Help On Hijacklog Pls! Systray Icon[RESOLVED]


Recommended Posts

Welcome back

Please scan with HJT and place a check next to the following item:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.

Please download FileFind from Atribune.

Unzip the file and save it to your desktop.

To run FileFind, please do the following:

  • Click on FileFind.exe
  • In the box labeled "Directory"
    • Enter Drive eg.. C:\WINDOWS\system32\

    [*]In the box labeled "File"

    • Enter chkdsk.dll

    [*]Now click on the "Search" button

    [*]Once the utility has found the files click on "Export"

    [*]A Notepad will open up. Please copy the entire contents of the Notepad and paste them here.

    [*]NOTE: The notepad is saved on your C:\ drive as "Export.txt"

Repeat those steps with the following file as well:

notepad.dll

Matt

Link to post
Share on other sites
Welcome back

Please scan with HJT and place a check next to the following item:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.

Please download FileFind from Atribune.

Unzip the file and save it to your desktop.

To run FileFind, please do the following:

  • Click on FileFind.exe
  • In the box labeled "Directory"
    • Enter Drive eg.. C:\WINDOWS\system32\

    [*]In the box labeled "File"

    • Enter chkdsk.dll

    [*]Now click on the "Search" button

    [*]Once the utility has found the files click on "Export"

    [*]A Notepad will open up. Please copy the entire contents of the Notepad and paste them here.

    [*]NOTE: The notepad is saved on your C:\ drive as "Export.txt"

Repeat those steps with the following file as well:

notepad.dll

Matt

Hi Matt,

I did deleted the R3 entry in HJT, so I follow the step to use filefind program to search for both .dll file, none of it can be find in the window\system32 directory... :(

So, I scan with HJT just in case u may want to read it.

Logfile of HijackThis v1.99.1

Scan saved at 9:56:59 AM, on 7/24/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\QUICKENW\QAGENT.EXE

C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\WINDOWS\system32\mrtMngr.EXE

C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\PROGRA~1\SlimQ\Fahid.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Virtual Account Numbers\CitiUCS.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\palmOne\Hotsync.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Video Camera\Linksys Viewer & Recorder Utility.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE

O4 - HKLM\..\Run: [uFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

O4 - HKLM\..\Run: [uFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account Numbers\CitiUCS.exe /dontopenmycards

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\HPCMDTY.DLL (file missing) (HKCU)

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing)

O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Link to post
Share on other sites

Congrats! Your log is clean! :thumbsup:

How is your system running?

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

  1. Firefox- Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera is good as well.
  2. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  3. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  4. SpywareBlaster - Great prevention tool to keep malware from installing on your system.
  5. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  6. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  7. ATF Cleaner - Cleans temporary files from web browsers, and much more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  8. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  9. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this guide on safer computing.

Link to post
Share on other sites
Congrats! Your log is clean! :thumbsup:

How is your system running?

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

  1. Firefox- Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera is good as well.
  2. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  3. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  4. SpywareBlaster - Great prevention tool to keep malware from installing on your system.
  5. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  6. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  7. ATF Cleaner - Cleans temporary files from web browsers, and much more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  8. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  9. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this guide on safer computing.

Hi Matt,

I am very sorry to tell you that I am still infected. I know what cause this, I install some application download online, and the application was opening some dos prompt and trying execute something, that cause all these pop up.

Please help, my computer is still infected. :(

Link to post
Share on other sites
  • 3 weeks later...

Hello jay888. Matt had to leave without notice and along the way your log kinda fell through a crack.... Soooo you have the honor of switching helpers! (again :P)

If you are still here, please post a new HJT log if you need help, thanks.

Link to post
Share on other sites
Hello jay888. Matt had to leave without notice and along the way your log kinda fell through a crack.... Soooo you have the honor of switching helpers! (again :P)

If you are still here, please post a new HJT log if you need help, thanks.

Thanks alot :) I am so glad you can help me, I was thinking to reinstall os as a last resort... :(

Logfile of HijackThis v1.99.1

Scan saved at 10:20:07 PM, on 8/14/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\QUICKENW\QAGENT.EXE

C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\WINDOWS\system32\mrtMngr.EXE

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\PROGRA~1\SlimQ\Fahid.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Virtual Account Numbers\CitiUCS.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE

O4 - HKLM\..\Run: [uFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

O4 - HKLM\..\Run: [uFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account Numbers\CitiUCS.exe /dontopenmycards

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\HPCMDTY.DLL (file missing) (HKCU)

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing)

O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Link to post
Share on other sites

Hello ... let's do a quick sweep up first. You have a lot of stuff (not all bad stuff just ... stuff...)

Can you please tell me what symptom you are having?

Let's get started .. you may want to print this out.

STEP 1:

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

  • Double-click sspsetup1.exe to install it.
  • Before installation it may ask you to check for program updates. Click YES.
    Then finish installation leaving all the default options.
  • Once the program is installed, it will ask if you wish to reboot now choose YES.
  • After reboot, open SpySweeper, by double-clicking the icon on your desktop.
  • Click Options on the left side.
  • Click the Sweep tab.
  • Under Items to Sweep make sure the following are checked:

    • Windows registry
    • Memory objects
    • Cookies
    • Compressed Files
    • System Restore Folder

    [*]Under Other Options make sure the following are checked:

    • Sweep all user accounts
    • Enable Direct Disk Sweeping
    • Sweep for rootkits

    [*]Click the Sweep button on the left side.

    [*]Click the Start Sweep button.

    [*]When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.

    [*]It will quarantine all of the items found.

    [*]Click View Session Log in the right corner above the box where the items are listed.

    [*]Click Save to File and save it on your desktop.

    [*]Exit SpySweeper.

    [*]Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).

    [*]NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.

STEP 2:

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

STEP 3:

Please post all the requested logs alon with a new HJT log. Thanks! :)

Link to post
Share on other sites
Hello ... let's do a quick sweep up first. You have a lot of stuff (not all bad stuff just ... stuff...)

Can you please tell me what symptom you are having?

Let's get started .. you may want to print this out.

STEP 1:

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

  • Double-click sspsetup1.exe to install it.
  • Before installation it may ask you to check for program updates. Click YES.
    Then finish installation leaving all the default options.
  • Once the program is installed, it will ask if you wish to reboot now choose YES.
  • After reboot, open SpySweeper, by double-clicking the icon on your desktop.
  • Click Options on the left side.
  • Click the Sweep tab.
  • Under Items to Sweep make sure the following are checked:

    • Windows registry
    • Memory objects
    • Cookies
    • Compressed Files
    • System Restore Folder

    [*]Under Other Options make sure the following are checked:

    • Sweep all user accounts
    • Enable Direct Disk Sweeping
    • Sweep for rootkits

    [*]Click the Sweep button on the left side.

    [*]Click the Start Sweep button.

    [*]When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.

    [*]It will quarantine all of the items found.

    [*]Click View Session Log in the right corner above the box where the items are listed.

    [*]Click Save to File and save it on your desktop.

    [*]Exit SpySweeper.

    [*]Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).

    [*]NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.

STEP 2:

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

STEP 3:

Please post all the requested logs alon with a new HJT log. Thanks! :)

I am so happy to clean my laptop, the symptom is when I use IE, sometimes it crash, freeze, popup another instance of IE, and my computer stop responding and I have to end task. Firefox works fine without problem.

Here is the Log in the order you requested. :) Thanks so much! :thumbsup:

2:54 PM: Removal process completed. Elapsed time 00:15:53

2:54 PM: A reboot was required but declined.

2:50 PM: Quarantining All Traces: zedo cookie

2:50 PM: Quarantining All Traces: winantiviruspro cookie

2:50 PM: Quarantining All Traces: myaffiliateprogram.com cookie

2:50 PM: Quarantining All Traces: videodome cookie

2:50 PM: Quarantining All Traces: tribalfusion cookie

2:50 PM: Quarantining All Traces: webtrendslive cookie

2:50 PM: Quarantining All Traces: reliablestats cookie

2:50 PM: Quarantining All Traces: questionmarket cookie

2:50 PM: Quarantining All Traces: mediaplex cookie

2:50 PM: Quarantining All Traces: maxserving cookie

2:50 PM: Quarantining All Traces: dealtime cookie

2:50 PM: Quarantining All Traces: exitexchange cookie

2:50 PM: Quarantining All Traces: casalemedia cookie

2:50 PM: Quarantining All Traces: atlas dmt cookie

2:50 PM: Quarantining All Traces: advertising cookie

2:50 PM: Quarantining All Traces: adrevolver cookie

2:50 PM: Quarantining All Traces: adprofile cookie

2:50 PM: Quarantining All Traces: specificclick.com cookie

2:50 PM: Quarantining All Traces: websponsors cookie

2:50 PM: Quarantining All Traces: mytemplatestorage cookie

2:49 PM: Quarantining All Traces: realmedia cookie

2:49 PM: Quarantining All Traces: rn11 cookie

2:49 PM: Quarantining All Traces: belnk cookie

2:49 PM: Quarantining All Traces: delfinproject cookie

2:49 PM: Quarantining All Traces: cardomain cookie

2:49 PM: Quarantining All Traces: atwola cookie

2:49 PM: Quarantining All Traces: apmebf cookie

2:49 PM: Quarantining All Traces: hotbar cookie

2:49 PM: Quarantining All Traces: hbmediapro cookie

2:49 PM: Quarantining All Traces: adknowledge cookie

2:49 PM: Quarantining All Traces: about cookie

2:49 PM: Quarantining All Traces: browseraid

2:49 PM: Quarantining All Traces: spyware quake

2:49 PM: Quarantining All Traces: prosearch.com hijack

2:49 PM: Quarantining All Traces: cws_meup

2:49 PM: Quarantining All Traces: winantivirus pro

2:48 PM: Quarantining All Traces: coolwebsearch (cws)

2:48 PM: Quarantining All Traces: delfin

2:48 PM: Quarantining All Traces: easyerror

2:48 PM: Quarantining All Traces: spad

2:48 PM: Quarantining All Traces: heretofind

2:48 PM: Quarantining All Traces: childoleauto

2:48 PM: Quarantining All Traces: apropos

2:48 PM: Quarantining All Traces: trojan-downloader-zlob

2:48 PM: Quarantining All Traces: cws-aboutblank

2:48 PM: Quarantining All Traces: msn sniffer

2:48 PM: Quarantining All Traces: popuper

2:48 PM: Quarantining All Traces: trojan-downloader-conhook

2:48 PM: Quarantining All Traces: trojan agent winlogonhook

2:48 PM: Quarantining All Traces: security2k hijacker

2:48 PM: C:\WINDOWS\SYSTEM32\geedc.dll is in use. It will be removed on reboot.

2:48 PM: virtumonde is in use. It will be removed on reboot.

2:40 PM: Quarantining All Traces: virtumonde

2:40 PM: Quarantining All Traces: trojan-downloader-2pursuit

2:38 PM: Removal process initiated

2:31 PM: Traces Found: 168

2:31 PM: Full Sweep has completed. Elapsed time 05:44:06

2:31 PM: File Sweep Complete, Elapsed Time: 05:35:35

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo joypolis (sega amusement park)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\border_orange.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i6event.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i8museum.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i4urban.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i3excu.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i2tokyo.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i1check.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\border_orange.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_site_s.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_tcvb_s.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_press_s.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_conve_s.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_hot_s.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\arrow2.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\arrow3.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\arrow2.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\arrow3.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\spacer.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\spacer(1).gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\sight_e.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\map_e.gif (ID = 0)

1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\dining_e.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\b-spacer.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\tower.jpg (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\kaminari.jpg (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\akihabara.jpg (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\nakamise.jpg (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\barbecue.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\imp-pp.jpg (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\garden.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\logo_top.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\top_pict_s.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_tourist_s.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_vis_s.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\touristinfo.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i7recommend_g.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i7photo.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i7_title.gif (ID = 0)

1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\wt4.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\tcvb.css (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\diet.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\sumida2.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\nakamise.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\kaminari.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\ginza.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\ginza.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\n-odaiba.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo joypolis (sega amusement park)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_tourist_s.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\etitlea100.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo joypolis (sega amusement park)\yes!tokyo - tokyo convention & visitors bureau_files\set04_files\i7recommend_g.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\tokyo_e.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\style.css (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\kanto_back.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\i.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\h800s.js (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\f800.js (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\booking\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\mob_files\keitai.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\booking\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\vjh_files\vjh.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\130402tokyochuusinbu.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\130401tokyochuusinbu.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\mob_files\keitai.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\vjh_files\vjh.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\2003.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\mob_files\keitai.jpg (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\vjh_files\vjh.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\2003.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_guide_s.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_lod_s.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\h800_rtg.js (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\imperial.gif (ID = 0)

1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\sukiyaki.gif (ID = 0)

1:18 PM: Found System Monitor: potentially rootkit-masked files

1:18 PM: Warning: Failed to access drive E:

1:14 PM: Warning: Failed to open file "c:\documents and settings\coco\application data\skype\jay_88828\chat256.dbb". The operation completed successfully

1:13 PM: Warning: Failed to open file "c:\documents and settings\coco\local settings\temp\jetee87.tmp". The operation completed successfully

1:12 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042973.lnk". The operation completed successfully

1:12 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042922.lnk". The operation completed successfully

1:11 PM: Warning: Failed to open file "c:\documents and settings\coco\cookies\[email protected][2].txt". The operation completed successfully

1:08 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042969.lnk". The operation completed successfully

1:08 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042974.lnk". The operation completed successfully

1:08 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042927.lnk". The operation completed successfully

1:08 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042961.lnk". The operation completed successfully

1:07 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042941.ini". The operation completed successfully

1:07 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\rp.log". The operation completed successfully

1:07 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042993.ini". The operation completed successfully

1:07 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042967.lnk". The operation completed successfully

1:04 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042917.lnk". The operation completed successfully

1:04 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042896.lnk". The operation completed successfully

1:04 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042916.lnk". The operation completed successfully

1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\wt4_files\i2tokyo.gif". The operation completed successfully

1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\wt4_files\i1check.gif". The operation completed successfully

1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\head2_files\ind_press_s.gif". The operation completed successfully

1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\head2_files\ind_conve_s.gif". The operation completed successfully

1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\head2_files\ind_hot_s.gif". The operation completed successfully

1:00 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042928.lnk". The operation completed successfully

12:44 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\snapshot\_registry_machine_system". The operation completed successfully

12:38 PM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217\A0048740.exe (ID = 305008)

12:33 PM: c:\windows\downloaded program files\uwa6p_0001_n91m1807netinstaller.exe (ID = 327827)

12:33 PM: Found Adware: winantivirus pro

12:11 PM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217\A0048736.exe (ID = 408)

12:11 PM: Found Trojan Horse: trojan-downloader-zlob

11:48 AM: Warning: PerformFileOffsetMatch Failed to check file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042894.vxd". "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042894.vxd": File not found

11:35 AM: Warning: PerformFileOffsetMatch Failed to check file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042895.dll". "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042895.dll": File not found

10:32 AM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\change.log.5". The operation completed successfully

10:31 AM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042958.data". The operation completed successfully

10:22 AM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042970.lnk". The operation completed successfully

9:34 AM: IE Security Shield: found: C:\WINDOWS\SYSTEM32\MKPMARWL.EXE -- IE Security modification denied

9:29 AM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0045512.exe (ID = 298057)

9:17 AM: C:\Program Files\Microsoft AntiSpyware\Quarantine\46FEA5A4-8701-4EDF-A1B5-37FB34\7BE2E4B7-C5BD-4BF5-A8D7-261D03 (ID = 312696)

9:11 AM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0045513.ini (ID = 298068)

9:10 AM: C:\WINDOWS\SYSTEM32\wecxg32.dll (ID = 54008)

9:10 AM: C:\WINDOWS\SYSTEM32\zxmsn.dll (ID = 54008)

9:08 AM: C:\WINDOWS\SYSTEM32\gupd.dll (ID = 54008)

9:08 AM: C:\WINDOWS\SYSTEM32\cidpoq32.dll (ID = 54008)

9:06 AM: C:\WINDOWS\SYSTEM32\cidft.dll (ID = 54008)

9:06 AM: C:\WINDOWS\SYSTEM32\sdfup.dll (ID = 54008)

9:06 AM: C:\WINDOWS\SYSTEM32\xcwer32.dll (ID = 54008)

9:06 AM: C:\WINDOWS\SYSTEM32\icvbr.dll (ID = 54008)

9:06 AM: C:\WINDOWS\SYSTEM32\icqrt.dll (ID = 54187)

9:06 AM: C:\WINDOWS\SYSTEM32\icnfe.dll (ID = 54008)

9:06 AM: Found Adware: coolwebsearch (cws)

8:58 AM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0045516.lnk (ID = 288513)

8:56 AM: C:\Documents and Settings\CoCo\Local Settings\Temp\~DlfnTmp3 (1 subtraces) (ID = 2147486173)

8:56 AM: C:\Documents and Settings\CoCo\Local Settings\Temp\~DlfnTmp2 (1 subtraces) (ID = 2147486172)

8:56 AM: C:\Documents and Settings\CoCo\Local Settings\Temp\~DlfnTmp4 (1 subtraces) (ID = 2147486174)

8:56 AM: Found Adware: delfin

8:55 AM: Starting File Sweep

8:55 AM: Cookie Sweep Complete, Elapsed Time: 00:00:03

8:55 AM: c:\documents and settings\coco\cookies\coco@zedo[2].txt (ID = 3762)

8:55 AM: Found Spy Cookie: zedo cookie

8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3690)

8:55 AM: Found Spy Cookie: winantiviruspro cookie

8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 3032)

8:55 AM: Found Spy Cookie: myaffiliateprogram.com cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@videodome[1].txt (ID = 3638)

8:55 AM: Found Spy Cookie: videodome cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@tribalfusion[1].txt (ID = 3589)

8:55 AM: Found Spy Cookie: tribalfusion cookie

8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3667)

8:55 AM: Found Spy Cookie: webtrendslive cookie

8:55 AM: c:\documents and settings\coco\cookies\[email protected][3].txt (ID = 3254)

8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 3254)

8:55 AM: Found Spy Cookie: reliablestats cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@realmedia[2].txt (ID = 3235)

8:55 AM: c:\documents and settings\coco\cookies\coco@questionmarket[1].txt (ID = 3217)

8:55 AM: Found Spy Cookie: questionmarket cookie

8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 3236)

8:55 AM: c:\documents and settings\coco\cookies\coco@mediaplex[1].txt (ID = 6442)

8:55 AM: Found Spy Cookie: mediaplex cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@maxserving[1].txt (ID = 2966)

8:55 AM: Found Spy Cookie: maxserving cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@exitexchange[2].txt (ID = 2633)

8:55 AM: c:\documents and settings\coco\cookies\coco@dealtime[2].txt (ID = 2505)

8:55 AM: Found Spy Cookie: dealtime cookie

8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 2634)

8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 2634)

8:55 AM: Found Spy Cookie: exitexchange cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@casalemedia[2].txt (ID = 2354)

8:55 AM: Found Spy Cookie: casalemedia cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@atdmt[2].txt (ID = 2253)

8:55 AM: Found Spy Cookie: atlas dmt cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@advertising[1].txt (ID = 2175)

8:55 AM: Found Spy Cookie: advertising cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@adrevolver[1].txt (ID = 2088)

8:55 AM: Found Spy Cookie: adrevolver cookie

8:55 AM: c:\documents and settings\coco\cookies\coco@adprofile[2].txt (ID = 2084)

8:55 AM: Found Spy Cookie: adprofile cookie

8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3400)

8:55 AM: Found Spy Cookie: specificclick.com cookie

8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3665)

8:55 AM: Found Spy Cookie: websponsors cookie

8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 3050)

8:55 AM: Found Spy Cookie: mytemplatestorage cookie

8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 2038)

8:55 AM: c:\documents and settings\jessica\cookies\jessica@realmedia[2].txt (ID = 3235)

8:55 AM: Found Spy Cookie: realmedia cookie

8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 2038)

8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 3262)

8:55 AM: Found Spy Cookie: rn11 cookie

8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 2293)

8:55 AM: Found Spy Cookie: belnk cookie

8:55 AM: c:\documents and settings\jessica\cookies\jessica@delfinproject[1].txt (ID = 2509)

8:55 AM: Found Spy Cookie: delfinproject cookie

8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 2038)

8:55 AM: c:\documents and settings\jessica\cookies\jessica@cardomain[2].txt (ID = 2350)

8:55 AM: Found Spy Cookie: cardomain cookie

8:55 AM: c:\documents and settings\jessica\cookies\jessica@atwola[1].txt (ID = 2255)

8:55 AM: Found Spy Cookie: atwola cookie

8:55 AM: c:\documents and settings\jessica\cookies\jessica@apmebf[1].txt (ID = 2229)

8:55 AM: Found Spy Cookie: apmebf cookie

8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 4207)

8:55 AM: Found Spy Cookie: hotbar cookie

8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 2768)

8:55 AM: Found Spy Cookie: hbmediapro cookie

8:55 AM: c:\documents and settings\jessica\cookies\jessica@adknowledge[1].txt (ID = 2072)

8:55 AM: Found Spy Cookie: adknowledge cookie

8:55 AM: c:\documents and settings\jessica\cookies\jessica@about[1].txt (ID = 2037)

8:55 AM: Found Spy Cookie: about cookie

8:55 AM: Starting Cookie Sweep

8:55 AM: Registry Sweep Complete, Elapsed Time:00:00:52

8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)

8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\classes\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127116)

8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\internet explorer\extensions\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127080)

8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\internet explorer\extensions\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127080)

8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)

8:55 AM: Found Adware: cws-aboutblank

8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\windows\currentversion\updt\ (ID = 105189)

8:55 AM: Found Adware: browseraid

8:55 AM: HKLM\software\classes\clsid\{3f143c3a-1457-6cca-03a7-7aa23b61e40f}\ (ID = 1571509)

8:55 AM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {259ba022-2005-45e9-a965-10edb9c00605} (ID = 1538921)

8:55 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{062492af-392e-479d-bf52-a7a4bca00307}\ (ID = 1538630)

8:55 AM: HKLM\software\classes\clsid\{062492af-392e-479d-bf52-a7a4bca00307}\ (ID = 1538618)

8:55 AM: HKCR\clsid\{062492af-392e-479d-bf52-a7a4bca00307}\ (ID = 1538606)

8:55 AM: HKLM\software\microsoft\rasap2k\ (ID = 1511572)

8:55 AM: HKLM\software\microsoft\dstr5\ (ID = 1511570)

8:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\msn sniffer v1.2 evaluation version \ (ID = 1509875)

8:55 AM: Found System Monitor: msn sniffer

8:55 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{686a161d-5bd1-4999-8832-6393f41e564c}\ (ID = 1505707)

8:55 AM: Found Adware: popuper

8:55 AM: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)

8:55 AM: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)

8:55 AM: Found Adware: spyware quake

8:55 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\cfgmngr32\ (ID = 1252409)

8:55 AM: HKLM\software\microsoft\internet explorer\main\ || search page_bak (ID = 1250789)

8:55 AM: Found Adware: prosearch.com hijack

8:55 AM: HKLM\software\classes\clsid\{0b5f7fdf-0717-45bf-b49d-695f3168c7fe}\ (ID = 1149560)

8:55 AM: HKCR\clsid\{0b5f7fdf-0717-45bf-b49d-695f3168c7fe}\ (ID = 1149518)

8:55 AM: Found Adware: easyerror

8:55 AM: HKLM\system\currentcontrolset\services\dp1112\ (ID = 1138322)

8:55 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\geedc\ (ID = 1125293)

8:55 AM: Found Trojan Horse: trojan-downloader-conhook

8:54 AM: HKLM\software\microsoft\mssmgr\ (ID = 937101)

8:54 AM: Found Trojan Horse: trojan agent winlogonhook

8:54 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)

8:54 AM: Found Adware: security2k hijacker

8:54 AM: HKLM\software\classes\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127120)

8:54 AM: HKCR\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127065)

8:54 AM: Found Adware: spad

8:54 AM: HKCR\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127065)

8:54 AM: Found Adware: heretofind

8:54 AM: HKCR\clsid\{3f143c3a-1457-6cca-03a7-7aa23b61e40f}\ (ID = 105493)

8:54 AM: Found Trojan Horse: childoleauto

8:54 AM: HKLM\software\classes\interface\{a2872b10-39f2-42df-9335-7dd38cf75255}\ (ID = 103771)

8:54 AM: HKCR\clsid\{a2872b10-39f2-42df-9335-7dd38cf75255}\ (ID = 103725)

8:54 AM: Found Adware: apropos

8:54 AM: Starting Registry Sweep

8:54 AM: Memory Sweep Complete, Elapsed Time: 00:07:10

8:48 AM: Detected running threat: C:\WINDOWS\SYSTEM32\geedc.dll (ID = 394)

8:48 AM: Found Adware: virtumonde

8:47 AM: Starting Memory Sweep

8:47 AM: HKLM\software\classes\clsid\{062492af-392e-479d-bf52-a7a4bca00307}\inprocserver32\ (ID = 1560802)

8:47 AM: HKCR\clsid\{062492af-392e-479d-bf52-a7a4bca00307}\inprocserver32\ (ID = 1560801)

8:47 AM: Found Adware: cws_meup

8:47 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\cfgmngr32\ || dllname (ID = 1538933)

8:47 AM: Found Trojan Horse: trojan-downloader-2pursuit

8:47 AM: Sweep initiated using definitions version 741

8:47 AM: Spy Sweeper 5.0.5.1286 started

8:47 AM: | Start of Session, Wednesday, August 16, 2006 |

********

8:47 AM: | End of Session, Wednesday, August 16, 2006 |

8:45 AM: Your spyware definitions have been updated.

Keylogger Shield: On

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites Shield: Off

Hosts File Shield: On

Spy Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

8:34 AM: Shield States

8:33 AM: Spyware Definitions: 691

8:32 AM: Spy Sweeper 5.0.5.1286 started

8:32 AM: Spy Sweeper 5.0.5.1286 started

8:32 AM: | Start of Session, Wednesday, August 16, 2006 |

********

=====================================================

Panda's active scan log

=====================================================

Incident Status Location

Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UDC6_0001_D18M1108NetInstaller.exe

Adware:adware/ncase Not disinfected c:\windows\didduid.ini

Adware:adware/alibabar Not disinfected Windows Registry

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.perf.overture.com/]

Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[data.coremetrics.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.2o7.net/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.microsofteup.112.2o7.net/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[statse.webtrendslive.com/]

Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\CoCo\Cookies\coco@bfast[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\CoCo\Cookies\coco@doubleclick[1].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\CoCo\Cookies\coco@drivecleaner[2].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt

============================================

New HJThis Log

============================================

Logfile of HijackThis v1.99.1

Scan saved at 5:20:49 PM, on 8/16/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Pr

Link to post
Share on other sites

Since msg for HJ Log got cut off, here is another post. :)

Logfile of HijackThis v1.99.1

Scan saved at 5:20:49 PM, on 8/16/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\QUICKENW\QAGENT.EXE

C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\PROGRA~1\SlimQ\Fahid.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Virtual Account Numbers\CitiUCS.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\mrtMngr.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\tsnp2std.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {b2b97a9f-be18-4840-92c8-dc2f5747fc91} - C:\WINDOWS\system32\logp32.dll (file missing)

O2 - BHO: (no name) - {E5D1E8C2-677A-49C7-9D36-486CC23AD677} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: UCS Shared Browser Helper Object - {F1D49A84-8656-43ce-AE3D-AABC1A12243E} - C:\WINDOWS\system32\BhoUCS.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [QAGENT] "C:\Program Files\QUICKENW\QAGENT.EXE"

O4 - HKLM\..\Run: [uFD Monitor] "C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe"

O4 - HKLM\..\Run: [uFD Utility] "C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe"

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"

O4 - HKLM\..\Run: [bJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"

O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"

O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE"

O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CitiUCS] "C:\Program Files\Virtual Account Numbers\CitiUCS.exe" /dontopenmycards

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab

O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: geedc - C:\WINDOWS\

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: logp32 - logp32.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: wintqh32 - wintqh32.dll (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing)

O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Link to post
Share on other sites

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post with a new HJT log.

Link to post
Share on other sites
Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post with a new HJT log.

Thanks, here is the log. :)

AC3Filter (remove only)

Ad-aware 6 Personal

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Download Manager 1.2 (Remove Only)

Adobe Illustrator 10

Adobe Photoshop 6.0

Adobe Product/Adobe Studio Update 10/2001

Adobe Reader 7.0.5 Language Support

Adobe Reader 7.0.7

Adobe Reader Japanese Fonts

Adobe SVG Viewer 3.0

Adobe® Photoshop® Album Starter Edition 3.0

ALPS Touch Pad Driver

America Online

Apache2Triad: Apache2Triad - apache server bunndle (remove only)

Aspi Installer

AudibleManager

Britannica Ready Reference

BroadJump Client Foundation

ccCommon

CloneCD

C-Major Audio

Creative Mass Storage Drivers

Creative MediaSource

Creative System Information

Creative Zen Nano Plus

Cubis Gold

DAO

Dell Digital Jukebox Driver

Dell Modem-On-Hold

Dell Picture Studio - Dell Image Expert

Dell Solution Center

Dell Support 5.0.0 (766)

Dell TrueMobile 1300 WLAN Mini-PCI Card

Direct Show Ogg Vorbis Filter (remove only)

DivX ;-) Audio Compressor 4.02

DVDSentry

E90 Screen Saver

EarthLink Setup Files

Easy CD Creator 5 Basic

ewido anti-spyware 4.0

Focus 2000

GogoPenQPad

Google Talk (remove only)

Google Toolbar for Internet Explorer

Hexic Deluxe

HijackThis 1.99.1

HP PSC & OfficeJet 5.3.B

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

Intel® PROSet

Internet Worm Protection

InterVideo WinDVD

ItsDeductible Express

iTunes

Java 2 Runtime Environment, SE v1.4.2_05

Java 2 SDK, SE v1.4.2_10

Lexus GS ScreenSaver1

Lexus IS ScreenSaver1

Linksys Viewer & Recorder Utility

LiveReg (Symantec Corporation)

LiveUpdate 2.7 (Symantec Corporation)

Logitech ImageStudio

Macromedia Dreamweaver MX

Macromedia Extension Manager

Macromedia Fireworks MX

Macromedia Flash MX

Macromedia Flash Player 8

Macromedia FreeHand 10

Meetro 0.92 beta

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB886903)

Microsoft Data Access Components KB870669

Microsoft Location Finder

Microsoft Office XP Professional with FrontPage

Microsoft Streets & Trips 2006 with GPS Locator

Microsoft Windows Journal Viewer

Modem Helper

Mozilla Firefox (1.5.0.6)

MSN Messenger 7.5

MSN Money Investment Toolbox

MSN Music Assistant

Musicmatch® Jukebox

NAVShortcut

Nero 6 Ultra Edition

NetBeans IDE 4.1

NJStar Communicator

Norton AntiVirus 2006

Norton AntiVirus 2006 (Symantec Corporation)

Norton AntiVirus Help

Norton AntiVirus Parent MSI

Norton AntiVirus SYMLT MSI

Norton Protection Center

Norton WMI Update

Paint Shop Pro 7

palmOne

Panda ActiveScan

PB 5.0 Deployment Kit for Intel 32

PCTEL 2304WT V.92 MDC Modem Drivers

PeopleSoft Library

PowerBuilder 5.0 Enterprise for Intel 32

Quicken 2002 New User Edition

QuickSet

QuickTime

RealPlayer

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901190)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

ShellExView

Skype (BETA)

Smart Audio Converter

SmartSoft Video Converter

SonicWALL Global VPN Client

SPBBC

Spy Sweeper

Spybot - Search & Destroy 1.2

Spyware Remover

SurfSecret DVD Rip and Burn 2.12

Symantec

SymNet

TextPad 4.7

TurboTax Deluxe 2005

TurboTax Premier 2004

TurboTax Premier Home & Business 2003

Ulead GIF Animator 5 TBYB

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

USB2.0 PC Camera (SN9C201&202)

Viewpoint Manager (Remove Only)

Virtual Account Numbers

Visual IP InSight(SBC)

VNC Free Edition 4.1.1

WexTech AnswerWorks

Winamp (remove only)

WinAVI VideoConverter

Windows Defender

Windows Defender Signatures

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows Media Format Runtime

Windows Media Player 10

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

Windows XP Service Pack 2

WinPcap 3.1 beta3

WinRAR archiver

WinZip

WordPerfect Office 11

WriteExpress 3,001 Business & Sales Letters

XviD MPEG-4 Video Codec

Yahoo! extras

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Photos Easy Upload Tool 1v7

Yahoo! Toolbar

Link to post
Share on other sites
I need a new HJT log too.

Logfile of HijackThis v1.99.1

Scan saved at 9:46:53 PM, on 8/25/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\QUICKENW\QAGENT.EXE

C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe

C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe

C:\WINDOWS\system32\mrtMngr.EXE

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\PROGRA~1\SlimQ\Fahid.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Virtual Account Numbers\CitiUCS.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {b2b97a9f-be18-4840-92c8-dc2f5747fc91} - C:\WINDOWS\system32\logp32.dll (file missing)

O2 - BHO: (no name) - {E5D1E8C2-677A-49C7-9D36-486CC23AD677} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: UCS Shared Browser Helper Object - {F1D49A84-8656-43ce-AE3D-AABC1A12243E} - C:\WINDOWS\system32\BhoUCS.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [QAGENT] "C:\Program Files\QUICKENW\QAGENT.EXE"

O4 - HKLM\..\Run: [uFD Monitor] "C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe"

O4 - HKLM\..\Run: [uFD Utility] "C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe"

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"

O4 - HKLM\..\Run: [bJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"

O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"

O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE"

O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CitiUCS] "C:\Program Files\Virtual Account Numbers\CitiUCS.exe" /dontopenmycards

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx

O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)

O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab

O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: logp32 - logp32.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: wintqh32 - wintqh32.dll (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing)

O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Link to post
Share on other sites

Steamhead got busy with school and asked me to take over...

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe.

When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.

When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

Link to post
Share on other sites
Steamhead got busy with school and asked me to take over...

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe.

When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.

When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

I want to thank all of you for the dedication and time you spend on helping me, I just reinstall my OS, and everything works fine... sorry I gave up on cleaning my system. :)

Link to post
Share on other sites

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:

  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
    I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

Other necessary Programs:

  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Three good free versions are Kerio, Sygate and ZoneLabs.

Link to post
Share on other sites
  • 2 weeks later...

Just thought i'd drop into here and applaud you two in your efforts!!!

*on another note*

I tried to do the Tom Coyote training, but I PM'd 2 Senior Mods (or whoever i was suppose to PM) and no one ever responded.

I may try for it once again in the near future

either way Wonderful job guys (just thought i'd let ya'll know)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.