Hello, I am consistently receiving a popup which comes in the form of a Microsoft Windows pop up box which automatically directs me to www.winantivirus.com, regardless of whether or not I press yes or no, or click the [x] to close it. I have run adaware and spybot but neither seem to fix the problem. Any sort of assistance would be appreciated!

[Reply or follow-up to this message]

Try the suggestions that I made in the post above yours. Did you run your anti spyware 
programs while in SAFE mode and offline? If that does not resolve your problem, download 
hijackthis, 
run and post on the site. After the analysis, remove what is recommended. If the 
problem persists, post on their site.











On Wednesday, July 5, 2006 at 1:54 am, Bill Yau wrote:

>Hello,

>

>I am consistently receiving a popup which comes in the form of a Microsoft Windows 

>pop up box which automatically directs me to www.winantivirus.com, regardless of 

>whether or not I press yes or no, or click the [x] to close it.  I have run adaware 

>and spybot but neither seem to fix the problem.  Any sort of assistance would be 

>appreciated! 

[Reply or follow-up to this message]

If you still need help......

Lets see what's on your system

Please download HiJackThis into its own permanent folder,
example: C:\MyHJT\HJT.exe, C:\Program Files\MYHJT\HJT.exe or C:\MyDocuments\MyHJT\HJT.exe
DownloadHJT

Double click on it to open it up, hit the Do a system scan and save log button, 
WordPad or NotePad will open and  it will be saved in the folder, copy and paste 
the entire log into your reply. (use edit > select all > copy > paste it into 
your reply)

 Please make sure you check the "preserve spacing button" on 
the bottom of the posting page. It's right above the "Cancel Button" !

HERE---->[X]Check this box to 
preserve your spacing, or leave it unchecked to have your text wrapped automatically. 
Tip: Don't use this option unless you really need it; use the preview feature on 
the next page if you're not sure. 

MrC

Here is a copy as requested.  Thank you so much for your help!

Logfile of HijackThis v1.99.1
Scan saved at 10:53:28 PM, on 7/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Citrus Alarm Clock\citrusac.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ABC\abc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Bill\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program 
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program 
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - 
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program 
Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {abac3d0c-4dd4-4095-b9a8-41278ab34147} - C:\WINDOWS\system32\kbdi32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program 
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef 
/Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE 
/SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP 
Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe 
/Start
O4 - HKLM\..\Run: [ChangeResolution] C:\System.sav\INTELRES\ChangeResolution.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 
1033
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 
7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America 
Online 8.0\aoltray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth 
Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program 
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} 
- C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} 
- C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) 
- http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126064321561
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl 
Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) 
- http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" 
(file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: kbdi32 - C:\WINDOWS\SYSTEM32\kbdi32.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth 
Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program 
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program 
Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program 
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation 
- C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. 
- C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) 
- Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Logon User Interface Skin (LogonUISkin) - Unknown owner 
- C:\WINDOWS\logonui.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation 
- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog 
Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common 
Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software 
- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec 
AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, 
Inc. - C:\WINDOWS\wanmpsvc.exe

[Reply or follow-up to this message]

You have a couple of  nasties on the system:
Go to Start > Control Panel > Add or Remove Programs and remove the following programs, 
if found:
Relevant Knowledge
rxtoolbar
rxtoolbar publisher
-----------------------
Download and unzip the KillBox 
to a folder - we'll use it later.

--------------------

Close ALL programs down, leaving ONLY HijackThis running - Click Scan 
and.....
Place a check against the following items:

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\ProgramFiles\RXToolBar\sfcont.dll 
(file missing)
O2 - BHO: (no name) - {abac3d0c-4dd4-4095-b9a8-41278ab34147} - C:\WINDOWS\system32\kbdi32.dll
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: kbdi32 - C:\WINDOWS\SYSTEM32\kbdi32.dll

Click on Fix Checked and exit HijackThis.

Delete this folder if found:
C:\Program Files\RXToolBar

Now open up the KillBox and copy and paste this in and hit delete, if the file exists, 
it will appear in blue under the window.

 C:\WINDOWS\SYSTEM32\kbdi32.dll

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. 
Let it scan your system for files to remove. Make sure these 3 are checked and then 
press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin


-----------------

I would also follow up with Ewido to clean out any other malware:

Please download and install the trial version of Ewido Security Suite 4.0 here:
http://www.grisoft.cz/softw/70/filedir/inst/ewido-setup_4.0.0.172a.exe

After it's installed...Check for updates:
Double click on the Ewido icon in the system tray or 
on the desktop> this will bring up the main program if it's not already up.





On the Main Page  click the Update 
Tab and then Start Update
Download and install any updates if available.

Select the Scanner icon at the top of the screen, then 
select the Settings tab.
Once in the Settings screen click on Recommended actions 
and then select Quarantine. 
Under Reports
Select Automatically generate report after every scan
Un-Select Only if threats were found

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr Let it scan your system for files to remove. Make sure these 3 are checked 
and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin


Now  click the Scanner Icon on top
Click on Complete System Scan
Be patient - it takes a while to run.

Once the scan is complete do the following:
If you have any infections you will prompted, then select Apply 
All Actions

Next select the Reports icon at the top.
Copy and paste the scan report in your next reply.
Close Ewido 

Reboot and post the log from Ewido and a fresh HJT log,  MrC

[Reply or follow-up to this message]

Here we go.  Thank you!  In HijackThis!, for some reason I can't get rid of the kbdi32.dll 
file even after trying to "fix" it.  Thanks!

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:	12:25:10 AM 7/7/2006

 + Scan result:	



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with 
backup (quarantined).
C:\Program Files\Block Checker -> Adware.BlockChecker : Cleaned with backup (quarantined).
HKU\S-1-5-21-1015059309-1459947622-2175161424-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} 
-> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Desktop\HJT\backups\backup-20060706-230415-211.dll 
-> Downloader.ConHook.aa : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Desktop\HJT\backups\backup-20060706-230510-434.dll 
-> Downloader.ConHook.aa : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kbdi32.dll -> Downloader.ConHook.aa : Cleaned with backup (quarantined).
[3708] C:\WINDOWS\system32\kbdi32.dll -> Downloader.ConHook.aa : Cleaned with backup 
(quarantined).
[3920] C:\WINDOWS\system32\kbdi32.dll -> Downloader.ConHook.aa : Cleaned with backup 
(quarantined).
[668] C:\WINDOWS\system32\kbdi32.dll -> Downloader.ConHook.aa : Cleaned with backup 
(quarantined).
[736] C:\WINDOWS\system32\kbdi32.dll -> Downloader.ConHook.aa : Cleaned with backup 
(quarantined).
C:\WINDOWS\system32\geebayy.dll -> Downloader.ConHook.ab : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mljjj.exe -> Downloader.ConHook.ab : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@247realmedia[1].txt -> TrackingCookie.247realmedia 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@112.2o7[2].txt -> TrackingCookie.2o7 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@2o7[1].txt -> TrackingCookie.2o7 : Cleaned 
with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@cbs.112.2o7[1].txt -> TrackingCookie.2o7 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@cnn.122.2o7[1].txt -> TrackingCookie.2o7 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@j2global.122.2o7[1].txt -> TrackingCookie.2o7 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@maxim.122.2o7[1].txt -> TrackingCookie.2o7 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@wholesalemarketer.122.2o7[1].txt -> TrackingCookie.2o7 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Local Settings\Temp\Cookies\bill@2o7[2].txt -> TrackingCookie.2o7 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Local Settings\Temp\Cookies\bill@bet.122.2o7[1].txt 
-> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@adbrite[1].txt -> TrackingCookie.Adbrite 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@stats.adbrite[1].txt -> TrackingCookie.Adbrite 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@ads.addynamix[1].txt -> TrackingCookie.Addynamix 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@adrevolver[3].txt -> TrackingCookie.Adrevolver 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@z1.adserver[1].txt -> TrackingCookie.Adserver 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@adtech[2].txt -> TrackingCookie.Adtech 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@bluestreak[2].txt -> TrackingCookie.Bluestreak 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@burstnet[1].txt -> TrackingCookie.Burstnet 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@www.burstnet[2].txt -> TrackingCookie.Burstnet 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@as.casalemedia[1].txt -> TrackingCookie.Casalemedia 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@casalemedia[2].txt -> TrackingCookie.Casalemedia 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Local Settings\Temp\Cookies\bill@casalemedia[1].txt 
-> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@clickbank[2].txt -> TrackingCookie.Clickbank 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@ad1.clickhype[1].txt -> TrackingCookie.Clickhype 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@cz5.clickzs[2].txt -> TrackingCookie.Clickzs 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@com[2].txt -> TrackingCookie.Com : Cleaned 
with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@news.com[1].txt -> TrackingCookie.Com 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Local Settings\Temp\Cookies\bill@com[1].txt -> TrackingCookie.Com 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@cpvfeed[2].txt -> TrackingCookie.Cpvfeed 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Local Settings\Temp\Cookies\bill@cpvfeed[2].txt -> 
TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@www.directnetadvertising[1].txt -> TrackingCookie.Directnetadvertising 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@c.enhance[2].txt -> TrackingCookie.Enhance 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@adopt.euroclick[2].txt -> TrackingCookie.Euroclick 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@adopt.euroclick[3].txt -> TrackingCookie.Euroclick 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@as-eu.falkag[1].txt -> TrackingCookie.Falkag 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@as-us.falkag[2].txt -> TrackingCookie.Falkag 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@fastclick[2].txt -> TrackingCookie.Fastclick 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Local Settings\Temp\Cookies\bill@fastclick[1].txt 
-> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@hotlog[2].txt -> TrackingCookie.Hotlog 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@sales.liveperson[1].txt -> TrackingCookie.Liveperson 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@sec1.liveperson[2].txt -> TrackingCookie.Liveperson 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@image.masterstats[1].txt -> TrackingCookie.Masterstats 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@stat.onestat[1].txt -> TrackingCookie.Onestat 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@data2.perf.overture[1].txt -> TrackingCookie.Overture 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@data3.perf.overture[2].txt -> TrackingCookie.Overture 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@overture[2].txt -> TrackingCookie.Overture 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@perf.overture[1].txt -> TrackingCookie.Overture 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@paycounter[1].txt -> TrackingCookie.Paycounter 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@ads.pointroll[2].txt -> TrackingCookie.Pointroll 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Local Settings\Temp\Cookies\bill@ads.pointroll[1].txt 
-> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@qksrv[2].txt -> TrackingCookie.Qksrv 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@questionmarket[2].txt -> TrackingCookie.Questionmarket 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Local Settings\Temp\Cookies\bill@questionmarket[1].txt 
-> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@web4.realtracker[1].txt -> TrackingCookie.Realtracker 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Local Settings\Temp\Cookies\bill@stats1.reliablestats[1].txt 
-> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@revenue[2].txt -> TrackingCookie.Revenue 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Local Settings\Temp\Cookies\bill@revenue[2].txt -> 
TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@edge.ru4[2].txt -> TrackingCookie.Ru4 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@serving-sys[1].txt -> TrackingCookie.Serving-sys 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@serving-sys[2].txt -> TrackingCookie.Serving-sys 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@adopt.specificclick[1].txt -> TrackingCookie.Specificclick 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Local Settings\Temp\Cookies\bill@adopt.specificclick[2].txt 
-> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@spylog[1].txt -> TrackingCookie.Spylog 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@h.starware[1].txt -> TrackingCookie.Starware 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@try.starware[1].txt -> TrackingCookie.Starware 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@statcounter[2].txt -> TrackingCookie.Statcounter 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@anad.tacoda[2].txt -> TrackingCookie.Tacoda 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@anat.tacoda[1].txt -> TrackingCookie.Tacoda 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@tacoda[1].txt -> TrackingCookie.Tacoda 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@login.tracking101[1].txt -> TrackingCookie.Tracking101 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@tradedoubler[1].txt -> TrackingCookie.Tradedoubler 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@trafficmp[2].txt -> TrackingCookie.Trafficmp 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Local Settings\Temp\Cookies\bill@trafficmp[1].txt 
-> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@trafic[1].txt -> TrackingCookie.Trafic 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@tribalfusion[1].txt -> TrackingCookie.Tribalfusion 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Local Settings\Temp\Cookies\bill@tribalfusion[2].txt 
-> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@reduxads.valuead[2].txt -> TrackingCookie.Valuead 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@blp.valueclick[2].txt -> TrackingCookie.Valueclick 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@valueclick[1].txt -> TrackingCookie.Valueclick 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@yadro[2].txt -> TrackingCookie.Yadro 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@yieldmanager[2].txt -> TrackingCookie.Yieldmanager 
: Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Local Settings\Temp\Cookies\bill@ad.yieldmanager[1].txt 
-> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Cookies\bill@zedo[1].txt -> TrackingCookie.Zedo : 
Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Local Settings\Temp\Cookies\bill@zedo[2].txt -> TrackingCookie.Zedo 
: Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 12:27:29 AM, on 7/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Citrus Alarm Clock\citrusac.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Bill\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program 
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program 
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - 
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {abac3d0c-4dd4-4095-b9a8-41278ab34147} - C:\WINDOWS\system32\kbdi32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program 
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef 
/Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE 
/SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP 
Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe 
/Start
O4 - HKLM\..\Run: [ChangeResolution] C:\System.sav\INTELRES\ChangeResolution.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 
1033
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 
7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth 
Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program 
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} 
- C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} 
- C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) 
- http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126064321561
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" 
(file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: kbdi32 - C:\WINDOWS\SYSTEM32\kbdi32.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth 
Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program 
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program 
Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program 
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation 
- C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program 
Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. 
- C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) 
- Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Logon User Interface Skin (LogonUISkin) - Unknown owner 
- C:\WINDOWS\logonui.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation 
- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog 
Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common 
Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software 
- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec 
AntiVirus\Rtvscan.exe

[Reply or follow-up to this message]

It seems that the file has been deleted but please make sure:

Enable hidden files:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make 
sure that "Show hidden files and folders" is checked. 
Also uncheck "Hide protected operating system files" and untick "hide extensions 
for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK" (reverse this procedure when we are done)

Make sure  this file is gone:
C:\WINDOWS\SYSTEM32\kbdi32.dll

--------------

One of your Symantec products may be preventing HJT from working.

Reboot into safe mode and shut down Symantec if it's running.

Close ALL programs down, leaving ONLYHijackThis running - Click Scan 
and.....
Place a check against the following items:

O2 - BHO: (no name) - {abac3d0c-4dd4-4095-b9a8-41278ab34147} - C:\WINDOWS\system32\kbdi32.dll
O20 - Winlogon Notify: kbdi32 - C:\WINDOWS\SYSTEM32\kbdi32.dll

Click on Fix Checked and exit HijackThis.

Reboot and post a fresh HijackThis log and we'll take another look. MrC

[Reply or follow-up to this message]

I did as instructed and I was able to remove the files.  I'm going to go surfing 
for a little while and see if the stupid pop up boxes still come up.  Meanwhile here 
is a copy of the log.  Thank you so much!!

Logfile of HijackThis v1.99.1
Scan saved at 4:34:42 AM, on 7/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Citrus Alarm Clock\citrusac.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bill\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program 
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program 
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - 
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program 
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef 
/Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE 
/SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP 
Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe 
/Start
O4 - HKLM\..\Run: [ChangeResolution] C:\System.sav\INTELRES\ChangeResolution.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 
1033
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 
7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth 
Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program 
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} 
- C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} 
- C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) 
- http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126064321561
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" 
(file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth 
Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program 
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program 
Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program 
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation 
- C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program 
Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. 
- C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) 
- Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Logon User Interface Skin (LogonUISkin) - Unknown owner 
- C:\WINDOWS\logonui.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation 
- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog 
Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common 
Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software 
- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec 
AntiVirus\Rtvscan.exe

[Reply or follow-up to this message]

• Search this forum
• Start a new thread on a different subject

• Report abuse of the forum