Thanks
Logfile of HijackThis v1.99.1
Scan saved at 8:20:48 PM, on 05/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\System32\SMSSU.EXE
D:\WINDOWS\System32\Tmntsrv32.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\pctspk.exe
D:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
D:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
D:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
D:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
D:\WINDOWS\Chatut.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Nvdtl\Xkfb.exe
D:\WINDOWS\System32\winamp.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\System32\SMSSU.EXE
D:\WINDOWS\System32\Tmntsrv32.EXE
C:\wp.exe
D:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\WINZIP\winzip32.exe
D:\Documents and Settings\cwinxp\Local Settings\Temp\HijackThis.exe
R3 - URLSearchHook: (no name) - _{cfbfae00-17a6-11d0-99cb-00c04fd64497} - (no file)
O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - D:\WINDOWS\xmllib.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "D:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "D:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Chatut] D:\WINDOWS\Chatut.exe
O4 - HKLM\..\Run: [Pndvoovz] C:\Program Files\Odwgj\Iunt.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySpotter] D:\Program Files\SpySpotter\SpySpotter.exe -onreboot
O4 - HKLM\..\Run: [Qwnthfn] C:\Program Files\Nvdtl\Xkfb.exe
O4 - HKLM\..\Run: [Winamp Agent] D:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] D:\WINDOWS\System32\csrs.exe
O4 - HKLM\..\Run: [Local Security Authority Service] D:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SMSSU] D:\WINDOWS\System32\SMSSU.EXE
O4 - HKCU\..\Run: [Tmntsrv32] D:\WINDOWS\System32\Tmntsrv32.EXE
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [senn87] D:\WINDOWS\System32\senn87.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - D:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - D:\WINDOWS\system32\pctspk.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - D:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe