A-49C7-9D36-486CC23AD677} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: UCS Shared Browser Helper Object - {F1D49A84-8656-43ce-AE3D-AABC1A12243E} - C:\WINDOWS\system32\BhoUCS.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [QAGENT] "C:\Program Files\QUICKENW\QAGENT.EXE"

O4 - HKLM\..\Run: [uFD Monitor] "C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe"

O4 - HKLM\..\Run: [uFD Utility] "C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe"

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"

O4 - HKLM\..\Run: [bJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"

O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"

O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE"

O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CitiUCS] "C:\Program Files\Virtual Account Numbers\CitiUCS.exe" /dontopenmycards

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab

O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: logp32 - logp32.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: wintqh32 - wintqh32.dll (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing)

O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post with a new HJT log.

Thanks, here is the log.

AC3Filter (remove only)

Ad-aware 6 Personal

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Download Manager 1.2 (Remove Only)

Adobe Illustrator 10

Adobe Photoshop 6.0

Adobe Product/Adobe Studio Update 10/2001

Adobe Reader 7.0.5 Language Support

Adobe Reader 7.0.7

Adobe Reader Japanese Fonts

Adobe SVG Viewer 3.0

Adobe® Photoshop® Album Starter Edition 3.0

ALPS Touch Pad Driver

America Online

Apache2Triad: Apache2Triad - apache server bunndle (remove only)

Aspi Installer

AudibleManager

Britannica Ready Reference

BroadJump Client Foundation

ccCommon

CloneCD

C-Major Audio

Creative Mass Storage Drivers

Creative MediaSource

Creative System Information

Creative Zen Nano Plus

Cubis Gold

DAO

Dell Digital Jukebox Driver

Dell Modem-On-Hold

Dell Picture Studio - Dell Image Expert

Dell Solution Center

Dell Support 5.0.0 (766)

Dell TrueMobile 1300 WLAN Mini-PCI Card

Direct Show Ogg Vorbis Filter (remove only)

DivX ;-) Audio Compressor 4.02

DVDSentry

E90 Screen Saver

EarthLink Setup Files

Easy CD Creator 5 Basic

ewido anti-spyware 4.0

Focus 2000

GogoPenQPad

Google Talk (remove only)

Google Toolbar for Internet Explorer

Hexic Deluxe

HijackThis 1.99.1

HP PSC & OfficeJet 5.3.B

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

Intel® PROSet

Internet Worm Protection

InterVideo WinDVD

ItsDeductible Express

iTunes

Java 2 Runtime Environment, SE v1.4.2_05

Java 2 SDK, SE v1.4.2_10

Lexus GS ScreenSaver1

Lexus IS ScreenSaver1

Linksys Viewer & Recorder Utility

LiveReg (Symantec Corporation)

LiveUpdate 2.7 (Symantec Corporation)

Logitech ImageStudio

Macromedia Dreamweaver MX

Macromedia Extension Manager

Macromedia Fireworks MX

Macromedia Flash MX

Macromedia Flash Player 8

Macromedia FreeHand 10

Meetro 0.92 beta

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB886903)

Microsoft Data Access Components KB870669

Microsoft Location Finder

Microsoft Office XP Professional with FrontPage

Microsoft Streets & Trips 2006 with GPS Locator

Microsoft Windows Journal Viewer

Modem Helper

Mozilla Firefox (1.5.0.6)

MSN Messenger 7.5

MSN Money Investment Toolbox

MSN Music Assistant

Musicmatch® Jukebox

NAVShortcut

Nero 6 Ultra Edition

NetBeans IDE 4.1

NJStar Communicator

Norton AntiVirus 2006

Norton AntiVirus 2006 (Symantec Corporation)

Norton AntiVirus Help

Norton AntiVirus Parent MSI

Norton AntiVirus SYMLT MSI

Norton Protection Center

Norton WMI Update

Paint Shop Pro 7

palmOne

Panda ActiveScan

PB 5.0 Deployment Kit for Intel 32

PCTEL 2304WT V.92 MDC Modem Drivers

PeopleSoft Library

PowerBuilder 5.0 Enterprise for Intel 32

Quicken 2002 New User Edition

QuickSet

QuickTime

RealPlayer

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901190)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

ShellExView

Skype (BETA)

Smart Audio Converter

SmartSoft Video Converter

SonicWALL Global VPN Client

SPBBC

Spy Sweeper

Spybot - Search & Destroy 1.2

Spyware Remover

SurfSecret DVD Rip and Burn 2.12

Symantec

SymNet

TextPad 4.7

TurboTax Deluxe 2005

TurboTax Premier 2004

TurboTax Premier Home & Business 2003

Ulead GIF Animator 5 TBYB

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

USB2.0 PC Camera (SN9C201&202)

Viewpoint Manager (Remove Only)

Virtual Account Numbers

Visual IP InSight(SBC)

VNC Free Edition 4.1.1

WexTech AnswerWorks

Winamp (remove only)

WinAVI VideoConverter

Windows Defender

Windows Defender Signatures

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows Media Format Runtime

Windows Media Player 10

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

Windows XP Service Pack 2

WinPcap 3.1 beta3

WinRAR archiver

WinZip

WordPerfect Office 11

WriteExpress 3,001 Business & Sales Letters

XviD MPEG-4 Video Codec

Yahoo! extras

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Photos Easy Upload Tool 1v7

Yahoo! Toolbar

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Since msg for HJ Log got cut off, here is another post.

Logfile of HijackThis v1.99.1

Scan saved at 5:20:49 PM, on 8/16/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\QUICKENW\QAGENT.EXE

C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\PROGRA~1\SlimQ\Fahid.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Virtual Account Numbers\CitiUCS.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\mrtMngr.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\tsnp2std.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {b2b97a9f-be18-4840-92c8-dc2f5747fc91} - C:\WINDOWS\system32\logp32.dll (file missing)

O2 - BHO: (no name) - {E5D1E8C2-677A-49C7-9D36-486CC23AD677} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: UCS Shared Browser Helper Object - {F1D49A84-8656-43ce-AE3D-AABC1A12243E} - C:\WINDOWS\system32\BhoUCS.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [QAGENT] "C:\Program Files\QUICKENW\QAGENT.EXE"

O4 - HKLM\..\Run: [uFD Monitor] "C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe"

O4 - HKLM\..\Run: [uFD Utility] "C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe"

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"

O4 - HKLM\..\Run: [bJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"

O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"

O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE"

O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CitiUCS] "C:\Program Files\Virtual Account Numbers\CitiUCS.exe" /dontopenmycards

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab

O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: geedc - C:\WINDOWS\

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: logp32 - logp32.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: wintqh32 - wintqh32.dll (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing)

O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Hello ... let's do a quick sweep up first. You have a lot of stuff (not all bad stuff just ... stuff...)

Can you please tell me what symptom you are having?

Let's get started .. you may want to print this out.

STEP 1:

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

• Double-click sspsetup1.exe to install it.
  
• Before installation it may ask you to check for program updates. Click YES.
  Then finish installation leaving all the default options.
  
• Once the program is installed, it will ask if you wish to reboot now choose YES.
  
• After reboot, open SpySweeper, by double-clicking the icon on your desktop.
  
• Click Options on the left side.
  
• Click the Sweep tab.
  
• Under Items to Sweep make sure the following are checked:
  • 
    
  • Windows registry
    
  • Memory objects
    
  • Cookies
    
  • Compressed Files
    
  • System Restore Folder
    

  [*]Under Other Options make sure the following are checked:

  • Sweep all user accounts
    
  • Enable Direct Disk Sweeping
    
  • Sweep for rootkits
    

  [*]Click the Sweep button on the left side.

  [*]Click the Start Sweep button.

  [*]When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.

  [*]It will quarantine all of the items found.

  [*]Click View Session Log in the right corner above the box where the items are listed.

  [*]Click Save to File and save it on your desktop.

  [*]Exit SpySweeper.

  [*]Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).

  [*]NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.

STEP 2:

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
  
• A new window will open...click the Check Now button
  
• Enter your Country
  
• Enter your State/Province
  
• Enter your e-mail address and click send
  
• Select either Home User or Company
  
• Click the big Scan Now button
  
• If it wants to install an ActiveX component allow it
  
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• When download is complete, click on My Computer to start the scan
  
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
  

STEP 3:

Please post all the requested logs alon with a new HJT log. Thanks!

I am so happy to clean my laptop, the symptom is when I use IE, sometimes it crash, freeze, popup another instance of IE, and my computer stop responding and I have to end task. Firefox works fine without problem.

Here is the Log in the order you requested. Thanks so much!

2:54 PM: Removal process completed. Elapsed time 00:15:53

2:54 PM: A reboot was required but declined.

2:50 PM: Quarantining All Traces: zedo cookie

2:50 PM: Quarantining All Traces: winantiviruspro cookie

2:50 PM: Quarantining All Traces: myaffiliateprogram.com cookie

2:50 PM: Quarantining All Traces: videodome cookie

2:50 PM: Quarantining All Traces: tribalfusion cookie

2:50 PM: Quarantining All Traces: webtrendslive cookie

2:50 PM: Quarantining All Traces: reliablestats cookie

2:50 PM: Quarantining All Traces: questionmarket cookie

2:50 PM: Quarantining All Traces: mediaplex cookie

2:50 PM: Quarantining All Traces: maxserving cookie

2:50 PM: Quarantining All Traces: dealtime cookie

2:50 PM: Quarantining All Traces: exitexchange cookie

2:50 PM: Quarantining All Traces: casalemedia cookie

2:50 PM: Quarantining All Traces: atlas dmt cookie

2:50 PM: Quarantining All Traces: advertising cookie

2:50 PM: Quarantining All Traces: adrevolver cookie

2:50 PM: Quarantining All Traces: adprofile cookie

2:50 PM: Quarantining All Traces: specificclick.com cookie

2:50 PM: Quarantining All Traces: websponsors cookie

2:50 PM: Quarantining All Traces: mytemplatestorage cookie

2:49 PM: Quarantining All Traces: realmedia cookie

2:49 PM: Quarantining All Traces: rn11 cookie

2:49 PM: Quarantining All Traces: belnk cookie

2:49 PM: Quarantining All Traces: delfinproject cookie

2:49 PM: Quarantining All Traces: cardomain cookie

2:49 PM: Quarantining All Traces: atwola cookie

2:49 PM: Quarantining All Traces: apmebf cookie

2:49 PM: Quarantining All Traces: hotbar cookie

2:49 PM: Quarantining All Traces: hbmediapro cookie

2:49 PM: Quarantining All Traces: adknowledge cookie

2:49 PM: Quarantining All Traces: about cookie

2:49 PM: Quarantining All Traces: browseraid

2:49 PM: Quarantining All Traces: spyware quake

2:49 PM: Quarantining All Traces: prosearch.com hijack

2:49 PM: Quarantining All Traces: cws_meup

2:49 PM: Quarantining All Traces: winantivirus pro

2:48 PM: Quarantining All Traces: coolwebsearch (cws)

2:48 PM: Quarantining All Traces: delfin

2:48 PM: Quarantining All Traces: easyerror

2:48 PM: Quarantining All Traces: spad

2:48 PM: Quarantining All Traces: heretofind

2:48 PM: Quarantining All Traces: childoleauto

2:48 PM: Quarantining All Traces: apropos

2:48 PM: Quarantining All Traces: trojan-downloader-zlob

2:48 PM: Quarantining All Traces: cws-aboutblank

2:48 PM: Quarantining All Traces: msn sniffer

2:48 PM: Quarantining All Traces: popuper

2:48 PM: Quarantining All Traces: trojan-downloader-conhook

2:48 PM: Quarantining All Traces: trojan agent winlogonhook

2:48 PM: Quarantining All Traces: security2k hijacker

2:48 PM: C:\WINDOWS\SYSTEM32\geedc.dll is in use. It will be removed on reboot.

2:48 PM: virtumonde is in use. It will be removed on reboot.

2:40 PM: Quarantining All Traces: virtumonde

2:40 PM: Quarantining All Traces: trojan-downloader-2pursuit

2:38 PM: Removal process initiated

2:31 PM: Traces Found: 168

2:31 PM: Full Sweep has completed. Elapsed time 05:44:06

2:31 PM: File Sweep Complete, Elapsed Time: 05:35:35

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo joypolis (sega amusement park)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\border_orange.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i6event.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i8museum.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i4urban.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i3excu.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i2tokyo.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i1check.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\border_orange.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_site_s.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_tcvb_s.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_press_s.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_conve_s.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_hot_s.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\arrow2.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\arrow3.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\arrow2.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\arrow3.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\spacer.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\spacer(1).gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\sight_e.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\map_e.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\dining_e.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\b-spacer.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\tower.jpg (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\kaminari.jpg (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\akihabara.jpg (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\nakamise.jpg (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\barbecue.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\imp-pp.jpg (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\garden.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\logo_top.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\top_pict_s.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_tourist_s.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_vis_s.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\touristinfo.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i7recommend_g.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i7photo.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i7_title.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\wt4.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\tcvb.css (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\diet.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\sumida2.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\nakamise.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\kaminari.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\ginza.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\ginza.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\n-odaiba.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo joypolis (sega amusement park)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_tourist_s.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\etitlea100.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo joypolis (sega amusement park)\yes!tokyo - tokyo convention & visitors bureau_files\set04_files\i7recommend_g.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\tokyo_e.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\style.css (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\kanto_back.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\i.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\h800s.js (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\f800.js (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\booking\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\mob_files\keitai.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\booking\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\vjh_files\vjh.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\130402tokyochuusinbu.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\130401tokyochuusinbu.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\mob_files\keitai.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\vjh_files\vjh.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\2003.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\mob_files\keitai.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\vjh_files\vjh.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\2003.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_guide_s.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_lod_s.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\h800_rtg.js (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\imperial.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\sukiyaki.gif (ID = 0)

1:18 PM: Found System Monitor: potentially rootkit-masked files

1:18 PM: Warning: Failed to access drive E:

1:14 PM: Warning: Failed to open file "c:\documents and settings\coco\application data\skype\jay_88828\chat256.dbb". The operation completed successfully

1:13 PM: Warning: Failed to open file "c:\documents and settings\coco\local settings\temp\jetee87.tmp". The operation completed successfully

1:12 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042973.lnk". The operation completed successfully

1:12 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042922.lnk". The operation completed successfully

1:11 PM: Warning: Failed to open file "c:\documents and settings\coco\cookies\[email protected][2].txt". The operation completed successfully

1:08 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042969.lnk". The operation completed successfully

1:08 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042974.lnk". The operation completed successfully

1:08 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042927.lnk". The operation completed successfully

1:08 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042961.lnk". The operation completed successfully

1:07 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042941.ini". The operation completed successfully

1:07 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\rp.log". The operation completed successfully

1:07 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042993.ini". The operation completed successfully

1:07 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042967.lnk". The operation completed successfully

1:04 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042917.lnk". The operation completed successfully

1:04 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042896.lnk". The operation completed successfully

1:04 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042916.lnk". The operation completed successfully

1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\wt4_files\i2tokyo.gif". The operation completed successfully

1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\wt4_files\i1check.gif". The operation completed successfully

1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\head2_files\ind_press_s.gif". The operation completed successfully

1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\head2_files\ind_conve_s.gif". The operation completed successfully

1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\head2_files\ind_hot_s.gif". The operation completed successfully

1:00 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042928.lnk". The operation completed successfully

12:44 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\snapshot\_registry_machine_system". The operation completed successfully

12:38 PM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217\A0048740.exe (ID = 305008)

12:33 PM: c:\windows\downloaded program files\uwa6p_0001_n91m1807netinstaller.exe (ID = 327827)

12:33 PM: Found Adware: winantivirus pro

12:11 PM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217\A0048736.exe (ID = 408)

12:11 PM: Found Trojan Horse: trojan-downloader-zlob

11:48 AM: Warning: PerformFileOffsetMatch Failed to check file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042894.vxd". "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042894.vxd": File not found

11:35 AM: Warning: PerformFileOffsetMatch Failed to check file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042895.dll". "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042895.dll": File not found

10:32 AM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\change.log.5". The operation completed successfully

10:31 AM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042958.data". The operation completed successfully

10:22 AM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042970.lnk". The operation completed successfully

9:34 AM: IE Security Shield: found: C:\WINDOWS\SYSTEM32\MKPMARWL.EXE -- IE Security modification denied

9:29 AM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0045512.exe (ID = 298057)

9:17 AM: C:\Program Files\Microsoft AntiSpyware\Quarantine\46FEA5A4-8701-4EDF-A1B5-37FB34\7BE2E4B7-C5BD-4BF5-A8D7-261D03 (ID = 312696)

9:11 AM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0045513.ini (ID = 298068)

9:10 AM: C:\WINDOWS\SYSTEM32\wecxg32.dll (ID = 54008)

9:10 AM: C:\WINDOWS\SYSTEM32\zxmsn.dll (ID = 54008)

9:08 AM: C:\WINDOWS\SYSTEM32\gupd.dll (ID = 54008)

9:08 AM: C:\WINDOWS\SYSTEM32\cidpoq32.dll (ID = 54008)

9:06 AM: C:\WINDOWS\SYSTEM32\cidft.dll (ID = 54008)

9:06 AM: C:\WINDOWS\SYSTEM32\sdfup.dll (ID = 54008)

9:06 AM: C:\WINDOWS\SYSTEM32\xcwer32.dll (ID = 54008)

9:06 AM: C:\WINDOWS\SYSTEM32\icvbr.dll (ID = 54008)

9:06 AM: C:\WINDOWS\SYSTEM32\icqrt.dll (ID = 54187)

9:06 AM: C:\WINDOWS\SYSTEM32\icnfe.dll (ID = 54008)

9:06 AM: Found Adware: coolwebsearch (cws)

8:58 AM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0045516.lnk (ID = 288513)

8:56 AM: C:\Documents and Settings\CoCo\Local Settings\Temp\~DlfnTmp3 (1 subtraces) (ID = 2147486173)

8:56 AM: C:\Documents and Settings\CoCo\Local Settings\Temp\~DlfnTmp2 (1 subtraces) (ID = 2147486172)

8:56 AM: C:\Documents and Settings\CoCo\Local Settings\Temp\~DlfnTmp4 (1 subtraces) (ID = 2147486174)

8:56 AM: Found Adware: delfin

8:55 AM: Starting File Sweep

8:55 AM: Cookie Sweep Complete, Elapsed Time: 00:00:03

8:55 AM: c:\documents and settings\coco\cookies\coco@zedo[2].txt (ID = 3762)

8:55 AM: Found Spy Cookie: zedo cookie

8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3690)

8:55 AM: Found Spy Cookie: winantiviruspro cookie

8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 3032)

8:55 AM: Found Spy Cookie: myaffiliateprogram.com cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@videodome[1].txt (ID = 3638)

8:55 AM: Found Spy Cookie: videodome cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@tribalfusion[1].txt (ID = 3589)

8:55 AM: Found Spy Cookie: tribalfusion cookie

8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3667)

8:55 AM: Found Spy Cookie: webtrendslive cookie

8:55 AM: c:\documents and settings\coco\cookies\[email protected][3].txt (ID = 3254)

8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 3254)

8:55 AM: Found Spy Cookie: reliablestats cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@realmedia[2].txt (ID = 3235)

8:55 AM: c:\documents and settings\coco\cookies\coco@questionmarket[1].txt (ID = 3217)

8:55 AM: Found Spy Cookie: questionmarket cookie

8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 3236)

8:55 AM: c:\documents and settings\coco\cookies\coco@mediaplex[1].txt (ID = 6442)

8:55 AM: Found Spy Cookie: mediaplex cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@maxserving[1].txt (ID = 2966)

8:55 AM: Found Spy Cookie: maxserving cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@exitexchange[2].txt (ID = 2633)

8:55 AM: c:\documents and settings\coco\cookies\coco@dealtime[2].txt (ID = 2505)

8:55 AM: Found Spy Cookie: dealtime cookie

8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 2634)

8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 2634)

8:55 AM: Found Spy Cookie: exitexchange cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@casalemedia[2].txt (ID = 2354)

8:55 AM: Found Spy Cookie: casalemedia cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@atdmt[2].txt (ID = 2253)

8:55 AM: Found Spy Cookie: atlas dmt cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@advertising[1].txt (ID = 2175)

8:55 AM: Found Spy Cookie: advertising cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@adrevolver[1].txt (ID = 2088)

8:55 AM: Found Spy Cookie: adrevolver cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@adprofile[2].txt (ID = 2084)

8:55 AM: Found Spy Cookie: adprofile cookie

8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3400)

8:55 AM: Found Spy Cookie: specificclick.com cookie

8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3665)

8:55 AM: Found Spy Cookie: websponsors cookie

8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 3050)

8:55 AM: Found Spy Cookie: mytemplatestorage cookie

8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 2038)

8:55 AM: c:\documents and settings\jessica\cookies\jessica@realmedia[2].txt (ID = 3235)

8:55 AM: Found Spy Cookie: realmedia cookie

8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 2038)

8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 3262)

8:55 AM: Found Spy Cookie: rn11 cookie

8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 2293)

8:55 AM: Found Spy Cookie: belnk cookie

8:55 AM: c:\documents and settings\jessica\cookies\jessica@delfinproject[1].txt (ID = 2509)

8:55 AM: Found Spy Cookie: delfinproject cookie

8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 2038)

8:55 AM: c:\documents and settings\jessica\cookies\jessica@cardomain[2].txt (ID = 2350)

8:55 AM: Found Spy Cookie: cardomain cookie

8:55 AM: c:\documents and settings\jessica\cookies\jessica@atwola[1].txt (ID = 2255)

8:55 AM: Found Spy Cookie: atwola cookie

8:55 AM: c:\documents and settings\jessica\cookies\jessica@apmebf[1].txt (ID = 2229)

8:55 AM: Found Spy Cookie: apmebf cookie

8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 4207)

8:55 AM: Found Spy Cookie: hotbar cookie

8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 2768)

8:55 AM: Found Spy Cookie: hbmediapro cookie

8:55 AM: c:\documents and settings\jessica\cookies\jessica@adknowledge[1].txt (ID = 2072)

8:55 AM: Found Spy Cookie: adknowledge cookie

8:55 AM: c:\documents and settings\jessica\cookies\jessica@about[1].txt (ID = 2037)

8:55 AM: Found Spy Cookie: about cookie

8:55 AM: Starting Cookie Sweep

8:55 AM: Registry Sweep Complete, Elapsed Time:00:00:52

8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)

8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\classes\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127116)

8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\internet explorer\extensions\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127080)

8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\internet explorer\extensions\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127080)

8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)

8:55 AM: Found Adware: cws-aboutblank

8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\windows\currentversion\updt\ (ID = 105189)

8:55 AM: Found Adware: browseraid

8:55 AM: HKLM\software\classes\clsid\{3f143c3a-1457-6cca-03a7-7aa23b61e40f}\ (ID = 1571509)

8:55 AM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {259ba022-2005-45e9-a965-10edb9c00605} (ID = 1538921)

8:55 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{062492af-392e-479d-bf52-a7a4bca00307}\ (ID = 1538630)

8:55 AM: HKLM\software\classes\clsid\{062492af-392e-479d-bf52-a7a4bca00307}\ (ID = 1538618)

8:55 AM: HKCR\clsid\{062492af-392e-479d-bf52-a7a4bca00307}\ (ID = 1538606)

8:55 AM: HKLM\software\microsoft\rasap2k\ (ID = 1511572)

8:55 AM: HKLM\software\microsoft\dstr5\ (ID = 1511570)

8:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\msn sniffer v1.2 evaluation version \ (ID = 1509875)

8:55 AM: Found System Monitor: msn sniffer

8:55 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{686a161d-5bd1-4999-8832-6393f41e564c}\ (ID = 1505707)

8:55 AM: Found Adware: popuper

8:55 AM: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)

8:55 AM: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)

8:55 AM: Found Adware: spyware quake

8:55 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\cfgmngr32\ (ID = 1252409)

8:55 AM: HKLM\software\microsoft\internet explorer\main\ || search page_bak (ID = 1250789)

8:55 AM: Found Adware: prosearch.com hijack

8:55 AM: HKLM\software\classes\clsid\{0b5f7fdf-0717-45bf-b49d-695f3168c7fe}\ (ID = 1149560)

8:55 AM: HKCR\clsid\{0b5f7fdf-0717-45bf-b49d-695f3168c7fe}\ (ID = 1149518)

8:55 AM: Found Adware: easyerror

8:55 AM: HKLM\system\currentcontrolset\services\dp1112\ (ID = 1138322)

8:55 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\geedc\ (ID = 1125293)

8:55 AM: Found Trojan Horse: trojan-downloader-conhook

8:54 AM: HKLM\software\microsoft\mssmgr\ (ID = 937101)

8:54 AM: Found Trojan Horse: trojan agent winlogonhook

8:54 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)

8:54 AM: Found Adware: security2k hijacker

8:54 AM: HKLM\software\classes\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127120)

8:54 AM: HKCR\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127065)

8:54 AM: Found Adware: spad

8:54 AM: HKCR\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127065)

8:54 AM: Found Adware: heretofind

8:54 AM: HKCR\clsid\{3f143c3a-1457-6cca-03a7-7aa23b61e40f}\ (ID = 105493)

8:54 AM: Found Trojan Horse: childoleauto

8:54 AM: HKLM\software\classes\interface\{a2872b10-39f2-42df-9335-7dd38cf75255}\ (ID = 103771)

8:54 AM: HKCR\clsid\{a2872b10-39f2-42df-9335-7dd38cf75255}\ (ID = 103725)

8:54 AM: Found Adware: apropos

8:54 AM: Starting Registry Sweep

8:54 AM: Memory Sweep Complete, Elapsed Time: 00:07:10

8:48 AM: Detected running threat: C:\WINDOWS\SYSTEM32\geedc.dll (ID = 394)

8:48 AM: Found Adware: virtumonde

8:47 AM: Starting Memory Sweep

8:47 AM: HKLM\software\classes\clsid\{062492af-392e-479d-bf52-a7a4bca00307}\inprocserver32\ (ID = 1560802)

8:47 AM: HKCR\clsid\{062492af-392e-479d-bf52-a7a4bca00307}\inprocserver32\ (ID = 1560801)

8:47 AM: Found Adware: cws_meup

8:47 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\cfgmngr32\ || dllname (ID = 1538933)

8:47 AM: Found Trojan Horse: trojan-downloader-2pursuit

8:47 AM: Sweep initiated using definitions version 741

8:47 AM: Spy Sweeper 5.0.5.1286 started

8:47 AM: | Start of Session, Wednesday, August 16, 2006 |

********

8:47 AM: | End of Session, Wednesday, August 16, 2006 |

8:45 AM: Your spyware definitions have been updated.

Keylogger Shield: On

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites Shield: Off

Hosts File Shield: On

Spy Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

8:34 AM: Shield States

8:33 AM: Spyware Definitions: 691

8:32 AM: Spy Sweeper 5.0.5.1286 started

8:32 AM: Spy Sweeper 5.0.5.1286 started

8:32 AM: | Start of Session, Wednesday, August 16, 2006 |

********

=====================================================

Panda's active scan log

=====================================================

Incident Status Location

Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UDC6_0001_D18M1108NetInstaller.exe

Adware:adware/ncase Not disinfected c:\windows\didduid.ini

Adware:adware/alibabar Not disinfected Windows Registry

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.perf.overture.com/]

Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[data.coremetrics.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.2o7.net/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.microsofteup.112.2o7.net/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[statse.webtrendslive.com/]

Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\CoCo\Cookies\coco@bfast[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\CoCo\Cookies\coco@doubleclick[1].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\CoCo\Cookies\coco@drivecleaner[2].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt

============================================

New HJThis Log

============================================

Logfile of HijackThis v1.99.1

Scan saved at 5:20:49 PM, on 8/16/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Pr

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Hello jay888. Matt had to leave without notice and along the way your log kinda fell through a crack.... Soooo you have the honor of switching helpers! (again )

If you are still here, please post a new HJT log if you need help, thanks.

Thanks alot I am so glad you can help me, I was thinking to reinstall os as a last resort...

Logfile of HijackThis v1.99.1

Scan saved at 10:20:07 PM, on 8/14/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\QUICKENW\QAGENT.EXE

C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\WINDOWS\system32\mrtMngr.EXE

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\PROGRA~1\SlimQ\Fahid.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Virtual Account Numbers\CitiUCS.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE

O4 - HKLM\..\Run: [uFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

O4 - HKLM\..\Run: [uFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account Numbers\CitiUCS.exe /dontopenmycards

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\HPCMDTY.DLL (file missing) (HKCU)

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing)

O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Congrats! Your log is clean!

How is your system running?

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Firefox- Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera is good as well.
   
2. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
   
3. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
   
4. SpywareBlaster - Great prevention tool to keep malware from installing on your system.
   
5. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
   
6. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
   
7. ATF Cleaner - Cleans temporary files from web browsers, and much more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
   
8. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
   
9. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
   

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this guide on safer computing.

Hi Matt,

I am very sorry to tell you that I am still infected. I know what cause this, I install some application download online, and the application was opening some dos prompt and trying execute something, that cause all these pop up.

Please help, my computer is still infected.

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Welcome back

Please scan with HJT and place a check next to the following item:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.

Please download FileFind from Atribune.

Unzip the file and save it to your desktop.

To run FileFind, please do the following:

• Click on FileFind.exe
  
• In the box labeled "Directory"
  • Enter Drive eg.. C:\WINDOWS\system32\
    

  [*]In the box labeled "File"

  • Enter chkdsk.dll
    

  [*]Now click on the "Search" button

  [*]Once the utility has found the files click on "Export"

  [*]A Notepad will open up. Please copy the entire contents of the Notepad and paste them here.

  [*]NOTE: The notepad is saved on your C:\ drive as "Export.txt"

Repeat those steps with the following file as well:

notepad.dll

Matt

Hi Matt,

I did deleted the R3 entry in HJT, so I follow the step to use filefind program to search for both .dll file, none of it can be find in the window\system32 directory...

So, I scan with HJT just in case u may want to read it.

Logfile of HijackThis v1.99.1

Scan saved at 9:56:59 AM, on 7/24/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\QUICKENW\QAGENT.EXE

C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\WINDOWS\system32\mrtMngr.EXE

C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\PROGRA~1\SlimQ\Fahid.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Virtual Account Numbers\CitiUCS.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\palmOne\Hotsync.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Video Camera\Linksys Viewer & Recorder Utility.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE

O4 - HKLM\..\Run: [uFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

O4 - HKLM\..\Run: [uFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account Numbers\CitiUCS.exe /dontopenmycards

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\HPCMDTY.DLL (file missing) (HKCU)

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing)

O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Welcome back!

Please scan with HJT and place a check next to the following item:

O20 - AppInit_DLLs: C:\WINDOWS\system32\chkdsk.dll C:\WINDOWS\system32\notepad.dll

Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.

Please double-click Killbox.exe to run it.

• Select:
  • Delete on Reboot
    
  • then Click on the All Files button.
    

  [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

  C:\WINDOWS\system32\chkdsk.dll

  C:\WINDOWS\system32\notepad.dll

  [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

  [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Run another Ewido scan.

Post back the Ewido report and a new HJT log.

Matt

Hi, I got PendingFileRenameOperations prompt on both file.

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

+ Created at: 11:42:43 AM 7/21/2006

+ Scan result:

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP224\A0050204.exe -> Adware.PurityScan : No action taken.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217\A0048732.dll -> Not-A-Virus.Hoax.Win32.Renos.dt : No action taken.

C:\apache2\opssl\bin\libssl32.dll -> Not-A-Virus.NetTool.Win32.STunnel.404 : No action taken.

C:\Documents and Settings\CoCo\Cookies\coco@2o7[2].txt -> TrackingCookie.2o7 : No action taken.

C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.

C:\Documents and Settings\Jessica\Cookies\jessica@2o7[1].txt -> TrackingCookie.2o7 : No action taken.

C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.

C:\Documents and Settings\CoCo\Cookies\coco@advertising[2].txt -> TrackingCookie.Advertising : No action taken.

C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : No action taken.

C:\Documents and Settings\Jessica\Cookies\jessica@advertising[1].txt -> TrackingCookie.Advertising : No action taken.

C:\Documents and Settings\CoCo\Cookies\coco@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.

C:\Documents and Settings\Jessica\Cookies\jessica@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.

C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : No action taken.

C:\Documents and Settings\CoCo\Cookies\coco@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.

C:\Documents and Settings\CoCo\Cookies\coco@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.

C:\Documents and Settings\Jessica\Cookies\jessica@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.

C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : No action taken.

C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : No action taken.

C:\Documents and Settings\CoCo\Cookies\coco@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.

C:\Documents and Settings\Jessica\Cookies\jessica@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.

C:\Documents and Settings\CoCo\Cookies\coco@overture[1].txt -> TrackingCookie.Overture : No action taken.

C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : No action taken.

C:\Documents and Settings\Jessica\Cookies\jessica@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.

C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : No action taken.

C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : No action taken.

C:\Documents and Settings\CoCo\Cookies\coco@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.

C:\Documents and Settings\Jessica\Cookies\jessica@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.

C:\Documents and Settings\CoCo\Cookies\coco@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.

C:\Documents and Settings\CoCo\Cookies\coco@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.

C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.

C:\Documents and Settings\CoCo\Cookies\coco@zedo[1].txt -> TrackingCookie.Zedo : No action taken.

C:\Documents and Settings\Jessica\Cookies\jessica@zedo[2].txt -> TrackingCookie.Zedo : No action taken.

::Report end

So I reboot the machine manually then do a ewido scan and HJT. Please help.

After the ewido scan, I applied all action to delete it.

Logfile of HijackThis v1.99.1

Scan saved at 11:52:18 AM, on 7/21/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\QUICKENW\QAGENT.EXE

C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\WINDOWS\system32\mrtMngr.EXE

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\PROGRA~1\SlimQ\Fahid.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Virtual Account Numbers\CitiUCS.exe

C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\palmOne\Hotsync.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE

O4 - HKLM\..\Run: [uFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

O4 - HKLM\..\Run: [uFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account Numbers\CitiUCS.exe /dontopenmycards

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\HPCMDTY.DLL (file missing) (HKCU)

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing)

O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Thanks so much for ur continous support, I really apprieciated.

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  • C:\WINDOWS\tsnp2std.exe
    

  [*] Click on the submit button

  Repeat the previous steps with the following files:

  C:\WINDOWS\vsnp2std.exe

  C:\WINDOWS\system32\chkdsk.dll

  [*] Please post the 3 results in your next reply.

Matt

Hi, Sorry for late reply, I've been trying hard to use this website, it froze on me many times because of my spyware?

Please let me know what else I need to check, thanks so much.

Service load: 0% 100%

File: tsnp2std.exe

Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5 51615816c80529488db618e3d78057a5

Packers detected: -

Scanner results

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

UNA Found nothing

VirusBuster Found nothing

VBA32 Found nothing

File: vsnp2std.exe

Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5 5da1d493d24550d92f1407d3509df2b6

Packers detected: -

Scanner results

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

UNA Found nothing

VirusBuster Found nothing

VBA32 Found nothing

C:\WINDOWS\system32\chkdsk.dll

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Hi again jay888! I'll be "re-taking" over assisting you now, as its Steamhead's turn to go out of town!

Anyway, please post a fresh HJT log, and we can continue.

Matt

Welcome back, Matt, hope u have a nice vacation.

Unfortunately, I am still having spyware popping up.

Logfile of HijackThis v1.99.1

Scan saved at 11:50:48 PM, on 7/13/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\QUICKENW\QAGENT.EXE

C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

C:\WINDOWS\system32\mrtMngr.EXE

C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\PROGRA~1\SlimQ\Fahid.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Virtual Account Numbers\CitiUCS.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE

O4 - HKLM\..\Run: [uFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

O4 - HKLM\..\Run: [uFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account Numbers\CitiUCS.exe /dontopenmycards

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\HPCMDTY.DLL (file missing) (HKCU)

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: C:\WINDOWS\system32\chkdsk.dll C:\WINDOWS\system32\notepad.dll

O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing)

O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Can i see one more HJT log please?

Please check for me. It seems that the pop up still happening.

Logfile of HijackThis v1.99.1

Scan saved at 10:43:58 PM, on 7/9/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\QUICKENW\QAGENT.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

C:\WINDOWS\system32\mrtMngr.EXE

C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\PROGRA~1\SlimQ\Fahid.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Virtual Account Numbers\CitiUCS.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\palmOne\Hotsync.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE

O4 - HKLM\..\Run: [uFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

O4 - HKLM\..\Run: [uFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account Numbers\CitiUCS.exe /dontopenmycards

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\HPCMDTY.DLL (file missing) (HKCU)

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: C:\WINDOWS\system32\chkdsk.dll C:\WINDOWS\system32\notepad.dll

O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing)

O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Hello jay888,

Let's finish this up!

STEP 1:

We need to run ATF Cleaner again.

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

STEP 2:

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
  
• A new window will open...click the Check Now button
  
• Enter your Country
  
• Enter your State/Province
  
• Enter your e-mail address and click send
  
• Select either Home User or Company
  
• Click the big Scan Now button
  
• If it wants to install an ActiveX component allow it
  
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• When download is complete, click on My Computer to start the scan
  
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
  

We're almost done!!

Yeah! I am so tired of my laptop, so glad u r making my life easier. Thanks so much.

You are awesome, if there is a way for me to make donation, please let me know the link.

Incident Status Location

Adware:adware/nowfind Not disinfected c:\windows\system32\cidft.dll

Adware:adware/ncase Not disinfected c:\windows\didduid.ini

Adware:adware/miamore Not disinfected Windows Registry

Adware:adware/alibabar Not disinfected Windows Registry

Adware:adware/morwillsearch Not disinfected Windows Registry

Spyware:spyware/apropos Not disinfected Windows Registry

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\CoCo\Cookies\coco@atdmt[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\CoCo\Cookies\coco@doubleclick[1].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\CoCo\Cookies\coco@realmedia[1].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\CoCo\Cookies\coco@trafficmp[2].txt

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Hello jay888,

Let's finish this up!

STEP 1:

We need to run ATF Cleaner again.

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

STEP 2:

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
  
• A new window will open...click the Check Now button
  
• Enter your Country
  
• Enter your State/Province
  
• Enter your e-mail address and click send
  
• Select either Home User or Company
  
• Click the big Scan Now button
  
• If it wants to install an ActiveX component allow it
  
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• When download is complete, click on My Computer to start the scan
  
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
  

We're almost done!!

Hi, I hope this is the last scan, sorry for giving u so much trouble. Thanks so much!

Incident Status Location

Adware:adware/nowfind Not disinfected c:\windows\system32\cidft.dll

Adware:adware/ncase Not disinfected c:\windows\didduid.ini

Adware:adware/miamore Not disinfected Windows Registry

Adware:adware/alibabar Not disinfected Windows Registry

Adware:adware/morwillsearch Not disinfected Windows Registry

Spyware:spyware/apropos Not disinfected Windows Registry

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\CoCo\Cookies\coco@atdmt[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\CoCo\Cookies\coco@doubleclick[1].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\CoCo\Cookies\coco@realmedia[1].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\CoCo\Cookies\coco@trafficmp[2].txt

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Hello Jay888, Happy 4th of July!

1. Please double-click Killbox.exe to run it.

2. Select:
   • Delete on Reboot

   • then Click on the All Files button.

[*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\notepad.dll

[*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

[*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please post a new Ewido log. Thanks!

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Hello jay888 .. Sorry for the delay.

Let's get started! You may want to print tthis out for reference.

STEP 1:

Please open HijackThis and place a check next to the following items:

O4 - HKCU\..\Run: [c329b8f7.exe] C:\Documents and Settings\CoCo\Local Settings\Application Data\c329b8f7.exe

O4 - HKCU\..\Run: [9ea5b5e7.exe] C:\Documents and Settings\CoCo\Local Settings\Application Data\9ea5b5e7.exe

O4 - HKCU\..\Run: [Dfoat] C:\DOCUME~1\CoCo\MYDOCU~1\RACLE~1\services.exe

O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\SKS~1\wuaclt.exe" -vt ndrv

Close all open windows and browsers (except for HijackThis) and click on Fix Checked.

STEP 2:

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.

• Please double-click Killbox.exe to run it.

• Select:
  • Delete on Reboot

  • then Click on the All Files button.

  [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

  C:\Documents and Settings\CoCo\Local Settings\Application Data\c329b8f7.exe

  C:\Documents and Settings\CoCo\Local Settings\Application Data\9ea5b5e7.exe

  C:\DOCUME~1\CoCo\MYDOCU~1\RACLE~1\services.exe

  C:\PROGRA~1\SKS~1\wuaclt.exe

  [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

  [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

STEP 3:

Please post a fresh HijackThis log along with a new Ewido log. Thanks!

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Hello jay888

Matt is out of town for the weekend, so I will be helping you until he gets back.

Do you have the ewido log??

Thanks!

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Welcome back! We've got more work to do.

Jotti File Submission:

• Please go to Jotti's malware scan

• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  • C:\WINDOWS\tsnp2std.exe

  [*] Click on the submit button

  [*] Please post the results in your next reply.

Repeat the previous steps for the following files:

• C:\WINDOWS\vsnp2std.exe

• C:\WINDOWS\system32\c329b8f7.exe

• C:\WINDOWS\system32\9ea5b5e7.exe

• C:\WINDOWS\system32\comdlg32.ocx

• C:\WINDOWS\system32\notepad.dll

Please scan with HJT and place a check next to the following items:

O1 - Hosts: 199.182.179.252 batman

O1 - Hosts: 199.182.179.122 pochacco

O1 - Hosts: 199.182.179.253 spiderman

O1 - Hosts: 199.182.179.242 superman

O1 - Hosts: 199.182.179.247 pita

O1 - Hosts: 199.182.179.240 zorro

O1 - Hosts: 199.182.179.250 pokemon

O1 - Hosts: 199.182.179.251 hercules

O1 - Hosts: 199.182.179.249 zeus

O1 - Hosts: 199.182.179.210 borman

O1 - Hosts: 199.182.179.241 scoobydoo

O1 - Hosts: 199.182.179.199 gateway

O1 - Hosts: 199.182.179.11 galaxy

O4 - HKCU\..\Run: [Luoqhya] C:\WINDOWS\SYSTEM32\SSEMBL~1\mmc.exe

O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\SKS~1\wuaclt.exe" -vt yazr

O4 - HKCU\..\Run: [Dfoat] C:\Documents and Settings\CoCo\My Documents\?racle\services.exe

O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggerne...oaderSigned.cab

O19 - User stylesheet: (file missing)

Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.

• Please double-click Killbox.exe to run it.

• Select:
  • Delete on Reboot

  • then Click on the All Files button.

  [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

  C:\WINDOWS\SYSTEM32\SSEMBL~1\mmc.exe

  C:\PROGRA~1\SKS~1\wuaclt.exe

  [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

  [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Next, Navigate to C:\Documents and Settings\CoCo\My Documents\ and loog for a folder named ?racle. Note: the "?" will replaced by a random character. To make sure you have the correct folder, open it up and look for a file named services.exe. Once you are sure you have found the correct folder, go back and delete the ?racle folder. If you have any doubt whether or not you have found the correct folder, post back and don't do anything.

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

• Double-click ATF-Cleaner.exe to run the program.

  Under Main choose: Select All

  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All

  Click the Empty Selected button.

  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All

  Click the Empty Selected button.

  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

First download ewido anti-spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.

2. Once the setup is complete you will need run ewido and update the definition files.

3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

• Select "Automatically generate report after every scan"

• Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

   IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:

2. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.

3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".

4. ewido will now begin the scanning process, be patient this may take a little time.

   Once the scan is complete do the following:

5. If you have any infections you will prompted, then select "Apply all actions"

6. Next select the "Reports" icon at the top.

7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

8. Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.

Finally, post back with ALL 6 Jotti Scan Results, the Ewido Report, and a new HJT log.

Matt

Thanks so much, I went to oracle folder, however it said access denied when i try to delete it.

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Welcome back! We've got more work to do.

Jotti File Submission:

• Please go to Jotti's malware scan

• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  • C:\WINDOWS\tsnp2std.exe

  [*] Click on the submit button

  [*] Please post the results in your next reply.

Repeat the previous steps for the following files:

• C:\WINDOWS\vsnp2std.exe

• C:\WINDOWS\system32\c329b8f7.exe

• C:\WINDOWS\system32\9ea5b5e7.exe

• C:\WINDOWS\system32\comdlg32.ocx

• C:\WINDOWS\system32\notepad.dll

Please scan with HJT and place a check next to the following items:

O1 - Hosts: 199.182.179.252 batman

O1 - Hosts: 199.182.179.122 pochacco

O1 - Hosts: 199.182.179.253 spiderman

O1 - Hosts: 199.182.179.242 superman

O1 - Hosts: 199.182.179.247 pita

O1 - Hosts: 199.182.179.240 zorro

O1 - Hosts: 199.182.179.250 pokemon

O1 - Hosts: 199.182.179.251 hercules

O1 - Hosts: 199.182.179.249 zeus

O1 - Hosts: 199.182.179.210 borman

O1 - Hosts: 199.182.179.241 scoobydoo

O1 - Hosts: 199.182.179.199 gateway

O1 - Hosts: 199.182.179.11 galaxy

O4 - HKCU\..\Run: [Luoqhya] C:\WINDOWS\SYSTEM32\SSEMBL~1\mmc.exe

O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\SKS~1\wuaclt.exe" -vt yazr

O4 - HKCU\..\Run: [Dfoat] C:\Documents and Settings\CoCo\My Documents\?racle\services.exe

O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggerne...oaderSigned.cab

O19 - User stylesheet: (file missing)

Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.

• Please double-click Killbox.exe to run it.

• Select:
  • Delete on Reboot

  • then Click on the All Files button.

  [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

  C:\WINDOWS\SYSTEM32\SSEMBL~1\mmc.exe

  C:\PROGRA~1\SKS~1\wuaclt.exe

  [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

  [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Next, Navigate to C:\Documents and Settings\CoCo\My Documents\ and loog for a folder named ?racle. Note: the "?" will replaced by a random character. To make sure you have the correct folder, open it up and look for a file named services.exe. Once you are sure you have found the correct folder, go back and delete the ?racle folder. If you have any doubt whether or not you have found the correct folder, post back and don't do anything.

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

• Double-click ATF-Cleaner.exe to run the program.

  Under Main choose: Select All

  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All

  Click the Empty Selected button.

  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All

  Click the Empty Selected button.

  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

First download ewido anti-spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.

2. Once the setup is complete you will need run ewido and update the definition files.

3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

• Select "Automatically generate report after every scan"

• Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

   IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:

2. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.

3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".

4. ewido will now begin the scanning process, be patient this may take a little time.

   Once the scan is complete do the following:

5. If you have any infections you will prompted, then select "Apply all actions"

6. Next select the "Reports" icon at the top.

7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

8. Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.

Finally, post back with ALL 6 Jotti Scan Results, the Ewido Report, and a new HJT log.

Matt

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer

• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

• Instead of Windows loading as normal, a menu with options should appear;

• Select the first option, to run Windows in Safe Mode, then press "Enter".

• Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply, along with a new HJT log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Hi and welcome to Besttechie! I will be assisting you!

Please print out all directions given, for use if/when you cannot access this page.

Please download SmitfraudFix (by S!Ri)

Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

[Help On Hijacklog Pls! Systray Icon[RESOLVED]]

Hi, please help me to remove my spyware, I download a program and after that, I start to see a icon on my system tray, the icon with window help icon logo flashing with stop sign. Help please.

I already tired Norton Anti-virus and 5 different spyware remover programs, problem still exist, when I open IE, it goes to a different homepage, also, there is a message appear right above the system tray icon, telling me I need their spyware remover 'antimalware' then it goes to this page hxxp://www.spywarequake.com/?aff=252

Link Edited to make "Non-Clickable" JWB

Logfile of HijackThis v1.99.1

Scan saved at 9:10:19 PM, on 6/22/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\QUICKENW\QAGENT.EXE

C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\WINDOWS\system32\mrtMngr.EXE

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\PROGRA~1\SlimQ\Fahid.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Virtual Account Numbers\CitiUCS.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\WINDOWS\system32\c329b8f7.exe

C:\Program Files\Yahoo!\Messenger\ypager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\palmOne\Hotsync.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\TEMP\win302.tmp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\TEMP\win307.tmp.exe

C:\Documents and Settings\CoCo\Local Settings\Temp\HijackThis.exe

O1 - Hosts: 199.182.179.252 batman

O1 - Hosts: 199.182.179.122 pochacco

O1 - Hosts: 199.182.179.253 spiderman

O1 - Hosts: 199.182.179.242 superman

O1 - Hosts: 199.182.179.247 pita

O1 - Hosts: 199.182.179.240 zorro

O1 - Hosts: 199.182.179.250 pokemon

O1 - Hosts: 199.182.179.251 hercules

O1 - Hosts: 199.182.179.249 zeus

O1 - Hosts: 199.182.179.210 borman

O1 - Hosts: 199.182.179.241 scoobydoo

O1 - Hosts: 199.182.179.199 gateway

O1 - Hosts: 199.182.179.11 galaxy

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE

O4 - HKLM\..\Run: [uFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

O4 - HKLM\..\Run: [uFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account Numbers\CitiUCS.exe /dontopenmycards

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [c329b8f7.exe] C:\WINDOWS\system32\c329b8f7.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [c329b8f7.exe] C:\Documents and Settings\CoCo\Local Settings\Application Data\c329b8f7.exe

O4 - HKCU\..\Run: [Luoqhya] C:\WINDOWS\SYSTEM32\SSEMBL~1\mmc.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\HPCMDTY.DLL (file missing) (HKCU)

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggerne...oaderSigned.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O19 - User stylesheet: (file missing)

O20 - AppInit_DLLs: C:\WINDOWS\system32\chkdsk.dll

O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing)

O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE