sshlisky

Members
  • Content Count

    12
  • Joined

  • Last visited

Community Reputation

0 Neutral

About sshlisky

  • Rank
    Member
  1. Charles, F-Secure Scan Scanning Report Sunday, February 18, 2007 19:18:29 - 23:19:09 Computer name: BOSH Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ -------------------------------------------------------------------------------- Result: 3 malware found Tracking Cookie (spyware) System (Disinfected) System System (Submitted) -------------------------------------------------------------------------------- Statistics Scanned: Files: 31411 System: 3927 Not scanned: 5 Actions: Disinfected: 1 Renamed: 0 Deleted: 0 None: 2 Submitted: 1 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{739A91A0-9313-46E3-B0F7-7400DC8CB1D7}.BIN C:\!KILLBOX\XLIBGFL254.DLL -------------------------------------------------------------------------------- Options Scanning engines: F-Secure Libra: 2.4.2, 2007-02-14 F-Secure AVP: 7.0.171, 2007-02-18 F-Secure Orion: 1.2.37, 2007-02-19 F-Secure Blacklight: 1.0.53, 0000-00-00 F-Secure Draco: 1.0.35, 0260-02-44 F-Secure Pegasus: 1.19.0, 2007-01-12 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX Use Advanced heuristics -------------------------------------------------------------------------------- Copyright © 1998-2006 Product support |Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability. Lingering problem. My computer has three users: Steve; Sally; Guest. Although I have recovered the use of my desktop background (Steve) and Guest, Sally's desktop background is still stuck on none and no ability to override. I cannot determine if the computer is running slowly. Steve
  2. Charles, Again, good news and bad news. Pending File Rename Operations prompt did not appear but computer rebooted automatically anyway. Everything worked fine until clicking on Local Disks on Panda. All I get is an "error on page message" on the lower left hand side of the window. I did this twice. Steve
  3. Charles, I had little luck with these procedures: I was fine up to this point C:\WINDOWS\SYSTEM32\xlibgfl254.dll <--File C:\Documents and Settings\Steve\Application Data\ultra/b] <--Folder C:\winstall.exe/b] <--File I found the "C:\WINDOWS\SYSTEM32\xlibgfl254.dll <--File" when I tried to delete it I was denied access, refused to delete. These two files/folders "C:\Documents and Settings\Steve\Application Data\ultra/b] <--Folder C:\winstall.exe/b] <--File" I got prompted that they were not valid folders I only got a beep and no error message when I tried to find "ntoskrnl.dll[/color" I rebooted and did the Kaspersky scan. Scan took three hours and found 5 items, there was no option to save as test. The only option I had was to start a new scan. I did a search for Kaspersky in Files and Folders. Found a couple of files but no text file that showed results of scan (only a text file describing the program). Steve
  4. oops sorry, SmitFraudFix v2.137 Scan done at 21:15:13.92, Wed 01/31/2007 Run from C:\Documents and Settings\Steve\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\warnhp.html Deleted C:\Documents and Settings\Steve\Application Data\Install.dat Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Steve
  5. Charles, I now have the ability load a desktop, so that is fixed. There is one more thing you should know. Just before I had this problem I loaded the browser Windows Explorer 7. I had been using Windows Explorer 6. Could this be causing my computer to be running a little slower? Thanks again for all your time. BlackLight (blbeta found no files so no report was logged) I did an "fsbl" search of my harddrive and no files showed up. Here are the other scans. SmifFraud "Steve" - 07-01-31 21:24:45 Service Pack 2 ComboFix 07.01.31 - Running from: "C:\Documents and Settings\Steve\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-12-31 to 2007-01-31 )))))))))))))))))))))))))))))))))) 2007-01-31 21:15 2,044 --a------ C:\WINDOWS\SYSTEM32\tmp.reg 2007-01-31 21:09 79,360 --a------ C:\WINDOWS\SYSTEM32\swxcacls.exe 2007-01-31 21:09 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe 2007-01-31 21:09 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe 2007-01-31 21:09 40,960 --a------ C:\WINDOWS\SYSTEM32\swsc.exe 2007-01-31 21:09 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe 2007-01-31 21:09 135,168 --a------ C:\WINDOWS\SYSTEM32\swreg.exe 2007-01-27 18:54 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys 2007-01-27 18:54 <DIR> d-------- C:\Program Files\Grisoft 2007-01-25 22:04 <DIR> d-------- C:\Program Files\HijackThis 2007-01-24 23:32 <DIR> d-------- C:\Program Files\Lavasoft 2007-01-24 22:26 <DIR> d-------- C:\WINDOWS\WBEM 2007-01-24 22:26 <DIR> d-------- C:\WINDOWS\SYSTEM32\en-US 2007-01-24 22:24 <DIR> d--h-c--- C:\WINDOWS\ie7 2007-01-24 21:59 121,856 --------- C:\WINDOWS\SYSTEM32\xmllite.dll 2007-01-24 21:58 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-01-24 21:56 <DIR> d-------- C:\8a30082beaec534b01e638 2007-01-21 00:36 17,920 --a------ C:\WINDOWS\SYSTEM32\xlibgfl254.dll 2007-01-21 00:36 <DIR> d-------- C:\DOCUME~1\Steve\Application Data\ultra 2007-01-10 20:05 <DIR> d-------- C:\WINDOWS\SxsCaPendDel (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-24 23:32 -------- d-------- C:\DOCUME~1\Steve\Application Data\lavasoft 2007-01-24 21:20 -------- d-------- C:\Program Files\enigma software group 2006-12-26 00:48 -------- d-------- C:\Program Files\windows media connect 2 2006-11-20 00:42 33280 --a------ C:\WINDOWS\SYSTEM32\snmp.exe 2006-11-07 21:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll 2006-11-07 21:03 6049280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll 2006-11-07 21:03 50688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll 2006-11-07 21:03 458752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll 2006-11-07 21:03 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll 2006-11-07 21:03 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll 2006-11-07 21:03 180736 --------- C:\WINDOWS\SYSTEM32\ieui.dll 2006-11-07 21:03 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll 2006-11-07 03:27 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll 2006-11-07 03:27 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll 2006-11-07 03:26 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll 2006-11-07 03:26 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll 2006-11-07 03:26 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe 2006-11-07 03:26 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll 2006-11-07 03:26 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll 2006-11-07 03:26 13312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe 2006-11-07 03:26 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll 2006-11-07 03:25 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "MMTray"="\"C:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox\\mm_tray.exe\"" "type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AdwareFilter Background Protection.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AdwareFilter Background Protection.lnk" "backup"="C:\\WINDOWS\\pss\\AdwareFilter Background Protection.lnkCommon Startup" "location"="Common Startup" "command"="C:\\Program Files\\AdwareFilter\\adwarefilter.exe " "item"="AdwareFilter Background Protection" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Utility Tray.lnk" "backup"="C:\\WINDOWS\\pss\\Utility Tray.lnkCommon Startup" "location"="Common Startup" "command"="C:\\WINDOWS\\SYSTEM32\\sistray.exe " "item"="Utility Tray" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AGRSMMSG" "hkey"="HKLM" "command"="AGRSMMSG.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Apoint" "hkey"="HKLM" "command"="C:\\Program Files\\Apoint\\Apoint.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DigidesignMMERefresh] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MMERefresh" "hkey"="HKLM" "command"="C:\\Program Files\\Digidesign\\Drivers\\MMERefresh.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="tfswctrl" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DVDLauncher" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 02] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IPClient" "hkey"="HKLM" "command"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPClient.exe\" -l" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 02] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IPMon32" "hkey"="HKLM" "command"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPMon32.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mimboot" "hkey"="HKLM" "command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mm_tray" "hkey"="HKLM" "command"="\"C:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox\\mm_tray.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PCMService" "hkey"="HKLM" "command"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="sgtray" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dumprep 0 -u" "hkey"="HKLM" "command"="%systemroot%\\system32\\dumprep 0 -u" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winstall" "hkey"="HKCU" "command"="C:\\winstall.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll, xlibgfl254.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Completion time: 07-01-31 21:30:44 Combo Fix "Steve" - 07-01-31 21:24:45 Service Pack 2 ComboFix 07.01.31 - Running from: "C:\Documents and Settings\Steve\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-12-31 to 2007-01-31 )))))))))))))))))))))))))))))))))) 2007-01-31 21:15 2,044 --a------ C:\WINDOWS\SYSTEM32\tmp.reg 2007-01-31 21:09 79,360 --a------ C:\WINDOWS\SYSTEM32\swxcacls.exe 2007-01-31 21:09 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe 2007-01-31 21:09 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe 2007-01-31 21:09 40,960 --a------ C:\WINDOWS\SYSTEM32\swsc.exe 2007-01-31 21:09 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe 2007-01-31 21:09 135,168 --a------ C:\WINDOWS\SYSTEM32\swreg.exe 2007-01-27 18:54 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys 2007-01-27 18:54 <DIR> d-------- C:\Program Files\Grisoft 2007-01-25 22:04 <DIR> d-------- C:\Program Files\HijackThis 2007-01-24 23:32 <DIR> d-------- C:\Program Files\Lavasoft 2007-01-24 22:26 <DIR> d-------- C:\WINDOWS\WBEM 2007-01-24 22:26 <DIR> d-------- C:\WINDOWS\SYSTEM32\en-US 2007-01-24 22:24 <DIR> d--h-c--- C:\WINDOWS\ie7 2007-01-24 21:59 121,856 --------- C:\WINDOWS\SYSTEM32\xmllite.dll 2007-01-24 21:58 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-01-24 21:56 <DIR> d-------- C:\8a30082beaec534b01e638 2007-01-21 00:36 17,920 --a------ C:\WINDOWS\SYSTEM32\xlibgfl254.dll 2007-01-21 00:36 <DIR> d-------- C:\DOCUME~1\Steve\Application Data\ultra 2007-01-10 20:05 <DIR> d-------- C:\WINDOWS\SxsCaPendDel (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-24 23:32 -------- d-------- C:\DOCUME~1\Steve\Application Data\lavasoft 2007-01-24 21:20 -------- d-------- C:\Program Files\enigma software group 2006-12-26 00:48 -------- d-------- C:\Program Files\windows media connect 2 2006-11-20 00:42 33280 --a------ C:\WINDOWS\SYSTEM32\snmp.exe 2006-11-07 21:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll 2006-11-07 21:03 6049280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll 2006-11-07 21:03 50688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll 2006-11-07 21:03 458752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll 2006-11-07 21:03 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll 2006-11-07 21:03 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll 2006-11-07 21:03 180736 --------- C:\WINDOWS\SYSTEM32\ieui.dll 2006-11-07 21:03 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll 2006-11-07 03:27 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll 2006-11-07 03:27 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll 2006-11-07 03:26 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll 2006-11-07 03:26 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll 2006-11-07 03:26 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe 2006-11-07 03:26 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll 2006-11-07 03:26 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll 2006-11-07 03:26 13312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe 2006-11-07 03:26 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll 2006-11-07 03:25 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "MMTray"="\"C:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox\\mm_tray.exe\"" "type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AdwareFilter Background Protection.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AdwareFilter Background Protection.lnk" "backup"="C:\\WINDOWS\\pss\\AdwareFilter Background Protection.lnkCommon Startup" "location"="Common Startup" "command"="C:\\Program Files\\AdwareFilter\\adwarefilter.exe " "item"="AdwareFilter Background Protection" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Utility Tray.lnk" "backup"="C:\\WINDOWS\\pss\\Utility Tray.lnkCommon Startup" "location"="Common Startup" "command"="C:\\WINDOWS\\SYSTEM32\\sistray.exe " "item"="Utility Tray" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AGRSMMSG" "hkey"="HKLM" "command"="AGRSMMSG.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Apoint" "hkey"="HKLM" "command"="C:\\Program Files\\Apoint\\Apoint.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DigidesignMMERefresh] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MMERefresh" "hkey"="HKLM" "command"="C:\\Program Files\\Digidesign\\Drivers\\MMERefresh.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="tfswctrl" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DVDLauncher" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 02] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IPClient" "hkey"="HKLM" "command"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPClient.exe\" -l" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 02] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IPMon32" "hkey"="HKLM" "command"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPMon32.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mimboot" "hkey"="HKLM" "command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mm_tray" "hkey"="HKLM" "command"="\"C:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox\\mm_tray.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PCMService" "hkey"="HKLM" "command"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="sgtray" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dumprep 0 -u" "hkey"="HKLM" "command"="%systemroot%\\system32\\dumprep 0 -u" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winstall" "hkey"="HKCU" "command"="C:\\winstall.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll, xlibgfl254.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Completion time: 07-01-31 21:30:44 HighJack This Logfile of HijackThis v1.99.1 Scan saved at 9:52:03 PM, on 1/31/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Digidesign\Drivers\MMERefresh.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\HijackThis\hijackthis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  6. Just thought you might ask for a Full system scan and a HighJackThis Log, so I just went ahead did them: Ad-Aware SE Build 1.06r1 Logfile Created on:Tuesday, January 30, 2007 7:45:36 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R147 25.01.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):14 total references Other(TAC index:5):1 total references PestTrap(TAC index:3):4 total references Tracking Cookie(TAC index:3):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 1-30-2007 7:45:36 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Steve\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Steve\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-3895149624-824023418-3409356266-1006\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-3895149624-824023418-3409356266-1006\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-3895149624-824023418-3409356266-1006\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-3895149624-824023418-3409356266-1006\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-3895149624-824023418-3409356266-1006\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-3895149624-824023418-3409356266-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-3895149624-824023418-3409356266-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-3895149624-824023418-3409356266-1006\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-3895149624-824023418-3409356266-1006\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 568 ThreadCreationTime : 1-31-2007 3:12:40 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 632 ThreadCreationTime : 1-31-2007 3:12:42 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 656 ThreadCreationTime : 1-31-2007 3:12:43 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 700 ThreadCreationTime : 1-31-2007 3:12:43 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 712 ThreadCreationTime : 1-31-2007 3:12:43 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 884 ThreadCreationTime : 1-31-2007 3:12:44 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 940 ThreadCreationTime : 1-31-2007 3:12:44 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 976 ThreadCreationTime : 1-31-2007 3:12:45 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1024 ThreadCreationTime : 1-31-2007 3:12:45 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1084 ThreadCreationTime : 1-31-2007 3:12:45 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [lexbces.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1352 ThreadCreationTime : 1-31-2007 3:12:47 AM BasePriority : Normal FileVersion : 9.45 ProductVersion : 9.45 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LexBce Service InternalName : LexBce Service LegalCopyright : © 1993 - 2004 Lexmark International, Inc. OriginalFilename : LexBceS.exe #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1380 ThreadCreationTime : 1-31-2007 3:12:47 AM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [lexpps.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1388 ThreadCreationTime : 1-31-2007 3:12:47 AM BasePriority : Normal FileVersion : 9.45 ProductVersion : 9.45 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LEXPPS.EXE InternalName : LEXPPS LegalCopyright : © 1993 - 2004 Lexmark International, Inc. OriginalFilename : LEXPPS.EXE Comments : MarkVision for Windows '95 New P2P Server (32-bit) #:14 [guard.exe] FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\ ProcessID : 1540 ThreadCreationTime : 1-31-2007 3:12:49 AM BasePriority : Normal FileVersion : 7, 5, 0, 47 ProductVersion : 7, 5, 0, 47 ProductName : AVG Anti-Spyware CompanyName : Anti-Malware Development a.s. FileDescription : AVG Anti-Spyware guard InternalName : AVG Anti-Spyware guard LegalCopyright : Copyright © 2006 Anti-Malware Development a.s. OriginalFilename : guard.exe #:15 [defwatch.exe] FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\ ProcessID : 1556 ThreadCreationTime : 1-31-2007 3:12:49 AM BasePriority : Normal FileVersion : 8.00.00.9374 ProductVersion : 8.00.00.9374 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Virus Definition Daemon InternalName : DefWatch LegalCopyright : Copyright © 1998 Symantec Corporation OriginalFilename : DefWatch.exe #:16 [mmerefresh.exe] FilePath : C:\Program Files\Digidesign\Drivers\ ProcessID : 1572 ThreadCreationTime : 1-31-2007 3:12:49 AM BasePriority : Normal FileVersion : 6.4.0.138 ProductVersion : 6.4 ProductName : Digidesign MME Binder CompanyName : Digidesign, A Division of Avid Technology, Inc. FileDescription : Digidesign MME Binder InternalName : MMERefresh.exe LegalCopyright : ©1999-2004 Digidesign, A Division of Avid Technology, Inc. OriginalFilename : MMERefresh.exe #:17 [rtvscan.exe] FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\ ProcessID : 1632 ThreadCreationTime : 1-31-2007 3:12:49 AM BasePriority : Normal FileVersion : 8.00.00.9374 ProductVersion : 8.00.00.9374 ProductName : Symantec AntiVirus CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus LegalCopyright : Copyright © Symantec Corporation 1991-2002 #:18 [snmp.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1700 ThreadCreationTime : 1-31-2007 3:12:50 AM BasePriority : Normal FileVersion : 5.1.2600.3038 (xpsp_sp2_gdr.061119-2303) ProductVersion : 5.1.2600.3038 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : SNMP Service InternalName : snmp.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : snmp.exe #:19 [wltrysvc.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1732 ThreadCreationTime : 1-31-2007 3:12:50 AM BasePriority : Normal #:20 [bcmwltry.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1792 ThreadCreationTime : 1-31-2007 3:12:50 AM BasePriority : Normal FileVersion : 3.40.74.0 ProductVersion : 3.40.74.0 ProductName : Dell Wireless WLAN Card Wireless Network Tray Applet CompanyName : Dell Computer Corporation FileDescription : Dell Wireless WLAN Card Wireless Network Tray Applet InternalName : bcmwltry.exe LegalCopyright : 1998-2003, Dell Computer Corporation All Rights Reserved. OriginalFilename : bcmwltry.exe #:21 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 364 ThreadCreationTime : 1-31-2007 3:12:58 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:22 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1224 ThreadCreationTime : 1-31-2007 3:13:03 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:23 [vptray.exe] FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\ ProcessID : 2200 ThreadCreationTime : 1-31-2007 3:13:06 AM BasePriority : Normal FileVersion : 8.00.00.9374 ProductVersion : 8.00.00.9374 ProductName : Symantec AntiVirus CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus LegalCopyright : Copyright © Symantec Corporation 1991-2002 #:24 [realsched.exe] FilePath : C:\Program Files\Common Files\Real\Update_OB\ ProcessID : 2224 ThreadCreationTime : 1-31-2007 3:13:06 AM BasePriority : Normal FileVersion : 0.1.0.3249 ProductVersion : 0.1.0.3249 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:25 [mm_tray.exe] FilePath : C:\Program Files\MUSICMATCH\Musicmatch Jukebox\ ProcessID : 2272 ThreadCreationTime : 1-31-2007 3:13:07 AM BasePriority : Normal FileVersion : 10.00.3058 ProductVersion : 10.00.3058 ProductName : Musicmatch Jukebox CompanyName : Musicmatch, Inc. FileDescription : mm_tray InternalName : mm_tray LegalCopyright : Copyright © Musicmatch 1998-2004 LegalTrademarks : OriginalFilename : mm_tray.exe #:26 [type32.exe] FilePath : C:\Program Files\Microsoft IntelliType Pro\ ProcessID : 2352 ThreadCreationTime : 1-31-2007 3:13:07 AM BasePriority : Normal #:27 [avgas.exe] FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\ ProcessID : 2384 ThreadCreationTime : 1-31-2007 3:13:07 AM BasePriority : Normal FileVersion : 7, 5, 0, 50 ProductVersion : 7, 5, 0, 50 ProductName : AVG Anti-Spyware CompanyName : Anti-Malware Development a.s. FileDescription : AVG Anti-Spyware InternalName : AVG Anti-Spyware LegalCopyright : Copyright © 2006 Anti-Malware Development a.s. OriginalFilename : avgas.exe #:28 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2480 ThreadCreationTime : 1-31-2007 3:13:08 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:29 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3340 ThreadCreationTime : 1-31-2007 3:13:14 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:30 [wscntfy.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2368 ThreadCreationTime : 1-31-2007 3:13:53 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Security Center Notification App InternalName : wscntfy.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wscntfy.exe #:31 [48878.exe] FilePath : C:\Documents and Settings\Steve\Application Data\ ProcessID : 3468 ThreadCreationTime : 1-31-2007 3:14:29 AM BasePriority : Normal PestTrap Object Recognized! Type : Process Data : 48878.exe TAC Rating : 3 Category : Malware Comment : Object : C:\Documents and Settings\Steve\Application Data\ "C:\Documents and Settings\Steve\Application Data\48878.exe"Process terminated successfully "C:\Documents and Settings\Steve\Application Data\48878.exe"Process terminated successfully #:32 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2980 ThreadCreationTime : 1-31-2007 3:44:29 AM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 15 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» PestTrap Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : "Windows installer" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Run Value : Windows installer PestTrap Object Recognized! Type : File Data : winstall.exe TAC Rating : 3 Category : Malware Comment : Object : c:\ Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 17 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:[email protected]/ Expires : 1-29-2011 7:41:38 PM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 18 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Sally\Cookies\[email protected][1].txt PestTrap Object Recognized! Type : File Data : 48878.exe TAC Rating : 3 Category : Malware Comment : Object : C:\Documents and Settings\Steve\Application Data\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 20 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 20 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Other Object Recognized! Type : File Data : 48878.EXE-366BEE23.pf TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 21 8:23:00 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:37:23.636 Objects scanned:145393 Objects identified:8 Objects ignored:0 New critical objects:8 HighJackThis Log Logfile of HijackThis v1.99.1 Scan saved at 8:41:59 PM, on 1/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Digidesign\Drivers\MMERefresh.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Program Files\HijackThis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  7. I still have ALL original problems and that pest trap icon (red circle with a white X) has reasserted itself in my tray telling me my computer is infected: -Computer is slower than normal -Cannot put a picture on my desktop; when I go into CONTROL PANEL| DISPLAY| DESKTOP TAB| BACKGROUND will only allow me to select none. -I have seen no change and have not cruised the internet since I did your last procedure. Steve
  8. Charles, I was able to do the ATF Cleaner stuff. Then went to Start|Control Panel| saw Java Plug-in instead of Java icon| clicked on Java icon|clicked on all the different tabs| only saw "settings" under "Browser" did not see "temporary internet files" at all This version of JAva is Java 2 Runtime Environment Standard Edition 1.4.2 03 Then I rebooted on Normal mode. Problems still exist, now I am Emailing you back. Steve
  9. I have done all you asked: I could not find: WINDOWS\ntsystem.exe WINDOWS\shellexp.exe AVG Report: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 8:41:53 PM 1/27/2007 + Scan result: C:\Documents and Settings\Steve\Local Settings\Temp\temp.fr533E\Uninstall.exe -> Adware.Spysheriff : Cleaned. C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-28e0253d-5358d288.class -> Downloader.OpenStream.y : Cleaned. C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-352f55f0-4d4dbbee.class -> Downloader.OpenStream.y : Cleaned. C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-52d8b673-519ffd07.class -> Downloader.OpenStream.y : Cleaned. C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-5a8a5bd2-10b2b66f.class -> Downloader.OpenStream.y : Cleaned. C:\Documents and Settings\Sally\Cookies\[email protected][1].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Sally\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Information : Cleaned. C:\Documents and Settings\Sally\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Sally\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Sally\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned. ::Report end HighjackThis Log: Logfile of HijackThis v1.99.1 Scan saved at 8:49:22 PM, on 1/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Digidesign\Drivers\MMERefresh.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HijackThis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe Steve
  10. Thanks for your help. I am pasting the logs here. Let me know if you'd rather have attachments Steve Ad-Aware Log: Ad-Aware SE Build 1.06r1 Logfile Created on:Saturday, January 27, 2007 1:04:34 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R147 25.01.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):11 total references Other(TAC index:5):1 total references PestTrap(TAC index:3):4 total references Tracking Cookie(TAC index:3):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 1-27-2007 1:04:34 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Steve\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Steve\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-3895149624-824023418-3409356266-1006\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-3895149624-824023418-3409356266-1006\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-3895149624-824023418-3409356266-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-3895149624-824023418-3409356266-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-3895149624-824023418-3409356266-1006\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-3895149624-824023418-3409356266-1006\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 572 ThreadCreationTime : 1-27-2007 8:49:15 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 636 ThreadCreationTime : 1-27-2007 8:49:17 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 660 ThreadCreationTime : 1-27-2007 8:49:18 PM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 704 ThreadCreationTime : 1-27-2007 8:49:18 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 716 ThreadCreationTime : 1-27-2007 8:49:18 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 896 ThreadCreationTime : 1-27-2007 8:49:19 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 944 ThreadCreationTime : 1-27-2007 8:49:19 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 980 ThreadCreationTime : 1-27-2007 8:49:20 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1028 ThreadCreationTime : 1-27-2007 8:49:20 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1088 ThreadCreationTime : 1-27-2007 8:49:20 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [lexbces.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1356 ThreadCreationTime : 1-27-2007 8:49:22 PM BasePriority : Normal FileVersion : 9.45 ProductVersion : 9.45 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LexBce Service InternalName : LexBce Service LegalCopyright : © 1993 - 2004 Lexmark International, Inc. OriginalFilename : LexBceS.exe #:12 [lexpps.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1380 ThreadCreationTime : 1-27-2007 8:49:22 PM BasePriority : Normal FileVersion : 9.45 ProductVersion : 9.45 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LEXPPS.EXE InternalName : LEXPPS LegalCopyright : © 1993 - 2004 Lexmark International, Inc. OriginalFilename : LEXPPS.EXE Comments : MarkVision for Windows '95 New P2P Server (32-bit) #:13 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1388 ThreadCreationTime : 1-27-2007 8:49:22 PM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:14 [defwatch.exe] FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\ ProcessID : 1544 ThreadCreationTime : 1-27-2007 8:49:25 PM BasePriority : Normal FileVersion : 8.00.00.9374 ProductVersion : 8.00.00.9374 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Virus Definition Daemon InternalName : DefWatch LegalCopyright : Copyright © 1998 Symantec Corporation OriginalFilename : DefWatch.exe #:15 [mmerefresh.exe] FilePath : C:\Program Files\Digidesign\Drivers\ ProcessID : 1560 ThreadCreationTime : 1-27-2007 8:49:25 PM BasePriority : Normal FileVersion : 6.4.0.138 ProductVersion : 6.4 ProductName : Digidesign MME Binder CompanyName : Digidesign, A Division of Avid Technology, Inc. FileDescription : Digidesign MME Binder InternalName : MMERefresh.exe LegalCopyright : ©1999-2004 Digidesign, A Division of Avid Technology, Inc. OriginalFilename : MMERefresh.exe #:16 [rtvscan.exe] FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\ ProcessID : 1620 ThreadCreationTime : 1-27-2007 8:49:25 PM BasePriority : Normal FileVersion : 8.00.00.9374 ProductVersion : 8.00.00.9374 ProductName : Symantec AntiVirus CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus LegalCopyright : Copyright © Symantec Corporation 1991-2002 #:17 [snmp.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1676 ThreadCreationTime : 1-27-2007 8:49:25 PM BasePriority : Normal FileVersion : 5.1.2600.3038 (xpsp_sp2_gdr.061119-2303) ProductVersion : 5.1.2600.3038 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : SNMP Service InternalName : snmp.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : snmp.exe #:18 [viewpointservice.exe] FilePath : C:\Program Files\Viewpoint\Common\ ProcessID : 1700 ThreadCreationTime : 1-27-2007 8:49:25 PM BasePriority : Normal FileVersion : 2, 0, 0, 54 ProductVersion : 2, 0, 0, 54 ProductName : Viewpoint Manager CompanyName : Viewpoint Corporation FileDescription : ViewMgr InternalName : Viewpoint Manager LegalCopyright : Copyright © 2004 OriginalFilename : ViewMgr.exe Comments : Viewpoint Manager #:19 [wltrysvc.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1748 ThreadCreationTime : 1-27-2007 8:49:25 PM BasePriority : Normal #:20 [bcmwltry.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1832 ThreadCreationTime : 1-27-2007 8:49:25 PM BasePriority : Normal FileVersion : 3.40.74.0 ProductVersion : 3.40.74.0 ProductName : Dell Wireless WLAN Card Wireless Network Tray Applet CompanyName : Dell Computer Corporation FileDescription : Dell Wireless WLAN Card Wireless Network Tray Applet InternalName : bcmwltry.exe LegalCopyright : 1998-2003, Dell Computer Corporation All Rights Reserved. OriginalFilename : bcmwltry.exe #:21 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 296 ThreadCreationTime : 1-27-2007 8:49:28 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:22 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1928 ThreadCreationTime : 1-27-2007 8:49:35 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:23 [vptray.exe] FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\ ProcessID : 1820 ThreadCreationTime : 1-27-2007 8:49:37 PM BasePriority : Normal FileVersion : 8.00.00.9374 ProductVersion : 8.00.00.9374 ProductName : Symantec AntiVirus CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus LegalCopyright : Copyright © Symantec Corporation 1991-2002 #:24 [realsched.exe] FilePath : C:\Program Files\Common Files\Real\Update_OB\ ProcessID : 2068 ThreadCreationTime : 1-27-2007 8:49:37 PM BasePriority : Normal FileVersion : 0.1.0.3249 ProductVersion : 0.1.0.3249 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:25 [mm_tray.exe] FilePath : C:\Program Files\MUSICMATCH\Musicmatch Jukebox\ ProcessID : 2100 ThreadCreationTime : 1-27-2007 8:49:38 PM BasePriority : Normal FileVersion : 10.00.3058 ProductVersion : 10.00.3058 ProductName : Musicmatch Jukebox CompanyName : Musicmatch, Inc. FileDescription : mm_tray InternalName : mm_tray LegalCopyright : Copyright © Musicmatch 1998-2004 LegalTrademarks : OriginalFilename : mm_tray.exe #:26 [type32.exe] FilePath : C:\Program Files\Microsoft IntelliType Pro\ ProcessID : 2116 ThreadCreationTime : 1-27-2007 8:49:38 PM BasePriority : Normal #:27 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2124 ThreadCreationTime : 1-27-2007 8:49:38 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:28 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2152 ThreadCreationTime : 1-27-2007 8:49:38 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:29 [viewmgr.exe] FilePath : C:\Program Files\Viewpoint\Viewpoint Manager\ ProcessID : 1776 ThreadCreationTime : 1-27-2007 8:50:26 PM BasePriority : Normal FileVersion : 2, 0, 0, 54 ProductVersion : 2, 0, 0, 54 ProductName : Viewpoint Manager CompanyName : Viewpoint Corporation FileDescription : ViewMgr InternalName : Viewpoint Manager LegalCopyright : Copyright © 2004 OriginalFilename : ViewMgr.exe Comments : Viewpoint Manager #:30 [wscntfy.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2060 ThreadCreationTime : 1-27-2007 8:50:27 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Security Center Notification App InternalName : wscntfy.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wscntfy.exe #:31 [28108.exe] FilePath : C:\Documents and Settings\Steve\Application Data\ ProcessID : 2300 ThreadCreationTime : 1-27-2007 8:50:31 PM BasePriority : Normal PestTrap Object Recognized! Type : Process Data : 28108.exe TAC Rating : 3 Category : Malware Comment : Object : C:\Documents and Settings\Steve\Application Data\ "C:\Documents and Settings\Steve\Application Data\28108.exe"Process terminated successfully "C:\Documents and Settings\Steve\Application Data\28108.exe"Process terminated successfully #:32 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3608 ThreadCreationTime : 1-27-2007 9:03:34 PM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 12 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» PestTrap Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : "Windows installer" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Run Value : Windows installer PestTrap Object Recognized! Type : File Data : winstall.exe TAC Rating : 3 Category : Malware Comment : Object : c:\ Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 14 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:[email protected]/ Expires : 1-26-2009 12:51:00 PM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 15 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» PestTrap Object Recognized! Type : File Data : 28108.exe TAC Rating : 3 Category : Malware Comment : Object : C:\Documents and Settings\Steve\Application Data\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 16 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 16 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Other Object Recognized! Type : File Data : 28108.EXE-0675F757.pf TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 17 1:32:11 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:27:37.533 Objects scanned:152918 Objects identified:7 Objects ignored:0 New critical objects:7 Highjack This LogFile: Logfile of HijackThis v1.99.1 Scan saved at 1:44:31 PM, on 1/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Digidesign\Drivers\MMERefresh.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HijackThis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKCU\..\Run: [Explorer] C:\WINDOWS\system32\shellexp.exe en O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  11. I believe I have been targeted by pest trap. My PC: -runs slower that usual -occasionally loads a short cut to pest trap experminators -will not let create a desktop background I have: -updated to the present version of Ad Aware 1.06 -run a full scan and a quick scan -ran a hijack this scan -found one pest trap file after the scan and deleted it -rebooted computer -have run full scan semantec anti virus software -problems did not go away Logfile of HijackThis v1.99.1 Scan saved at 10:35:43 PM, on 1/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Digidesign\Drivers\MMERefresh.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HijackThis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKCU\..\Run: [Explorer] C:\WINDOWS\system32\shellexp.exe en O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe