onay32

Members
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

0 Neutral

About onay32

  • Rank
    Newbie
  1. Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 2:18:47 PM, on 3/2/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe C:\Program Files\PKWARE\PKZIPM\12.20.0021\PKTray.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.dss.ca.gov/cdss/"]http://www.dss.ca.gov/cdss/[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.dss.ca.gov/cdss/"]http://www.dss.ca.gov/cdss/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.dss.ca.gov/cdss/"]http://www.dss.ca.gov/cdss/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [IgfxTray] C:\Masters\Video\Intel\Graphics\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Masters\Video\Intel\Graphics\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Masters\Video\Intel\Graphics\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: LaunchU3.exe.lnk = ? O4 - Global Startup: SecureZIP Attachments Status.lnk = C:\Program Files\PKWARE\PKZIPM\12.20.0021\PKTray.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.dss.ca.gov/cdss/ O15 - Trusted Zone: [url="http://www.calaters.ca.gov"]http://www.calaters.ca.gov[/url] O15 - Trusted Zone: *[email protected] O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192479869385"]http://update.microsoft.com/microsoftupdat...b?1192479869385[/url] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192479775362"]http://update.microsoft.com/microsoftupdat...b?1192479775362[/url] O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url="http://www.popcap.com/webgames/popcaploader_v10.cab"]http://www.popcap.com/webgames/popcaploader_v10.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CDSS.DSS.CA.GOV O17 - HKLM\Software\..\Telephony: DomainName = CDSS.DSS.CA.GOV O17 - HKLM\System\CCS\Services\Tcpip\..\{0E0C43A9-5A48-4D31-BB80-727597F8D573}: NameServer = 162.2.32.2,162.2.111.49 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CDSS.DSS.CA.GOV O17 - HKLM\System\CS1\Services\Tcpip\..\{0E0C43A9-5A48-4D31-BB80-727597F8D573}: NameServer = 162.2.32.2,162.2.111.49 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CDSS.DSS.CA.GOV O17 - HKLM\System\CS2\Services\Tcpip\..\{0E0C43A9-5A48-4D31-BB80-727597F8D573}: NameServer = 162.2.32.2,162.2.111.49 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 13173 bytes Adaware Log MSG [0228] 2010/03/02 13:45:14: Configure new scan with profile: smart MSG [0228] 2010/03/02 13:45:14: -> scanning critical objects MSG [0228] 2010/03/02 13:45:14: -> scanning running processes MSG [0228] 2010/03/02 13:45:14: -> scanning registry MSG [0228] 2010/03/02 13:45:14: -> scanning lsp MSG [0228] 2010/03/02 13:45:14: -> scanning browser hijacks MSG [0228] 2010/03/02 13:45:14: -> scanning cookies MSG [0228] 2010/03/02 13:45:14: -> neutralizing rootkits MSG [0228] 2010/03/02 13:45:14: -> use mild rootkit detection MSG [0228] 2010/03/02 13:45:14: -> use spyware heuristics MSG [0228] 2010/03/02 13:45:14: -> use medium heuristics MSG [0228] 2010/03/02 13:45:14: -> scan only executables MSG [0228] 2010/03/02 13:45:14: -> file size limit = 20480 kB (0 = unlimited) ERR [0228] 2010/03/02 13:45:14: SDKController::GetInfectionList -> Not in found infections state MSG [1316] 2010/03/02 13:48:34: Scan was completed in 198 seconds MSG [1316] 2010/03/02 13:48:34: Objects processed: 24658, infections detected: 25 MSG [3512] 2010/03/02 13:48:35: Remediating 25 infections MSG [3512] 2010/03/02 13:48:35: Infections quarantined: 0, removed: 25, repaired: 0 MSG [3512] 2010/03/02 13:48:35: Infections ignored by remediation: 0 (0 whitelisted, 0 skipped). MSG [0228] 2010/03/02 13:48:36: Dumping scan report: >>> Logfile created: 3/2/2010 13:45:15 >>> Ad-Aware version: 8.2.0 >>> User performing scan: rusac >>> >>> *********************** Definitions database information *********************** >>> Lavasoft definition file: 149.165 >>> Genotype definition file version: 2010/02/23 08:38:22 >>> >>> ******************************** Scan results: ********************************* >>> Scan profile name: Smart Scan (ID: smart) >>> Objects scanned: 24658 >>> Objects detected: 25 >>> >>> >>> Type Detected >>> ========================== >>> Processes.......: 0 >>> Registry entries: 0 >>> Hostfile entries: 0 >>> Files...........: 0 >>> Folders.........: 0 >>> LSPs............: 0 >>> Cookies.........: 25 >>> Browser hijacks.: 0 >>> MRU objects.....: 0 >>> >>> >>> >>> Removed items: >>> Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0 >>> Description: *adbrite* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409218 Family ID: 0 >>> Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0 >>> Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0 >>> Description: *advertising* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409017 Family ID: 0 >>> Description: *apmebf* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409163 Family ID: 0 >>> Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0 >>> Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0 >>> Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0 >>> Description: *fastclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408869 Family ID: 0 >>> Description: *klo* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408848 Family ID: 0 >>> Description: *real* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408817 Family ID: 0 >>> Description: *realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409139 Family ID: 0 >>> Description: *real* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408817 Family ID: 0 >>> Description: *realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409139 Family ID: 0 >>> Description: *klo* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408848 Family ID: 0 >>> Description: *server.iad.liveperson* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409131 Family ID: 0 >>> Description: *server.iad.liveperson* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409131 Family ID: 0 >>> Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0 >>> Description: *statse.webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408803 Family ID: 0 >>> Description: *webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408954 Family ID: 0 >>> Description: *.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409033 Family ID: 0 >>> Description: *statse.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409269 Family ID: 0 >>> Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0 >>> Description: zedo* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408736 Family ID: 0 >>> >>> Scan and cleaning complete: Finished correctly after 198 seconds >>> >>> *********************************** Settings *********************************** >>> >>> Scan profile: >>> ID: smart, enabled:1, value: Smart Scan >>> ID: folderstoscan, enabled:1, value: >>> ID: useantivirus, enabled:1, value: true >>> ID: sections, enabled:1 >>> ID: scancriticalareas, enabled:1, value: true >>> ID: scanrunningapps, enabled:1, value: true >>> ID: scanregistry, enabled:1, value: true >>> ID: scanlsp, enabled:1, value: true >>> ID: scanads, enabled:1, value: false >>> ID: scanhostsfile, enabled:1, value: false >>> ID: scanmru, enabled:1, value: false >>> ID: scanbrowserhijacks, enabled:1, value: true >>> ID: scantrackingcookies, enabled:1, value: true >>> ID: closebrowsers, enabled:1, value: false >>> ID: filescanningoptions, enabled:1 >>> ID: archives, enabled:1, value: false >>> ID: onlyexecutables, enabled:1, value: true >>> ID: skiplargerthan, enabled:1, value: 20480 >>> ID: scanrootkits, enabled:1, value: true >>> ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict >>> ID: usespywareheuristics, enabled:1, value: true >>> >>> Scan global: >>> ID: global, enabled:1 >>> ID: addtocontextmenu, enabled:1, value: true >>> ID: playsoundoninfection, enabled:1, value: false >>> ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav >>> >>> Scheduled scan settings: >>> <Empty> >>> >>> Update settings: >>> ID: updates, enabled:1 >>> ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently >>> ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall >>> ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall >>> ID: schedules, enabled:1, value: true >>> ID: updatedaily1, enabled:1, value: Daily 1 >>> ID: time, enabled:1, value: Tue Feb 23 11:14:00 2010 >>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: false >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: false >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> ID: updatedaily2, enabled:1, value: Daily 2 >>> ID: time, enabled:1, value: Tue Feb 23 17:14:00 2010 >>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: false >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: false >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> ID: updatedaily3, enabled:1, value: Daily 3 >>> ID: time, enabled:1, value: Tue Feb 23 23:14:00 2010 >>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: false >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: false >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> ID: updatedaily4, enabled:1, value: Daily 4 >>> ID: time, enabled:1, value: Tue Feb 23 05:14:00 2010 >>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: false >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: false >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> ID: updateweekly1, enabled:1, value: Weekly >>> ID: time, enabled:1, value: Tue Feb 23 11:14:00 2010 >>> ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: true >>> ID: wednesday, enabled:1, value: false >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: true >>> ID: saturday, enabled:1, value: false >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> >>> Appearance settings: >>> ID: appearance, enabled:1 >>> ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource >>> ID: showtrayicon, enabled:1, value: true >>> ID: autoentertainmentmode, enabled:1, value: true >>> ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple >>> ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language >>> >>> Realtime protection settings: >>> ID: realtime, enabled:1 >>> ID: modules, enabled:1 >>> ID: processprotection, enabled:1, value: true >>> ID: onaccessprotection, enabled:1, value: true >>> ID: registryprotection, enabled:1, value: true >>> ID: networkprotection, enabled:1, value: true >>> ID: layers, enabled:1 >>> ID: useantivirus, enabled:1, value: true >>> ID: usespywareheuristics, enabled:1, value: true >>> ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant >>> >>> >>> ****************************** System information ****************************** >>> Computer name: AB5RUSAC01 >>> Processor name: Intel® Pentium® D CPU 3.00GHz >>> Processor identifier: x86 Family 15 Model 6 Stepping 5 >>> Processor speed: ~2992MHZ >>> Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1541, number of processors 2, processor features: [MMX,SSE,SSE2] >>> Physical memory available: 135577600 bytes >>> Physical memory total: 1047773184 bytes >>> Virtual memory available: 1986736128 bytes >>> Virtual memory total: 2147352576 bytes >>> Memory load: 87% >>> Microsoft Windows XP Professional Service Pack 2 (build 2600) >>> Windows startup mode: >>> >>> Running processes: >>> PID: 592 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 648 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 672 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 724 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 736 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 936 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1008 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1104 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1156 name: C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1376 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY >>> PID: 1428 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY >>> PID: 1480 name: C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1644 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1904 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 2028 name: C:\WINDOWS\System32\SCardSvr.exe owner: LOCAL SERVICE domain: NT AUTHORITY >>> PID: 372 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 396 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1112 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1296 name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1584 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1700 name: C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1336 name: C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 528 name: C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 624 name: C:\WINDOWS\system32\CCM\CcmExec.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1516 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 2128 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 2188 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 2668 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 3936 name: C:\WINDOWS\Explorer.EXE owner: rusac domain: CDSS >>> PID: 3948 name: C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe owner: rusac domain: CDSS >>> PID: 1416 name: C:\WINDOWS\System32\DLA\DLACTRLW.EXE owner: rusac domain: CDSS >>> PID: 1384 name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe owner: rusac domain: CDSS >>> PID: 1948 name: C:\Program Files\Logitech\MouseWare\system\em_exec.exe owner: rusac domain: CDSS >>> PID: 1260 name: C:\WINDOWS\RTHDCPL.EXE owner: rusac domain: CDSS >>> PID: 3060 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: rusac domain: CDSS >>> PID: 716 name: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe owner: rusac domain: CDSS >>> PID: 3212 name: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe owner: rusac domain: CDSS >>> PID: 1952 name: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe owner: rusac domain: CDSS >>> PID: 3464 name: C:\Program Files\iTunes\iTunesHelper.exe owner: rusac domain: CDSS >>> PID: 3476 name: C:\Program Files\Common Files\Symantec Shared\ccApp.exe owner: rusac domain: CDSS >>> PID: 3660 name: C:\WINDOWS\system32\ctfmon.exe owner: rusac domain: CDSS >>> PID: 2284 name: C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe owner: rusac domain: CDSS >>> PID: 2296 name: C:\Program Files\PKWARE\PKZIPM\12.20.0021\PKTray.exe owner: rusac domain: CDSS >>> PID: 3292 name: C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 3792 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 3976 name: C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe owner: rusac domain: CDSS >>> PID: 3452 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: rusac domain: CDSS >>> PID: 3120 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: rusac domain: CDSS >>> PID: 540 name: C:\Program Files\Java\jre6\bin\jucheck.exe owner: rusac domain: CDSS >>> PID: 1920 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: rusac domain: CDSS >>> >>> Startup items: >>> Name: PostBootReminder >>> imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} >>> Name: CDBurn >>> imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} >>> Name: WebCheck >>> imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} >>> Name: SysTray >>> imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} >>> Name: WPDShServiceObj >>> imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} >>> Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} >>> imagepath: Browseui preloader >>> Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} >>> imagepath: Component Categories cache daemon >>> Name: LayoutM >>> imagepath: KLayMgr.exe >>> Name: Tweak UI >>> imagepath: RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp >>> Name: Logitech Utility >>> imagepath: Logi_MwX.Exe >>> Name: DLA >>> imagepath: C:\WINDOWS\System32\DLA\DLACTRLW.EXE >>> Name: ISUSPM Startup >>> imagepath: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup >>> Name: ISUSScheduler >>> imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start >>> Name: RTHDCPL >>> imagepath: RTHDCPL.EXE >>> Name: IgfxTray >>> imagepath: C:\Masters\Video\Intel\Graphics\igfxtray.exe >>> Name: HotKeysCmds >>> imagepath: C:\Masters\Video\Intel\Graphics\hkcmd.exe >>> Name: Persistence >>> imagepath: C:\Masters\Video\Intel\Graphics\igfxpers.exe >>> Name: SunJavaUpdateSched >>> imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe" >>> Name: Acrobat Assistant 8.0 >>> imagepath: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" >>> Name: >>> Name: YSearchProtection >>> imagepath: "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" >>> Name: Google Desktop Search >>> imagepath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup >>> Name: AppleSyncNotifier >>> imagepath: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe >>> Name: QuickTime Task >>> imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime >>> Name: iTunesHelper >>> imagepath: "C:\Program Files\iTunes\iTunesHelper.exe" >>> Name: ccApp >>> imagepath: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" >>> Name: >>> imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini >>> Name: >>> location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk >>> imagepath: C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe >>> Name: >>> location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SecureZIP Attachments Status.lnk >>> imagepath: C:\Program Files\PKWARE\PKZIPM\12.20.0021\PKTray.exe >>> Name: >>> imagepath: C:\Documents and Settings\rusac\Start Menu\Programs\Startup\desktop.ini >>> >>> Bootexecute items: >>> Name: >>> imagepath: autocheck autochk * >>> Name: >>> imagepath: lsdelete >>> >>> Running services: >>> Name: Apple Mobile Device >>> displayname: Apple Mobile Device >>> Name: AudioSrv >>> displayname: Windows Audio >>> Name: BITS >>> displayname: Background Intelligent Transfer Service >>> Name: Bonjour Service >>> displayname: Bonjour Service >>> Name: ccEvtMgr >>> displayname: Symantec Event Manager >>> Name: CcmExec >>> displayname: SMS Agent Host >>> Name: ccSetMgr >>> displayname: Symantec Settings Manager >>> Name: CryptSvc >>> displayname: Cryptographic Services >>> Name: DcomLaunch >>> displayname: DCOM Server Process Launcher >>> Name: Dhcp >>> displayname: DHCP Client >>> Name: dmserver >>> displayname: Logical Disk Manager >>> Name: Dnscache >>> displayname: DNS Client >>> Name: ERSvc >>> displayname: Error Reporting Service >>> Name: Eventlog >>> displayname: Event Log >>> Name: EventSystem >>> displayname: COM+ Event System >>> Name: FLEXnet Licensing Service >>> displayname: FLEXnet Licensing Service >>> Name: helpsvc >>> displayname: Help and Support >>> Name: HidServ >>> displayname: HID Input Service >>> Name: iPod Service >>> displayname: iPod Service >>> Name: JavaQuickStarterService >>> displayname: Java Quick Starter >>> Name: lanmanserver >>> displayname: Server >>> Name: lanmanworkstation >>> displayname: Workstation >>> Name: Lavasoft Ad-Aware Service >>> displayname: Lavasoft Ad-Aware Service >>> Name: LightScribeService >>> displayname: LightScribeService Direct Disc Labeling Service >>> Name: LmHosts >>> displayname: TCP/IP NetBIOS Helper >>> Name: Netlogon >>> displayname: Net Logon >>> Name: Netman >>> displayname: Network Connections >>> Name: Nla >>> displayname: Network Location Awareness (NLA) >>> Name: PlugPlay >>> displayname: Plug and Play >>> Name: ProtectedStorage >>> displayname: Protected Storage >>> Name: RasMan >>> displayname: Remote Access Connection Manager >>> Name: RemoteRegistry >>> displayname: Remote Registry >>> Name: RpcSs >>> displayname: Remote Procedure Call (RPC) >>> Name: SamSs >>> displayname: Security Accounts Manager >>> Name: SCardSvr >>> displayname: Smart Card >>> Name: Schedule >>> displayname: Task Scheduler >>> Name: seclogon >>> displayname: Secondary Logon >>> Name: SENS >>> displayname: System Event Notification >>> Name: ShellHWDetection >>> displayname: Shell Hardware Detection >>> Name: SmcService >>> displayname: Symantec Management Client >>> Name: Spooler >>> displayname: Print Spooler >>> Name: stisvc >>> displayname: Windows Image Acquisition (WIA) >>> Name: Symantec AntiVirus >>> displayname: Symantec Endpoint Protection >>> Name: TapiSrv >>> displayname: Telephony >>> Name: TermService >>> displayname: Terminal Services >>> Name: Themes >>> displayname: Themes >>> Name: TrkWks >>> displayname: Distributed Link Tracking Client >>> Name: W32Time >>> displayname: Windows Time >>> Name: WebClient >>> displayname: WebClient >>> Name: winmgmt >>> displayname: Windows Management Instrumentation >>> Name: wuauserv >>> displayname: Automatic Updates >>> Name: Wuser32 >>> displayname: SMS Remote Control Agent >>> Name: YahooAUService >>> displayname: Yahoo! Updater >>> >>>
  2. Okay. I just updated my AdAware and did a scan. But like I mentioned in the middle of my scan Adaware crashes, actually my whole PC crashes. I get a blue screen with the FATAL SYSTEM ERROR message. At this point I have no choice but to reboot. Ive really tried everything including running the latet Norton Antivirus, but Norton is not catching the bug either. Hopefully it's harmless but the popups are just extremely annoying. I did a fresh Hijack this scan and here is the log file. Thanks a million in advance!
  3. I cant seem to shake this bug on my computer. Ive tried pretty much everything. The Ad aware crashes in the middle of the scan and crashes my PC, requiring a reboot. I have run the HijackThis. Appreciate all the help.
  4. I cant seem to shake this bug on my computer. Ive tried pretty much everything. The Ad aware crashes in the middle of the scan and crashes my PC, requiring a reboot. I have run the HijackThis. Appreciate all the help. Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Real Estate\Hotsync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn4\YTBSDK.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Ruby Usac\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\tmp59.tmp.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {f0964da6-0119-461e-9956-a979b8c4b30d} - C:\WINDOWS\system32\cdmENH.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [DellNSCST] "C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" /HIDEUI O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Real Estate\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab O20 - Winlogon Notify: cdmENH - C:\WINDOWS\SYSTEM32\cdmENH.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe