:scratch: I just download Spybot S&D. Well today I was on spybot in system startup and click on "MsnMsnger" it says it's msn messenger then after than a new file was add their from NETSKY -AD :eek:

http://i2.tinypic.com/sq40ut.jpg
^theirs a pic if you could not really understand me ^^;

I want to take it out of there but I DO NOT want to damage msn messenger. So, right now I am not sure what to do or even how to remove such a thing.

I hope someone can help me with thins oh and here the hijack log (or think this is it sorry I'm new at this) if you need to look at it:


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-03-31 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-04-01 Includes\Cookies.sbi
2006-04-01 Includes\Dialer.sbi
2006-04-01 Includes\Hijackers.sbi
2006-04-01 Includes\Keyloggers.sbi
2006-04-01 Includes\Malware.sbi
2006-04-01 Includes\PUPS.sbi
2006-04-01 Includes\Revision.sbi
2006-04-01 Includes\Security.sbi
2006-04-01 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2006-04-01 Includes\Trojans.sbi

Located: HK_LM:Run, BJCFD
command: C:\Program Files\BroadJump\Client Foundation\CFD.exe
file: C:\Program Files\BroadJump\Client Foundation\CFD.exe
size: 368706
MD5: ba9af06103549a96f77036861fde357b

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 59040
MD5: 42d55a54df63361a3207f830508ba4a4

Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 127035
MD5: 2ca827ba68d0cdb5437c40c6f53d7f20

Located: HK_LM:Run, DVDLauncher
command: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
file: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 57344
MD5: 7e5fc860ecbd3fe4d0bf7e1814a37b56

Located: HK_LM:Run, HP Component Manager
command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: e91cde1b706189c03904a901a1ca1832

Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 821f73b833c4daebc33c1a9a4b16bb5a

Located: HK_LM:Run, igfxhkcmd
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: 01018f75f3f18ce629fac9689954a2ae

Located: HK_LM:Run, igfxpers
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: 996abac2332de28f3b6a179c6da20205

Located: HK_LM:Run, igfxtray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 94208
MD5: 3f2c8dd08549bb3419cda372f5999ffa

Located: HK_LM:Run, IntelMeM
command: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
file: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
size: 221184
MD5: bc02e491e88492b02363ce1b384ff7a7

Located: HK_LM:Run, LogitechCameraAssistant
command: C:\Program Files\Logitech\Video\CameraAssistant.exe
file: C:\Program Files\Logitech\Video\CameraAssistant.exe
size: 434176
MD5: 00fd11e84ef70027d46f92996ff76956

Located: HK_LM:Run, LogitechCameraService(E)
command: C:\WINDOWS\system32\ElkCtrl.exe /automation
file: C:\WINDOWS\system32\ElkCtrl.exe
size: 262144
MD5: 35cadfc53e7d7e4336e7c9c04d66c82b

Located: HK_LM:Run, LogitechVideo[inspector]
command: C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
file:

Located: HK_LM:Run, LVCOMSX
command: C:\WINDOWS\system32\LVCOMSX.EXE
file: C:\WINDOWS\system32\LVCOMSX.EXE
size: 221184
MD5: a95bed8fb2b001fc31f638a446a86d9f

Located: HK_LM:Run, Microsoft Works Update Detection
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
size: 50688
MD5: 5046f135bb97a68bfe485ab039e605c0

Located: HK_LM:Run, mmtask
command: "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
file: C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
size: 53248
MD5: 585262612dca4d9449c547e1d36d7a9c

Located: HK_LM:Run, Motive SmartBridge
command: C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
file: C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
size: 380928
MD5: f055034225687b9f9d176985f0108145

Located: HK_LM:Run, PCMService
command: "C:\Program Files\Dell\Media Experience\PCMService.exe"
file: C:\Program Files\Dell\Media Experience\PCMService.exe
size: 290816
MD5: e02c0e78e5cfb01bf9d1866dba18b456

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: c341ccfbe98bc7df6e0b856bb9fc265a

Located: HK_LM:Run, SoundMAXPnP
command: C:\Program Files\Analog Devices\Core\smax4pnp.exe
file: C:\Program Files\Analog Devices\Core\smax4pnp.exe
size: 1404928
MD5: 10247c15d999cc116c87da36bd0ad64d

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
file: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
size: 32881
MD5: ed85b344e6edc30c1bc57ec1a2a56bf3

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: dadb538f51007d5ea5fa1ee553183f80

Located: HK_LM:Run, UpdateManager
command: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
size: 110592
MD5: 52b80c30225de81d7ac989dfe7311877

Located: HK_LM:Run, UserFaultCheck
command: %systemroot%\system32\dumprep 0 -u
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922eb54890c77005268882629a31fe

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1420560
MD5: 81aa8ba06a824e637e2ba290d4fa9e3e

Located: HK_LM:Run, YBrowser
command: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
file: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
size: 57344
MD5: 842c7b3e4bb7b7ebf0db9f60ab08ce3e

Located: HK_LM:Run, YOP
command: C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
file: C:\PROGRA~1\Yahoo!\YOP\yop.exe
size: 397312
MD5: 13ce2ad044884884295b1c2377dd5d25

Located: HK_CU:Run, AIM
command: C:\Program Files\AIM\aim.exe -cnetwait.odl
file:

Located: HK_CU:Run, DellSupport
command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
file: C:\Program Files\Dell Support\DSAgnt.exe
size: 306688
MD5: cea4715092cb7984420dbc9f51fb4c35

Located: HK_CU:Run, LDM
command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
size: 32768
MD5: 5588812731c64305f2579dd8215037e0

Located: HK_CU:Run, LogitechSoftwareUpdate
command: "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
file: C:\Program Files\Logitech\Video\ManifestEngine.exe
size: 196608
MD5: 660b6158bc2bc5d7cb1ff18d148c17aa

Located: HK_CU:Run, MoneyAgent
command: "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
file: C:\Program Files\Microsoft Money\System\mnyexpr.exe
size: 200704
MD5: b0342cdf37f346704708c6d924028a5a

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: HK_CU:Run, MsnMsgr
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 7094272
MD5: b83e12b5341c5dcecc5c217a824ffeb1

Located: HK_CU:Run, Yahoo! Pager
command: "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\ypager.exe
size: 3092480
MD5: 70f45dbfa7940288f31e687a36eff784

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (common), HP Digital Imaging Monitor.lnk
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 241664
MD5: 16e91805cc071039372ae0037aaa9a2b

Located: Startup (common), HP Image Zone Fast Start.lnk
command: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
size: 53248
MD5: 91c0436bd6cb73370895ef33c1c9cb47

Located: Startup (common), Kodak EasyShare software.lnk
command: C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
file: C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
size: 757760
MD5: 5849e088d0318421376e633018abe6f9

Located: Startup (common), Kodak software updater.lnk
command: C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
file: C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
size: 16423
MD5: db9012564169875f5b2aa7f5fc4905e4

Located: Startup (common), Logitech Desktop Messenger.lnk
command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
size: 450560
MD5: 9c964c7c72fd732b1a0eec80421edaed

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Startup (common), SBC Self Support Tool.lnk
command: C:\Program Files\SBC Self Support Tool\bin\matcli.exe
file: C:\Program Files\SBC Self Support Tool\bin\matcli.exe
size: 217088
MD5: 96610108433ec2f885672ab0f32a0466

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, igfxcui
command: igfxdev.dll
file: igfxdev.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll


Thank you for reading this post and I have 3 other probs too I wish someone could help me with also...

Hi Kaldea_Orchid

The addition information In SpyBots tools >system startup is misleading for that item, its only messenger.

What are the other problems/questions ?

Hi Kaldea_Orchid

The addition information In SpyBots tools >system startup is misleading for that item, its only messenger.

What are the other problems/questions ?

Oh thank god O.O well ok ahem the other probs are....

Still in SpyBots tools >system startup I click ccApp (norton antivirus 2003) has bad stuff in it:


OBSRB it says it's a Trojan

RBOT-LJ it says it's a Worm


http://i2.tinypic.com/sqkv1w.jpg
^here a pic of then O_O


Prob 2.... I click Quick Time Task and I got


CoolWebSearch


http://i2.tinypic.com/sqkw3s.jpg
^ Pic of prob 2


Prob 3

I have no I idea what these are :scratch: no info it says so I don't know if it's good or bad....

http://i2.tinypic.com/sql569.jpg
^stuff in the red block



Value - Command line (stufff listed in that box)
cryptnet - cryptnet.dll
cscdll - cscdll.dll
igfxcui - igfxdev.dll
ScCertProp - wlnotify.dll (but not sure is that a L or a I? I can't tell caz the font)
Schedule - wlnotify.dll
sclgntfy - sclgntfy.dll
SensLogn - WlNotify.dll
termsrv - wlnotify.dll
wballoon - wlnotify.dll

Prob 4
(A Prob I don't think anyone can fix but worth a try asking!!!)

Everday and manytimes a day.

This window shows up (can't see it just shows on startbar next to all my other window tabs that are open) and in just in a blink of an eye it's gone...whether or not I'm doing anything

thank you for reading this ^^

All of those appear to be fine, If you would like to get more information on those startups try Castle cops startup database
http://castlecops.com/modules.php?name=StartupList

And for the system ini or DLL's under notify
http://castlecops.com/O20.html


# 4
Explain a bit further

All of those appear to be fine, If you would like to get more information on those startups try Castle cops startup database
http://castlecops.com/modules.php?name=StartupList

And for the system ini or DLL's under notify
http://castlecops.com/O20.html


# 4
Explain a bit further


#4
Well I had it on my cpu for a while now around feb. of this year. Just a window would pop up on my cpu and go away in a sec.

Also around that time my cpu been act weird like when I'm on IE I open a window it would not have a address bar/seach,back arrow,forward arrow,Refresh, just have that windows icon in the middle:

http://img98.imageshack.us/img98/5007/iconwindows4yy.jpg

And other things that would happen....

Could not Right click,go to my computer,my documents,or etc.

or/and (some times it hit me all at once or just one of the probs)

I press the IE icon on my desktop and would not go anywere or very slow..only way I could stop the pobs way to restart my cpu....

So after being tired of that I DL Spybot S&D.....I went to system startup I found 2 prob that I took out a week ago.


crypt32chain (http://www.processlibrary.com/directory/files/crypt32chain/index.php)
System32 (http://www.processlibrary.com/directory/files/SYSTEM32/index.php)


so I took them out but -_- forgot to uncheck the boxes... :( for those programs. >.< I forgot to...

I did a folder seach for system32 found 3 system32 folders O_O that's not normal...Well I removed the other flies (copies) .

Then looked for crypt32chain found nothing.....I'm not sure if it's still on my cpu or dead...

For now my cpu seems to be acting fine ever since then but not sure what that window that pops up is.... -_-

and I was wondering what's a good free firewall program? ....mine seems ok but I'd like to free safer ^^;;

crypt32chain was also normal
Is this a windows xp home pro or windows 2000 system ?

when searching be very thourgh or ask first before taking action.
Ive no idea about http://www.processlibrary.com/directory/files/SYSTEM32/index.php
Since you delt with it sometime in the past

Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let Me or Tashi know.