vamcleod

Members
  • Content Count

    6
  • Joined

  • Last visited

Community Reputation

0 Neutral

About vamcleod

  • Rank
    Newbie
  1. Thanks guys. I think I have got this critter caught. After running HJT,I reviewed the log and located any files that I did not recognize from past experience. I googled these files and found two that were spywareno. Wupdmgr.exe and osaupd.exe original filename balloon.exe(I had previously deleted that entry from the registry). I then booted to safe mode and deleted those two files. Deleted the desktop icon and boom, I am smoking again!! Thanks for all the help. You guys were great. Thanks Corrine for the first shove. Peace up!!
  2. Thanks, here is Hijack Logfile of HijackThis v1.99.1 Scan saved at 8:14:52 PM, on 4/27/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ACS.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\SM1BG.EXE C:\toshiba\ivp\ism\pinger.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\wupdmgr.exe C:\WINDOWS\osaupd.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\DOWNLOADS_vomac\HijACk THiS\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [{78-8F-FC-C1-ZN}] 0 O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140652834906 O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/1.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Thanks guys.
  3. #:24 [spbbcsvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\ ProcessID : 272 ThreadCreationTime : 4-26-2006 11:31:59 PM BasePriority : Normal FileVersion : 1,0,1,47 ProductVersion : 1,0,1,47 ProductName : SPBBC CompanyName : Symantec Corporation FileDescription : SPBBC Service InternalName : SPBBCSvc LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved. OriginalFilename : SPBBCSvc.exe #:25 [starwindservice.exe] FilePath : C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\ ProcessID : 328 ThreadCreationTime : 4-26-2006 11:31:59 PM BasePriority : Normal FileVersion : 2.6.1 Build 0x20050401 ProductVersion : 2.6.1 Build 0x20050401 ProductName : StarWind CompanyName : Rocket Division Software FileDescription : StarWind iSCSI Target (Alcohol Edition) InternalName : StarWind LegalCopyright : Copyright © Rocket Division Software 2003-2005. All rights reserved. OriginalFilename : StarWind #:26 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 340 ThreadCreationTime : 4-26-2006 11:31:59 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:27 [swupdtmr.exe] FilePath : c:\TOSHIBA\Ivp\Swupdate\ ProcessID : 440 ThreadCreationTime : 4-26-2006 11:31:59 PM BasePriority : Normal #:28 [symlcsvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\ ProcessID : 508 ThreadCreationTime : 4-26-2006 11:32:03 PM BasePriority : Normal FileVersion : 1.8.54.841 ProductVersion : 1.8.54.841 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright © 2003 OriginalFilename : symlcsvc.exe #:29 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 572 ThreadCreationTime : 4-26-2006 11:32:05 PM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:30 [mspmspsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 676 ThreadCreationTime : 4-26-2006 11:32:05 PM BasePriority : Normal FileVersion : 7.00.00.1954 ProductVersion : 7.00.00.1954 ProductName : Microsoft ® DRM CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV.EXE LegalCopyright : Copyright © Microsoft Corp. 1981-2000 OriginalFilename : MSPMSPSV.EXE #:31 [ccevtmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 988 ThreadCreationTime : 4-26-2006 11:32:06 PM BasePriority : Normal FileVersion : 103.0.7.2 ProductVersion : 103.0.7.2 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:32 [tptray.exe] FilePath : C:\Program Files\TOSHIBA\TouchPad\ ProcessID : 1792 ThreadCreationTime : 4-26-2006 11:32:20 PM BasePriority : Normal FileVersion : 1, 1, 0, 2 ProductVersion : 1, 1, 0, 2 ProductName : TPTray Application CompanyName : COMPAL ELECTRONIC INC. FileDescription : TPTray Application InternalName : TPTray LegalCopyright : Copyright 2002-2004 Compal Electronic Inc. OriginalFilename : TPTray.EXE Comments : Mei Hsu #:33 [sm1bg.exe] FilePath : C:\WINDOWS\ ProcessID : 2056 ThreadCreationTime : 4-26-2006 11:32:22 PM BasePriority : Normal FileVersion : 6.01.1000.0 ProductVersion : 6.01.1000.0 ProductName : Cypress USB Mass Storage Adapter CompanyName : Cypress Semiconductor FileDescription : Cypress USB Mass Storage Driver Background Application InternalName : SM1BG.EXE LegalCopyright : Copyright © 1998-2003 Cypress Semiconductor OriginalFilename : SM1BG.EXE #:34 [pinger.exe] FilePath : C:\toshiba\ivp\ism\ ProcessID : 2064 ThreadCreationTime : 4-26-2006 11:32:22 PM BasePriority : Normal FileVersion : 3.3 ProductVersion : 3.3 ProductName : Software Upgrades CompanyName : TOSHIBA Corporation FileDescription : TOSHIBA Pinger InternalName : PINGER LegalCopyright : © 1997-2002 TOSHIBA Corporation OriginalFilename : PINGER.EXE Comments : With TSysSMon support. #:35 [padexe.exe] FilePath : C:\Program Files\TOSHIBA\Touch and Launch\ ProcessID : 2124 ThreadCreationTime : 4-26-2006 11:32:23 PM BasePriority : Normal FileVersion : 1, 2, 4, 0 ProductVersion : 1, 2, 4, 0 ProductName : PadTouch CompanyName : TOSHIBA FileDescription : PadTouch Main InternalName : PadExe LegalCopyright : Copyright © 2003-2004 TOSHIBA Corporation OriginalFilename : PadExe.exe #:36 [ndstray.exe] FilePath : C:\Program Files\TOSHIBA\ConfigFree\ ProcessID : 2136 ThreadCreationTime : 4-26-2006 11:32:23 PM BasePriority : Normal FileVersion : 4, 50, 0, 105 ProductVersion : 4, 5, 0, 0 ProductName : ConfigFree Tray CompanyName : TOSHIBA CORPORATION FileDescription : ConfigFree Tray InternalName : ndstray LegalCopyright : Copyright 2002-2003 © TOSHIBA CORPORATION. All rights reserved. OriginalFilename : NDSTray.exe #:37 [tfswctrl.exe] FilePath : C:\WINDOWS\system32\dla\ ProcessID : 2152 ThreadCreationTime : 4-26-2006 11:32:24 PM BasePriority : Normal FileVersion : 1.04.08a CompanyName : Sonic Solutions FileDescription : Drive Letter Access Component LegalCopyright : Copyright © 2004 Sonic Solutions #:38 [cepmtray.exe] FilePath : C:\Program Files\TOSHIBA\Power Management\ ProcessID : 2172 ThreadCreationTime : 4-26-2006 11:32:25 PM BasePriority : Normal FileVersion : 1, 1, 0, 11 ProductVersion : 1, 1, 0, 11 ProductName : CeTray Application CompanyName : COMPAL ELECTRONIC INC. FileDescription : CeTray MFC Application InternalName : CeTray LegalCopyright : Copyright 2002-2004 Compal Electronic Inc. OriginalFilename : CeTray.EXE Comments : James Kang #:39 [ceekey.exe] FilePath : C:\Program Files\TOSHIBA\E-KEY\ ProcessID : 2204 ThreadCreationTime : 4-26-2006 11:32:25 PM BasePriority : Normal FileVersion : 2, 1, 0, 7 ProductVersion : 2, 1, 0, 7 ProductName : EKey Application CompanyName : COMPAL ELECTRONIC INC. FileDescription : TOSHIBA HotKey Utility InternalName : EKey LegalCopyright : Copyright 2003-2004 Compal Electronic Inc. OriginalFilename : CeEKey.EXE #:40 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 2240 ThreadCreationTime : 4-26-2006 11:32:26 PM BasePriority : Normal FileVersion : 103.0.7.2 ProductVersion : 103.0.7.2 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:41 [ad-watch.exe] FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\ ProcessID : 2308 ThreadCreationTime : 4-26-2006 11:32:27 PM BasePriority : Normal FileVersion : 3.1.2.17 ProductVersion : 3.2 ProductName : Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Watch System Protector InternalName : Ad-Watch.exe LegalCopyright : 1999-2004 Team Lavasoft OriginalFilename : Ad-Watch.exe #:42 [atiptaxx.exe] FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\ ProcessID : 2360 ThreadCreationTime : 4-26-2006 11:32:28 PM BasePriority : Normal FileVersion : 6.14.10.5103 ProductVersion : 6.14.10.5103 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:43 [apoint.exe] FilePath : C:\Program Files\Apoint2K\ ProcessID : 2444 ThreadCreationTime : 4-26-2006 11:32:29 PM BasePriority : Normal FileVersion : 6.0.2.180 ProductVersion : 6.0.2.180 ProductName : Alps Pointing-device Driver CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver InternalName : Alps Pointing-device Driver LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd. OriginalFilename : Apoint.exe #:44 [agrsmmsg.exe] FilePath : C:\WINDOWS\ ProcessID : 2516 ThreadCreationTime : 4-26-2006 11:32:30 PM BasePriority : Normal FileVersion : 2.1.38 2.1.38 02/20/2004 15:00:27 ProductVersion : 2.1.38 2.1.38 02/20/2004 15:00:27 ProductName : Agere SoftModem Messaging Applet CompanyName : Agere Systems FileDescription : SoftModem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Agere Systems 1998-2000 OriginalFilename : smdmstat.exe #:45 [mtdacq.exe] FilePath : C:\Program Files\Creative\Shared Files\Media Sniffer\ ProcessID : 2640 ThreadCreationTime : 4-26-2006 11:32:32 PM BasePriority : Normal FileVersion : 1.2.3.0 ProductVersion : 1.0.0.0 ProductName : Metadata monitor CompanyName : Creative Technology Ltd FileDescription : Metadata monitor InternalName : MtdAcq.exe LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved. OriginalFilename : MtdAcq.exe #:46 [ctdetect.exe] FilePath : C:\Program Files\Creative\MediaSource\Detector\ ProcessID : 2668 ThreadCreationTime : 4-26-2006 11:32:33 PM BasePriority : Normal FileVersion : 3.0.2.0 ProductVersion : 3.0.0.0 ProductName : Creative MediaSource Detector CompanyName : Creative Technology Ltd FileDescription : Creative MediaSource Detector InternalName : CTDetect LegalCopyright : Copyright © Creative Technology Ltd., 2003-2004. All rights reserved. OriginalFilename : CTDetect.EXE #:47 [wscntfy.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2744 ThreadCreationTime : 4-26-2006 11:32:34 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Security Center Notification App InternalName : wscntfy.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wscntfy.exe #:48 [ramasst.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2796 ThreadCreationTime : 4-26-2006 11:32:36 PM BasePriority : Normal FileVersion : 1, 0, 9, 0 ProductVersion : 1, 0, 9, 0 CompanyName : Matsushita Electric Industrial Co., Ltd. FileDescription : CD Burning of Windows XP disabling tool for DVD MULTI Drive LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003 OriginalFilename : RAMASST.EXE #:49 [wupdmgr.exe] FilePath : C:\WINDOWS\ ProcessID : 2888 ThreadCreationTime : 4-26-2006 11:32:38 PM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Balloon Application FileDescription : Balloon MFC Application InternalName : Balloon LegalCopyright : Copyright © 2006 OriginalFilename : Balloon.EXE
  4. I followed these instruction twice, Spywareno was not removed. Attached is the info requested Ad-Aware SE Build 1.06r1 Logfile Created on:Wednesday, April 26, 2006 8:15:53 PM Using definitions file:SE1R105 26.04.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» SpywareNo(TAC index:10):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R105 26.04.2006 Internal build : 125 File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref File size : 623812 Bytes Total size : 2049042 Bytes Signature data size : 2011689 Bytes Reference data size : 36841 Bytes Signatures total : 56569 CSI Fingerprints total : 2406 CSI data size : 78138 Bytes Target categories : 15 Target families : 880 Memory + processor status: ========================== Number of processors : 2 Processor architecture : Intel Pentium IV Memory available:64 % Total physical memory:916460 kb Available physical memory:584112 kb Total page file size:2222872 kb Available on page file:1956312 kb Total virtual memory:2097024 kb Available virtual memory:2042156 kb OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Automatically check all objects in results lists Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Suppress warning if objects cannot be removed Set : Suppress progress bar during list operations Set : Disable manual quarantine if auto-quarantine is selected Set : Block pop-ups aggressively Set : Load Ad-Watch minimized Set : Automatically select problematic objects in results lists Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Snap windows to desktop borders Set : Limit drive selection to fixed drives Set : Use gridlines in results lists Set : Suppress WebUpdate confirmation dialogs Set : Backup current definitions file before updating Set : Play sound at scan completion if scan locates critical objects 4-26-2006 8:15:53 PM - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 620 ThreadCreationTime : 4-26-2006 11:31:47 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 672 ThreadCreationTime : 4-26-2006 11:31:53 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 696 ThreadCreationTime : 4-26-2006 11:31:54 PM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 744 ThreadCreationTime : 4-26-2006 11:31:55 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 756 ThreadCreationTime : 4-26-2006 11:31:55 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 936 ThreadCreationTime : 4-26-2006 11:31:55 PM BasePriority : Normal #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 952 ThreadCreationTime : 4-26-2006 11:31:55 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1004 ThreadCreationTime : 4-26-2006 11:31:56 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1044 ThreadCreationTime : 4-26-2006 11:31:56 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [acs.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1144 ThreadCreationTime : 4-26-2006 11:31:56 PM BasePriority : Normal #:11 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1180 ThreadCreationTime : 4-26-2006 11:31:56 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1224 ThreadCreationTime : 4-26-2006 11:31:56 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:13 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1528 ThreadCreationTime : 4-26-2006 11:31:57 PM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:14 [aluschedulersvc.exe] FilePath : C:\Program Files\Symantec\LiveUpdate\ ProcessID : 1676 ThreadCreationTime : 4-26-2006 11:31:57 PM BasePriority : Normal FileVersion : 3.0.0.160 ProductVersion : 3.0.0.160 ProductName : LiveUpdate CompanyName : Symantec Corporation FileDescription : Automatic LiveUpdate Scheduler Service InternalName : Automatic LiveUpdate Scheduler Service LegalCopyright : Copyright © 1996-2005 Symantec Corporation OriginalFilename : ALUSchedulerSvc.exe #:15 [ccproxy.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1844 ThreadCreationTime : 4-26-2006 11:31:58 PM BasePriority : Normal FileVersion : 103.0.7.2 ProductVersion : 103.0.7.2 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe #:16 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1856 ThreadCreationTime : 4-26-2006 11:31:58 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:17 [ccsetmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1872 ThreadCreationTime : 4-26-2006 11:31:58 PM BasePriority : Normal FileVersion : 103.0.7.2 ProductVersion : 103.0.7.2 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:18 [ceepwrsvc.exe] FilePath : C:\Program Files\Toshiba\Power Management\ ProcessID : 1884 ThreadCreationTime : 4-26-2006 11:31:58 PM BasePriority : Normal FileVersion : 1, 1, 0, 0 ProductVersion : 1, 1, 0, 0 ProductName : CeEPwrSvc Module CompanyName : COMPAL ELECTRONIC INC. FileDescription : CeEPwrSvc Module InternalName : CeEPwrSvc LegalCopyright : Copyright 2002-2004 Compal Electronic Inc. OriginalFilename : CeEPwrSvc.EXE Comments : James Kang #:19 [cfsvcs.exe] FilePath : C:\Program Files\TOSHIBA\ConfigFree\ ProcessID : 1896 ThreadCreationTime : 4-26-2006 11:31:58 PM BasePriority : Normal FileVersion : 4, 60, 0, 2 ProductVersion : 4, 60, 0, 0 ProductName : ConfigFree CompanyName : TOSHIBA CORPORATION FileDescription : Service of ConfigFree. InternalName : CFSvcs.exe LegalCopyright : Copyright © 2003 TOSHIBA CORPORATION. All rights reserved. LegalTrademarks : ConfigFree OriginalFilename : CFSvcs.exe Comments : Service of ConfigFree. #:20 [ctsvccda.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1920 ThreadCreationTime : 4-26-2006 11:31:58 PM BasePriority : Normal FileVersion : 1.0.1.0 ProductVersion : 1.0.0.0 ProductName : Creative Service for CDROM Access CompanyName : Creative Technology Ltd FileDescription : Creative Service for CDROM Access InternalName : CTsvcCDAEXE LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved. OriginalFilename : CTsvcCDA.EXE #:21 [dvdramsv.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1960 ThreadCreationTime : 4-26-2006 11:31:58 PM BasePriority : Normal FileVersion : 2, 0, 7, 0 ProductVersion : 2, 0, 7, 0 CompanyName : Matsushita Electric Industrial Co., Ltd. FileDescription : Service of RAMAsst for Windows XP LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003 OriginalFilename : DVDRAMSV.EXE #:22 [issvc.exe] FilePath : C:\Program Files\Norton Internet Security\ ProcessID : 2000 ThreadCreationTime : 4-26-2006 11:31:58 PM BasePriority : Normal FileVersion : 8.0.5.14 ProductVersion : 8.0 ProductName : Norton Internet Security CompanyName : Symantec Corporation FileDescription : IS Service InternalName : ISSVC.exe LegalCopyright : Copyright © 2004 Symantec Corporation OriginalFilename : ISSVC.exe #:23 [sndsrvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 212 ThreadCreationTime : 4-26-2006 11:31:58 PM BasePriority : Normal FileVersion : 5.5.1.6 ProductVersion : 5.5 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe
  5. I am unable to remove SPYWARENO from my PC. I have scanned in safe mode, scan in normal mode still the problem still exist. The Scan located it but will not delete it. I did a "find" search in the registry and deleted all files found for Zeno, ballon.apllication,spywareno and still it keeps coming back. This is my third day with this problem. I am using SE plus build 1.06r1 with definition file SE1R104 21.04.2006. Which I understand should be the current version. I also found out that this spy has been around since 2005. Should not this version be able to repair it? I turned off sys restore, ran scan still no help. The scan locates but will not delete. Re scan, locates will not delete. At one time I had 14 files of spywareno in quarantine. I deleted all of them. Same problem exists. Operating system: Win XP, SP2. Pentium 4 w/3.06 GigHz. 1 gig shared memory. Help please!! Thanks. Partial Log follows. Entire log too large to post: Ad-Aware SE Build 1.06r1 Logfile Created on:Saturday, April 22, 2006 12:51:11 PM Using definitions file:SE1R104 21.04.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» SpywareNo(TAC index:10):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»