Sign in to follow this  
cajun

PMSNGR.exe and PMMON.exe

Recommended Posts

Okay, I recently fell for a "WINDOWS MEDIA NEEDS A NEW CODEC TO VIEW THIS FILE; DOWNLOAD SV_CODEC" etc. version 4.01a.

 

So, two things happened in my lul with reality on the web: First, a virus (trojan) tried to execute in the system (caught by norton and deleted), but the program did not install. So, I tried again with a different link (really working up the dum factor) and this time "codec 4.01a" downloaded a buch of spyware and adware into my sytem while also putting a false codec in my program add/remove list.... no good.

 

So, i ran adaware and spybot and norton deep scan and even a program called Super Ad Blocker (which seems kinda like possible adware too, but it did very well. Especialy with the viepoint tool bar infections. Also, when ever I would close windows the DWINN.exe-dll and ISAMONITER.exe-dll would "crash" and give a warning at system shut down; when I whent to unistall the codec from add/remove I got a "sytem needs to reboot first--yes/no"(which I ignored) before uninstall.

 

Also, now when I reboot the system I get a pop-up in the system tray advertising how infected my computer is, porn, and casinos.... When I use IE (6) I get pop windows and redirects from time to time too. Plus, a IE splash screen on windows start up. I finaly deterined that PMSNGR.exe and PMMON.exe are the system processes running the pop-ups in the system tray and I can't get rid pf them unless I end the process tree.

 

I've removed as many reg. entries as I feel safe doing and hope you guys can find this stuff soon, its real bad news.

 

Thanks, Adaware SE log file attached.

Adaware_log_file.TXT

Share this post


Link to post
Share on other sites

Also, here is Hijackthis log before Adaware SE scan for some who wish to see: (most noticeable was a gdnus2218.exe entry I already removed and Norton had captured...before Hijack this scan. Still a lot of trouble, some media-codec entries that won't go away....hmmm?)

 

Logfile of HijackThis v1.99.1

Scan saved at 8:27:15 PM, on 7/13/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\ups.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\vssvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\Fast.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Media-Codec\isamonitor.exe

C:\Program Files\Media-Codec\isamini.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Support.com\bin\tgcmd.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\fast.exe

C:\WINDOWS\system32\taskswitch.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

C:\Program Files\ATI Multimedia\main\launchpd.exe

C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

C:\Program Files\Trillian\trillian.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hijackdetector\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - C:\Program Files\Media-Codec\isaddon.dll

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"

O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127014390687

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128574823203

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - (no file)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Iomega Activity Disk2 - Unknown owner - C:\WINDOWS\

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

I will return with an adware SE log if possible

Share this post


Link to post
Share on other sites

Here is Adaware SE log file:

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Thursday, July 13, 2006 10:11:03 PM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R114 08.07.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected d######g the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):49 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Definition File:

=========================

Definitions File Loaded:

Reference Number : SE1R114 08.07.2006

Internal build : 136

File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref

File size : 703835 Bytes

Total size : 2296830 Bytes

Signature data size : 2248951 Bytes

Reference data size : 47367 Bytes

Signatures total : 63033

CSI Fingerprints total : 3154

CSI data size : 113462 Bytes

Target categories : 15

Target families : 923

 

 

Memory + processor status:

==========================

Number of processors : 1

Processor architecture : Intel Pentium IV

Memory available:51 %

Total physical memory:1047792 kb

Available physical memory:529532 kb

Total page file size:2518596 kb

Available on page file:2052176 kb

Total virtual memory:2097024 kb

Available virtual memory:2031740 kb

OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules d######g scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : D######g removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

7-13-2006 10:11:03 PM - Scan started. (Custom mode)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 816

ThreadCreationTime : 7-14-2006 4:53:17 AM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 884

ThreadCreationTime : 7-14-2006 4:53:19 AM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 912

ThreadCreationTime : 7-14-2006 4:53:26 AM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 956

ThreadCreationTime : 7-14-2006 4:53:26 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 968

ThreadCreationTime : 7-14-2006 4:53:26 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA S###### (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1136

ThreadCreationTime : 7-14-2006 4:53:29 AM

BasePriority : Normal

FileVersion : 6.14.10.4132

ProductVersion : 6.14.10.4132

ProductName : ATI External Event Utility for WindowsNT and Windows9X

CompanyName : ATI Technologies Inc.

FileDescription : ATI External Event Utility EXE Module

InternalName : ATI2EVXX.EXE

LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

OriginalFilename : ATI2EVXX.EXE

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1160

ThreadCreationTime : 7-14-2006 4:53:29 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1212

ThreadCreationTime : 7-14-2006 4:53:29 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1352

ThreadCreationTime : 7-14-2006 4:53:29 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1404

ThreadCreationTime : 7-14-2006 4:53:29 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1504

ThreadCreationTime : 7-14-2006 4:53:29 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [sabsvc.exe]

FilePath : C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\

ProcessID : 1768

ThreadCreationTime : 7-14-2006 4:53:32 AM

BasePriority : Normal

FileVersion : 1, 0, 0, 1028

ProductVersion : 1, 0, 0, 1028

ProductName : Super Ad Blocker Service

CompanyName : SuperAdBlocker.com

FileDescription : Super Ad Blocker Service

InternalName : Super Ad Blocker Service

LegalCopyright : Copyright © 2004

OriginalFilename : SABSVC.EXE

 

#:13 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1816

ThreadCreationTime : 7-14-2006 4:53:32 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:14 [scardsvr.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1864

ThreadCreationTime : 7-14-2006 4:53:32 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Smart Card Resource Management Server

InternalName : SCardSvr.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : SCardSvr.exe

 

#:15 [aluschedulersvc.exe]

FilePath : C:\Program Files\Symantec\LiveUpdate\

ProcessID : 364

ThreadCreationTime : 7-14-2006 4:53:41 AM

BasePriority : Normal

FileVersion : 3.0.0.160

ProductVersion : 3.0.0.160

ProductName : LiveUpdate

CompanyName : Symantec Corporation

FileDescription : Automatic LiveUpdate Scheduler Service

InternalName : Automatic LiveUpdate Scheduler Service

LegalCopyright : Copyright © 1996-2005 Symantec Corporation

OriginalFilename : ALUSchedulerSvc.exe

 

#:16 [ccsetmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 872

ThreadCreationTime : 7-14-2006 4:53:42 AM

BasePriority : Normal

FileVersion : 103.5.4.3

ProductVersion : 103.5.4.3

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Settings Manager Service

InternalName : ccSetMgr

LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.

OriginalFilename : ccSetMgr.exe

 

#:17 [cisvc.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 868

ThreadCreationTime : 7-14-2006 4:53:42 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Content Index service

InternalName : cisvc.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : cisvc.exe

 

#:18 [defwatch.exe]

FilePath : C:\Program Files\Symantec AntiVirus\

ProcessID : 196

ThreadCreationTime : 7-14-2006 4:53:42 AM

BasePriority : Normal

FileVersion : 10.0.1.1000

ProductVersion : 10.0.1.1000

ProductName : Symantec AntiVirus

CompanyName : Symantec Corporation

FileDescription : Virus Definition Daemon

InternalName : DefWatch

LegalCopyright : Copyright 1998 - 2005 Symantec Corporation. All rights reserved.

OriginalFilename : DefWatch.exe

 

#:19 [dkservice.exe]

FilePath : C:\Program Files\Executive Software\Diskeeper\

ProcessID : 1104

ThreadCreationTime : 7-14-2006 4:53:42 AM

BasePriority : Normal

FileVersion : 8.0.478.0

ProductVersion : 8.0.478.0

ProductName : Diskeeper Disk Defragmenter

CompanyName : Executive Software International, Inc.

FileDescription : DKSERVICE.EXE

InternalName : DKSERVICE

LegalCopyright : © 1995-2004 Executive Software Int'l, Inc.

OriginalFilename : DKSERVICE

 

#:20 [ghosts~2.exe]

FilePath : C:\PROGRA~1\Symantec\NORTON~1\

ProcessID : 1264

ThreadCreationTime : 7-14-2006 4:53:42 AM

BasePriority : Normal

FileVersion : 2003.775

ProductVersion : 2003.775

ProductName : Norton Ghost Start Service

CompanyName : Symantec Corporation

FileDescription : Norton Ghost Start

InternalName : GhostStartService

LegalCopyright : Copyright © 1998-2002 Symantec Corp. All rights reserved.

OriginalFilename : GhostStartService.exe

 

#:21 [inetinfo.exe]

FilePath : C:\WINDOWS\System32\inetsrv\

ProcessID : 1296

ThreadCreationTime : 7-14-2006 4:53:42 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Internet Information Services

CompanyName : Microsoft Corporation

FileDescription : Internet Information Services

InternalName : INETINFO.EXE

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : INETINFO.EXE

 

#:22 [mdm.exe]

FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\

ProcessID : 1316

ThreadCreationTime : 7-14-2006 4:53:42 AM

BasePriority : Normal

FileVersion : 7.00.9466

ProductVersion : 7.00.9466

ProductName : Microsoft® Visual Studio .NET

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : mdm.exe

 

#:23 [locator.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1556

ThreadCreationTime : 7-14-2006 4:53:42 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Rpc Locator

InternalName : locator.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : locator.exe

 

#:24 [savroam.exe]

FilePath : C:\Program Files\Symantec AntiVirus\

ProcessID : 1428

ThreadCreationTime : 7-14-2006 4:53:42 AM

BasePriority : Normal

FileVersion : 10.0.1.1000

ProductVersion : 10.0.1.1000

ProductName : Symantec SAVRoam

CompanyName : symantec

FileDescription : SAVRoam

InternalName : SAVRoam

LegalCopyright : Copyright 2002 - 2005 Symantec Corporation. All rights reserved.

OriginalFilename : SAVRoam.exe

 

#:25 [snmp.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1752

ThreadCreationTime : 7-14-2006 4:53:43 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : SNMP Service

InternalName : snmp.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : snmp.exe

 

#:26 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1580

ThreadCreationTime : 7-14-2006 4:53:43 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:27 [rtvscan.exe]

FilePath : C:\Program Files\Symantec AntiVirus\

ProcessID : 1932

ThreadCreationTime : 7-14-2006 4:53:43 AM

BasePriority : Normal

FileVersion : 10.0.1.1000

ProductVersion : 10.0.1.1000

ProductName : Symantec AntiVirus

CompanyName : Symantec Corporation

FileDescription : Symantec AntiVirus

LegalCopyright : Copyright 1991 - 2005 Symantec Corporation. All rights reserved.

 

#:28 [ups.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2008

ThreadCreationTime : 7-14-2006 4:53:43 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : UPS Service

InternalName : ups.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ups.exe

 

#:29 [vsmon.exe]

FilePath : C:\WINDOWS\system32\ZoneLabs\

ProcessID : 296

ThreadCreationTime : 7-14-2006 4:53:44 AM

BasePriority : Normal

FileVersion : 6.5.722.000

ProductVersion : 6.5.722.000

ProductName : TrueVector Service

CompanyName : Zone Labs, LLC

FileDescription : TrueVector Service

InternalName : vsmon

LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC

OriginalFilename : vsmon.exe

 

#:30 [vssvc.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 592

ThreadCreationTime : 7-14-2006 4:53:47 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Microsoft® Volume Shadow Copy Service

InternalName : VSSVC.EXE

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : VSSVC.EXE

 

#:31 [ccevtmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 668

ThreadCreationTime : 7-14-2006 4:53:47 AM

BasePriority : Normal

FileVersion : 103.5.4.3

ProductVersion : 103.5.4.3

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Event Manager Service

InternalName : ccEvtMgr

LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.

OriginalFilename : ccEvtMgr.exe

 

#:32 [fast.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 732

ThreadCreationTime : 7-14-2006 4:53:47 AM

BasePriority : Normal

FileVersion : 5.1.3564.0 (Lab06_DEV(lamadio).011003-1729)

ProductVersion : 5.1.3564.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Super Fast User Switcher

InternalName : Fast

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : Fast.EXE

 

#:33 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2492

ThreadCreationTime : 7-14-2006 4:53:54 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:34 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2772

ThreadCreationTime : 7-14-2006 4:53:59 AM

BasePriority : Normal

FileVersion : 6.14.10.4132

ProductVersion : 6.14.10.4132

ProductName : ATI External Event Utility for WindowsNT and Windows9X

CompanyName : ATI Technologies Inc.

FileDescription : ATI External Event Utility EXE Module

InternalName : ATI2EVXX.EXE

LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

OriginalFilename : ATI2EVXX.EXE

 

#:35 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 2892

ThreadCreationTime : 7-14-2006 4:54:00 AM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:36 [isamonitor.exe]

FilePath : C:\Program Files\Media-Codec\

ProcessID : 3312

ThreadCreationTime : 7-14-2006 4:54:08 AM

BasePriority : Normal

 

 

#:37 [isamini.exe]

FilePath : C:\Program Files\Media-Codec\

ProcessID : 3516

ThreadCreationTime : 7-14-2006 4:54:10 AM

BasePriority : Normal

 

 

#:38 [vptray.exe]

FilePath : C:\PROGRA~1\SYMANT~1\

ProcessID : 3556

ThreadCreationTime : 7-14-2006 4:54:11 AM

BasePriority : Normal

FileVersion : 10.0.1.1000

ProductVersion : 10.0.1.1000

ProductName : Symantec AntiVirus

CompanyName : Symantec Corporation

FileDescription : Symantec AntiVirus

LegalCopyright : Copyright 1991 - 2005 Symantec Corporation. All rights reserved.

 

#:39 [devldr32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3572

ThreadCreationTime : 7-14-2006 4:54:12 AM

BasePriority : Normal

FileVersion : 1, 0, 0, 17

ProductVersion : 1, 0, 0, 17

ProductName : Creative Ring3 NT Inteface

CompanyName : Creative Technology Ltd.

FileDescription : DevLdr32

InternalName : DevLdr

LegalCopyright : Copyright © Creative Technology Ltd. 1998-2001

OriginalFilename : DevLdr32.exe

 

#:40 [viewmgr.exe]

FilePath : C:\Program Files\Viewpoint\Viewpoint Manager\

ProcessID : 3604

ThreadCreationTime : 7-14-2006 4:54:12 AM

BasePriority : Normal

FileVersion : 2, 0, 0, 42

ProductVersion : 2, 0, 0, 42

ProductName : Viewpoint Manager

CompanyName : Viewpoint Corporation

FileDescription : ViewMgr

InternalName : Viewpoint Manager

LegalCopyright : Copyright © 2004

OriginalFilename : ViewMgr.exe

Comments : Viewpoint Manager

 

#:41 [tgcmd.exe]

FilePath : C:\Program Files\Support.com\bin\

ProcessID : 3668

ThreadCreationTime : 7-14-2006 4:54:12 AM

BasePriority : Normal

FileVersion : 5,5,726,0

ProductVersion : 5,5,726,0

ProductName : Qwest DSL QuickCare

CompanyName : Qwest

FileDescription : Qwest approved - QuickCare

InternalName : TGCMD

LegalCopyright : Copyright 1997-2069 Support.com

OriginalFilename : TGCMD.EXE

 

#:42 [shwicon2k.exe]

FilePath : C:\Program Files\Multimedia Card Reader\

ProcessID : 3684

ThreadCreationTime : 7-14-2006 4:54:12 AM

BasePriority : Idle

FileVersion : 1, 4, 1, 1

ProductVersion : 1, 4, 1, 1

ProductName : Multimedia Card Reader

CompanyName : Alcor Micro, Corp.

FileDescription : Sunkist

InternalName : Sunkist

LegalCopyright : Copyright c 2002

OriginalFilename : Sunkist.exe

Comments : 6362 4.5 Slot 2000/XP

 

#:43 [soundman.exe]

FilePath : C:\WINDOWS\

ProcessID : 3692

ThreadCreationTime : 7-14-2006 4:54:13 AM

BasePriority : Normal

FileVersion : 5.1.0.24

ProductVersion : 5.1.0.24

ProductName : Realtek Sound Manager

CompanyName : Realtek Semiconductor Corp.

FileDescription : Realtek Sound Manager

InternalName : ALSMTray

LegalCopyright : Copyright © 2001-2003 Realtek Semiconductor Corp.

OriginalFilename : ALSMTray.exe

Comments : Realtek AC97 Audio Sound Manager

 

#:44 [ituneshelper.exe]

FilePath : C:\Program Files\iTunes\

ProcessID : 3740

ThreadCreationTime : 7-14-2006 4:54:14 AM

BasePriority : Normal

FileVersion : 6.0.5.20

ProductVersion : 6.0.5.20

ProductName : iTunes

CompanyName : Apple Computer, Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.

OriginalFilename : iTunesHelper.exe

 

#:45 [imgicon.exe]

FilePath : C:\Program Files\Iomega\DriveIcons\

ProcessID : 3760

ThreadCreationTime : 7-14-2006 4:54:14 AM

BasePriority : Normal

 

 

#:46 [ipoint.exe]

FilePath : C:\Program Files\Microsoft IntelliPoint\

ProcessID : 3776

ThreadCreationTime : 7-14-2006 4:54:14 AM

BasePriority : Normal

 

 

#:47 [cthelper.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3820

ThreadCreationTime : 7-14-2006 4:54:15 AM

BasePriority : Normal

FileVersion : 1, 0, 0, 2

ProductVersion : 1, 0, 0, 2

ProductName : CtHelper Application

CompanyName : Creative Technology Ltd

FileDescription : CtHelper Application

InternalName : CtHelper

LegalCopyright : Copyright © 2002

OriginalFilename : CtHelper.EXE

 

#:48 [winampa.exe]

FilePath : C:\Program Files\Winamp\

ProcessID : 3848

ThreadCreationTime : 7-14-2006 4:54:16 AM

BasePriority : Normal

 

 

#:49 [jusched.exe]

FilePath : C:\Program Files\Java\jre1.5.0_06\bin\

ProcessID : 3872

ThreadCreationTime : 7-14-2006 4:54:16 AM

BasePriority : Normal

 

 

#:50 [fast.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3920

ThreadCreationTime : 7-14-2006 4:54:17 AM

BasePriority : Normal

FileVersion : 5.1.3564.0 (Lab06_DEV(lamadio).011003-1729)

ProductVersion : 5.1.3564.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Super Fast User Switcher

InternalName : Fast

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : Fast.EXE

 

#:51 [taskswitch.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3956

ThreadCreationTime : 7-14-2006 4:54:17 AM

BasePriority : Normal

 

 

#:52 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 3964

ThreadCreationTime : 7-14-2006 4:54:17 AM

BasePriority : Normal

FileVersion : 103.5.4.3

ProductVersion : 103.5.4.3

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:53 [ipodservice.exe]

FilePath : C:\Program Files\iPod\bin\

ProcessID : 3972

ThreadCreationTime : 7-14-2006 4:54:17 AM

BasePriority : Normal

FileVersion : 6.0.5.20

ProductVersion : 6.0.5.20

ProductName : iTunes

CompanyName : Apple Computer, Inc.

FileDescription : iPodService Module

InternalName : iPodService

LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.

OriginalFilename : iPodService.exe

 

#:54 [asusprob.exe]

FilePath : C:\Program Files\ASUS\Probe\

ProcessID : 4016

ThreadCreationTime : 7-14-2006 4:54:18 AM

BasePriority : Normal

 

 

#:55 [zlclient.exe]

FilePath : C:\Program Files\Zone Labs\ZoneAlarm\

ProcessID : 4048

ThreadCreationTime : 7-14-2006 4:54:18 AM

BasePriority : Normal

FileVersion : 6.5.722.000

ProductVersion : 6.5.722.000

ProductName : Zone Labs Client

CompanyName : Zone Labs, LLC

FileDescription : Zone Labs Client

InternalName : zlclient

LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC

OriginalFilename : zlclient.exe

 

#:56 [cli.exe]

FilePath : C:\Program Files\ATI Technologies\ATI.ACE\

ProcessID : 4072

ThreadCreationTime : 7-14-2006 4:54:18 AM

BasePriority : Normal

 

 

#:57 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1540

ThreadCreationTime : 7-14-2006 4:54:19 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:58 [atirw.exe]

FilePath : C:\Program Files\ATI Multimedia\RemCtrl\

ProcessID : 1924

ThreadCreationTime : 7-14-2006 4:54:22 AM

BasePriority : Normal

FileVersion : 3.03.010

ProductVersion : 3.03

ProductName : ATI Remote Wonder

CompanyName : ATI Technologies Inc.

FileDescription : ATI Remote Wonder

LegalCopyright : Copyright © 2002-2005 ATI Technologies Inc.

OriginalFilename : ATIRW.EXE

 

#:59 [launchpd.exe]

FilePath : C:\Program Files\ATI Multimedia\main\

ProcessID : 548

ThreadCreationTime : 7-14-2006 4:54:23 AM

BasePriority : Normal

FileVersion : 9.14.001

ProductVersion : 9.14

ProductName : ATI Multimedia Center

CompanyName : ATI Technologies Inc.

FileDescription : ATI Multimedia Center Launchpad

InternalName : LAUNCHPD

LegalCopyright : Copyright © 2002-2005 ATI Technologies Inc.

OriginalFilename : LAUNCHPD.EXE

 

#:60 [atidtct.exe]

FilePath : C:\Program Files\ATI Multimedia\main\

ProcessID : 568

ThreadCreationTime : 7-14-2006 4:54:23 AM

BasePriority : Normal

FileVersion : 9.14.001

ProductVersion : 9.14

ProductName : ATI Multimedia Center

CompanyName : ATI Technologies Inc.

FileDescription : ATI Device Detection Application

InternalName : AtiDtct

LegalCopyright : Copyright © 2005 ATI Technologies Inc.

OriginalFilename : AtiDtct.EXE

 

#:61 [trillian.exe]

FilePath : C:\Program Files\Trillian\

ProcessID : 1700

ThreadCreationTime : 7-14-2006 4:54:30 AM

BasePriority : Normal

FileVersion : 3.1.0.121

ProductVersion : 3.1.0.121

ProductName : Trillian

CompanyName : Cerulean Studios

FileDescription : Trillian

InternalName : Trillian

LegalCopyright : © Cerulean Studios, LLC. All rights reserved.

OriginalFilename : Trillian.exe

 

#:62 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2376

ThreadCreationTime : 7-14-2006 4:54:38 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

#:63 [cli.exe]

FilePath : C:\Program Files\ATI Technologies\ATI.ACE\

ProcessID : 3640

ThreadCreationTime : 7-14-2006 4:55:08 AM

BasePriority : Normal

 

 

#:64 [cli.exe]

FilePath : C:\Program Files\ATI Technologies\ATI.ACE\

ProcessID : 1952

ThreadCreationTime : 7-14-2006 4:55:14 AM

BasePriority : Normal

 

 

#:65 [cidaemon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3992

ThreadCreationTime : 7-14-2006 5:00:54 AM

BasePriority : Idle

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Indexing Service filter daemon

InternalName : cidaemon.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : cidaemon.exe

 

#:66 [firefox.exe]

FilePath : C:\Program Files\Mozilla Firefox\

ProcessID : 768

ThreadCreationTime : 7-14-2006 5:07:15 AM

BasePriority : Normal

 

 

#:67 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 684

ThreadCreationTime : 7-14-2006 5:08:23 AM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

MRU List Object Recognized!

Location: : C:\Do######ents and Settings\Sage\Application Data\microsoft\office\recent

Description : list of recently opened do######ents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Do######ents and Settings\Sage\recent

Description : list of recently opened do######ents

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\adobe\adobe acrobat\6.0\avgeneral\crecentfiles

Description : list of recently used files in adobe acrobat

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\ahead\nero - burning rom\recent file list

Description : list of recently used files in nero burning rom

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\google\navclient\1.1\history

Description : list of recently used search terms in the google toolbar

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent file list

Description : list of recently used files in microsoft frontpage

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent page list

Description : list of recently used pages in microsoft frontpage

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent web list

Description : list of recently used webs in microsoft frontpage

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\internet explorer\main

Description : last save directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\mediaplayer\medialibraryui

Description : last selected node in the microsoft windows media player media library

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\mediaplayer\preferences

Description : last playlist index loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\ntbackup\log files

Description : list of recent logfiles in microsoft backup

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\office\11.0\access\settings

Description : list of recently opened do######ents in microsoft access

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\save as\file name mru

Description : list of recent do######ents saved by microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru

Description : list of recent do######ents opened by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru

Description : list of recent do######ents saved by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\office\11.0\powerpoint\recent file list

Description : list of recent files used by microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\office\11.0\powerpoint\recent templates

Description : list of recent templates used by microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\office\11.0\powerpoint\recent typeface list

Description : list of recently used typefaces in microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\office\11.0\powerpoint\recenttemplatelist

Description : list of recent templates used by microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\windows\currentversion\applets\paint\recent file list

Description : list of files recently opened using microsoft paint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list

Description : list of recent files opened using wordpad

 

 

MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent do######ents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\nico mak computing\winzip\filemenu

Description : winzip recently used archives

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\realnetworks\realplayer\6.0\preferences

Description : list of recent skins in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\realnetworks\realplayer\6.0\preferences

Description : list of recent clips in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\realnetworks\realplayer\6.0\preferences

Description : last login time in realplayer

 

 

MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-21-839522115-220523388-2147200963-1003\software\winrar\dialogedithistory\extrpath

Description : winrar "extract-to" history

 

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 49

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 49

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 49

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 49

 

10:30:21 PM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:19:17.407

Objects scanned:201887

Objects identified:0

Objects ignored:0

New critical objects:0

Share this post


Link to post
Share on other sites
I have the same problem. Have you now deleted the files pmsngr.exe and pmmon.exe? how?

Hi glemon,

 

this whole problem turned out to be 'sysnetsecurity.com' tracking, spyware and adware. I ran a series of scans with many different tools, clean te regestry and maually delted as much as possible. But the only option that worked was a program called XoftspySE......get it. While it's not as diverse as Adaware SE at cookie tracking and light stuff, the deep crap and Viewpoint tool bar vulnarabilites (which I chose to remove and do not regret) were no sweat, including this bunch of bug.

 

XoftspySE, get it or buy it; No other choice that I've found.

Share this post


Link to post
Share on other sites

cajun:

 

* You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have next icon next to it: javaicon.gif
    Select it and click Remove.
  • Then Download and install the newest version from here:

* Download smitRem.exe and save the file to your desktop.

Double click on the file to extract it to it's own folder on the desktop.

 

* First download ewido anti-spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

  1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run ewido and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

 

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:

Ad-Aware SE Setup

Again, do NOT run a scan yet.

 

 

* Next, please reboot your computer in Safe Mode by doing the following:

  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.

Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

 

* Next, run Ad-aware and perform a full scan. Remove everything found.

  1. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  3. ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  4. If you have any infections you will prompted, then select "Apply all actions"
  5. Next select the "Reports" icon at the top.
  6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

* Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.

 

 

* Restart your computer in normal mode.

 

* Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

 

* Run the Panda online virus scan at http://www.pandasoftware.com/products/activescan.htm

 

- Once you are on the Panda site click the Scan your PC button

- A new window will open...click the Check Now button

- Enter your Country

- Enter your State/Province

- Enter your e-mail address and click send

- Select either Home User or Company

- Click the big Scan Now button

- If it wants to install an ActiveX component allow it

- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

- When download is complete, click on Local Disks to start the scan

- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

 

* Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the Ewido scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.

Let us know if any problems persist.

Share this post


Link to post
Share on other sites

Thanks very very much jurgenv,

 

Here are all the logs and txt. Everything seems to be running great and several files were uncoverd by smitREM and ewido anti-spyware. Panda scan found a problem, but it was the smitREM folder......? Anyhow, please take a loook and if anything looks odd lt me know. I will update if neccesary, also, should I upload my finds to futher reporting locations i.e. Lavasoft malware or Norton?

 

Thanks again :D !

 

Hijackthislog [2]: (edwido, smitREM and activescan/panda attached)

 

Logfile of HijackThis v1.99.1

Scan saved at 4:44:52 PM, on 7/28/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\ups.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\vssvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\Fast.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\fast.exe

C:\WINDOWS\system32\taskswitch.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Support.com\bin\tgcmd.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

C:\Program Files\ATI Multimedia\main\launchpd.exe

C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Hijackdetector\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"

O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127014390687

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128574823203

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Iomega Activity Disk2 - Unknown owner - C:\WINDOWS\

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Activescan.txtReport_Scan_20060728_152050.txtsmitfiles.txt

Share this post


Link to post
Share on other sites

Yeah, what panda found is just a false positive... :) For the rest, your log looks clean, how is everything working?

Share this post


Link to post
Share on other sites
Yeah, what panda found is just a false positive... :) For the rest, your log looks clean, how is everything working?

 

Good, but Norton Auto-Protect found Trojan.Zlob (4 total) files in the system restore (system volume information file) backups. I turned system restore off and that seemed to get rid of the temp. files containing the Trojans (as Norton could not delete the files; they were 'in use' by system restore, I believe)...do you or anyone else know how to access system volume information? I realize it's not a file to mess around with, but I would have liked to delete the files manually.

Also, around the time all this happened I lost my wireless Logitech keyboard, randomly and have not been able to geth the itouch software to uninstall from my system; anytime I go to use a device in the ps/2 port on my mainboard I get a call for "new hardware found, need location of itchfltr.sys and it wants to install 'smart internet keyboard'. Now, I can't get the volume keys to work on the new model (that's installed on a USB port).....but I donb't want old software installed that I'm not going to use. Logitech has given the usual clean boot and fresh install/uninstall, but I've tried eevry thing, any ideas?

 

Thanks Again!

Share this post


Link to post
Share on other sites

If you unhide the hidden file sand folders you'll see a folder called System Volume Information on your C: drive :)

Share this post


Link to post
Share on other sites

For anyone reading this. This topic belongs to the original topic starter only (cajun).

 

If you are having similar issues please start a NEW TOPIC of your own.

 

Any replies posted to this thread that are not from Cajun or his helper, jurgenv, have been and will be deleted!

 

Meanwhile, @Cajun or jurgenv, is this topic about wrapped up? If so, someone let me know and I'll move it to the Resolved section :(

Share this post


Link to post
Share on other sites
Sign in to follow this