Jacksaar

Members
  • Content Count

    11
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Jacksaar

  • Rank
    Member
  1. I am recieving an error at start as follows c:\windows\caxchg.exe The NTVDM CPU has encountered an illegal instruction I typically hit continue and the computer works fine, but it is troubling and suspicious to have the error. As best I can tell, caxchg.exe is not needed, I tried to delete, but error keeps coming. Search of my hard drive always shows c:\windows\caxchg.exe c:\wndows\prefetch\caxchg.exe-061cob74.pf I run Adware and Spybot S&D on regular basis. I noticed shicoxp.exe in my hijackthis log. Any idea what this is? Here is my hijackthis log. Can anyone help? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:33:49 AM, on 8/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\GWMDMMSG.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\shicoxp.exe C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\1-Click Answers\answers.exe C:\PROGRA~1\1-CLIC~1\agtserv.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe O4 - HKLM\..\Run: [caxchg] C:\WINDOWS\caxchg.exe O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/cabs/MSDcode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134514889745 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134686506132 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 10630 bytes
  2. Help please. Sluggish & unusal behavior. I'm not sure what is happening. This morning Windows had some type of stop error, and I can no longer get windows updates, all of which tells me something is wrong. I thought I would start here. Can anyone help? My Hijack This log is below Logfile of HijackThis v1.99.1 Scan saved at 10:08:11 AM, on 6/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\basfipm.exe C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\1XConfig.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\ICQLite\ICQLite.exe C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\1-Click Answers\answers.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\PROGRA~1\1-CLIC~1\agtserv.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...arch/search.htm l R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.answers.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...arch/search.htm l R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Dechert-Hampe R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [iCQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\samnsp.dll O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: http://www.answers.com O15 - Trusted Zone: http://www.bloomberg.com O15 - Trusted Zone: http://webmail.atl.earthlink.net O15 - Trusted Zone: http://www.earthlink.net O15 - Trusted Zone: http://www.reuters.com O15 - Trusted Zone: http://www.sparksco.com O15 - Trusted Zone: http://www.gsb.stanford.edu O16 - DPF: CCWebV6Client - http://rational.nbcuni.ge.com:8080/ccweb/a...s/ccwebv6cl.cab O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - http://download1.answers.com/pub/AnswersSetup.cab O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://anywherela.nbcuni.com/dana-cached/s...oterisSetup.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat....cab?1166039612 193 O16 - DPF: {BB8B9052-8D27-45D4-B79F-84946D41EBF7} (Office Live Meeting Presentation-Upload Control) - https://fwd120.livemeeting.com/etc/place/TA...re.aud.ieupload /UploadControl.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dechert-hampe.com O17 - HKLM\Software\..\Telephony: DomainName = dechert-hampe.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dechert-hampe.com O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing) O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing) O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  3. Hello, My computer has been running in an increasingly slow manner over the last month. I've increased my frequency of Lavasoft, & Sybot only to notice nearly the same files always are removed. I'm guessing that something is working its way around the anti-spyware programs. Any help would be appreciated. Thanks PS Attached is my last Ad-Aware log file.
  4. Thanks for your help, and the suggestions. I'm glad my feedback was helpful. All the best
  5. Thank you so much. You have been very helpful. System is running great. All the time I've wasted in the past. Wow. Two pieces of feedback and one more question Feedback #1 FYI- My Norton AntiVirus (Norton Internet Security 2006) worked slightly differently than described. What I did was 1) Open Norton Internet Security 2) Select Norton AntiVirus 3) On Left hand side, select Reports 4) On Right hand side, select "View Norton Quarantine & Restore 5) follow the remainder of instruction you provided Feedback #2 FYI the instructions in step 3 got a little confusing. Did the three lines beginning ON the desktop,... Click the system... Check Turn off.... Get repeated twice in the first two paragraphs? I never was asked to turn on system restore, unitl I followed the "Click Start . All Programs > Accessories >System Tools chain of menus. No problem though once I turned on system restore, selected apply and selected okay. I repeated the menus and went straight to the wizard. Which led me to question, how many times was I supose to repeat the cycle. I may have done a few extra but ultimately, I cleaned out the old restore points, turned system resotre back on, restarted, and then created a new restore point wiht my own personal name. Question Assuming things are clean now, Can I use Add/remove programs to remove the several things I've downloaded. These programs are much to sophisticated/dangerous to be left near my reach Thanks again, wonderful experience, I'm glad people like you take the time to help others. Makes we want to rethink the use of my free time.
  6. Kaspersky scan results ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, January 26, 2007 9:39:44 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 27/01/2007 Kaspersky Anti-Virus database records: 247921 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 58190 Number of viruses found: 7 Number of infected objects: 40 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:19:34 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Aaron\Application Data\Lavasoft\Ad-Aware\Logs\AWEVLOG.txt Object is locked skipped C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\call256.dbb Object is locked skipped C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\callmember256.dbb Object is locked skipped C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\chat512.dbb Object is locked skipped C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\chatmsg256.dbb Object is locked skipped C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\contactgroup256.dbb Object is locked skipped C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\index2.dat Object is locked skipped C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\profile16384.dbb Object is locked skipped C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\transfer256.dbb Object is locked skipped C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\transfer512.dbb Object is locked skipped C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\user1024.dbb Object is locked skipped C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\user16384.dbb Object is locked skipped C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\user256.dbb Object is locked skipped C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\user4096.dbb Object is locked skipped C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\voicemail256.dbb Object is locked skipped C:\Documents and Settings\Aaron\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped C:\Documents and Settings\Aaron\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Aaron\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Aaron\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Aaron\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Aaron\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Aaron\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Aaron\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Aaron\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\03b92c9cfcc0bf82ffcaaab0ecfc5531_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d00e771e438aa49fec85d1eb0497d3e_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\21708f962de48460650d31e2bace7b53_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c385d82df96470a470cd5f70c92c979_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\32d6ab8ca1b65136f3280b9a2feb8a71_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c3a55acbf976ab28e455b76631d888d_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8f3ed9b741055b2dfed436f21d3c7af5_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c03832190f179dd77b07691dc4336974_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa3d57144fe64dc05723a389bf85f727_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc451aadf0957fd2e67550bbd95f86bb_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-01-26_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E23541F.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E267E1B.exe Infected: Trojan-Downloader.Win32.Zlob.bcb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\338A55F2.tmp/document.pif Infected: Net-Worm.Win32.Mytob.j skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\338A55F2.tmp ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\338A55F2.tmp CryptFF: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C135A31.exe Infected: Trojan.Win32.Agent.rx skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F784021.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76F67560.tmp/doc.exe Infected: Net-Worm.Win32.Mytob.j skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76F67560.tmp ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76F67560.tmp CryptFF: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78180E20.tmp/text.bat Infected: Net-Worm.Win32.Mytob.j skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78180E20.tmp ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78180E20.tmp CryptFF: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\796756CE.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0198NAV~.TMP Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0434NAV~.TMP Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023824.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bbr skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023824.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bbr skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023824.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023824.exe UPX: infected - 2 skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023824.exe PE_Patch.UPX: infected - 2 skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023825.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bbr skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023825.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bbr skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023825.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023825.exe UPX: infected - 2 skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023825.exe PE_Patch.UPX: infected - 2 skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP257\A0025333.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.blb skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP257\A0025333.exe/stream Infected: Trojan-Downloader.Win32.Zlob.blb skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP257\A0025333.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP257\A0025333.exe UPX: infected - 2 skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP257\A0025333.exe PE_Patch.UPX: infected - 2 skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP258\A0025347.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP258\A0025367.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP258\A0025377.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP259\A0025397.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP259\A0025431.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP259\A0025439.exe Infected: Trojan-Downloader.Win32.Zlob.bls skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP259\A0025451.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP259\A0025471.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP259\A0025478.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP259\A0025479.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP259\A0025484.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP260\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
  7. HIghjack this log Logfile of HijackThis v1.99.1 Scan saved at 9:48:29 PM, on 1/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\GWMDMMSG.exe C:\WINDOWS\shicoxp.exe C:\WINDOWS\caxchg.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe C:\Program Files\1-Click Answers\answers.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\1-CLIC~1\agtserv.exe C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.answers.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe O4 - HKLM\..\Run: [caxchg] C:\WINDOWS\caxchg.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe" O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134514889745 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134686506132 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe combo fix log "Aaron" - 07-01-26 21:42:02 Service Pack 2 ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Aaron\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-12-26 to 2007-01-26 )))))))))))))))))))))))))))))))))) 2007-01-26 20:10 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-01-26 20:10 <DIR> d-------- C:\WINDOWS\LastGood 2007-01-25 20:23 2,820 --a------ C:\WINDOWS\system32\tmp.reg 2007-01-25 20:15 <DIR> d-------- C:\DOCUME~1\Aaron\SmitfraudFix 2007-01-24 20:42 <DIR> d-------- C:\Program Files\Hijackthis 2007-01-23 21:27 <DIR> d-------- C:\WINDOWS\pss 2007-01-09 23:10 696,320 --a------ C:\WINDOWS\system32\libeay32.dll 2007-01-09 23:10 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll 2007-01-09 23:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\iolo 2007-01-09 23:07 <DIR> d-------- C:\DOCUME~1\Aaron\Application Data\iolo 2007-01-09 22:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe 2007-01-09 22:26 <DIR> d-------- C:\WINDOWS\ie7updates (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-26 21:32 -------- d-------- C:\DOCUME~1\Aaron\Application Data\skype 2007-01-26 20:00 -------- d-------- C:\Program Files\mozilla firefox 2007-01-24 20:23 -------- d-------- C:\Program Files\norton internet security 2007-01-24 20:23 -------- d-------- C:\Program Files\Common Files\symantec shared 2007-01-21 08:45 -------- d-------- C:\Program Files\lavasoft 2007-01-21 08:45 -------- d-------- C:\DOCUME~1\Aaron\Application Data\lavasoft 2007-01-14 08:54 -------- d-------- C:\Program Files\windows media connect 2 2007-01-09 22:47 -------- d-------- C:\DOCUME~1\Aaron\Application Data\adobeum 2007-01-09 21:45 -------- d-------- C:\Program Files\Common Files\adobe 2007-01-05 20:27 -------- d-------- C:\Program Files\java 2006-12-16 05:43 -------- d-------- C:\Program Files\gateway 2006-12-13 21:19 -------- d-------- C:\Program Files\Common Files\xing shared 2006-12-13 21:19 -------- d-------- C:\Program Files\Common Files\real 2006-12-02 12:57 23366 --a------ C:\DOCUME~1\Aaron\Application Data\comma separated values (dos).adr 2006-11-27 00:45 60416 --------- C:\WINDOWS\system32\tzchange.exe 2006-11-26 10:37 -------- d-------- C:\DOCUME~1\Aaron\Application Data\apple computer 2006-11-26 09:30 -------- d-------- C:\Program Files\1-click answers 2006-11-12 22:02 36352 --------- C:\WINDOWS\system32\tsgqec.dll 2006-11-12 22:02 288768 --------- C:\WINDOWS\system32\rhttpaa.dll 2006-11-12 22:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll 2006-11-12 22:02 116736 --------- C:\WINDOWS\system32\aaclient.dll 2006-11-08 20:28 73216 --a------ C:\WINDOWS\st6unst.exe 2006-11-08 20:28 249856 --------- C:\WINDOWS\setup1.exe 2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-07 00:06 600576 --a------ C:\WINDOWS\system32\mstsc.exe 2006-11-06 11:35 531568 --a------ C:\WINDOWS\system32\rmactivate_isv.exe 2006-11-06 11:35 523376 --a------ C:\WINDOWS\system32\rmactivate.exe 2006-11-06 11:35 519280 --a------ C:\WINDOWS\system32\secproc_isv.dll 2006-11-06 11:35 518768 --a------ C:\WINDOWS\system32\secproc.dll 2006-11-06 11:35 358000 --a------ C:\WINDOWS\system32\rmactivate_ssp.exe 2006-11-06 11:35 354416 --a------ C:\WINDOWS\system32\rmactivate_ssp_isv.exe 2006-11-06 11:35 323696 --a------ C:\WINDOWS\system32\msdrm.dll 2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\secproc_ssp_isv.dll 2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\secproc_ssp.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "AWMON"="\"C:\\PROGRA~1\\Lavasoft\\AD-AWA~2\\Ad-Watch.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "GWMDMMSG"="GWMDMMSG.exe" "shicoxp"="C:\\WINDOWS\\shicoxp.exe" "caxchg"="C:\\WINDOWS\\caxchg.exe" "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe" "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\2\\printray.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "none"="C:\\Program Files\\Video ActiveX Object\\pmsngr.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89f38730-71b9-11da-baae-0014bf75bff0}] Shell\AutoRun\command G:\setupSNK.exe *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Low Battery Alarm Program.job C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Aaron.job C:\WINDOWS\tasks\Norton AntiVirus - Run Norton QuickScan - Aaron.job Completion time: 07-01-26 21:44:38
  8. PS the smitfraudfix.cmd was run twice. I forgot to safe the first rapport.txt file, and did not read in the instructions quick enough that the file was probably somewhere on my hard drive Sorry Things seem to be working well though
  9. Completed Things Seem Better Now Hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 8:32:08 PM, on 1/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\GWMDMMSG.exe C:\WINDOWS\shicoxp.exe C:\WINDOWS\caxchg.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe C:\Program Files\1-Click Answers\answers.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\1-CLIC~1\agtserv.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE C:\Program Files\Hijackthis\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe O4 - HKLM\..\Run: [caxchg] C:\WINDOWS\caxchg.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe" O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134514889745 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134686506132 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Smithfraudfix log SmitFraudFix v2.135 Scan done at 20:25:57.32, Thu 01/25/2007 Run from C:\Documents and Settings\Aaron\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Thanks a lot
  10. Hello David Thanks for helping on this topic. Here is the Hijackthislog Logfile of HijackThis v1.99.1 Scan saved at 8:43:04 PM, on 1/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Video ActiveX Object\pmsngr.exe C:\WINDOWS\GWMDMMSG.exe C:\WINDOWS\shicoxp.exe C:\WINDOWS\caxchg.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Video ActiveX Object\pmmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe C:\Program Files\1-Click Answers\answers.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\1-CLIC~1\agtserv.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gsb.stanford.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe O4 - HKLM\..\Run: [caxchg] C:\WINDOWS\caxchg.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe" O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134514889745 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134686506132 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINDOWS\system32\nbbrhbd.dll (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Here is the Adware log Ad-Aware SE Build 1.06r1 Logfile Created on:Wednesday, January 24, 2007 8:53:52 PM Using definitions file:SE1R146 22.01.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):21 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Ignore spanned files when scanning cab archives Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Block pop-ups aggressively Set : Automatically select problematic objects in results lists Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Show splash screen Set : Backup current definitions file before updating Set : Play sound at scan completion if scan locates critical objects 1-24-2007 8:53:52 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Aaron\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Aaron\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\office\11.0\common\general Description : list of recently used symbols in microsoft office MRU List Object Recognized! Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru Description : list of recent documents opened by microsoft word MRU List Object Recognized! Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-329068152-484763869-854245398-1004\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-329068152-484763869-854245398-1004\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 740 ThreadCreationTime : 1-25-2007 4:16:59 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 816 ThreadCreationTime : 1-25-2007 4:17:02 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 840 ThreadCreationTime : 1-25-2007 4:17:04 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 884 ThreadCreationTime : 1-25-2007 4:17:05 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 896 ThreadCreationTime : 1-25-2007 4:17:05 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1036 ThreadCreationTime : 1-25-2007 4:17:07 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1124 ThreadCreationTime : 1-25-2007 4:17:08 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1164 ThreadCreationTime : 1-25-2007 4:17:08 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1232 ThreadCreationTime : 1-25-2007 4:17:08 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1348 ThreadCreationTime : 1-25-2007 4:17:09 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [ccsetmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1588 ThreadCreationTime : 1-25-2007 4:17:11 AM BasePriority : Normal FileVersion : 104.0.8.3 ProductVersion : 104.0.8.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:12 [ccevtmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1616 ThreadCreationTime : 1-25-2007 4:17:13 AM BasePriority : Normal FileVersion : 104.0.8.3 ProductVersion : 104.0.8.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:13 [ccproxy.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1820 ThreadCreationTime : 1-25-2007 4:17:15 AM BasePriority : Normal FileVersion : 104.0.11.1 ProductVersion : 104.0.11.1 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe #:14 [sndsrvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1832 ThreadCreationTime : 1-25-2007 4:17:15 AM BasePriority : Normal FileVersion : 6.0.4.402 ProductVersion : 6.0 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002 - 2006 Symantec Corporation OriginalFilename : SndSrvc.exe #:15 [spbbcsvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\ ProcessID : 1904 ThreadCreationTime : 1-25-2007 4:17:15 AM BasePriority : Normal FileVersion : 2.1.0.4 ProductVersion : 2.1.0.4 ProductName : SPBBC CompanyName : Symantec Corporation FileDescription : SPBBC Service InternalName : SPBBCSvc LegalCopyright : Copyright © 2004, 2005 Symantec Corporation. All rights reserved. OriginalFilename : SPBBCSvc.exe #:16 [symlcsvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\ ProcessID : 1960 ThreadCreationTime : 1-25-2007 4:17:15 AM BasePriority : Normal FileVersion : 1.9.1.762 ProductVersion : 1.9.1.762 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright © 2003 OriginalFilename : symlcsvc.exe #:17 [lexbces.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 512 ThreadCreationTime : 1-25-2007 4:17:20 AM BasePriority : Normal FileVersion : 5,13,00,00 ProductVersion : 5,13,00,00 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LexBce Service InternalName : LexBce Service LegalCopyright : © 1993 - 2000 Lexmark International, Inc. OriginalFilename : LexBceS.exe #:18 [lexpps.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 552 ThreadCreationTime : 1-25-2007 4:17:20 AM BasePriority : Normal FileVersion : 5,13,00,00 ProductVersion : 5,13,00,00 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LEXPPS.EXE InternalName : LEXPPS LegalCopyright : © 1993 - 2000 Lexmark International, Inc. OriginalFilename : LEXPPS.EXE Comments : MarkVision for Windows '95 New P2P Server (32-bit) #:19 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 548 ThreadCreationTime : 1-25-2007 4:17:20 AM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:20 [aluschedulersvc.exe] FilePath : C:\Program Files\Symantec\LiveUpdate\ ProcessID : 704 ThreadCreationTime : 1-25-2007 4:17:21 AM BasePriority : Normal FileVersion : 3.0.0.166 ProductVersion : 3.0.0.166 ProductName : LiveUpdate CompanyName : Symantec Corporation FileDescription : Automatic LiveUpdate Scheduler Service InternalName : Automatic LiveUpdate Scheduler Service LegalCopyright : Copyright © 1996-2005 Symantec Corporation OriginalFilename : ALUSchedulerSvc.exe #:21 [mdm.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\ ProcessID : 780 ThreadCreationTime : 1-25-2007 4:17:21 AM BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft® Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe #:22 [navapsvc.exe] FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\ ProcessID : 812 ThreadCreationTime : 1-25-2007 4:17:21 AM BasePriority : Normal FileVersion : 12.2.0.13 ProductVersion : 12.2.0 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:23 [nicserv.exe] FilePath : C:\Program Files\Linksys\Wireless-G Notebook Adapter\ ProcessID : 1072 ThreadCreationTime : 1-25-2007 4:17:21 AM BasePriority : Normal FileVersion : 1.1.0.0 ProductVersion : 1.0.0.0 #:24 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1712 ThreadCreationTime : 1-25-2007 4:17:22 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:25 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 412 ThreadCreationTime : 1-25-2007 4:17:24 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:26 [pmsngr.exe] FilePath : C:\Program Files\Video ActiveX Object\ ProcessID : 1524 ThreadCreationTime : 1-25-2007 4:17:31 AM BasePriority : Normal #:27 [gwmdmmsg.exe] FilePath : C:\WINDOWS\ ProcessID : 1540 ThreadCreationTime : 1-25-2007 4:17:31 AM BasePriority : Normal FileVersion : 3.6.08 03/17/2003 15:19:57 ProductVersion : 3.6.08 03/17/2003 15:19:57 ProductName : GTW Modem Messaging Applet CompanyName : GTW FileDescription : Modem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © GTW 1998-2000 OriginalFilename : smdmstat.exe #:28 [shicoxp.exe] FilePath : C:\WINDOWS\ ProcessID : 1548 ThreadCreationTime : 1-25-2007 4:17:31 AM BasePriority : Normal #:29 [caxchg.exe] FilePath : C:\WINDOWS\ ProcessID : 1752 ThreadCreationTime : 1-25-2007 4:17:31 AM BasePriority : Normal #:30 [igfxtray.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1768 ThreadCreationTime : 1-25-2007 4:17:31 AM BasePriority : Normal FileVersion : 3.0.0.2285 ProductVersion : 7.0.0.2285 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : igfxTray Module InternalName : IGFXTRAY LegalCopyright : Copyright 1999-2003, Intel Corporation OriginalFilename : IGFXTRAY.EXE #:31 [hkcmd.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1776 ThreadCreationTime : 1-25-2007 4:17:31 AM BasePriority : Normal FileVersion : 3.0.0.2285 ProductVersion : 7.0.0.2285 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : hkcmd Module InternalName : HKCMD LegalCopyright : Copyright 1999-2003, Intel Corporation OriginalFilename : HKCMD.EXE #:32 [syntplpr.exe] FilePath : C:\Program Files\Synaptics\SynTP\ ProcessID : 1796 ThreadCreationTime : 1-25-2007 4:17:31 AM BasePriority : Normal FileVersion : 7.9.0 08Jan04 ProductVersion : 7.9.0 08Jan04 ProductName : Progressive Touch CompanyName : Synaptics, Inc. FileDescription : TouchPad Driver Helper Application InternalName : SynTPLpr LegalCopyright : Copyright © Synaptics, Inc. 1996-2004 OriginalFilename : SynTPLpr.exe #:33 [syntpenh.exe] FilePath : C:\Program Files\Synaptics\SynTP\ ProcessID : 1708 ThreadCreationTime : 1-25-2007 4:17:31 AM BasePriority : Normal FileVersion : 7.9.0 08Jan04 ProductVersion : 7.9.0 08Jan04 ProductName : Progressive Touch CompanyName : Synaptics, Inc. FileDescription : Synaptics TouchPad Enhancements InternalName : Scrolleroo LegalCopyright : Copyright © Synaptics, Inc. 1996-2004 OriginalFilename : SynTPEnh.exe #:34 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 220 ThreadCreationTime : 1-25-2007 4:17:31 AM BasePriority : Normal FileVersion : 104.0.8.3 ProductVersion : 104.0.8.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:35 [jusched.exe] FilePath : C:\Program Files\Java\jre1.5.0_10\bin\ ProcessID : 2084 ThreadCreationTime : 1-25-2007 4:17:32 AM BasePriority : Normal #:36 [pmmon.exe] FilePath : C:\Program Files\Video ActiveX Object\ ProcessID : 2204 ThreadCreationTime : 1-25-2007 4:17:32 AM BasePriority : Normal #:37 [qttask.exe] FilePath : C:\Program Files\QuickTime\ ProcessID : 2168 ThreadCreationTime : 1-25-2007 4:17:32 AM BasePriority : Normal FileVersion : 7.1.3 ProductVersion : QuickTime 7.1.3 ProductName : QuickTime CompanyName : Apple Computer, Inc. FileDescription : QuickTime Task InternalName : QuickTime Task LegalCopyright : Copyright Apple Computer, Inc. 1989-2006 OriginalFilename : QTTask.exe #:38 [ituneshelper.exe] FilePath : C:\Program Files\iTunes\ ProcessID : 2248 ThreadCreationTime : 1-25-2007 4:17:33 AM BasePriority : Normal FileVersion : 7.0.2.16 ProductVersion : 7.0.2.16 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:39 [realsched.exe] FilePath : C:\Program Files\Common Files\Real\Update_OB\ ProcessID : 2336 ThreadCreationTime : 1-25-2007 4:17:33 AM BasePriority : Normal FileVersion : 0.1.0.3760 ProductVersion : 0.1.0.3760 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:40 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2416 ThreadCreationTime : 1-25-2007 4:17:34 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:41 [skype.exe] FilePath : C:\Program Files\Skype\Phone\ ProcessID : 2424 ThreadCreationTime : 1-25-2007 4:17:34 AM BasePriority : Normal #:42 [ad-watch.exe] FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\ ProcessID : 2448 ThreadCreationTime : 1-25-2007 4:17:35 AM BasePriority : Normal FileVersion : 3.1.2.17 ProductVersion : 3.2 ProductName : Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Watch System Protector InternalName : Ad-Watch.exe LegalCopyright : 1999-2004 Team Lavasoft OriginalFilename : Ad-Watch.exe #:43 [answers.exe] FilePath : C:\Program Files\1-Click Answers\ ProcessID : 3412 ThreadCreationTime : 1-25-2007 4:17:38 AM BasePriority : Normal FileVersion : 2.1 (build 521) ProductVersion : 2.1 (build 521) ProductName : Answers CompanyName : Answers Corporation FileDescription : 1-Click Answers Client InternalName : 1-Click Answers Client LegalCopyright : Copyright © Answers Corporation 1999-2006 OriginalFilename : Answers.exe #:44 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3432 ThreadCreationTime : 1-25-2007 4:17:38 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:45 [ipodservice.exe] FilePath : C:\Program Files\iPod\bin\ ProcessID : 3700 ThreadCreationTime : 1-25-2007 4:17:39 AM BasePriority : Normal FileVersion : 7.0.2.16 ProductVersion : 7.0.2.16 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:46 [agtserv.exe] FilePath : C:\PROGRA~1\1-CLIC~1\ ProcessID : 3584 ThreadCreationTime : 1-25-2007 4:17:55 AM BasePriority : Normal FileVersion : 8.1 (build 521) ProductVersion : 8.1 (build 521) ProductName : ScreenScraper SDK CompanyName : Answers Corporation FileDescription : AgtServ main executable InternalName : AgtServ LegalCopyright : Copyright © Answers Corporation 1999-2006 OriginalFilename : AgtServ.exe #:47 [firefox.exe] FilePath : C:\PROGRA~1\MOZILL~1\ ProcessID : 2832 ThreadCreationTime : 1-25-2007 4:18:15 AM BasePriority : Normal #:48 [nscsrvce.exe] FilePath : C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\ ProcessID : 3724 ThreadCreationTime : 1-25-2007 4:18:40 AM BasePriority : Normal FileVersion : 2006.1.5.17 ProductVersion : 2006.1.5 ProductName : Norton Security Console CompanyName : Symantec Corporation FileDescription : Norton Security Console Norton Protection Center Service InternalName : NSCService LegalCopyright : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved. OriginalFilename : NSCSrvce.exe #:49 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Plus\ ProcessID : 2648 ThreadCreationTime : 1-25-2007 4:50:47 AM BasePriority : Normal FileVersion : 6.2.0.237 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:50 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ProcessID : 3728 ThreadCreationTime : 1-25-2007 4:52:13 AM BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:51 [acrord32.exe] FilePath : C:\Program Files\Adobe\Acrobat 7.0\Reader\ ProcessID : 2000 ThreadCreationTime : 1-25-2007 4:53:33 AM BasePriority : Normal FileVersion : 7.0.8.2006051600 ProductVersion : 7.0.8.2006051600 ProductName : Adobe Reader CompanyName : Adobe Systems Incorporated FileDescription : Adobe Reader 7.0 LegalCopyright : Copyright 1984-2006 Adobe Systems Incorporated and its licensors. All rights reserved. OriginalFilename : AcroRd32.exe #:52 [navw32.exe] FilePath : C:\PROGRA~1\NORTON~1\NORTON~1\ ProcessID : 3920 ThreadCreationTime : 1-25-2007 4:53:46 AM BasePriority : Idle FileVersion : 12.2.0.13 ProductVersion : 12.2.0 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Scanner Module InternalName : Navw32 LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved. OriginalFilename : Navw32.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 21 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 21 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 21 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 21 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 21 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 21 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 21 9:04:17 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:10:25.9 Objects scanned:152731 Objects identified:0 Objects ignored:0 New critical objects:0
  11. I have acquired both pmmon.exe and pmsngr.exe and am recieving taskbar popups like crazy. I've seen from other post several steps are required. Any direction is valuable please help. Thanks Edit --> Moved to HJT forum