Sorry, it took a while - I couldn't get back to the client. Here is the latest HiJack This (below) and L2MFIX (attached) logs.
Thanks,
Dan
Logfile of HijackThis v1.99.1
Scan saved at 12:44:14 PM, on 9/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\Citrix\GoToMyPC\g2svc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Citrix\GoToMyPC\g2comm.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Citrix\GoToMyPC\g2pre.exe
D:\Program Files\Citrix\GoToMyPC\g2tray.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
D:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\WINDOWS\System32\vidctrl\vidctrl.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
D:\Program Files\Webroot\Shredder\spshredder.exe
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\System32\m?config.exe
D:\Program Files\mate\onsc.exe
D:\Program Files\ACT\SideACT.exe
D:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
D:\Program Files\ACT\act.exe
D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
D:\Documents and Settings\Irene\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [VBouncer] D:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\Run: [GoToMyPC] D:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Desktop Search] D:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] D:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [fsrcgao] d:\windows\system32\fsrcgao.exe
O4 - HKLM\..\Run: [qt6S36P] scr20.exe
O4 - HKLM\..\Run: [D:\WINDOWS\IEXPLOR.EXE] D:\WINDOWS\IEXPLOR.EXE
O4 - HKLM\..\Run: [D:\WINDOWS\WinTask.exe] D:\WINDOWS\WinTask.exe
O4 - HKLM\..\Run: [StatusClient 2.6] D:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] D:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [SpamBlocker] D:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [vidctrl] D:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [svtcin] D:\WINDOWS\system32\n20050308.a.Stub.EXE
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bAp2RWj7Q] scclnt.exe
O4 - HKCU\..\Run: [ufro] D:\PROGRA~1\COMMON~1\ufro\ufrom.exe
O4 - HKCU\..\Run: [PopUpWasher] D:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
O4 - HKCU\..\Run: [Spam Shredder] "D:\Program Files\Webroot\Shredder\spshredder.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Syfza] D:\WINDOWS\System32\m?config.exe
O4 - HKCU\..\Run: [Lrom] D:\Program Files\mate\onsc.exe
O4 - Startup: America Online 5.0 Tray Icon.lnk = D:\America Online 5.0\aoltray.exe
O4 - Global Startup: SideACT!.lnk = D:\Program Files\ACT\SideACT.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1124121405093O20 - Winlogon Notify: Shell Extensions - D:\WINDOWS\system32\o0pqla751d.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GoToMyPC - Unknown owner - D:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe