Jump to content


Photo

System Tray Icons Disappering


  • Please log in to reply
2 replies to this topic

#1 Texas_Sun

Texas_Sun

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 08 June 2007 - 06:26 PM

Hello, I have read and followed the FAQ dialogue prior to this post.
Several of my system tray icons are disappearing, especially after a re-boot. I was running Yahoo Online Protection which was being disabled after re-booting and even after manually bringing up the program the antivirus would toggle off immediately after I turned it on. I unsuccessfully attempted to use BCWipe to clear the freespace thinking that would help and had to cancel it before it finished.

I've installed Spybot and ran a check (see below). Many start up entries have the following phrase: "deleted in System Startup global entry!" after a reboot.

I've installed Lavasoft and ran a check.

I installed Antivir personal edition. It found the following viruses: KillApp.A, KillApplicat.A, and PAHADOR.F

I've installed AVG Anti-spyware. I tried to run it in Safe Mode and couldn't, the "connection failed." So I could only run it in normal mode and it did find a rogue spyware that I quarantined and removed.

I've posted Hijackthis below.
I think there is something dirty in my registry please help. The posts follow:

Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 5:57:19 PM, on 6/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Control\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe

Spybot:
6/5/2007 10:24:17 PM Allowed value "Index.dat Suite" (new data: "C:\run.bat") added in System Startup global entry!
6/5/2007 10:27:24 PM Allowed value "Yahoo! Pager" (new data: ""C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet") changed in System Startup user entry!
6/5/2007 10:42:00 PM Allowed value "Yahoo! Pager" (new data: ""C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet") changed in System Startup user entry!
6/6/2007 5:49:48 AM Allowed value "Yahoo! Pager" (new data: ""C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet") changed in System Startup user entry!
6/6/2007 8:42:04 AM Allowed value "Yahoo! Pager" (new data: ""C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet") changed in System Startup user entry!
6/6/2007 8:46:22 AM Allowed value "Yahoo! Pager" (new data: ""C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet") changed in System Startup user entry!
6/6/2007 6:09:56 PM Allowed value "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") deleted in Global browser toolbar!
6/6/2007 6:09:56 PM Allowed value "{02478D38-C3F9-4EFB-9B51-7695ECA05670}" (new data: "") deleted in Browser Helper Object!
6/6/2007 6:10:34 PM Allowed value "CaAvTray" (new data: "") deleted in System Startup global entry!
6/6/2007 6:10:34 PM Allowed value "CAVRID" (new data: "") deleted in System Startup global entry!
6/6/2007 6:10:49 PM Allowed value "YOP" (new data: "") deleted in System Startup global entry!
6/6/2007 6:13:01 PM Allowed value "CaAvTray" (new data: "") deleted in System Startup global entry!
6/6/2007 6:13:01 PM Allowed value "CAVRID" (new data: "") deleted in System Startup global entry!
6/6/2007 6:13:01 PM Allowed value "YOP" (new data: "") deleted in System Startup global entry!
6/6/2007 6:16:41 PM Allowed value "CaAvTray" (new data: "") deleted in System Startup global entry!
6/6/2007 6:16:42 PM Allowed value "CAVRID" (new data: "") deleted in System Startup global entry!
6/6/2007 6:16:42 PM Allowed value "YOP" (new data: "") deleted in System Startup global entry!
6/6/2007 6:20:21 PM Allowed value "CaAvTray" (new data: "") deleted in System Startup global entry!
6/6/2007 6:20:21 PM Allowed value "CAVRID" (new data: "") deleted in System Startup global entry!
6/6/2007 6:20:21 PM Allowed value "YOP" (new data: "") deleted in System Startup global entry!
6/6/2007 6:27:20 PM Allowed value "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") added in Global browser toolbar!
6/6/2007 6:27:20 PM Allowed value "{02478D38-C3F9-4EFB-9B51-7695ECA05670}" (new data: "") added in Browser Helper Object!
6/6/2007 6:27:55 PM Allowed value "CaAvTray" (new data: ""C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"") added in System Startup global entry!
6/6/2007 6:27:55 PM Allowed value "CAVRID" (new data: ""C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"") added in System Startup global entry!
6/6/2007 6:28:56 PM Allowed value "YOP" (new data: "C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart") added in System Startup global entry!
6/6/2007 8:38:52 PM Allowed value "CaAvTray" (new data: "") deleted in System Startup global entry!
6/6/2007 8:38:52 PM Allowed value "CAVRID" (new data: "") deleted in System Startup global entry!
6/6/2007 8:40:41 PM Allowed value "CaAvTray" (new data: "") deleted in System Startup global entry!
6/6/2007 8:40:41 PM Allowed value "CAVRID" (new data: "") deleted in System Startup global entry!
6/6/2007 8:45:39 PM Allowed value "avgnt" (new data: ""C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min") added in System Startup global entry!
6/6/2007 9:48:04 PM Allowed value "CaAvTray" (new data: "") deleted in System Startup global entry!
6/6/2007 9:48:04 PM Allowed value "CAVRID" (new data: "") deleted in System Startup global entry!
6/6/2007 10:01:32 PM Allowed value "SpybotSD TeaTimer" (new data: "") deleted in System Startup user entry!
6/6/2007 10:01:34 PM Allowed value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") deleted in Browser Helper Object!


AVG Anti-spyware:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:48:45 PM 6/8/2007

+ Scan result:



HKLM\SOFTWARE\Classes\AppID\{FD452F78-C495-40A1-B5BD-D8A586CA7F23} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{17BB6D1C-BCD3-4667-B56D-ABBBD2230042} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{856D8ADB-99C3-4AEA-B294-E3FBDBC198CF} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FF1AECC7-0C21-4B5F-BD3F-8D5B0BF042D9} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{157BF1E5-C86C-48E7-ADCC-2890C45B63CE} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{1A5D27ED-D7EC-4ED3-A631-64CAA8482D27} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{C5B002C9-E508-4723-AB34-2AC6B5E3DC0E} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{D89D48EF-8915-4729-954E-69F3C6C3F19E} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.


::Report end

more Spybot:

--- Search result list ---
Common Dialogs: History (14 files) (Registry key, fixed)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

MS Office 9.0: Recently used files (5 files) (Directory, fixed)
C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Office\Recent\

Log: Activity: SchedLgU.Txt (Backup file, fixing failed)
C:\WINDOWS\SchedLgU.Txt

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Internet Explorer: Download directory (Registry change, fixed)
HKEY_USERS\S-1-5-21-3271251665-606231666-2556993118-1009\Software\Microsoft\Internet Explorer\Download Directory!=

MS Media Player: Anonymous ID (Registry change, fixed)
HKEY_USERS\S-1-5-21-3271251665-606231666-2556993118-1009\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS Direct3D: Most recent application (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

MS DirectDraw: Most recent application (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

MS Office 9.0 (Word): Recently used file list (Registry value, fixed)
HKEY_USERS\S-1-5-21-3271251665-606231666-2556993118-1009\Software\Microsoft\Office\9.0\Word\Data\Settings

MS Office 9.0 (Excel): Recent files (1 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-3271251665-606231666-2556993118-1009\Software\Microsoft\Office\9.0\Excel\Recent Files

MS Office 9.0 (PowerPoint): Recent file list (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-3271251665-606231666-2556993118-1009\Software\Microsoft\Office\9.0\PowerPoint\Recent File List

MS Search Assistant: Typed search terms history (Registry key, fixed)
HKEY_USERS\S-1-5-21-3271251665-606231666-2556993118-1009\Software\Microsoft\Search Assistant\ACMru

MS Wordpad: Recent file list (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-3271251665-606231666-2556993118-1009\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

Windows Explorer: User Assistant history IE (1 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-3271251665-606231666-2556993118-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history files (21 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-3271251665-606231666-2556993118-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: Last visited history (5 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-3271251665-606231666-2556993118-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: Recent file global history (Registry key, fixed)
HKEY_USERS\S-1-5-21-3271251665-606231666-2556993118-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cookie: Cookie (9) (Cookie, fixed)


Cache: Cache (64) (Cache, fixed)


Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-06-07 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-06-06 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-06-06 Includes\DialerC.sbi (*)
2007-05-30 Includes\Hijackers.sbi (*)
2007-06-06 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-06-06 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-05-30 Includes\Malware.sbi (*)
2007-06-06 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-06-06 Includes\PUPSC.sbi (*)
2007-06-06 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-06-06 Includes\SecurityC.sbi (*)
2007-06-06 Includes\Spybots.sbi (*)
2007-06-06 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2007-05-16 Includes\Trojans.sbi (*)
2007-06-06 Includes\TrojansC.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB883667
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB884020
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888239
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926247)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Hotfix for Windows XP (KB935448)


--- Startup entries list ---
Located: HK_LM:Run, BJCFD
command: C:\Program Files\BroadJump\Client Foundation\CFD.exe
file: C:\Program Files\BroadJump\Client Foundation\CFD.exe
size: 368706
MD5: ba9af06103549a96f77036861fde357b

Located: HK_LM:Run, High Definition Audio Property Page Shortcut
command: HDAShCut.exe
file: C:\WINDOWS\system32\HDAShCut.exe
size: 61952
MD5: 9c3b2302b60fb0efb13bc880a5e3e93e

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: 409f6851bdaec9accbdde692d56d5c87

Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
size: 49152
MD5: ac116f16a7716a720a45d7ea47cfd983

Located: HK_LM:Run, HPBootOp
command: "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
file: C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
size: 245760
MD5: 30a086ba3520555b718e77763b1c52c0

Located: HK_LM:Run, HPHUPD08
command: c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
file: c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
size: 49152
MD5: 4f113169a2de985d043a5530987ad6d0

Located: HK_LM:Run, IntelliPoint
command: "C:\Program Files\Microsoft IntelliPoint\point32.exe"
file: C:\Program Files\Microsoft IntelliPoint\point32.exe
size: 204800
MD5: d6c9858536249e31a5e9a1a4f3a08113

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 229952
MD5: ceccc68b54e8e27c93dbede85f160c96

Located: HK_LM:Run, LogitechCommunicationsManager
command: "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
file: C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
size: 284184
MD5: 305e20e5c325d8d5f44bfbf229b9dc7c

Located: HK_LM:Run, LogitechQuickCamRibbon
command: "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
file: C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
size: 746520
MD5: 2e44ee2294ba07d4e58eae9bfbb97824

Located: HK_LM:Run, LSBWatcher
command: c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
file: c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
size: 253952
MD5: 5fd441fa69b135b8891ebf8f2f8631b7

Located: HK_LM:Run, LVCOMSX
command: "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
file: C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
size: 244512
MD5: 8a293a35cf99d8ea9058eb9693b00086

Located: HK_LM:Run, Motive SmartBridge
command: C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
file: C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
size: 380928
MD5: 6c8bc055467b9f69b24b213146efff0f

Located: HK_LM:Run, Persistence
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: 2d838f01650a630ae7a78c864315fbdc

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: d2c900031fd445b5464abb5629388be3

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: d09a5f5c4dbd5d4dff09ab1a69812062

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77c03bf23ae56b0a31ae4d5bb4b3d0ac

Located: HK_LM:Run, YBrowser
command: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
file: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
size: 129536
MD5: 2ef423cb1782744666c3a9b827c7aa9c

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38

Located: HK_CU:Run, Yahoo! Pager
command: "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
file: C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
size: 4670968
MD5: 84f728bcb139fa157d1756e3cb4b76d8

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (common), AT&T Self Support Tool.lnk
command: C:\Program Files\SBC Self Support Tool\bin\matcli.exe
file: C:\Program Files\SBC Self Support Tool\bin\matcli.exe
size: 217088
MD5: 96610108433ec2f885672ab0f32a0466

Located: Startup (common), HP Digital Imaging Monitor.lnk
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 282624
MD5: 5597d0075861cb0a6e6087752d205c0d

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 59379189e5eafbeee30eb944d3307645

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, igfxcui
command: igfxdev.dll
file: igfxdev.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com.../readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 12/14/2004 10:56:50 AM
Date (last access): 6/7/2007 9:27:26 PM
Date (last write): 9/23/2005 11:12:08 PM
Filesize: 63136
Attributes: archive
MD5: B61D5D651ECC6055C29BF826CA7B1141
CRC32: FEF15799
Version: 7.0.5.172

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 6/7/2007 10:07:36 PM
Date (last access): 6/7/2007 10:07:36 PM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\PROGRA~1\Yahoo!\common\
Long name: yiesrvc.dll
Short name:
Date (created): 5/6/2006 1:55:54 PM
Date (last access): 6/7/2007 9:25:02 PM
Date (last write): 10/31/2006 4:33:54 PM
Filesize: 198136
Attributes: archive
MD5: F8981F09E8DA4FDB7F6B6E2B5361AEAE
CRC32: 2CDBBB6C
Version: 2006.10.31.3

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 3/2/2006 1:53:00 PM
Date (last access): 6/7/2007 10:06:36 PM
Date (last write): 11/10/2005 1:22:12 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 9/1/2005 7:29:24 PM
Date (last access): 6/7/2007 9:25:02 PM
Date (last write): 9/1/2005 7:29:24 PM
Filesize: 720896
Attributes: readonly archive
MD5: EF84F3C59A075B66CA3E99C654224004
CRC32: ED2F33CD
Version: 2.0.114.10

{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} (SidebarAutoLaunch Class)
BHO name:
CLSID name: SidebarAutoLaunch Class
Path: C:\Program Files\Yahoo!\browser\
Long name: YSidebarIEBHO.dll
Short name: YSIDEB~2.DLL
Date (created): 5/6/2006 1:52:26 PM
Date (last access): 6/7/2007 9:25:02 PM
Date (last write): 2/3/2005 5:07:08 PM
Filesize: 124032
Attributes: archive
MD5: 0645DBCBDB3F4A69AEE13F4B5F9C4291
CRC32: 75CB3FBB
Version: 2004.8.3.1



--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.micr...heckControl.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 7/12/2005 7:04:22 PM
Date (last access): 6/7/2007 9:30:34 PM
Date (last write): 4/24/2007 11:32:06 AM
Filesize: 1485696
Attributes: archive
MD5: F41FA54CD85AF8AACF8C7E084F6742F4
CRC32: 6328586B
Version: 1.7.36.0

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support)
DPF name:
CLSID name: Installation Support
Installer: C:\Program Files\Yahoo!\common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: Yinsthelper2007261.dll
Short name: YINSTH~1.DLL
Date (created): 2/6/2007 7:46:38 PM
Date (last access): 6/7/2007 9:52:30 PM
Date (last write): 2/6/2007 7:46:38 PM
Filesize: 207912
Attributes: archive
MD5: 4F374B4704F49E87516A105E38F886F7
CRC32: FF63FB06
Version: 2007.2.6.1

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 1:52:58 PM
Date (last access): 6/7/2007 9:24:24 PM
Date (last write): 11/10/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0\bin\
Long name: NPJPI150.dll
Short name:
Date (created): 9/1/2005 6:31:10 PM
Date (last access): 6/7/2007 9:50:58 PM
Date (last write): 9/1/2005 6:31:10 PM
Filesize: 69740
Attributes: archive
MD5: D25BB4762A876A3DBF6F2BAA36A179FA
CRC32: 9367234B
Version: 1.5.0.0

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 1:52:58 PM
Date (last access): 6/7/2007 10:27:34 PM
Date (last write): 11/10/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 1:52:58 PM
Date (last access): 6/7/2007 10:27:34 PM
Date (last write): 11/10/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5



--- Process list ---
PID: 0 ( 0) [System]
PID: 680 ( 4) \SystemRoot\System32\smss.exe
PID: 780 ( 680) \??\C:\WINDOWS\system32\csrss.exe
PID: 804 ( 680) \??\C:\WINDOWS\system32\winlogon.exe
PID: 848 ( 804) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 860 ( 804) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1012 ( 848) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1092 ( 848) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1188 ( 848) C:\Program Files\Windows Defender\MsMpEng.exe
size: 13592
MD5: F45DD1E1365D857DD08BC23563370D0E
PID: 1232 ( 848) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1300 ( 848) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1668 (1604) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1760 ( 848) C:\WINDOWS\system32\LEXBCES.EXE
size: 299008
MD5: AEEDACC6FB20FDBA95213AD3BB009B7D
PID: 1812 ( 848) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1848 (1760) C:\WINDOWS\system32\LEXPPS.EXE
size: 174592
MD5: F350EE5D5761CB9A0C8B0DA8C463DE1D
PID: 1860 ( 848) c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
size: 109344
MD5: 43C03E8E810087D7557628738033FB99
PID: 192 (1668) C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: 409F6851BDAEC9ACCBDDE692D56D5C87
PID: 204 (1668) C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: 2D838F01650A630AE7A78C864315FBDC
PID: 316 (1668) C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
size: 49152
MD5: AC116F16A7716A720A45D7EA47CFD983
PID: 344 (1668) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: D09A5F5C4DBD5D4DFF09AB1A69812062
PID: 396 (1668) C:\Program Files\Microsoft IntelliPoint\point32.exe
size: 204800
MD5: D6C9858536249E31A5E9A1A4F3A08113
PID: 404 (1668) C:\Program Files\BroadJump\Client Foundation\CFD.exe
size: 368706
MD5: BA9AF06103549A96F77036861FDE357B
PID: 416 (1668) C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
size: 129536
MD5: 2EF423CB1782744666C3A9B827C7AA9C
PID: 424 (1668) C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
size: 380928
MD5: 6C8BC055467B9F69B24B213146EFFF0F
PID: 448 (1668) C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61A3A9D5D98BF0331DF5B716144A8100
PID: 464 (1668) C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: D2C900031FD445B5464ABB5629388BE3
PID: 508 (1668) C:\Program Files\iTunes\iTunesHelper.exe
size: 229952
MD5: CECCC68B54E8E27C93DBEDE85F160C96
PID: 544 (1668) C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
size: 284184
MD5: 305E20E5C325D8D5F44BFBF229B9DC7C
PID: 560 (1668) C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
size: 746520
MD5: 2E44EE2294BA07D4E58EAE9BFBB97824
PID: 568 (1012) C:\PROGRA~1\Yahoo!\browser\ycommon.exe
size: 200704
MD5: DC384325FFC20A35BBD2A49FAE962153
PID: 584 (1668) C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
size: 244512
MD5: 8A293A35CF99D8EA9058EB9693B00086
PID: 608 (1668) C:\Progra

#2 Texas_Sun

Texas_Sun

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 09 June 2007 - 12:41 PM

I believe I've solved the problem. I came across this website: http://winhlp.com/WxSystray.htm

I tried 2 simple System Tray registry "resets" which did the trick. I don't know if this is for everyone but it worked for me. If anyone still wants to help me verify that my registry appears clean I would greatly appreciate it. Thank you, Texas_Sun

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 11 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button