Matt Posted July 22, 2006 Report Share Posted July 22, 2006 Welcome backPlease scan with HJT and place a check next to the following item:R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.Please download FileFind from Atribune.Unzip the file and save it to your desktop.To run FileFind, please do the following:Click on FileFind.exeIn the box labeled "Directory"Enter Drive eg.. C:\WINDOWS\system32\[*]In the box labeled "File"Enter chkdsk.dll[*]Now click on the "Search" button[*]Once the utility has found the files click on "Export"[*]A Notepad will open up. Please copy the entire contents of the Notepad and paste them here.[*]NOTE: The notepad is saved on your C:\ drive as "Export.txt" Repeat those steps with the following file as well:notepad.dll Matt Link to post Share on other sites
jay888 Posted July 24, 2006 Author Report Share Posted July 24, 2006 Welcome backPlease scan with HJT and place a check next to the following item:R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.Please download FileFind from Atribune.Unzip the file and save it to your desktop.To run FileFind, please do the following:Click on FileFind.exeIn the box labeled "Directory"Enter Drive eg.. C:\WINDOWS\system32\[*]In the box labeled "File"Enter chkdsk.dll[*]Now click on the "Search" button[*]Once the utility has found the files click on "Export"[*]A Notepad will open up. Please copy the entire contents of the Notepad and paste them here.[*]NOTE: The notepad is saved on your C:\ drive as "Export.txt" Repeat those steps with the following file as well:notepad.dll MattHi Matt,I did deleted the R3 entry in HJT, so I follow the step to use filefind program to search for both .dll file, none of it can be find in the window\system32 directory... So, I scan with HJT just in case u may want to read it.Logfile of HijackThis v1.99.1Scan saved at 9:56:59 AM, on 7/24/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\pctspk.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\QUICKENW\QAGENT.EXEC:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exeC:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\WINDOWS\system32\mrtMngr.EXEC:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exeC:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exeC:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXEC:\PROGRA~1\SlimQ\Fahid.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Virtual Account Numbers\CitiUCS.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\WINDOWS\tsnp2std.exeC:\WINDOWS\vsnp2std.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEC:\Program Files\palmOne\Hotsync.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Video Camera\Linksys Viewer & Recorder Utility.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\explorer.exeC:\PROGRA~1\WINZIP\winzip32.exeC:\Program Files\Messenger\msmsgs.exeC:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exeO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [PCTVOICE] pctspk.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exeO4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXEO4 - HKLM\..\Run: [uFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exeO4 - HKLM\..\Run: [uFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exeO4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFLO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeO4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exeO4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -lO4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exeO4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exeO4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXEO4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exeO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account Numbers\CitiUCS.exe /dontopenmycardsO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exeO4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /RO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocxO9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocxO9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exeO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\HPCMDTY.DLL (file missing) (HKCU)O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exeO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exeO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing)O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing)O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXEO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEO23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXEO23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeO23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE Link to post Share on other sites
Matt Posted July 25, 2006 Report Share Posted July 25, 2006 Congrats! Your log is clean! How is your system running?The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.Firefox- Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera is good as well.Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.SpywareBlaster - Great prevention tool to keep malware from installing on your system.SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.ATF Cleaner - Cleans temporary files from web browsers, and much more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this guide on safer computing. Link to post Share on other sites
jay888 Posted July 29, 2006 Author Report Share Posted July 29, 2006 Congrats! Your log is clean! How is your system running?The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.Firefox- Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera is good as well.Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.SpywareBlaster - Great prevention tool to keep malware from installing on your system.SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.ATF Cleaner - Cleans temporary files from web browsers, and much more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this guide on safer computing.Hi Matt,I am very sorry to tell you that I am still infected. I know what cause this, I install some application download online, and the application was opening some dos prompt and trying execute something, that cause all these pop up.Please help, my computer is still infected. Link to post Share on other sites
Steamhead Posted August 15, 2006 Report Share Posted August 15, 2006 Hello jay888. Matt had to leave without notice and along the way your log kinda fell through a crack.... Soooo you have the honor of switching helpers! (again )If you are still here, please post a new HJT log if you need help, thanks. Link to post Share on other sites
jay888 Posted August 15, 2006 Author Report Share Posted August 15, 2006 Hello jay888. Matt had to leave without notice and along the way your log kinda fell through a crack.... Soooo you have the honor of switching helpers! (again )If you are still here, please post a new HJT log if you need help, thanks.Thanks alot I am so glad you can help me, I was thinking to reinstall os as a last resort... Logfile of HijackThis v1.99.1Scan saved at 10:20:07 PM, on 8/14/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\pctspk.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\QUICKENW\QAGENT.EXEC:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exeC:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\WINDOWS\system32\mrtMngr.EXEC:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exeC:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXEC:\PROGRA~1\SlimQ\Fahid.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Virtual Account Numbers\CitiUCS.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exeC:\WINDOWS\tsnp2std.exeC:\WINDOWS\vsnp2std.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\palmOne\Hotsync.exeC:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Messenger\msmsgs.exeC:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exeO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [PCTVOICE] pctspk.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exeO4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXEO4 - HKLM\..\Run: [uFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exeO4 - HKLM\..\Run: [uFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exeO4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFLO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeO4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exeO4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -lO4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exeO4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exeO4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXEO4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exeO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account Numbers\CitiUCS.exe /dontopenmycardsO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exeO4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /RO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocxO9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocxO9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exeO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\HPCMDTY.DLL (file missing) (HKCU)O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exeO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exeO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing)O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing)O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXEO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEO23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXEO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeO23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE Link to post Share on other sites
Steamhead Posted August 16, 2006 Report Share Posted August 16, 2006 Hello ... let's do a quick sweep up first. You have a lot of stuff (not all bad stuff just ... stuff...)Can you please tell me what symptom you are having?Let's get started .. you may want to print this out.STEP 1:Please download WebRoot SpySweeper from HERE (It's a 2 week trial):Double-click sspsetup1.exe to install it.Before installation it may ask you to check for program updates. Click YES.Then finish installation leaving all the default options.Once the program is installed, it will ask if you wish to reboot now choose YES.After reboot, open SpySweeper, by double-clicking the icon on your desktop.Click Options on the left side.Click the Sweep tab.Under Items to Sweep make sure the following are checked:Windows registryMemory objectsCookiesCompressed FilesSystem Restore Folder[*]Under Other Options make sure the following are checked:Sweep all user accountsEnable Direct Disk SweepingSweep for rootkits[*]Click the Sweep button on the left side.[*]Click the Start Sweep button.[*]When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.[*]It will quarantine all of the items found.[*]Click View Session Log in the right corner above the box where the items are listed.[*]Click Save to File and save it on your desktop.[*]Exit SpySweeper.[*]Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).[*]NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.STEP 2:Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan reportSTEP 3:Please post all the requested logs alon with a new HJT log. Thanks! Link to post Share on other sites
jay888 Posted August 17, 2006 Author Report Share Posted August 17, 2006 Hello ... let's do a quick sweep up first. You have a lot of stuff (not all bad stuff just ... stuff...)Can you please tell me what symptom you are having?Let's get started .. you may want to print this out.STEP 1:Please download WebRoot SpySweeper from HERE (It's a 2 week trial):Double-click sspsetup1.exe to install it.Before installation it may ask you to check for program updates. Click YES.Then finish installation leaving all the default options.Once the program is installed, it will ask if you wish to reboot now choose YES.After reboot, open SpySweeper, by double-clicking the icon on your desktop.Click Options on the left side.Click the Sweep tab.Under Items to Sweep make sure the following are checked:Windows registryMemory objectsCookiesCompressed FilesSystem Restore Folder[*]Under Other Options make sure the following are checked:Sweep all user accountsEnable Direct Disk SweepingSweep for rootkits[*]Click the Sweep button on the left side.[*]Click the Start Sweep button.[*]When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.[*]It will quarantine all of the items found.[*]Click View Session Log in the right corner above the box where the items are listed.[*]Click Save to File and save it on your desktop.[*]Exit SpySweeper.[*]Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).[*]NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.STEP 2:Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan reportSTEP 3:Please post all the requested logs alon with a new HJT log. Thanks! I am so happy to clean my laptop, the symptom is when I use IE, sometimes it crash, freeze, popup another instance of IE, and my computer stop responding and I have to end task. Firefox works fine without problem.Here is the Log in the order you requested. Thanks so much! 2:54 PM: Removal process completed. Elapsed time 00:15:532:54 PM: A reboot was required but declined.2:50 PM: Quarantining All Traces: zedo cookie2:50 PM: Quarantining All Traces: winantiviruspro cookie2:50 PM: Quarantining All Traces: myaffiliateprogram.com cookie2:50 PM: Quarantining All Traces: videodome cookie2:50 PM: Quarantining All Traces: tribalfusion cookie2:50 PM: Quarantining All Traces: webtrendslive cookie2:50 PM: Quarantining All Traces: reliablestats cookie2:50 PM: Quarantining All Traces: questionmarket cookie2:50 PM: Quarantining All Traces: mediaplex cookie2:50 PM: Quarantining All Traces: maxserving cookie2:50 PM: Quarantining All Traces: dealtime cookie2:50 PM: Quarantining All Traces: exitexchange cookie2:50 PM: Quarantining All Traces: casalemedia cookie2:50 PM: Quarantining All Traces: atlas dmt cookie2:50 PM: Quarantining All Traces: advertising cookie2:50 PM: Quarantining All Traces: adrevolver cookie2:50 PM: Quarantining All Traces: adprofile cookie2:50 PM: Quarantining All Traces: specificclick.com cookie2:50 PM: Quarantining All Traces: websponsors cookie2:50 PM: Quarantining All Traces: mytemplatestorage cookie2:49 PM: Quarantining All Traces: realmedia cookie2:49 PM: Quarantining All Traces: rn11 cookie2:49 PM: Quarantining All Traces: belnk cookie2:49 PM: Quarantining All Traces: delfinproject cookie2:49 PM: Quarantining All Traces: cardomain cookie2:49 PM: Quarantining All Traces: atwola cookie2:49 PM: Quarantining All Traces: apmebf cookie2:49 PM: Quarantining All Traces: hotbar cookie2:49 PM: Quarantining All Traces: hbmediapro cookie2:49 PM: Quarantining All Traces: adknowledge cookie2:49 PM: Quarantining All Traces: about cookie2:49 PM: Quarantining All Traces: browseraid2:49 PM: Quarantining All Traces: spyware quake2:49 PM: Quarantining All Traces: prosearch.com hijack2:49 PM: Quarantining All Traces: cws_meup2:49 PM: Quarantining All Traces: winantivirus pro2:48 PM: Quarantining All Traces: coolwebsearch (cws)2:48 PM: Quarantining All Traces: delfin2:48 PM: Quarantining All Traces: easyerror2:48 PM: Quarantining All Traces: spad2:48 PM: Quarantining All Traces: heretofind2:48 PM: Quarantining All Traces: childoleauto2:48 PM: Quarantining All Traces: apropos2:48 PM: Quarantining All Traces: trojan-downloader-zlob2:48 PM: Quarantining All Traces: cws-aboutblank2:48 PM: Quarantining All Traces: msn sniffer2:48 PM: Quarantining All Traces: popuper2:48 PM: Quarantining All Traces: trojan-downloader-conhook2:48 PM: Quarantining All Traces: trojan agent winlogonhook2:48 PM: Quarantining All Traces: security2k hijacker2:48 PM: C:\WINDOWS\SYSTEM32\geedc.dll is in use. It will be removed on reboot.2:48 PM: virtumonde is in use. It will be removed on reboot.2:40 PM: Quarantining All Traces: virtumonde2:40 PM: Quarantining All Traces: trojan-downloader-2pursuit2:38 PM: Removal process initiated2:31 PM: Traces Found: 1682:31 PM: Full Sweep has completed. Elapsed time 05:44:062:31 PM: File Sweep Complete, Elapsed Time: 05:35:351:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo joypolis (sega amusement park)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\border_orange.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i6event.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i8museum.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i4urban.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i3excu.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i2tokyo.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i1check.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\border_orange.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_site_s.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_tcvb_s.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_press_s.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_conve_s.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_hot_s.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\arrow2.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\arrow3.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\arrow2.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\arrow3.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\spacer.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\spacer(1).gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\sight_e.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\map_e.gif (ID = 0)1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\dining_e.gif (ID = 0)1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\b-spacer.gif (ID = 0)1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\tower.jpg (ID = 0)1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\kaminari.jpg (ID = 0)1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\akihabara.jpg (ID = 0)1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\nakamise.jpg (ID = 0)1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\barbecue.gif (ID = 0)1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\imp-pp.jpg (ID = 0)1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\garden.gif (ID = 0)1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\logo_top.gif (ID = 0)1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\top_pict_s.gif (ID = 0)1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_tourist_s.gif (ID = 0)1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_vis_s.gif (ID = 0)1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\touristinfo.gif (ID = 0)1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i7recommend_g.gif (ID = 0)1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i7photo.gif (ID = 0)1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i7_title.gif (ID = 0)1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\wt4.jpg (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\tcvb.css (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\diet.jpg (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\sumida2.gif (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\nakamise.jpg (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\kaminari.jpg (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\ginza.jpg (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\ginza.jpg (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\n-odaiba.jpg (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo joypolis (sega amusement park)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_tourist_s.gif (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\etitlea100.gif (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo joypolis (sega amusement park)\yes!tokyo - tokyo convention & visitors bureau_files\set04_files\i7recommend_g.gif (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\tokyo_e.jpg (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\style.css (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\kanto_back.jpg (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\i.jpg (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\h800s.js (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\f800.js (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\booking\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\mob_files\keitai.jpg (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\booking\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\vjh_files\vjh.gif (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\130402tokyochuusinbu.jpg (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\130401tokyochuusinbu.jpg (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\mob_files\keitai.jpg (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\vjh_files\vjh.gif (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\2003.gif (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\mob_files\keitai.jpg (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\vjh_files\vjh.gif (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\2003.gif (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_guide_s.gif (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_lod_s.gif (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\h800_rtg.js (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\imperial.gif (ID = 0)1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\sukiyaki.gif (ID = 0)1:18 PM: Found System Monitor: potentially rootkit-masked files1:18 PM: Warning: Failed to access drive E:1:14 PM: Warning: Failed to open file "c:\documents and settings\coco\application data\skype\jay_88828\chat256.dbb". The operation completed successfully1:13 PM: Warning: Failed to open file "c:\documents and settings\coco\local settings\temp\jetee87.tmp". The operation completed successfully1:12 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042973.lnk". The operation completed successfully1:12 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042922.lnk". The operation completed successfully1:11 PM: Warning: Failed to open file "c:\documents and settings\coco\cookies\[email protected][2].txt". The operation completed successfully1:08 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042969.lnk". The operation completed successfully1:08 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042974.lnk". The operation completed successfully1:08 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042927.lnk". The operation completed successfully1:08 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042961.lnk". The operation completed successfully1:07 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042941.ini". The operation completed successfully1:07 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\rp.log". The operation completed successfully1:07 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042993.ini". The operation completed successfully1:07 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042967.lnk". The operation completed successfully1:04 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042917.lnk". The operation completed successfully1:04 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042896.lnk". The operation completed successfully1:04 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042916.lnk". The operation completed successfully1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\wt4_files\i2tokyo.gif". The operation completed successfully1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\wt4_files\i1check.gif". The operation completed successfully1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\head2_files\ind_press_s.gif". The operation completed successfully1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\head2_files\ind_conve_s.gif". The operation completed successfully1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\head2_files\ind_hot_s.gif". The operation completed successfully1:00 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042928.lnk". The operation completed successfully12:44 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\snapshot\_registry_machine_system". The operation completed successfully12:38 PM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217\A0048740.exe (ID = 305008)12:33 PM: c:\windows\downloaded program files\uwa6p_0001_n91m1807netinstaller.exe (ID = 327827)12:33 PM: Found Adware: winantivirus pro12:11 PM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217\A0048736.exe (ID = 408)12:11 PM: Found Trojan Horse: trojan-downloader-zlob11:48 AM: Warning: PerformFileOffsetMatch Failed to check file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042894.vxd". "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042894.vxd": File not found11:35 AM: Warning: PerformFileOffsetMatch Failed to check file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042895.dll". "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042895.dll": File not found10:32 AM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\change.log.5". The operation completed successfully10:31 AM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042958.data". The operation completed successfully10:22 AM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042970.lnk". The operation completed successfully9:34 AM: IE Security Shield: found: C:\WINDOWS\SYSTEM32\MKPMARWL.EXE -- IE Security modification denied9:29 AM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0045512.exe (ID = 298057)9:17 AM: C:\Program Files\Microsoft AntiSpyware\Quarantine\46FEA5A4-8701-4EDF-A1B5-37FB34\7BE2E4B7-C5BD-4BF5-A8D7-261D03 (ID = 312696)9:11 AM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0045513.ini (ID = 298068)9:10 AM: C:\WINDOWS\SYSTEM32\wecxg32.dll (ID = 54008)9:10 AM: C:\WINDOWS\SYSTEM32\zxmsn.dll (ID = 54008)9:08 AM: C:\WINDOWS\SYSTEM32\gupd.dll (ID = 54008)9:08 AM: C:\WINDOWS\SYSTEM32\cidpoq32.dll (ID = 54008)9:06 AM: C:\WINDOWS\SYSTEM32\cidft.dll (ID = 54008)9:06 AM: C:\WINDOWS\SYSTEM32\sdfup.dll (ID = 54008)9:06 AM: C:\WINDOWS\SYSTEM32\xcwer32.dll (ID = 54008)9:06 AM: C:\WINDOWS\SYSTEM32\icvbr.dll (ID = 54008)9:06 AM: C:\WINDOWS\SYSTEM32\icqrt.dll (ID = 54187)9:06 AM: C:\WINDOWS\SYSTEM32\icnfe.dll (ID = 54008)9:06 AM: Found Adware: coolwebsearch (cws)8:58 AM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0045516.lnk (ID = 288513)8:56 AM: C:\Documents and Settings\CoCo\Local Settings\Temp\~DlfnTmp3 (1 subtraces) (ID = 2147486173)8:56 AM: C:\Documents and Settings\CoCo\Local Settings\Temp\~DlfnTmp2 (1 subtraces) (ID = 2147486172)8:56 AM: C:\Documents and Settings\CoCo\Local Settings\Temp\~DlfnTmp4 (1 subtraces) (ID = 2147486174)8:56 AM: Found Adware: delfin8:55 AM: Starting File Sweep8:55 AM: Cookie Sweep Complete, Elapsed Time: 00:00:038:55 AM: c:\documents and settings\coco\cookies\coco@zedo[2].txt (ID = 3762)8:55 AM: Found Spy Cookie: zedo cookie8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3690)8:55 AM: Found Spy Cookie: winantiviruspro cookie8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 3032)8:55 AM: Found Spy Cookie: myaffiliateprogram.com cookie8:55 AM: c:\documents and settings\coco\cookies\coco@videodome[1].txt (ID = 3638)8:55 AM: Found Spy Cookie: videodome cookie8:55 AM: c:\documents and settings\coco\cookies\coco@tribalfusion[1].txt (ID = 3589)8:55 AM: Found Spy Cookie: tribalfusion cookie8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3667)8:55 AM: Found Spy Cookie: webtrendslive cookie8:55 AM: c:\documents and settings\coco\cookies\[email protected][3].txt (ID = 3254)8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 3254)8:55 AM: Found Spy Cookie: reliablestats cookie8:55 AM: c:\documents and settings\coco\cookies\coco@realmedia[2].txt (ID = 3235)8:55 AM: c:\documents and settings\coco\cookies\coco@questionmarket[1].txt (ID = 3217)8:55 AM: Found Spy Cookie: questionmarket cookie8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 3236)8:55 AM: c:\documents and settings\coco\cookies\coco@mediaplex[1].txt (ID = 6442)8:55 AM: Found Spy Cookie: mediaplex cookie8:55 AM: c:\documents and settings\coco\cookies\coco@maxserving[1].txt (ID = 2966)8:55 AM: Found Spy Cookie: maxserving cookie8:55 AM: c:\documents and settings\coco\cookies\coco@exitexchange[2].txt (ID = 2633)8:55 AM: c:\documents and settings\coco\cookies\coco@dealtime[2].txt (ID = 2505)8:55 AM: Found Spy Cookie: dealtime cookie8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 2634)8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 2634)8:55 AM: Found Spy Cookie: exitexchange cookie8:55 AM: c:\documents and settings\coco\cookies\coco@casalemedia[2].txt (ID = 2354)8:55 AM: Found Spy Cookie: casalemedia cookie8:55 AM: c:\documents and settings\coco\cookies\coco@atdmt[2].txt (ID = 2253)8:55 AM: Found Spy Cookie: atlas dmt cookie8:55 AM: c:\documents and settings\coco\cookies\coco@advertising[1].txt (ID = 2175)8:55 AM: Found Spy Cookie: advertising cookie8:55 AM: c:\documents and settings\coco\cookies\coco@adrevolver[1].txt (ID = 2088)8:55 AM: Found Spy Cookie: adrevolver cookie8:55 AM: c:\documents and settings\coco\cookies\coco@adprofile[2].txt (ID = 2084)8:55 AM: Found Spy Cookie: adprofile cookie8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3400)8:55 AM: Found Spy Cookie: specificclick.com cookie8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3665)8:55 AM: Found Spy Cookie: websponsors cookie8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 3050)8:55 AM: Found Spy Cookie: mytemplatestorage cookie8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 2038)8:55 AM: c:\documents and settings\jessica\cookies\jessica@realmedia[2].txt (ID = 3235)8:55 AM: Found Spy Cookie: realmedia cookie8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 2038)8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 3262)8:55 AM: Found Spy Cookie: rn11 cookie8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 2293)8:55 AM: Found Spy Cookie: belnk cookie8:55 AM: c:\documents and settings\jessica\cookies\jessica@delfinproject[1].txt (ID = 2509)8:55 AM: Found Spy Cookie: delfinproject cookie8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 2038)8:55 AM: c:\documents and settings\jessica\cookies\jessica@cardomain[2].txt (ID = 2350)8:55 AM: Found Spy Cookie: cardomain cookie8:55 AM: c:\documents and settings\jessica\cookies\jessica@atwola[1].txt (ID = 2255)8:55 AM: Found Spy Cookie: atwola cookie8:55 AM: c:\documents and settings\jessica\cookies\jessica@apmebf[1].txt (ID = 2229)8:55 AM: Found Spy Cookie: apmebf cookie8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 4207)8:55 AM: Found Spy Cookie: hotbar cookie8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 2768)8:55 AM: Found Spy Cookie: hbmediapro cookie8:55 AM: c:\documents and settings\jessica\cookies\jessica@adknowledge[1].txt (ID = 2072)8:55 AM: Found Spy Cookie: adknowledge cookie8:55 AM: c:\documents and settings\jessica\cookies\jessica@about[1].txt (ID = 2037)8:55 AM: Found Spy Cookie: about cookie8:55 AM: Starting Cookie Sweep8:55 AM: Registry Sweep Complete, Elapsed Time:00:00:528:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\classes\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127116)8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\internet explorer\extensions\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127080)8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\internet explorer\extensions\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127080)8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)8:55 AM: Found Adware: cws-aboutblank8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\windows\currentversion\updt\ (ID = 105189)8:55 AM: Found Adware: browseraid8:55 AM: HKLM\software\classes\clsid\{3f143c3a-1457-6cca-03a7-7aa23b61e40f}\ (ID = 1571509)8:55 AM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {259ba022-2005-45e9-a965-10edb9c00605} (ID = 1538921)8:55 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{062492af-392e-479d-bf52-a7a4bca00307}\ (ID = 1538630)8:55 AM: HKLM\software\classes\clsid\{062492af-392e-479d-bf52-a7a4bca00307}\ (ID = 1538618)8:55 AM: HKCR\clsid\{062492af-392e-479d-bf52-a7a4bca00307}\ (ID = 1538606)8:55 AM: HKLM\software\microsoft\rasap2k\ (ID = 1511572)8:55 AM: HKLM\software\microsoft\dstr5\ (ID = 1511570)8:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\msn sniffer v1.2 evaluation version \ (ID = 1509875)8:55 AM: Found System Monitor: msn sniffer8:55 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{686a161d-5bd1-4999-8832-6393f41e564c}\ (ID = 1505707)8:55 AM: Found Adware: popuper8:55 AM: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)8:55 AM: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)8:55 AM: Found Adware: spyware quake8:55 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\cfgmngr32\ (ID = 1252409)8:55 AM: HKLM\software\microsoft\internet explorer\main\ || search page_bak (ID = 1250789)8:55 AM: Found Adware: prosearch.com hijack8:55 AM: HKLM\software\classes\clsid\{0b5f7fdf-0717-45bf-b49d-695f3168c7fe}\ (ID = 1149560)8:55 AM: HKCR\clsid\{0b5f7fdf-0717-45bf-b49d-695f3168c7fe}\ (ID = 1149518)8:55 AM: Found Adware: easyerror8:55 AM: HKLM\system\currentcontrolset\services\dp1112\ (ID = 1138322)8:55 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\geedc\ (ID = 1125293)8:55 AM: Found Trojan Horse: trojan-downloader-conhook8:54 AM: HKLM\software\microsoft\mssmgr\ (ID = 937101)8:54 AM: Found Trojan Horse: trojan agent winlogonhook8:54 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)8:54 AM: Found Adware: security2k hijacker8:54 AM: HKLM\software\classes\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127120)8:54 AM: HKCR\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127065)8:54 AM: Found Adware: spad8:54 AM: HKCR\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127065)8:54 AM: Found Adware: heretofind8:54 AM: HKCR\clsid\{3f143c3a-1457-6cca-03a7-7aa23b61e40f}\ (ID = 105493)8:54 AM: Found Trojan Horse: childoleauto8:54 AM: HKLM\software\classes\interface\{a2872b10-39f2-42df-9335-7dd38cf75255}\ (ID = 103771)8:54 AM: HKCR\clsid\{a2872b10-39f2-42df-9335-7dd38cf75255}\ (ID = 103725)8:54 AM: Found Adware: apropos8:54 AM: Starting Registry Sweep8:54 AM: Memory Sweep Complete, Elapsed Time: 00:07:108:48 AM: Detected running threat: C:\WINDOWS\SYSTEM32\geedc.dll (ID = 394)8:48 AM: Found Adware: virtumonde8:47 AM: Starting Memory Sweep8:47 AM: HKLM\software\classes\clsid\{062492af-392e-479d-bf52-a7a4bca00307}\inprocserver32\ (ID = 1560802)8:47 AM: HKCR\clsid\{062492af-392e-479d-bf52-a7a4bca00307}\inprocserver32\ (ID = 1560801)8:47 AM: Found Adware: cws_meup8:47 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\cfgmngr32\ || dllname (ID = 1538933)8:47 AM: Found Trojan Horse: trojan-downloader-2pursuit8:47 AM: Sweep initiated using definitions version 7418:47 AM: Spy Sweeper 5.0.5.1286 started8:47 AM: | Start of Session, Wednesday, August 16, 2006 |********8:47 AM: | End of Session, Wednesday, August 16, 2006 |8:45 AM: Your spyware definitions have been updated. Keylogger Shield: On BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites Shield: Off Hosts File Shield: On Spy Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off8:34 AM: Shield States8:33 AM: Spyware Definitions: 6918:32 AM: Spy Sweeper 5.0.5.1286 started8:32 AM: Spy Sweeper 5.0.5.1286 started8:32 AM: | Start of Session, Wednesday, August 16, 2006 |********=====================================================Panda's active scan log=====================================================Incident Status Location Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UDC6_0001_D18M1108NetInstaller.exe Adware:adware/ncase Not disinfected c:\windows\didduid.ini Adware:adware/alibabar Not disinfected Windows Registry Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[data.coremetrics.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.2o7.net/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.microsofteup.112.2o7.net/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\CoCo\Cookies\coco@bfast[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\CoCo\Cookies\coco@doubleclick[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\CoCo\Cookies\coco@drivecleaner[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt ============================================New HJThis Log============================================Logfile of HijackThis v1.99.1Scan saved at 5:20:49 PM, on 8/16/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Pr Link to post Share on other sites
jay888 Posted August 17, 2006 Author Report Share Posted August 17, 2006 Since msg for HJ Log got cut off, here is another post. Logfile of HijackThis v1.99.1Scan saved at 5:20:49 PM, on 8/16/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\pctspk.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\QUICKENW\QAGENT.EXEC:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exeC:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exeC:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXEC:\PROGRA~1\SlimQ\Fahid.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Virtual Account Numbers\CitiUCS.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\mrtMngr.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\WINDOWS\tsnp2std.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exeC:\WINDOWS\vsnp2std.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exeC:\Program Files\palmOne\Hotsync.exeC:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEC:\WINDOWS\system32\cidaemon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Webroot\Spy Sweeper\SSU.EXEC:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Messenger\msmsgs.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dllO2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: (no name) - {b2b97a9f-be18-4840-92c8-dc2f5747fc91} - C:\WINDOWS\system32\logp32.dll (file missing)O2 - BHO: (no name) - {E5D1E8C2-677A-49C7-9D36-486CC23AD677} - C:\WINDOWS\system32\geedc.dll (file missing)O2 - BHO: UCS Shared Browser Helper Object - {F1D49A84-8656-43ce-AE3D-AABC1A12243E} - C:\WINDOWS\system32\BhoUCS.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [PCTVOICE] pctspk.exeO4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exeO4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [QAGENT] "C:\Program Files\QUICKENW\QAGENT.EXE"O4 - HKLM\..\Run: [uFD Monitor] "C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe"O4 - HKLM\..\Run: [uFD Utility] "C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe"O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFLO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"O4 - HKLM\..\Run: [bJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -lO4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE"O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exeO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [CitiUCS] "C:\Program Files\Virtual Account Numbers\CitiUCS.exe" /dontopenmycardsO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exeO4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintrayO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /RO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocxO9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocxO9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exeO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)O15 - Trusted Zone: http://locator1.cdn.imagesrvr.comO16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cabO16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exeO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exeO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: geedc - C:\WINDOWS\O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: logp32 - logp32.dll (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO20 - Winlogon Notify: wintqh32 - wintqh32.dll (file missing)O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dllO23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing)O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing)O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXEO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEO23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXEO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeO23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeO23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE Link to post Share on other sites
Steamhead Posted August 18, 2006 Report Share Posted August 18, 2006 Open HijackThis, click Config, click Misc ToolsClick "Open Uninstall Manager"Click "Save List" (generates uninstall_list.txt)Click Save, copy and paste the results in your next post with a new HJT log. Link to post Share on other sites
jay888 Posted August 22, 2006 Author Report Share Posted August 22, 2006 Open HijackThis, click Config, click Misc ToolsClick "Open Uninstall Manager"Click "Save List" (generates uninstall_list.txt)Click Save, copy and paste the results in your next post with a new HJT log.Thanks, here is the log. AC3Filter (remove only)Ad-aware 6 PersonalAdobe Atmosphere Player for Acrobat and Adobe ReaderAdobe Download Manager 1.2 (Remove Only)Adobe Illustrator 10Adobe Photoshop 6.0Adobe Product/Adobe Studio Update 10/2001Adobe Reader 7.0.5 Language SupportAdobe Reader 7.0.7Adobe Reader Japanese FontsAdobe SVG Viewer 3.0Adobe® Photoshop® Album Starter Edition 3.0ALPS Touch Pad DriverAmerica OnlineApache2Triad: Apache2Triad - apache server bunndle (remove only)Aspi InstallerAudibleManagerBritannica Ready ReferenceBroadJump Client FoundationccCommonCloneCDC-Major AudioCreative Mass Storage DriversCreative MediaSourceCreative System InformationCreative Zen Nano PlusCubis GoldDAODell Digital Jukebox DriverDell Modem-On-HoldDell Picture Studio - Dell Image ExpertDell Solution CenterDell Support 5.0.0 (766)Dell TrueMobile 1300 WLAN Mini-PCI CardDirect Show Ogg Vorbis Filter (remove only)DivX ;-) Audio Compressor 4.02DVDSentryE90 Screen SaverEarthLink Setup FilesEasy CD Creator 5 Basicewido anti-spyware 4.0Focus 2000GogoPenQPadGoogle Talk (remove only)Google Toolbar for Internet ExplorerHexic DeluxeHijackThis 1.99.1HP PSC & OfficeJet 5.3.BIntel® Extreme Graphics 2 DriverIntel® PRO Network Adapters and DriversIntel® PROSetInternet Worm ProtectionInterVideo WinDVDItsDeductible ExpressiTunesJava 2 Runtime Environment, SE v1.4.2_05Java 2 SDK, SE v1.4.2_10Lexus GS ScreenSaver1Lexus IS ScreenSaver1Linksys Viewer & Recorder UtilityLiveReg (Symantec Corporation)LiveUpdate 2.7 (Symantec Corporation)Logitech ImageStudioMacromedia Dreamweaver MXMacromedia Extension ManagerMacromedia Fireworks MXMacromedia Flash MXMacromedia Flash Player 8Macromedia FreeHand 10Meetro 0.92 betaMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Hotfix (KB886903)Microsoft Data Access Components KB870669Microsoft Location FinderMicrosoft Office XP Professional with FrontPageMicrosoft Streets & Trips 2006 with GPS LocatorMicrosoft Windows Journal ViewerModem HelperMozilla Firefox (1.5.0.6)MSN Messenger 7.5MSN Money Investment ToolboxMSN Music AssistantMusicmatch® JukeboxNAVShortcutNero 6 Ultra EditionNetBeans IDE 4.1NJStar CommunicatorNorton AntiVirus 2006Norton AntiVirus 2006 (Symantec Corporation)Norton AntiVirus HelpNorton AntiVirus Parent MSINorton AntiVirus SYMLT MSINorton Protection CenterNorton WMI UpdatePaint Shop Pro 7palmOnePanda ActiveScanPB 5.0 Deployment Kit for Intel 32PCTEL 2304WT V.92 MDC Modem DriversPeopleSoft LibraryPowerBuilder 5.0 Enterprise for Intel 32Quicken 2002 New User EditionQuickSetQuickTimeRealPlayerSecurity Update for Step By Step Interactive Training (KB898458)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player 10 (KB911565)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows XP (KB883939)Security Update for Windows XP (KB890046)Security Update for Windows XP (KB893756)Security Update for Windows XP (KB896358)Security Update for Windows XP (KB896422)Security Update for Windows XP (KB896423)Security Update for Windows XP (KB896424)Security Update for Windows XP (KB896428)Security Update for Windows XP (KB896688)Security Update for Windows XP (KB899587)Security Update for Windows XP (KB899588)Security Update for Windows XP (KB899591)Security Update for Windows XP (KB900725)Security Update for Windows XP (KB901017)Security Update for Windows XP (KB901190)Security Update for Windows XP (KB901214)Security Update for Windows XP (KB902400)Security Update for Windows XP (KB903235)Security Update for Windows XP (KB904706)Security Update for Windows XP (KB905414)Security Update for Windows XP (KB905749)Security Update for Windows XP (KB905915)Security Update for Windows XP (KB908519)Security Update for Windows XP (KB908531)Security Update for Windows XP (KB911280)Security Update for Windows XP (KB911562)Security Update for Windows XP (KB911567)Security Update for Windows XP (KB911927)Security Update for Windows XP (KB912812)Security Update for Windows XP (KB912919)Security Update for Windows XP (KB913446)Security Update for Windows XP (KB913580)Security Update for Windows XP (KB914388)Security Update for Windows XP (KB914389)Security Update for Windows XP (KB916281)Security Update for Windows XP (KB917159)Security Update for Windows XP (KB917344)Security Update for Windows XP (KB917422)Security Update for Windows XP (KB917953)Security Update for Windows XP (KB918439)Security Update for Windows XP (KB918899)Security Update for Windows XP (KB920214)Security Update for Windows XP (KB920670)Security Update for Windows XP (KB920683)Security Update for Windows XP (KB921398)Security Update for Windows XP (KB921883)Security Update for Windows XP (KB922616)ShellExViewSkype (BETA)Smart Audio ConverterSmartSoft Video ConverterSonicWALL Global VPN ClientSPBBCSpy SweeperSpybot - Search & Destroy 1.2Spyware RemoverSurfSecret DVD Rip and Burn 2.12SymantecSymNetTextPad 4.7TurboTax Deluxe 2005TurboTax Premier 2004TurboTax Premier Home & Business 2003Ulead GIF Animator 5 TBYBUpdate for Windows XP (KB894391)Update for Windows XP (KB896727)Update for Windows XP (KB898461)Update for Windows XP (KB900485)Update for Windows XP (KB910437)Update for Windows XP (KB916595)USB2.0 PC Camera (SN9C201&202)Viewpoint Manager (Remove Only)Virtual Account NumbersVisual IP InSight(SBC)VNC Free Edition 4.1.1WexTech AnswerWorksWinamp (remove only)WinAVI VideoConverterWindows DefenderWindows Defender SignaturesWindows Installer 3.1 (KB893803)Windows Installer 3.1 (KB893803)Windows Media Format RuntimeWindows Media Player 10Windows XP Hotfix - KB834707Windows XP Hotfix - KB867282Windows XP Hotfix - KB873333Windows XP Hotfix - KB873339Windows XP Hotfix - KB885250Windows XP Hotfix - KB885835Windows XP Hotfix - KB885836Windows XP Hotfix - KB885884Windows XP Hotfix - KB886185Windows XP Hotfix - KB887472Windows XP Hotfix - KB887742Windows XP Hotfix - KB888113Windows XP Hotfix - KB888302Windows XP Hotfix - KB890047Windows XP Hotfix - KB890175Windows XP Hotfix - KB890859Windows XP Hotfix - KB890923Windows XP Hotfix - KB891781Windows XP Hotfix - KB893066Windows XP Hotfix - KB893086Windows XP Service Pack 2WinPcap 3.1 beta3WinRAR archiverWinZipWordPerfect Office 11WriteExpress 3,001 Business & Sales LettersXviD MPEG-4 Video CodecYahoo! extrasYahoo! Install ManagerYahoo! Internet MailYahoo! MessengerYahoo! Photos Easy Upload Tool 1v7Yahoo! Toolbar Link to post Share on other sites
Steamhead Posted August 26, 2006 Report Share Posted August 26, 2006 I need a new HJT log too. Link to post Share on other sites
jay888 Posted August 26, 2006 Author Report Share Posted August 26, 2006 I need a new HJT log too.Logfile of HijackThis v1.99.1Scan saved at 9:46:53 PM, on 8/25/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\pctspk.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\QUICKENW\QAGENT.EXEC:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exeC:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exeC:\WINDOWS\system32\mrtMngr.EXEC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exeC:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXEC:\PROGRA~1\SlimQ\Fahid.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Virtual Account Numbers\CitiUCS.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\WINDOWS\tsnp2std.exeC:\WINDOWS\vsnp2std.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\igfxsrvc.exeC:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exeC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\palmOne\Hotsync.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exeC:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Webroot\Spy Sweeper\SSU.EXEC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dllO2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: (no name) - {b2b97a9f-be18-4840-92c8-dc2f5747fc91} - C:\WINDOWS\system32\logp32.dll (file missing)O2 - BHO: (no name) - {E5D1E8C2-677A-49C7-9D36-486CC23AD677} - C:\WINDOWS\system32\geedc.dll (file missing)O2 - BHO: UCS Shared Browser Helper Object - {F1D49A84-8656-43ce-AE3D-AABC1A12243E} - C:\WINDOWS\system32\BhoUCS.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [PCTVOICE] pctspk.exeO4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exeO4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [QAGENT] "C:\Program Files\QUICKENW\QAGENT.EXE"O4 - HKLM\..\Run: [uFD Monitor] "C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe"O4 - HKLM\..\Run: [uFD Utility] "C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe"O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFLO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"O4 - HKLM\..\Run: [bJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -lO4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE"O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exeO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [CitiUCS] "C:\Program Files\Virtual Account Numbers\CitiUCS.exe" /dontopenmycardsO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exeO4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintrayO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /RO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocxO9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocxO9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exeO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)O15 - Trusted Zone: http://locator1.cdn.imagesrvr.comO16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cabO16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exeO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exeO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: logp32 - logp32.dll (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO20 - Winlogon Notify: wintqh32 - wintqh32.dll (file missing)O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dllO23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing)O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing)O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXEO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEO23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXEO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeO23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeO23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE Link to post Share on other sites
therock247uk Posted August 29, 2006 Report Share Posted August 29, 2006 Steamhead got busy with school and asked me to take over...Download WindPFindExtract WinPFind.zip to your c:\ folder.Reboot your computer into Safe ModeThen open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic. Link to post Share on other sites
jay888 Posted August 29, 2006 Author Report Share Posted August 29, 2006 Steamhead got busy with school and asked me to take over...Download WindPFindExtract WinPFind.zip to your c:\ folder.Reboot your computer into Safe ModeThen open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.I want to thank all of you for the dedication and time you spend on helping me, I just reinstall my OS, and everything works fine... sorry I gave up on cleaning my system. Link to post Share on other sites
therock247uk Posted August 29, 2006 Report Share Posted August 29, 2006 Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:Detect and Remove Programs:How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.Prevention Programs: Spywareblaster <= SpywareBlaster will prevent spyware from being installed.Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computerGoogle Toolbar <= Get the free google toolbar to help stop pop up windows.I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.Other necessary Programs: AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.Firewall<= A firewall is definatley a must have. Three good free versions are Kerio, Sygate and ZoneLabs. Link to post Share on other sites
TheTrueDarkOne Posted September 7, 2006 Report Share Posted September 7, 2006 Just thought i'd drop into here and applaud you two in your efforts!!!*on another note*I tried to do the Tom Coyote training, but I PM'd 2 Senior Mods (or whoever i was suppose to PM) and no one ever responded. I may try for it once again in the near futureeither way Wonderful job guys (just thought i'd let ya'll know) Link to post Share on other sites
therock247uk Posted September 7, 2006 Report Share Posted September 7, 2006 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts