My HijackThis Log - AceExplorer

Hi AceExplorer

Rename HijackThis.exe to HJT.exe and send a fresh HijackThis log, please :)

Thanks, I renamed HijackThis.exe to HJT.exe and re-ran it.  Here is the output log:

Logfile of HijackThis v1.99.1
Scan saved at 8:24:26 PM, on 9/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\NortonSystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Acrobat6\Distillr\acrotray.exe
C:\Program Files\Common Files\Delorme\DeLSerial\DeLSerial.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Common Files\DeLorme\DeLSerial\VspStartup.exe
C:\Program Files\NortonSystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\NortonSystemWorks\Norton Utilities\WDSCAN.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\HijackThis\HJT.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat6\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: (no name) - {647ABA2C-BFD4-4FC4-B752-A8E06B5CA256} - C:\WINDOWS\system32\jkklk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Acrobat6\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat6\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\NortonSystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\NortonSystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Acrobat6\Distillr\acrotray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: DeLorme Serial Emulator.lnk = C:\Program Files\Common Files\Delorme\DeLSerial\DeLSerial.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Virtual Serial Port for DeLorme.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.projectserver
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} -
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k00719/sb02a.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123688127093
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{0408DFCF-1A40-461C-A5AD-5C5F787F9D95}: NameServer = 10.29.64.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0408DFCF-1A40-461C-A5AD-5C5F787F9D95}: NameServer = 10.29.64.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{0408DFCF-1A40-461C-A5AD-5C5F787F9D95}: NameServer = 10.29.64.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{0408DFCF-1A40-461C-A5AD-5C5F787F9D95}: NameServer = 10.29.64.4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: jkklk - C:\WINDOWS\system32\jkklk.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

 

Hi

Open HijackThis, click do a system scan only and checkmark this:

O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
Close all windows including browser and press fix checked.

Reboot.

Please download VundoFix.exe -> http://www.atribune.org/ccount/click.php?id=4 to your desktop.

• Double-click VundoFix.exe to run it.
  
• Click the Scan for Vundo button.
  
• Once it's done scanning, click the Remove Vundo button.
  
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
  
• When completed, it will prompt that it will reboot your computer, click OK.
  
• Please post the contents of C:\vundofix.txt and a new HiJackThis log. 
  
  Note: It is possible that VundoFix encountered a file it could not remove.
  In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

• Message Edited by Shaba_FIN on 09-13-200601:42 AM

  Message Edited by Shaba_FIN on 09-13-200601:42 AM

T H A N K   Y O U  ---  My problem appears to be 100% repaired now, I followed your instructions exactly!  After Vundofix cleaned my system I also ran a virus scan which gave my system a clean bill of health.  As requested, I'm posting my post-cleanup HJT log file and my Vundofix.txt file from the actual cleanup/repair.  Again, I am sincerely thankful for your help!  --Frank

Logfile of HijackThis v1.99.1
Scan saved at 10:43:07 PM, on 9/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\NortonSystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Acrobat6\Distillr\acrotray.exe
C:\Program Files\Common Files\Delorme\DeLSerial\DeLSerial.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Common Files\DeLorme\DeLSerial\VspStartup.exe
C:\Program Files\NortonSystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Winamp\Winamp.exe
C:\HijackThis\HJT.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat6\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Acrobat6\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B09B2FBB-2F3B-45EA-9581-E809A2566931} - C:\WINDOWS\system32\jkklk.dll (file missing)
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat6\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\NortonSystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\NortonSystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Acrobat6\Distillr\acrotray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: DeLorme Serial Emulator.lnk = C:\Program Files\Common Files\Delorme\DeLSerial\DeLSerial.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Virtual Serial Port for DeLorme.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} -
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k00719/sb02a.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123688127093
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{0408DFCF-1A40-461C-A5AD-5C5F787F9D95}: NameServer = 10.29.64.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0408DFCF-1A40-461C-A5AD-5C5F787F9D95}: NameServer = 10.29.64.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{0408DFCF-1A40-461C-A5AD-5C5F787F9D95}: NameServer = 10.29.64.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{0408DFCF-1A40-461C-A5AD-5C5F787F9D95}: NameServer = 10.29.64.4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

 

 

VundoFix V6.1.5

Checking Java version...

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 7:36:21 AM 9/13/2006

Listing files found while scanning....

C:\WINDOWS\system32\jkkjiih.dll
C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\klkkj.ini
C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\klkkj.bak2
C:\WINDOWS\system32\winwil32.dll
C:\Program Files\Common Files\{2866C4F6-0AE6-1033-1210-040129040001}\services.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\jkkjiih.dll
C:\WINDOWS\system32\jkkjiih.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\jkklk.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\klkkj.ini
C:\WINDOWS\system32\klkkj.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\klkkj.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\klkkj.bak2
C:\WINDOWS\system32\klkkj.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\winwil32.dll
C:\WINDOWS\system32\winwil32.dll Has been deleted!

 Attempting to delete C:\Program Files\Common Files\{2866C4F6-0AE6-1033-1210-040129040001}\services.dll
C:\Program Files\Common Files\{2866C4F6-0AE6-1033-1210-040129040001}\services.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.5

Checking Java version...

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 8:03:46 AM 9/13/2006

Listing files found while scanning....

C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\klkkj.tmp

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\jkklk.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\klkkj.tmp
C:\WINDOWS\system32\klkkj.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.5

Checking Java version...

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 6:19:22 PM 9/13/2006

Listing files found while scanning....

No infected files were found.

 

Hi

Open HijackThis, click do a system scan only and checkmark this:

O2 - BHO: (no name) - {B09B2FBB-2F3B-45EA-9581-E809A2566931} - C:\WINDOWS\system32\jkklk.dll (file missing)

Close all windows including browser and press fix checked.

Please run this online scan:

Panda ActiveScan

• Once you are on the Panda site, click the Scan your PC button
  
• A new window will open...click the Check Now button
  
• Enter your Country
  
• Enter your State/Province
  
• Enter your e-mail address and click send
  
• Select either Home User or Company
  
• Click the big Scan Now button
  
• If it wants to install an ActiveX component allow it
  
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• When download is complete, click on Local Disks to start the scan
  
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report, along with a new HijackThis Log

 

Ok, I've attached the latest HJT log (in 2nd message to avoid 20,000 character post limit) and the PandaScan log. There were a couple of occurrences of a "prohibited string" in the PandaScan which this forum would not allow to be pasted here. Those occurrences now read "bfns" in the log below. If you remove the "fn" you'll see the two-character pair which is not allowed in this forum, so two occurrences have been slightly modified in the PandaScan log below. Thanks for your help!

Incident Status Location

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\cookies.txt[.apmebf.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\cookies.txt[.bfns.serving-sys.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\cookies.txt[.maxserving.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\cookies.txt[.xiti.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\FN\Cookies\fn@112.2o7[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\FN\Cookies\fn@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\FN\Cookies\fn@2o7[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\FN\Cookies\fn@a.as-us.falkag[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\FN\Cookies\fn@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\FN\Cookies\fn@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\FN\Cookies\fn@adrevolver[3].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\FN\Cookies\fn@adrevolver[4].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\FN\Cookies\fn@adrevolver[5].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\FN\Cookies\fn@ads.addynamix[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\FN\Cookies\fn@ads.pointroll[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\FN\Cookies\fn@adserver.livedoor[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\FN\Cookies\fn@adtech[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\FN\Cookies\fn@adultfriendfinder[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\FN\Cookies\fn@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\FN\Cookies\fn@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\FN\Cookies\fn@as-us.falkag[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\FN\Cookies\fn@ath.belnk[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\FN\Cookies\fn@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\FN\Cookies\fn@azjmp[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\FN\Cookies\fn@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\FN\Cookies\fn@belnk[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\FN\Cookies\fn@bluestreak[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\FN\Cookies\fn@bravenet[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\FN\Cookies\fn@bfns.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\FN\Cookies\fn@burstnet[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\FN\Cookies\fn@c.enhance[2].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\FN\Cookies\fn@c.fsx[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\FN\Cookies\fn@ccbill[1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\FN\Cookies\fn@cdfreaks[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\FN\Cookies\fn@centrport[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\FN\Cookies\fn@cgi-bin[3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\FN\Cookies\fn@cgi-bin[5].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\FN\Cookies\fn@cgi-bin[7].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\FN\Cookies\fn@cgi-bin:emotion-29:.txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\FN\Cookies\fn@clickbank[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\FN\Cookies\fn@club.cdfreaks[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\FN\Cookies\fn@com[2].txt
Spyware:Cookie/Sexsuche Not disinfected C:\Documents and Settings\FN\Cookies\fn@counter.sexsuche[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\FN\Cookies\fn@cs.sexcounter[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\FN\Cookies\fn@ct.360i[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\FN\Cookies\fn@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\FN\Cookies\fn@dist.belnk[2].txt
Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\FN\Cookies\fn@errorguard[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\FN\Cookies\fn@fe.lea.lycos[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\FN\Cookies\fn@fortunecity[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\FN\Cookies\fn@gostats[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\FN\Cookies\fn@go[1].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\FN\Cookies\fn@hc2.humanclick[1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\FN\Cookies\fn@hotlog[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\FN\Cookies\fn@landing.domainsponsor[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\FN\Cookies\fn@maxserving[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\FN\Cookies\fn@microsofteup.112.2o7[2].txt
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\FN\Cookies\fn@mp3search[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\FN\Cookies\fn@overture[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\FN\Cookies\fn@paycounter[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\FN\Cookies\fn@perf.overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\FN\Cookies\fn@qksrv[1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\FN\Cookies\fn@qsrch[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\FN\Cookies\fn@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\FN\Cookies\fn@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\FN\Cookies\fn@revenue[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\FN\Cookies\fn@searchportal.information[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\FN\Cookies\fn@seeq[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\FN\Cookies\fn@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\FN\Cookies\fn@serving-sys[1].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\FN\Cookies\fn@spylog[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\FN\Cookies\fn@stat.onestat[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\FN\Cookies\fn@statcounter[2].txt
Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\FN\Cookies\fn@stats1.clicktracks[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\FN\Cookies\fn@stats1.reliablestats[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\FN\Cookies\fn@target[2].txt
Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\FN\Cookies\fn@teensforcash[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\FN\Cookies\fn@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\FN\Cookies\fn@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\FN\Cookies\fn@tribalfusion[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\FN\Cookies\fn@tucows[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\FN\Cookies\fn@webpower[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\FN\Cookies\fn@www.burstbeacon[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\FN\Cookies\fn@www.myaffiliateprogram[1].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\FN\Cookies\fn@www47.buydomains[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\FN\Cookies\fn@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\FN\Cookies\fn@xiti[1].txt
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\FN\Cookies\fn@xxxcounter[2].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\FN\Cookies\fn@yadro[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\FN\Cookies\fn@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\FN\Cookies\fn@zedo[1].txt
Adware:adware/securityerror Not disinfected C:\Documents and Settings\FN\Favorites\Antivirus Test Online.url
Adware:adware/sidestep Not disinfected C:\Documents and Settings\FN\Favorites\SideStep.url
Adware:Adware/ISearch Not disinfected C:\Documents and Settings\FN\Local Settings\Temp\b104.exe[MTE3MTk6ODoxNg.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\FN\Local Settings\Temp\b104.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/SuperSpider Not disinfected C:\Documents and Settings\FN\Local Settings\Temp\mst3D5.tmp
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\FN\Local Settings\Temp\win3D9.tmp.exe
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\FN\Local Settings\Temp\win3DB.tmp.exe
Adware:Adware/PornMagPass Not disinfected C:\Documents and Settings\FN\Local Settings\Temp\win3E0.tmp.exe
Adware:Adware/CommAd Not disinfected C:\Documents and Settings\FN\Local Settings\Temporary Internet Files\Content.IE5\2G65Z1SG\installer[1].exe

And here is the HJT log...


Logfile of HijackThis v1.99.1
Scan saved at 7:18:40 AM, on 9/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\NortonSystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Acrobat6\Distillr\acrotray.exe
C:\Program Files\Common Files\Delorme\DeLSerial\DeLSerial.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Common Files\DeLorme\DeLSerial\VspStartup.exe
C:\Program Files\NortonSystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Netscape\Netscp.exe
C:\HijackThis\HJT.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\FN\Application Data\Mozilla\Profiles\default\31edxvzv.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat6\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Acrobat6\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat6\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\NortonSystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\NortonSystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Acrobat6\Distillr\acrotray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: DeLorme Serial Emulator.lnk = C:\Program Files\Common Files\Delorme\DeLSerial\DeLSerial.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Virtual Serial Port for DeLorme.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} -
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k00719/sb02a.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123688127093
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{0408DFCF-1A40-461C-A5AD-5C5F787F9D95}: NameServer = 10.29.64.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0408DFCF-1A40-461C-A5AD-5C5F787F9D95}: NameServer = 10.29.64.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{0408DFCF-1A40-461C-A5AD-5C5F787F9D95}: NameServer = 10.29.64.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{0408DFCF-1A40-461C-A5AD-5C5F787F9D95}: NameServer = 10.29.64.4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Hi

Please download the Killbox.
Unzip it to the desktop

Please run Killbox.

Select " Delete on Reboot".

Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\FN\Favorites\Antivirus Test Online.url
C:\Documents and Settings\FN\Favorites\SideStep.url
C:\Documents and Settings\FN\Local Settings\Temp\b104.exe
C:\Documents and Settings\FN\Local Settings\Temp\mst3D5.tmp
C:\Documents and Settings\FN\Local Settings\Temp\win3D9.tmp.exe
C:\Documents and Settings\FN\Local Settings\Temp\win3DB.tmp.exe
C:\Documents and Settings\FN\Local Settings\Temp\win3E0.tmp.exe
C:\Documents and Settings\FN\Local Settings\Temporary Internet Files\Content.IE5\2G65Z1SG\installer[1].exe

Return to Killbox, go to the File menu, and choose " Paste from Clipboard".

Click the red-and-white " Delete File" button. Click " Yes" at the Delete on Reboot prompt. Click " No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Empty this folder -> C:\!KillBox

Empty Recycle Bin

Re-scan with panda

Send:

- a fresh HijackThis log
- panda report

Message Edited by Shaba_FIN on 09-14-200609:44 AM

Hi

Please run Killbox.

Select " Delete on Reboot".

Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\FN\Local Settings\Temporary Internet Files\Content.IE5\A1V85ORY\wlzip32[1].exe
C:\Documents and Settings\FN\Local Settings\Temporary Internet Files\Content.IE5\C1UV4L6N\l11[1].exe
C:\Documents and Settings\FN\Local Settings\Temporary Internet Files\Content.IE5\JI7LDDVN\104[1].net
C:\Documents and Settings\FN\Local Settings\Temporary Internet Files\Content.IE5\XCGN51OX\anti4[1].exe

Return to Killbox, go to the File menu, and choose " Paste from Clipboard".

Click the red-and-white " Delete File" button. Click " Yes" at the Delete on Reboot prompt. Click " No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Empty this folder -> C:\!KillBox

Re-scan with panda

Send:

- a fresh HijackThis log
- panda report

My system is running normally again, I see no evidence of any unusual activity. THANKS for your help! I have one follow-up question. Can I run PandaScan and then load all the found "spyware cookies" and other spyware entries into KillBox for deletion? This thought occurred to me yesterday. My other option would seem to be to subscribe to PandaScan which may accomplish the same thing. I've been using Spybot Search & Destroy and Norton Antivirus which now seem to be incomplete solutions. Again, thanks for your help!

--Frank