Sponsored By

jay888

Members
  • Content Count

    22
  • Joined

  • Last visited

About jay888

  • Rank
    Member
  1. I want to thank all of you for the dedication and time you spend on helping me, I just reinstall my OS, and everything works fine... sorry I gave up on cleaning my system.
  2. Logfile of HijackThis v1.99.1 Scan saved at 9:46:53 PM, on 8/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\QUICKENW\QAGENT.EXE C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe C:\WINDOWS\system32\mrtMngr.EXE C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\PROGRA~1\SlimQ\Fahid.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Virtual Account Numbers\CitiUCS.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {b2b97a9f-be18-4840-92c8-dc2f5747fc91} - C:\WINDOWS\system32\logp32.dll (file missing) O2 - BHO: (no name) - {E5D1E8C2-677A-49C7-9D36-486CC23AD677} - C:\WINDOWS\system32\geedc.dll (file missing) O2 - BHO: UCS Shared Browser Helper Object - {F1D49A84-8656-43ce-AE3D-AABC1A12243E} - C:\WINDOWS\system32\BhoUCS.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [QAGENT] "C:\Program Files\QUICKENW\QAGENT.EXE" O4 - HKLM\..\Run: [uFD Monitor] "C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe" O4 - HKLM\..\Run: [uFD Utility] "C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe" O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" O4 - HKLM\..\Run: [bJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe" O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe" O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CitiUCS] "C:\Program Files\Virtual Account Numbers\CitiUCS.exe" /dontopenmycards O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: logp32 - logp32.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wintqh32 - wintqh32.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing) O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  3. Thanks, here is the log. AC3Filter (remove only) Ad-aware 6 Personal Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Download Manager 1.2 (Remove Only) Adobe Illustrator 10 Adobe Photoshop 6.0 Adobe Product/Adobe Studio Update 10/2001 Adobe Reader 7.0.5 Language Support Adobe Reader 7.0.7 Adobe Reader Japanese Fonts Adobe SVG Viewer 3.0 Adobe® Photoshop® Album Starter Edition 3.0 ALPS Touch Pad Driver America Online Apache2Triad: Apache2Triad - apache server bunndle (remove only) Aspi Installer AudibleManager Britannica Ready Reference BroadJump Client Foundation ccCommon CloneCD C-Major Audio Creative Mass Storage Drivers Creative MediaSource Creative System Information Creative Zen Nano Plus Cubis Gold DAO Dell Digital Jukebox Driver Dell Modem-On-Hold Dell Picture Studio - Dell Image Expert Dell Solution Center Dell Support 5.0.0 (766) Dell TrueMobile 1300 WLAN Mini-PCI Card Direct Show Ogg Vorbis Filter (remove only) DivX ;-) Audio Compressor 4.02 DVDSentry E90 Screen Saver EarthLink Setup Files Easy CD Creator 5 Basic ewido anti-spyware 4.0 Focus 2000 GogoPenQPad Google Talk (remove only) Google Toolbar for Internet Explorer Hexic Deluxe HijackThis 1.99.1 HP PSC & OfficeJet 5.3.B Intel® Extreme Graphics 2 Driver Intel® PRO Network Adapters and Drivers Intel® PROSet Internet Worm Protection InterVideo WinDVD ItsDeductible Express iTunes Java 2 Runtime Environment, SE v1.4.2_05 Java 2 SDK, SE v1.4.2_10 Lexus GS ScreenSaver1 Lexus IS ScreenSaver1 Linksys Viewer & Recorder Utility LiveReg (Symantec Corporation) LiveUpdate 2.7 (Symantec Corporation) Logitech ImageStudio Macromedia Dreamweaver MX Macromedia Extension Manager Macromedia Fireworks MX Macromedia Flash MX Macromedia Flash Player 8 Macromedia FreeHand 10 Meetro 0.92 beta Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Data Access Components KB870669 Microsoft Location Finder Microsoft Office XP Professional with FrontPage Microsoft Streets & Trips 2006 with GPS Locator Microsoft Windows Journal Viewer Modem Helper Mozilla Firefox (1.5.0.6) MSN Messenger 7.5 MSN Money Investment Toolbox MSN Music Assistant Musicmatch® Jukebox NAVShortcut Nero 6 Ultra Edition NetBeans IDE 4.1 NJStar Communicator Norton AntiVirus 2006 Norton AntiVirus 2006 (Symantec Corporation) Norton AntiVirus Help Norton AntiVirus Parent MSI Norton AntiVirus SYMLT MSI Norton Protection Center Norton WMI Update Paint Shop Pro 7 palmOne Panda ActiveScan PB 5.0 Deployment Kit for Intel 32 PCTEL 2304WT V.92 MDC Modem Drivers PeopleSoft Library PowerBuilder 5.0 Enterprise for Intel 32 Quicken 2002 New User Edition QuickSet QuickTime RealPlayer Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) ShellExView Skype (BETA) Smart Audio Converter SmartSoft Video Converter SonicWALL Global VPN Client SPBBC Spy Sweeper Spybot - Search & Destroy 1.2 Spyware Remover SurfSecret DVD Rip and Burn 2.12 Symantec SymNet TextPad 4.7 TurboTax Deluxe 2005 TurboTax Premier 2004 TurboTax Premier Home & Business 2003 Ulead GIF Animator 5 TBYB Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Update for Windows XP (KB916595) USB2.0 PC Camera (SN9C201&202) Viewpoint Manager (Remove Only) Virtual Account Numbers Visual IP InSight(SBC) VNC Free Edition 4.1.1 WexTech AnswerWorks Winamp (remove only) WinAVI VideoConverter Windows Defender Windows Defender Signatures Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 WinPcap 3.1 beta3 WinRAR archiver WinZip WordPerfect Office 11 WriteExpress 3,001 Business & Sales Letters XviD MPEG-4 Video Codec Yahoo! extras Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Messenger Yahoo! Photos Easy Upload Tool 1v7 Yahoo! Toolbar
  4. Since msg for HJ Log got cut off, here is another post. Logfile of HijackThis v1.99.1 Scan saved at 5:20:49 PM, on 8/16/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\QUICKENW\QAGENT.EXE C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\PROGRA~1\SlimQ\Fahid.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Virtual Account Numbers\CitiUCS.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\mrtMngr.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\tsnp2std.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Messenger\msmsgs.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {b2b97a9f-be18-4840-92c8-dc2f5747fc91} - C:\WINDOWS\system32\logp32.dll (file missing) O2 - BHO: (no name) - {E5D1E8C2-677A-49C7-9D36-486CC23AD677} - C:\WINDOWS\system32\geedc.dll (file missing) O2 - BHO: UCS Shared Browser Helper Object - {F1D49A84-8656-43ce-AE3D-AABC1A12243E} - C:\WINDOWS\system32\BhoUCS.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [QAGENT] "C:\Program Files\QUICKENW\QAGENT.EXE" O4 - HKLM\..\Run: [uFD Monitor] "C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe" O4 - HKLM\..\Run: [uFD Utility] "C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe" O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" O4 - HKLM\..\Run: [bJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe" O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe" O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CitiUCS] "C:\Program Files\Virtual Account Numbers\CitiUCS.exe" /dontopenmycards O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: geedc - C:\WINDOWS\ O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: logp32 - logp32.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wintqh32 - wintqh32.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing) O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  5. I am so happy to clean my laptop, the symptom is when I use IE, sometimes it crash, freeze, popup another instance of IE, and my computer stop responding and I have to end task. Firefox works fine without problem. Here is the Log in the order you requested. Thanks so much! 2:54 PM: Removal process completed. Elapsed time 00:15:53 2:54 PM: A reboot was required but declined. 2:50 PM: Quarantining All Traces: zedo cookie 2:50 PM: Quarantining All Traces: winantiviruspro cookie 2:50 PM: Quarantining All Traces: myaffiliateprogram.com cookie 2:50 PM: Quarantining All Traces: videodome cookie 2:50 PM: Quarantining All Traces: tribalfusion cookie 2:50 PM: Quarantining All Traces: webtrendslive cookie 2:50 PM: Quarantining All Traces: reliablestats cookie 2:50 PM: Quarantining All Traces: questionmarket cookie 2:50 PM: Quarantining All Traces: mediaplex cookie 2:50 PM: Quarantining All Traces: maxserving cookie 2:50 PM: Quarantining All Traces: dealtime cookie 2:50 PM: Quarantining All Traces: exitexchange cookie 2:50 PM: Quarantining All Traces: casalemedia cookie 2:50 PM: Quarantining All Traces: atlas dmt cookie 2:50 PM: Quarantining All Traces: advertising cookie 2:50 PM: Quarantining All Traces: adrevolver cookie 2:50 PM: Quarantining All Traces: adprofile cookie 2:50 PM: Quarantining All Traces: specificclick.com cookie 2:50 PM: Quarantining All Traces: websponsors cookie 2:50 PM: Quarantining All Traces: mytemplatestorage cookie 2:49 PM: Quarantining All Traces: realmedia cookie 2:49 PM: Quarantining All Traces: rn11 cookie 2:49 PM: Quarantining All Traces: belnk cookie 2:49 PM: Quarantining All Traces: delfinproject cookie 2:49 PM: Quarantining All Traces: cardomain cookie 2:49 PM: Quarantining All Traces: atwola cookie 2:49 PM: Quarantining All Traces: apmebf cookie 2:49 PM: Quarantining All Traces: hotbar cookie 2:49 PM: Quarantining All Traces: hbmediapro cookie 2:49 PM: Quarantining All Traces: adknowledge cookie 2:49 PM: Quarantining All Traces: about cookie 2:49 PM: Quarantining All Traces: browseraid 2:49 PM: Quarantining All Traces: spyware quake 2:49 PM: Quarantining All Traces: prosearch.com hijack 2:49 PM: Quarantining All Traces: cws_meup 2:49 PM: Quarantining All Traces: winantivirus pro 2:48 PM: Quarantining All Traces: coolwebsearch (cws) 2:48 PM: Quarantining All Traces: delfin 2:48 PM: Quarantining All Traces: easyerror 2:48 PM: Quarantining All Traces: spad 2:48 PM: Quarantining All Traces: heretofind 2:48 PM: Quarantining All Traces: childoleauto 2:48 PM: Quarantining All Traces: apropos 2:48 PM: Quarantining All Traces: trojan-downloader-zlob 2:48 PM: Quarantining All Traces: cws-aboutblank 2:48 PM: Quarantining All Traces: msn sniffer 2:48 PM: Quarantining All Traces: popuper 2:48 PM: Quarantining All Traces: trojan-downloader-conhook 2:48 PM: Quarantining All Traces: trojan agent winlogonhook 2:48 PM: Quarantining All Traces: security2k hijacker 2:48 PM: C:\WINDOWS\SYSTEM32\geedc.dll is in use. It will be removed on reboot. 2:48 PM: virtumonde is in use. It will be removed on reboot. 2:40 PM: Quarantining All Traces: virtumonde 2:40 PM: Quarantining All Traces: trojan-downloader-2pursuit 2:38 PM: Removal process initiated 2:31 PM: Traces Found: 168 2:31 PM: Full Sweep has completed. Elapsed time 05:44:06 2:31 PM: File Sweep Complete, Elapsed Time: 05:35:35 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo joypolis (sega amusement park)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\border_orange.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i6event.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i8museum.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i4urban.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i3excu.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i2tokyo.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i1check.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\border_orange.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_site_s.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_tcvb_s.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_press_s.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_conve_s.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_hot_s.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\arrow2.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\arrow3.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\arrow2.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\arrow3.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\spacer.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\spacer(1).gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\sight_e.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\map_e.gif (ID = 0) 1:20 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\dining_e.gif (ID = 0) 1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\b-spacer.gif (ID = 0) 1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\tower.jpg (ID = 0) 1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\kaminari.jpg (ID = 0) 1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\akihabara.jpg (ID = 0) 1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\nakamise.jpg (ID = 0) 1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\barbecue.gif (ID = 0) 1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\imp-pp.jpg (ID = 0) 1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\garden.gif (ID = 0) 1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\logo_top.gif (ID = 0) 1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\top_pict_s.gif (ID = 0) 1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_tourist_s.gif (ID = 0) 1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_vis_s.gif (ID = 0) 1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\touristinfo.gif (ID = 0) 1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i7recommend_g.gif (ID = 0) 1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i7photo.gif (ID = 0) 1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\i7_title.gif (ID = 0) 1:19 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\wt4.jpg (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\wt4_files\tcvb.css (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\diet.jpg (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\sumida2.gif (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\nakamise.jpg (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\kaminari.jpg (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\ginza.jpg (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\ginza.jpg (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\n-odaiba.jpg (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo joypolis (sega amusement park)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_tourist_s.gif (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\etitlea100.gif (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo joypolis (sega amusement park)\yes!tokyo - tokyo convention & visitors bureau_files\set04_files\i7recommend_g.gif (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\tokyo_e.jpg (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\style.css (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\kanto_back.jpg (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\i.jpg (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\h800s.js (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\f800.js (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\booking\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\mob_files\keitai.jpg (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\booking\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\vjh_files\vjh.gif (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\130402tokyochuusinbu.jpg (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\130401tokyochuusinbu.jpg (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\mob_files\keitai.jpg (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\vjh_files\vjh.gif (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\2003.gif (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\mob_files\keitai.jpg (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\ad_files\vjh_files\vjh.gif (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\full day\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\2003.gif (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_guide_s.gif (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention & visitors bureau_files\head2_files\ind_lod_s.gif (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\japan national tourist organization website\central tokyo (imperial palace - kasumigaseki - marunouchi)\jnto website regional tourist guides_files\h800_rtg.js (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\imperial.gif (ID = 0) 1:18 PM: c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\sightseeing spots\tour\late night\-travel agency in japan- jtb sunrisetour offers english tours, hotel and ryokan in japan_files\top_files\sunrise_detail_files\sukiyaki.gif (ID = 0) 1:18 PM: Found System Monitor: potentially rootkit-masked files 1:18 PM: Warning: Failed to access drive E: 1:14 PM: Warning: Failed to open file "c:\documents and settings\coco\application data\skype\jay_88828\chat256.dbb". The operation completed successfully 1:13 PM: Warning: Failed to open file "c:\documents and settings\coco\local settings\temp\jetee87.tmp". The operation completed successfully 1:12 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042973.lnk". The operation completed successfully 1:12 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042922.lnk". The operation completed successfully 1:11 PM: Warning: Failed to open file "c:\documents and settings\coco\cookies\[email protected][2].txt". The operation completed successfully 1:08 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042969.lnk". The operation completed successfully 1:08 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042974.lnk". The operation completed successfully 1:08 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042927.lnk". The operation completed successfully 1:08 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042961.lnk". The operation completed successfully 1:07 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042941.ini". The operation completed successfully 1:07 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\rp.log". The operation completed successfully 1:07 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042993.ini". The operation completed successfully 1:07 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042967.lnk". The operation completed successfully 1:04 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042917.lnk". The operation completed successfully 1:04 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042896.lnk". The operation completed successfully 1:04 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042916.lnk". The operation completed successfully 1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\wt4_files\i2tokyo.gif". The operation completed successfully 1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\wt4_files\i1check.gif". The operation completed successfully 1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\head2_files\ind_press_s.gif". The operation completed successfully 1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\head2_files\ind_conve_s.gif". The operation completed successfully 1:03 PM: Warning: Failed to open file "c:\documents and settings\coco\my documents\my pictures\sony image transfer\tokyo-hk-vacation\tokyo\things to do\tcvb recommendation spot!!!\tokyo metropolitan government offices (up 55 seconds)\yes!tokyo - tokyo convention visitors bureau_files\head2_files\ind_hot_s.gif". The operation completed successfully 1:00 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042928.lnk". The operation completed successfully 12:44 PM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\snapshot\_registry_machine_system". The operation completed successfully 12:38 PM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217\A0048740.exe (ID = 305008) 12:33 PM: c:\windows\downloaded program files\uwa6p_0001_n91m1807netinstaller.exe (ID = 327827) 12:33 PM: Found Adware: winantivirus pro 12:11 PM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217\A0048736.exe (ID = 408) 12:11 PM: Found Trojan Horse: trojan-downloader-zlob 11:48 AM: Warning: PerformFileOffsetMatch Failed to check file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042894.vxd". "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042894.vxd": File not found 11:35 AM: Warning: PerformFileOffsetMatch Failed to check file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042895.dll". "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042895.dll": File not found 10:32 AM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\change.log.5". The operation completed successfully 10:31 AM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042958.data". The operation completed successfully 10:22 AM: Warning: Failed to open file "c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp193\a0042970.lnk". The operation completed successfully 9:34 AM: IE Security Shield: found: C:\WINDOWS\SYSTEM32\MKPMARWL.EXE -- IE Security modification denied 9:29 AM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0045512.exe (ID = 298057) 9:17 AM: C:\Program Files\Microsoft AntiSpyware\Quarantine\46FEA5A4-8701-4EDF-A1B5-37FB34\7BE2E4B7-C5BD-4BF5-A8D7-261D03 (ID = 312696) 9:11 AM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0045513.ini (ID = 298068) 9:10 AM: C:\WINDOWS\SYSTEM32\wecxg32.dll (ID = 54008) 9:10 AM: C:\WINDOWS\SYSTEM32\zxmsn.dll (ID = 54008) 9:08 AM: C:\WINDOWS\SYSTEM32\gupd.dll (ID = 54008) 9:08 AM: C:\WINDOWS\SYSTEM32\cidpoq32.dll (ID = 54008) 9:06 AM: C:\WINDOWS\SYSTEM32\cidft.dll (ID = 54008) 9:06 AM: C:\WINDOWS\SYSTEM32\sdfup.dll (ID = 54008) 9:06 AM: C:\WINDOWS\SYSTEM32\xcwer32.dll (ID = 54008) 9:06 AM: C:\WINDOWS\SYSTEM32\icvbr.dll (ID = 54008) 9:06 AM: C:\WINDOWS\SYSTEM32\icqrt.dll (ID = 54187) 9:06 AM: C:\WINDOWS\SYSTEM32\icnfe.dll (ID = 54008) 9:06 AM: Found Adware: coolwebsearch (cws) 8:58 AM: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0045516.lnk (ID = 288513) 8:56 AM: C:\Documents and Settings\CoCo\Local Settings\Temp\~DlfnTmp3 (1 subtraces) (ID = 2147486173) 8:56 AM: C:\Documents and Settings\CoCo\Local Settings\Temp\~DlfnTmp2 (1 subtraces) (ID = 2147486172) 8:56 AM: C:\Documents and Settings\CoCo\Local Settings\Temp\~DlfnTmp4 (1 subtraces) (ID = 2147486174) 8:56 AM: Found Adware: delfin 8:55 AM: Starting File Sweep 8:55 AM: Cookie Sweep Complete, Elapsed Time: 00:00:03 8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3762) 8:55 AM: Found Spy Cookie: zedo cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3690) 8:55 AM: Found Spy Cookie: winantiviruspro cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 3032) 8:55 AM: Found Spy Cookie: myaffiliateprogram.com cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 3638) 8:55 AM: Found Spy Cookie: videodome cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 3589) 8:55 AM: Found Spy Cookie: tribalfusion cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3667) 8:55 AM: Found Spy Cookie: webtrendslive cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected][3].txt (ID = 3254) 8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 3254) 8:55 AM: Found Spy Cookie: reliablestats cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3235) 8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 3217) 8:55 AM: Found Spy Cookie: questionmarket cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 3236) 8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 6442) 8:55 AM: Found Spy Cookie: mediaplex cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 2966) 8:55 AM: Found Spy Cookie: maxserving cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 2633) 8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 2505) 8:55 AM: Found Spy Cookie: dealtime cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected]count4.exitexchange[1].txt (ID = 2634) 8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 2634) 8:55 AM: Found Spy Cookie: exitexchange cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 2354) 8:55 AM: Found Spy Cookie: casalemedia cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 2253) 8:55 AM: Found Spy Cookie: atlas dmt cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 2175) 8:55 AM: Found Spy Cookie: advertising cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected][1].txt (ID = 2088) 8:55 AM: Found Spy Cookie: adrevolver cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 2084) 8:55 AM: Found Spy Cookie: adprofile cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3400) 8:55 AM: Found Spy Cookie: specificclick.com cookie 8:55 AM: c:\documents and settings\coco\cookies\[email protected][2].txt (ID = 3665) 8:55 AM: Found Spy Cookie: websponsors cookie 8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 3050) 8:55 AM: Found Spy Cookie: mytemplatestorage cookie 8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 2038) 8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 3235) 8:55 AM: Found Spy Cookie: realmedia cookie 8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 2038) 8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 3262) 8:55 AM: Found Spy Cookie: rn11 cookie 8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 2293) 8:55 AM: Found Spy Cookie: belnk cookie 8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 2509) 8:55 AM: Found Spy Cookie: delfinproject cookie 8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 2038) 8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 2350) 8:55 AM: Found Spy Cookie: cardomain cookie 8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 2255) 8:55 AM: Found Spy Cookie: atwola cookie 8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 2229) 8:55 AM: Found Spy Cookie: apmebf cookie 8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 4207) 8:55 AM: Found Spy Cookie: hotbar cookie 8:55 AM: c:\documents and settings\jessica\cookies\[email protected][2].txt (ID = 2768) 8:55 AM: Found Spy Cookie: hbmediapro cookie 8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 2072) 8:55 AM: Found Spy Cookie: adknowledge cookie 8:55 AM: c:\documents and settings\jessica\cookies\[email protected][1].txt (ID = 2037) 8:55 AM: Found Spy Cookie: about cookie 8:55 AM: Starting Cookie Sweep 8:55 AM: Registry Sweep Complete, Elapsed Time:00:00:52 8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883) 8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\classes\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127116) 8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\internet explorer\extensions\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127080) 8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\internet explorer\extensions\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127080) 8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925) 8:55 AM: Found Adware: cws-aboutblank 8:55 AM: HKU\S-1-5-21-894892478-1671654027-2876248559-1007\software\microsoft\windows\currentversion\updt\ (ID = 105189) 8:55 AM: Found Adware: browseraid 8:55 AM: HKLM\software\classes\clsid\{3f143c3a-1457-6cca-03a7-7aa23b61e40f}\ (ID = 1571509) 8:55 AM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {259ba022-2005-45e9-a965-10edb9c00605} (ID = 1538921) 8:55 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{062492af-392e-479d-bf52-a7a4bca00307}\ (ID = 1538630) 8:55 AM: HKLM\software\classes\clsid\{062492af-392e-479d-bf52-a7a4bca00307}\ (ID = 1538618) 8:55 AM: HKCR\clsid\{062492af-392e-479d-bf52-a7a4bca00307}\ (ID = 1538606) 8:55 AM: HKLM\software\microsoft\rasap2k\ (ID = 1511572) 8:55 AM: HKLM\software\microsoft\dstr5\ (ID = 1511570) 8:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\msn sniffer v1.2 evaluation version \ (ID = 1509875) 8:55 AM: Found System Monitor: msn sniffer 8:55 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{686a161d-5bd1-4999-8832-6393f41e564c}\ (ID = 1505707) 8:55 AM: Found Adware: popuper 8:55 AM: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911) 8:55 AM: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901) 8:55 AM: Found Adware: spyware quake 8:55 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\cfgmngr32\ (ID = 1252409) 8:55 AM: HKLM\software\microsoft\internet explorer\main\ || search page_bak (ID = 1250789) 8:55 AM: Found Adware: prosearch.com hijack 8:55 AM: HKLM\software\classes\clsid\{0b5f7fdf-0717-45bf-b49d-695f3168c7fe}\ (ID = 1149560) 8:55 AM: HKCR\clsid\{0b5f7fdf-0717-45bf-b49d-695f3168c7fe}\ (ID = 1149518) 8:55 AM: Found Adware: easyerror 8:55 AM: HKLM\system\currentcontrolset\services\dp1112\ (ID = 1138322) 8:55 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\geedc\ (ID = 1125293) 8:55 AM: Found Trojan Horse: trojan-downloader-conhook 8:54 AM: HKLM\software\microsoft\mssmgr\ (ID = 937101) 8:54 AM: Found Trojan Horse: trojan agent winlogonhook 8:54 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573) 8:54 AM: Found Adware: security2k hijacker 8:54 AM: HKLM\software\classes\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127120) 8:54 AM: HKCR\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127065) 8:54 AM: Found Adware: spad 8:54 AM: HKCR\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (ID = 127065) 8:54 AM: Found Adware: heretofind 8:54 AM: HKCR\clsid\{3f143c3a-1457-6cca-03a7-7aa23b61e40f}\ (ID = 105493) 8:54 AM: Found Trojan Horse: childoleauto 8:54 AM: HKLM\software\classes\interface\{a2872b10-39f2-42df-9335-7dd38cf75255}\ (ID = 103771) 8:54 AM: HKCR\clsid\{a2872b10-39f2-42df-9335-7dd38cf75255}\ (ID = 103725) 8:54 AM: Found Adware: apropos 8:54 AM: Starting Registry Sweep 8:54 AM: Memory Sweep Complete, Elapsed Time: 00:07:10 8:48 AM: Detected running threat: C:\WINDOWS\SYSTEM32\geedc.dll (ID = 394) 8:48 AM: Found Adware: virtumonde 8:47 AM: Starting Memory Sweep 8:47 AM: HKLM\software\classes\clsid\{062492af-392e-479d-bf52-a7a4bca00307}\inprocserver32\ (ID = 1560802) 8:47 AM: HKCR\clsid\{062492af-392e-479d-bf52-a7a4bca00307}\inprocserver32\ (ID = 1560801) 8:47 AM: Found Adware: cws_meup 8:47 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\cfgmngr32\ || dllname (ID = 1538933) 8:47 AM: Found Trojan Horse: trojan-downloader-2pursuit 8:47 AM: Sweep initiated using definitions version 741 8:47 AM: Spy Sweeper 5.0.5.1286 started 8:47 AM: | Start of Session, Wednesday, August 16, 2006 | ******** 8:47 AM: | End of Session, Wednesday, August 16, 2006 | 8:45 AM: Your spyware definitions have been updated. Keylogger Shield: On BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites Shield: Off Hosts File Shield: On Spy Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 8:34 AM: Shield States 8:33 AM: Spyware Definitions: 691 8:32 AM: Spy Sweeper 5.0.5.1286 started 8:32 AM: Spy Sweeper 5.0.5.1286 started 8:32 AM: | Start of Session, Wednesday, August 16, 2006 | ******** ===================================================== Panda's active scan log ===================================================== Incident Status Location Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UDC6_0001_D18M1108NetInstaller.exe Adware:adware/ncase Not disinfected c:\windows\didduid.ini Adware:adware/alibabar Not disinfected Windows Registry Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[data.coremetrics.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.2o7.net/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[.microsofteup.112.2o7.net/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\CoCo\Application Data\Mozilla\Firefox\Profiles\3d8cvnbg.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt ============================================ New HJThis Log ============================================ Logfile of HijackThis v1.99.1 Scan saved at 5:20:49 PM, on 8/16/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Pr
  6. Thanks alot I am so glad you can help me, I was thinking to reinstall os as a last resort... Logfile of HijackThis v1.99.1 Scan saved at 10:20:07 PM, on 8/14/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\QUICKENW\QAGENT.EXE C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\WINDOWS\system32\mrtMngr.EXE C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\PROGRA~1\SlimQ\Fahid.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Virtual Account Numbers\CitiUCS.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE O4 - HKLM\..\Run: [uFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe O4 - HKLM\..\Run: [uFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account Numbers\CitiUCS.exe /dontopenmycards O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\HPCMDTY.DLL (file missing) (HKCU) O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing) O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  7. Hi Matt, I am very sorry to tell you that I am still infected. I know what cause this, I install some application download online, and the application was opening some dos prompt and trying execute something, that cause all these pop up. Please help, my computer is still infected.
  8. Hi Matt, I did deleted the R3 entry in HJT, so I follow the step to use filefind program to search for both .dll file, none of it can be find in the window\system32 directory... So, I scan with HJT just in case u may want to read it. Logfile of HijackThis v1.99.1 Scan saved at 9:56:59 AM, on 7/24/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\QUICKENW\QAGENT.EXE C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\WINDOWS\system32\mrtMngr.EXE C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\PROGRA~1\SlimQ\Fahid.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Virtual Account Numbers\CitiUCS.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\palmOne\Hotsync.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Video Camera\Linksys Viewer & Recorder Utility.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE O4 - HKLM\..\Run: [uFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe O4 - HKLM\..\Run: [uFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account Numbers\CitiUCS.exe /dontopenmycards O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\HPCMDTY.DLL (file missing) (HKCU) O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing) O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  9. Hi, I got PendingFileRenameOperations prompt on both file. --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 11:42:43 AM 7/21/2006 + Scan result: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP224\A0050204.exe -> Adware.PurityScan : No action taken. C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217\A0048732.dll -> Not-A-Virus.Hoax.Win32.Renos.dt : No action taken. C:\apache2\opssl\bin\libssl32.dll -> Not-A-Virus.NetTool.Win32.STunnel.404 : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : No action taken. C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : No action taken. C:\Documents and Settings\Jessica\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : No action taken. C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : No action taken. C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : No action taken. C:\Documents and Settings\Jessica\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : No action taken. C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : No action taken. C:\Documents and Settings\Jessica\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken. C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : No action taken. C:\Documents and Settings\Jessica\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : No action taken. ::Report end So I reboot the machine manually then do a ewido scan and HJT. Please help. After the ewido scan, I applied all action to delete it. Logfile of HijackThis v1.99.1 Scan saved at 11:52:18 AM, on 7/21/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\QUICKENW\QAGENT.EXE C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\WINDOWS\system32\mrtMngr.EXE C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\PROGRA~1\SlimQ\Fahid.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Virtual Account Numbers\CitiUCS.exe C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\palmOne\Hotsync.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE O4 - HKLM\..\Run: [uFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe O4 - HKLM\..\Run: [uFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account Numbers\CitiUCS.exe /dontopenmycards O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\HPCMDTY.DLL (file missing) (HKCU) O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing) O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE Thanks so much for ur continous support, I really apprieciated.
  10. Hi, Sorry for late reply, I've been trying hard to use this website, it froze on me many times because of my spyware? Please let me know what else I need to check, thanks so much. Service load: 0% 100% File: tsnp2std.exe Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 51615816c80529488db618e3d78057a5 Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VirusBuster Found nothing VBA32 Found nothing File: vsnp2std.exe Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 5da1d493d24550d92f1407d3509df2b6 Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VirusBuster Found nothing VBA32 Found nothing C:\WINDOWS\system32\chkdsk.dll The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
  11. Welcome back, Matt, hope u have a nice vacation. Unfortunately, I am still having spyware popping up. Logfile of HijackThis v1.99.1 Scan saved at 11:50:48 PM, on 7/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\QUICKENW\QAGENT.EXE C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe C:\WINDOWS\system32\mrtMngr.EXE C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\PROGRA~1\SlimQ\Fahid.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Virtual Account Numbers\CitiUCS.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\palmOne\Hotsync.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE O4 - HKLM\..\Run: [uFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe O4 - HKLM\..\Run: [uFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account Numbers\CitiUCS.exe /dontopenmycards O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\HPCMDTY.DLL (file missing) (HKCU) O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\WINDOWS\system32\chkdsk.dll C:\WINDOWS\system32\notepad.dll O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing) O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  12. Please check for me. It seems that the pop up still happening. Logfile of HijackThis v1.99.1 Scan saved at 10:43:58 PM, on 7/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\QUICKENW\QAGENT.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe C:\WINDOWS\system32\mrtMngr.EXE C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\PROGRA~1\SlimQ\Fahid.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Virtual Account Numbers\CitiUCS.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\palmOne\Hotsync.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\CoCo\My Documents\Appz\hijack\HijackThis.exe R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE O4 - HKLM\..\Run: [uFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe O4 - HKLM\..\Run: [uFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [FAhid] C:\PROGRA~1\SlimQ\Fahid.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account Numbers\CitiUCS.exe /dontopenmycards O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\HPCMDTY.DLL (file missing) (HKCU) O9 - Extra button: Microsoft® JavaScript® Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console - {46AF0B81-0578-42DD-B20C-2ECF0EA31A4F} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/DVInstaller.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\WINDOWS\system32\chkdsk.dll C:\WINDOWS\system32\notepad.dll O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2 -k runservice (file missing) O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2(SSL)) - Unknown owner - c:\apache2\bin\apache.exe" -n Apache2(SSL) -k runservice -D SSL (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:/apache2/mysql/bin/mysqld.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2\mail\bin\XMail.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  13. Yeah! I am so tired of my laptop, so glad u r making my life easier. Thanks so much. You are awesome, if there is a way for me to make donation, please let me know the link. Incident Status Location Adware:adware/nowfind Not disinfected c:\windows\system32\cidft.dll Adware:adware/ncase Not disinfected c:\windows\didduid.ini Adware:adware/miamore Not disinfected Windows Registry Adware:adware/alibabar Not disinfected Windows Registry Adware:adware/morwillsearch Not disinfected Windows Registry Spyware:spyware/apropos Not disinfected Windows Registry Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt
  14. Hi, I hope this is the last scan, sorry for giving u so much trouble. Thanks so much! Incident Status Location Adware:adware/nowfind Not disinfected c:\windows\system32\cidft.dll Adware:adware/ncase Not disinfected c:\windows\didduid.ini Adware:adware/miamore Not disinfected Windows Registry Adware:adware/alibabar Not disinfected Windows Registry Adware:adware/morwillsearch Not disinfected Windows Registry Spyware:spyware/apropos Not disinfected Windows Registry Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\CoCo\Cookies\[email protected][2].txt