Lavasoft Support Forums > Trojan Infecte!

Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs

CG95Casper

Dec 12 2006, 10:22 PM

Just became a victim of a wonderful trojan and a couple of malwares.

Ran my Norton Internet Security 2006 and came out clean.

Ran my Ad-Ware SE and found the trojan and malwares. I've tried fixing this over the weekend but to no avail.

I can only run a "Smart Scan", as the scan freezes when I attempt a "Full Scan".

UPDATE: The system freezes when it gets to the following file:
C:\\WINDOWS\1386\ASMS\7000\MSFT\WINDOWS\MSWINCRT

When I did a "Smart Scan", it returned with quite a number of items including the trojan. All the items have been quarantined, but would like to have them ~~removed~~ CONFIRM THAT THE ITEMS ARE NOT AFFECTING my computer, as I really don't want to reformat.

So things i need:
1. run full scan
2. remove trojan
3. remove malwares

Results expecting:
Be a happy camper!

Log files following!!

CG95Casper

Dec 12 2006, 10:22 PM

ArchiveData(auto-quarantine- 2006-12-09 10-51-12.bckp)
Referencefile : SE1R137 06.12.2006
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\1033.LNK
obj[1]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\112006Report.LNK
obj[2]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\2005-2.LNK
obj[3]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\6d855839.LNK
obj[4]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\Admin.LNK
obj[5]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\Advertising pricing.LNK
obj[6]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\Affinity Letter Head.pdf.LNK
obj[7]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\Affinity Mgmt Letter Head.LNK
obj[8]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\AffinityMan-card manufacturing 12-2006.LNK
obj[9]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\AffinManag12-2006.LNK
obj[10]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\AugustAddressLabel.LNK
obj[11]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\augustmobile_letterhead.LNK
obj[12]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\backup.LNK
obj[13]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\Claudia's Signature.LNK
obj[14]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\Contemporary Letter.LNK
obj[15]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\CWPPacks.LNK
obj[16]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\Desktop.ini
obj[17]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\Desktop.LNK
obj[18]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\Download112206.LNK
obj[19]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\eClasses.LNK
obj[20]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\eClasses.org Envelope.LNK
obj[21]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\eClassesGanttChart.LNK
obj[22]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\eClassesSampleCertificates.LNK
obj[23]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\ExportToExcel127936.LNK
obj[24]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\index.dat
obj[25]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\Intuit.LNK
obj[26]=MRU FileReference : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent\IPC_Inventory.LNK
obj[27]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.asp
obj[28]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.aspx
obj[29]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.bmp
obj[30]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.cab
obj[31]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.chm
obj[32]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.csv
obj[33]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.doc
obj[34]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.dot
obj[35]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.gif
obj[36]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.htm
obj[37]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.html
obj[38]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.jpg
obj[39]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.log
obj[40]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.mbf
obj[41]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.mdb
obj[42]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.mdi
obj[43]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.mny
obj[44]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.mpf
obj[45]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.odt
obj[46]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.pdf
obj[47]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.ppt
obj[48]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.qbo
obj[49]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.QBW
obj[50]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.rtf
obj[51]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.tif
obj[52]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.txt
obj[53]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.wma
obj[54]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.wmv
obj[55]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.xls
obj[56]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.XLT
obj[57]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.xml
obj[59]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[60]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[61]=MRU RegReference : .DEFAULT\software\microsoft\windows media\wmsdk\general computername
obj[62]=MRU RegReference : S-1-5-18\software\microsoft\windows media\wmsdk\general computername
obj[63]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows media\wmsdk\general computername
obj[64]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\directinput\mostrecentapplication name
obj[65]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\directinput\mostrecentapplication id
obj[66]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\internet explorer download directory
obj[67]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\internet explorer\typedurls
obj[68]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\mediaplayer\medialibraryui mllastselectednode
obj[69]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\mediaplayer\player\settings opendir
obj[70]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\mediaplayer\preferences lastplaylistindex
obj[71]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\mediaplayer\preferences lastplaylist
obj[72]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\mediaplayer\preferences searchpath
obj[73]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\microsoft management console\recent file list
obj[74]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\office\10.0\clip organizer\search\last query
obj[75]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru value
obj[76]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru value
obj[77]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\new from existing document\file name mru value
obj[78]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru value
obj[79]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru value
obj[80]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\office\10.0\powerpoint\recent templates
obj[81]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\office\10.0\powerpoint\recent typeface list
obj[82]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\office\10.0\powerpoint\recenttemplatelist
obj[83]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\applets\regedit lastkey
obj[84]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\applets\wordpad\recent file list
obj[58]=MRU RegReference : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.zip

WIN32.TROJANDOWNLOADER.ZLOB
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[31]=Regkey : clsid\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
obj[32]=Regkey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
obj[33]=Regkey : software\internet security
obj[34]=RegValue : software\internet security "Path"
obj[35]=RegValue : software\internet security "Removable"
obj[36]=RegValue : software\internet security "65005"
obj[37]=RegValue : software\internet security "65007"
obj[38]=Regkey : software\microsoft\windows\currentversion\uninstall\internet explorer security plugin 2006
obj[39]=RegValue : software\microsoft\windows\currentversion\uninstall\internet explorer security plugin 2006 "UninstallString"
obj[40]=Regkey : software\microsoft\windows\currentversion\uninstall\internet security add-on
obj[41]=RegValue : software\microsoft\windows\currentversion\uninstall\internet security add-on "UninstallString"
obj[42]=Regkey : software\microsoft\windows\currentversion\uninstall\video activex object
obj[43]=RegValue : software\microsoft\windows\currentversion\uninstall\video activex object "DisplayName"
obj[44]=RegValue : software\microsoft\windows\currentversion\uninstall\video activex object "UninstallString"
obj[45]=RegValue : software\microsoft\windows\currentversion\uninstall\video activex object "DisplayIcon"
obj[46]=RegValue : software\microsoft\windows\currentversion\uninstall\video activex object "DisplayVersion"
obj[47]=RegValue : software\microsoft\windows\currentversion\uninstall\video activex object "URLInfoAbout"
obj[48]=RegValue : software\microsoft\windows\currentversion\uninstall\video activex object "Publisher"
obj[49]=RegValue : system\currentcontrolset\services\tcpip\parameters "NameServer"
obj[50]=Folder : C:\Program Files\Video ActiveX Object
obj[55]=File : c:\documents and settings\all users\desktop\Online Security Guide.url
obj[56]=File : c:\documents and settings\all users\desktop\Security Troubleshooting.url
obj[57]=File : c:\documents and settings\all users\start menu\Security Troubleshooting.url
obj[58]=File : c:\documents and settings\all users\start menu\Online Security Guide.url

VIRUSBURST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[51]=Regkey : clsid\{6a66cc28-f0a2-fcbc-d3d5-1ea3001ed26a}
obj[52]=Regkey : software\microsoft\windows\currentversion\uninstall\safety alerter 2006
obj[53]=RegValue : software\microsoft\windows\currentversion\uninstall\safety alerter 2006 "UninstallString"
obj[54]=Folder : C:\Program Files\Virus-Bursters

CG95Casper

Dec 12 2006, 10:23 PM

ArchiveData(auto-quarantine- 2006-12-09 15-22-02.bckp)
Referencefile : SE1R137 06.12.2006
======================================================

WIN32.TROJANDOWNLOADER.ZLOB
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : clsid\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
obj[1]=Regkey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}

CG95Casper

Dec 12 2006, 10:25 PM

Note: I downloaded todays (12/12/2006) definitions

-----------------------------------------------------------------------------------------------------------------

ArchiveData(auto-quarantine- 2006-12-12 13-07-28.bckp)
Referencefile : SE1R139 12.12.2006
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[1]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[2]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[3]=MRU RegReference : .DEFAULT\software\microsoft\windows media\wmsdk\general computername
obj[4]=MRU RegReference : S-1-5-18\software\microsoft\windows media\wmsdk\general computername

CG95Casper

Dec 14 2006, 10:10 PM

Would really like some help on this! Please....

CG95Casper

Dec 15 2006, 12:48 AM

Ok, the following file is a log file of the full system scan I "ATTEMPTED" to accomplish, but it keeps freezing. The trojan keeps showing up, according to the log file. Please Help!

Edit by Admin to add the log for easier reading

Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, December 14, 2006 11:16:13 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R139 12.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

12-14-2006 11:16:13 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Claudia Garcia\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 776
ThreadCreationTime : 12-14-2006 7:11:37 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 964
ThreadCreationTime : 12-14-2006 7:11:40 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 988
ThreadCreationTime : 12-14-2006 7:11:45 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1032
ThreadCreationTime : 12-14-2006 7:11:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1044
ThreadCreationTime : 12-14-2006 7:11:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1248
ThreadCreationTime : 12-14-2006 7:11:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1316
ThreadCreationTime : 12-14-2006 7:11:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1368
ThreadCreationTime : 12-14-2006 7:11:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [evteng.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1424
ThreadCreationTime : 12-14-2006 7:11:49 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 1
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless Event Log
CompanyName : Intel Corporation
FileDescription : Intel® PROSet/Wireless Event Log
InternalName : EvtEng
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : EvtEng.EXE

#:10 [s24evmon.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1460
ThreadCreationTime : 12-14-2006 7:11:49 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 33
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless Service
CompanyName : Intel Corporation
FileDescription : Wireless Management Service
InternalName : S24EvMon
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : S24EvMon.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1568
ThreadCreationTime : 12-14-2006 7:11:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1680
ThreadCreationTime : 12-14-2006 7:11:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1896
ThreadCreationTime : 12-14-2006 7:11:50 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:14 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1952
ThreadCreationTime : 12-14-2006 7:11:51 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:15 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 368
ThreadCreationTime : 12-14-2006 7:11:53 PM
BasePriority : Normal
FileVersion : 104.0.11.1
ProductVersion : 104.0.11.1
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:16 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 452
ThreadCreationTime : 12-14-2006 7:11:53 PM
BasePriority : Normal
FileVersion : 6.0.4.402
ProductVersion : 6.0
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002 - 2006 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:17 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 484
ThreadCreationTime : 12-14-2006 7:11:53 PM
BasePriority : Normal
FileVersion : 2.1.0.4
ProductVersion : 2.1.0.4
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004, 2005 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:18 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 540
ThreadCreationTime : 12-14-2006 7:11:53 PM
BasePriority : Normal
FileVersion : 1.9.1.762
ProductVersion : 1.9.1.762
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:19 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 952
ThreadCreationTime : 12-14-2006 7:11:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:20 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 1408
ThreadCreationTime : 12-14-2006 7:11:56 PM
BasePriority : Normal
FileVersion : 3.0.0.166
ProductVersion : 3.0.0.166
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:21 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1528
ThreadCreationTime : 12-14-2006 7:11:56 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:22 [sqlservr.exe]
FilePath : C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\
ProcessID : 1560
ThreadCreationTime : 12-14-2006 7:11:57 PM
BasePriority : Normal
FileVersion : 2000.080.0818.00
ProductVersion : 8.00.818
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © 1988-2003 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86

#:23 [sqlservr.exe]
FilePath : c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\
ProcessID : 1808
ThreadCreationTime : 12-14-2006 7:11:57 PM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86

#:24 [navapsvc.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ProcessID : 1828
ThreadCreationTime : 12-14-2006 7:11:57 PM
BasePriority : Normal
FileVersion : 12.2.0.13
ProductVersion : 12.2.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:25 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1884
ThreadCreationTime : 12-14-2006 7:11:58 PM
BasePriority : Normal
FileVersion : 6.14.10.8302
ProductVersion : 6.14.10.8302
ProductName : NVIDIA Driver Helper Service, Version 83.02
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 83.02
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:26 [regsrvc.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1980
ThreadCreationTime : 12-14-2006 7:11:58 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 1
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless Registry Service
CompanyName : Intel Corporation
FileDescription : Intel® PROSet/Wireless Registry Service
InternalName : RegSrvc
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : RegSrvc.EXE
Comments : Registry Interface for Intel Wireless Products

#:27 [sqlbrowser.exe]
FilePath : c:\Program Files\Microsoft SQL Server\90\Shared\
ProcessID : 2096
ThreadCreationTime : 12-14-2006 7:11:58 PM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Browser Service EXE
InternalName : SQLBROWSER
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLBROWSER.EXE
Comments : NT INTEL X86

#:28 [sqlwriter.exe]
FilePath : c:\Program Files\Microsoft SQL Server\90\Shared\
ProcessID : 2192
ThreadCreationTime : 12-14-2006 7:11:58 PM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server VSS Writer
InternalName : SQLWRITER
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLWRITER.EXE
Comments : NT INTEL X86

#:29 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2252
ThreadCreationTime : 12-14-2006 7:11:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:30 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2296
ThreadCreationTime : 12-14-2006 7:11:58 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:31 [vesmgr.exe]
FilePath : C:\Program Files\Sony\VAIO Event Service\
ProcessID : 2336
ThreadCreationTime : 12-14-2006 7:11:59 PM
BasePriority : Normal
FileVersion : 2.2.00.04040
ProductVersion : 2.2.00
ProductName : VAIO Event Service
CompanyName : Sony Corporation
FileDescription : VAIO Event Service (Service Module)
InternalName : VESMgr.exe
LegalCopyright : Copyright 2004,2005 Sony Corp.
OriginalFilename : VESMgr.exe

#:32 [vcsw.exe]
FilePath : C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\
ProcessID : 2360
ThreadCreationTime : 12-14-2006 7:11:59 PM
BasePriority : Normal

#:33 [ventc.exe]
FilePath : c:\program files\verizon wireless\venturi\Client\
ProcessID : 2392
ThreadCreationTime : 12-14-2006 7:11:59 PM
BasePriority : Normal
FileVersion : 3.1.4
ProductVersion : 3.1.4
ProductName : VentC
CompanyName : Venturi Wireless
FileDescription : VentC
InternalName : VentC
LegalCopyright : Copyright © Venturi Wireless. 1999 - 2004
OriginalFilename : VentC.exe

#:34 [vzcdbsvc.exe]
FilePath : C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\
ProcessID : 2496
ThreadCreationTime : 12-14-2006 7:12:01 PM
BasePriority : Normal

#:35 [wdservice.exe]
FilePath : C:\Program Files\NetDrive\
ProcessID : 2608
ThreadCreationTime : 12-14-2006 7:12:02 PM
BasePriority : Normal

#:36 [vzfw.exe]
FilePath : C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\
ProcessID : 2760
ThreadCreationTime : 12-14-2006 7:12:03 PM
BasePriority : Normal

#:37 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 3256
ThreadCreationTime : 12-14-2006 7:12:05 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:38 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3448
ThreadCreationTime : 12-14-2006 7:12:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:39 [apoint.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 3828
ThreadCreationTime : 12-14-2006 7:12:13 PM
BasePriority : Normal
FileVersion : 5.5.7.139
ProductVersion : 5.5.7.139
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2004 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:40 [zcfgsvc.exe]
FilePath : C:\Program Files\Intel\Wireless\bin\
ProcessID : 3916
ThreadCreationTime : 12-14-2006 7:12:14 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 41
ProductVersion : 10, 1, 0, 0
ProductName : ZeroCfgSvc Application
CompanyName : Intel Corporation
FileDescription : ZeroCfgSvc MFC Application
InternalName : ZeroCfgSvc
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : ZeroCfgSvc.EXE

#:41 [ifrmewrk.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 3936
ThreadCreationTime : 12-14-2006 7:12:14 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 17
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Intel Framework MFC Application
InternalName : Framework
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : iFramewrk.exe

#:42 [eouwiz.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 3968
ThreadCreationTime : 12-14-2006 7:12:14 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 14
ProductVersion : 10, 1, 0, 0
ProductName : Intel PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Ease Of Use Wizard Application
InternalName : EOUWiz
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : EOUWiz.EXE

#:43 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_09\bin\
ProcessID : 3980
ThreadCreationTime : 12-14-2006 7:12:14 PM
BasePriority : Normal

#:44 [spmgr.exe]
FilePath : C:\Program Files\Sony\VAIO Power Management\
ProcessID : 4004
ThreadCreationTime : 12-14-2006 7:12:14 PM
BasePriority : Normal
FileVersion : 1.8.00.12130
ProductVersion : 1.8.00
ProductName : VAIO Power Management
CompanyName : Sony Corporation
FileDescription : SPM Module
LegalCopyright : Copyright 2003-2006 Sony Corporation

#:45 [isbmgr.exe]
FilePath : C:\Program Files\Sony\ISB Utility\
ProcessID : 4024
ThreadCreationTime : 12-14-2006 7:12:15 PM
BasePriority : Normal

#:46 [vaioupdt.exe]
FilePath : C:\Program Files\Sony\VAIO Update 2\
ProcessID : 4032
ThreadCreationTime : 12-14-2006 7:12:15 PM
BasePriority : Normal

#:47 [menusw.exe]
FilePath : C:\Program Files\Protector Suite QL\
ProcessID : 4040
ThreadCreationTime : 12-14-2006 7:12:15 PM
BasePriority : Normal
FileVersion : 5.2.0.2564
ProductVersion : 5.2.0
ProductName : Protector Suite QL
CompanyName : UPEK Inc.
FileDescription : Biometrics User Switcher
InternalName : MENUSW
LegalCopyright : Copyright © 2001-2005 UPEK Inc.
LegalTrademarks : TouchChip, Protector Suite
OriginalFilename : menusw.exe

#:48 [switcher.exe]
FilePath : C:\Program Files\Sony\Wireless Switch Setting Utility\
ProcessID : 4092
ThreadCreationTime : 12-14-2006 7:12:16 PM
BasePriority : Normal
FileVersion : 3.1.0.01200
ProductVersion : 3.1
ProductName : Wireless Switch Setting Utility
CompanyName : Sony Corporation
FileDescription : Wireless Switch Setting Utility
InternalName : Wireless Switch Setting Utility
LegalCopyright : Copyright 2004-2005 Sony Corp.
OriginalFilename : Switcher.exe
Comments : Wireless Switch Setting Utility

#:49 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 252
ThreadCreationTime : 12-14-2006 7:12:18 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:50 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 264
ThreadCreationTime : 12-14-2006 7:12:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:51 [apntex.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 316
ThreadCreationTime : 12-14-2006 7:12:20 PM
BasePriority : Normal
FileVersion : 5.5.1.19
ProductVersion : 5.5.1.19
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2004 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:52 [vcuserve.exe]
FilePath : C:\Program Files\Sony\VAIO Camera Utility\
ProcessID : 340
ThreadCreationTime : 12-14-2006 7:12:20 PM
BasePriority : Normal

#:53 [hpgs2wnd.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\
ProcessID : 680
ThreadCreationTime : 12-14-2006 7:12:21 PM
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe

#:54 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 688
ThreadCreationTime : 12-14-2006 7:12:25 PM
BasePriority : Normal
FileVersion : 7.1.3
ProductVersion : QuickTime 7.1.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:55 [aolhostmanager.exe]
FilePath : C:\Program Files\Common Files\AOL\1139026753\ee\
ProcessID : 1500
ThreadCreationTime : 12-14-2006 7:12:25 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOLHostManager
InternalName : AOLHostManager
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLHostManager.exe

#:56 [hpgs2wnf.exe]
FilePath : C:\PROGRA~1\HEWLET~1\HPSHAR~1\
ProcessID : 2068
ThreadCreationTime : 12-14-2006 7:12:25 PM
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE

#:57 [aolservicehost.exe]
FilePath : C:\Program Files\Common Files\AOL\1139026753\ee\
ProcessID : 2308
ThreadCreationTime : 12-14-2006 7:12:25 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLServiceHost
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLServiceHost.exe

#:58 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1592
ThreadCreationTime : 12-14-2006 7:12:26 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:59 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2380
ThreadCreationTime : 12-14-2006 7:12:28 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:60 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 2888
ThreadCreationTime : 12-14-2006 7:12:31 PM
BasePriority : Normal

#:61 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\
ProcessID : 3056
ThreadCreationTime : 12-14-2006 7:12:33 PM
BasePriority : Normal
FileVersion : 1, 2, 908, 5008
ProductVersion : 1, 2, 908, 5008
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe

#:62 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3068
ThreadCreationTime : 12-14-2006 7:12:33 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:63 [dot1xcfg.exe]
FilePath : C:\PROGRA~1\Intel\Wireless\Bin\
ProcessID : 2860
ThreadCreationTime : 12-14-2006 7:12:39 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 79
ProductVersion : 10, 1, 0, 1
ProductName : Intel PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Intel 802.1x Server
InternalName : Dot1xCfg
LegalCopyright : Copyright © Intel Corporation 2005
OriginalFilename : Dot1xCfg.exe

#:64 [tosbtmng.exe]
FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
ProcessID : 3120
ThreadCreationTime : 12-14-2006 7:12:40 PM
BasePriority : Normal

#:65 [qbupdate.exe]
FilePath : C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\
ProcessID : 276
ThreadCreationTime : 12-14-2006 7:12:44 PM
BasePriority : Normal
FileVersion : 16.0 R8
ProductVersion : 16.0 R8
ProductName : QuickBooks Automatic Update
CompanyName : Intuit Inc.
FileDescription : QuickBooks Automatic Update
InternalName : QuickBooks Automatic Update
LegalCopyright : © 2005 Intuit Inc. All rights reserved.
OriginalFilename : QuickBooks Automatic Update.exe

#:66 [tmasy.exe]
FilePath : C:\Program Files\Trend Micro\Tmasy\
ProcessID : 3996
ThreadCreationTime : 12-14-2006 7:12:47 PM
BasePriority : Normal
FileVersion : 3,5,0,1041
ProductVersion : 3.50
ProductName : Trend Micro Anti-Spyware
CompanyName : Trend Micro Incorporated
FileDescription : Anti-Spyware Main Module
InternalName : Tmasy.exe
LegalCopyright : Copyright © 2003-2006 Trend Micro Incorporated. All rights reserved.
OriginalFilename : Tmasy.exe

#:67 [tosa2dp.exe]
FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
ProcessID : 652
ThreadCreationTime : 12-14-2006 7:12:49 PM
BasePriority : Normal

#:68 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 4104
ThreadCreationTime : 12-14-2006 7:12:50 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:69 [tosbthid.exe]
FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
ProcessID : 4152
ThreadCreationTime : 12-14-2006 7:12:53 PM
BasePriority : Normal
FileVersion : 4, 0, 804, 0
ProductVersion : 4, 0, 804, 0
ProductName : Bluetooth Stack for Windows by TOSHIBA
CompanyName : TOSHIBA CORPORATION.
LegalCopyright : Copyright © 2005 TOSHIBA CORPORATION, All rights reserved.
OriginalFilename : TosBtHid.exe

#:70 [tosbtbty.exe]
FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
ProcessID : 4168
ThreadCreationTime : 12-14-2006 7:12:53 PM
BasePriority : Normal
FileVersion : 4, 0, 902, 0
ProductVersion : 4, 0, 902, 0
ProductName : Bluetooth Stack for Windows by TOSHIBA
CompanyName : TOSHIBA CORPORATION.
LegalCopyright : Copyright © 2005 TOSHIBA CORPORATION, All rights reserved.
OriginalFilename : TosBtBty.exe

#:71 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 4196
ThreadCreationTime : 12-14-2006 7:12:55 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:72 [tosbthsp.exe]
FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
ProcessID : 4204
ThreadCreationTime : 12-14-2006 7:12:55 PM
BasePriority : Normal

#:73 [tosobex.exe]
FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
ProcessID : 4628
ThreadCreationTime : 12-14-2006 7:13:04 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : tosOBEX
CompanyName : TOSHIBA CORPORATION.
FileDescription : tosOBEX
InternalName : tosOBEX
LegalCopyright : Copyright © 2002-2004 TOSHIBA CORPORATION. All rights reserved.
OriginalFilename : tosOBEX.EXE

#:74 [tosbtproc.exe]
FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
ProcessID : 5064
ThreadCreationTime : 12-14-2006 7:13:14 PM
BasePriority : Normal
FileVersion : 1.02.11.US-ALL
ProductVersion : 1.02.11.0
ProductName : TOSHIBA CORPORATION
CompanyName : TOSHIBA CORPORATION.
FileDescription : TosBtProc
InternalName : TosBtProc
LegalCopyright : Copyright 2002-2005 TOSHIBA CORPORATION All rights reserved
OriginalFilename : TosBtProc.exe

#:75 [nscsrvce.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Console\
ProcessID : 5404
ThreadCreationTime : 12-14-2006 7:13:43 PM
BasePriority : Normal
FileVersion : 2006.1.5.17
ProductVersion : 2006.1.5
ProductName : Norton Security Console
CompanyName : Symantec Corporation
FileDescription : Norton Security Console Norton Protection Center Service
InternalName : NSCService
LegalCopyright : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NSCSrvce.exe

#:76 [wmiapsrv.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 5636
ThreadCreationTime : 12-14-2006 7:14:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI Performance Adapter Service
InternalName : WmiApSrv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WmiApSrv.exe

#:77 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 5896
ThreadCreationTime : 12-14-2006 7:14:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0031353.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{87B25966-01BA-49CA-A481-399172E7D99C}\RP171\

<STOP>

CG95Casper

Dec 15 2006, 12:55 AM

Original topic: http://www.lavasoftsupport.com/index.php?showtopic=5315

Ok, decided to download and run "HighjackThis". Following is my scan log.

Please help, what is my next step?

=============================================================================
Logfile of HijackThis v1.99.1
Scan saved at 3:44:12 PM, on 12/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1139026753\ee\AOLHostManager.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\AOL\1139026753\ee\AOLServiceHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://support.eclasses.org/staff
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://pasadena.com"); (C:\Documents and Settings\Claudia Garcia\Application Data\Mozilla\Profiles\default\5z3zkbjn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Claudia Garcia\Application Data\Mozilla\Profiles\default\5z3zkbjn.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139026753\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Logoff - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: interact.eclasses.org
O15 - Trusted Zone: interact.hwg.org
O15 - Trusted Zone: www.membercenter.org
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c6/v15.587/qboax9.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\fusstub.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

CG95Casper

Dec 15 2006, 12:58 AM

Here are my HighjackThis log file:
http://www.lavasoftsupport.com/index.php?showtopic=5377

HJThis

Dec 15 2006, 12:18 PM

Hello,CG95Casper & Welcome

Goto ControlPanel Add/Remove Programs have a look see if this item
here is there if so Uninstall/Remove it.
Video ActiveX Object

Next

Click here to download SmitfraudFix (by S!Ri). Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
( Do not run it Yet )

Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.

Reboot into Safe Mode. You can get there by restarting your computer and continually tapping F8 until a menu appears. Use your arrow to highlight Safe Mode then hit enter.

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.

Please post the newrapport.txt log along with a new HijackThis Log in your next reply.

Gogo

HJThis

Dec 15 2006, 12:34 PM

Hello,Claudia & Welcome

Alright alright

go have a look at what i posted for you in the HijackThis forums
and best of luck.

puede ser un gran día para ti y ése esto está de una cierta ayuda a ti.

Gogo

CG95Casper

Dec 15 2006, 09:21 PM

Gracias, Gracias, finalmente tengo ayuda.........

Ok....here it goes,

1. i did not haveVideo ActiveX Object
2. ran the smitfraudfix but the system did not mention anything about wininet.dll
3. following are the 2 requested logs:

The next step is....

HJThis

Dec 15 2006, 10:14 PM

Hi,CG95Casper

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

Gogo

CG95Casper

Dec 15 2006, 10:26 PM

Here's the log!

Claudia Garcia - 06-12-15 13:24:25.95 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Claudia Garcia\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\bszip.dll

((((((((((((((((((((((((((((((( Files Created from 2006-11-15 to 2006-12-15 ))))))))))))))))))))))))))))))))))

2006-12-15 13:23 <DIR> d-------- C:\WINDOWS\LastGood
2006-12-15 11:53 4,864 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-15 11:52 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-15 11:52 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-15 11:52 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-15 11:52 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-15 11:52 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-15 11:52 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-14 15:44 <DIR> d-------- C:\Program Files\HighjackThis
2006-12-08 14:14 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-12-07 15:04 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2006-12-07 12:08 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-07 12:08 <DIR> d-------- C:\Documents and Settings\Claudia Garcia\Application Data\Lavasoft
2006-11-20 10:47 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-20 10:47 <DIR> d-------- C:\f04518ef5df2ffc038
2006-11-20 10:46 <DIR> d-------- C:\3fd2313c83c809a59e27bb33a49bf3e3

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-15 13:23 -------- d-------- C:\Documents and Settings\Claudia Garcia\Application Data\Skype
2006-12-15 12:16 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-12 13:02 -------- d-------- C:\Program Files\Norton Internet Security
2006-12-08 14:14 -------- d-------- C:\Program Files\Trend Micro
2006-12-06 17:15 -------- d---s---- C:\Documents and Settings\Claudia Garcia\Application Data\Microsoft
2006-12-01 16:17 -------- d-------- C:\Documents and Settings\Claudia Garcia\Application Data\AdobeUM
2006-12-01 10:35 -------- d-------- C:\Program Files\Java
2006-11-20 15:34 -------- d-------- C:\Documents and Settings\Claudia Garcia\Application Data\Google
2006-11-20 10:46 -------- d-------- C:\Program Files\Internet Explorer
2006-11-07 13:00 -------- d-------- C:\Program Files\WS_FTP
2006-11-07 10:33 -------- d-------- C:\Program Files\iTunes
2006-11-07 10:33 -------- d-------- C:\Program Files\iPod
2006-11-07 10:31 -------- d-------- C:\Program Files\QuickTime
2006-11-04 20:25 1321744 --a------ C:\WINDOWS\system32\msxml6.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 13:30 74120 --a------ C:\Documents and Settings\Claudia Garcia\Application Data\GDIPFONTCACHEV1.DAT
2006-10-23 15:58 -------- d-------- C:\Program Files\Microsoft SQL Server
2006-10-23 15:55 -------- d-------- C:\Program Files\Microsoft.NET
2006-10-23 15:51 -------- d-------- C:\Program Files\Microsoft Visual Studio 8
2006-10-23 09:58 -------- d-------- C:\Program Files\Apple Software Update
2006-10-17 15:09 -------- d-------- C:\Program Files\Google
2006-10-13 04:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 04:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"EOUApp"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"SonyPowerCfg"="C:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"
"ISBMgr.exe"="C:\\Program Files\\Sony\\ISB Utility\\ISBMgr.exe"
"VAIO Update 2"="\"C:\\Program Files\\Sony\\VAIO Update 2\\VAIOUpdt.exe\" /Stationary"
"Biomenu"="\"C:\\Program Files\\Protector Suite QL\\menusw.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1139026753\\ee\\AOLHostManager.exe"
@=""
"Switcher.exe"="C:\\Program Files\\Sony\\Wireless Switch Setting Utility\\Switcher.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"VAIOCameraUtility"="\"C:\\Program Files\\Sony\\VAIO Camera Utility\\VCUServe.exe\""
"VAIO Recovery"="C:\\WINDOWS\\Sonysys\\VAIO Recovery\\PartSeal.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"="Trend Micro Anti-Spyware Shell Extension"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Claudia Garcia.job

Completion time: 06-12-15 13:25:56.51
C:\ComboFix.txt ... 06-12-15 13:25

HJThis

Dec 15 2006, 11:04 PM

Hi,CG95Casper

First may i ask that you don't attach the files makes it hard for me to see.

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labeled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis logfile

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. –

Post the (C:\NoLop.log) and a new HijackThis logfile

Gogo

CG95Casper

Dec 18 2006, 09:46 PM

ok, no infections found

, but here is the NoLoop log:

p.s. will run a hijackthis now!
--------------------------------------------------------------------------------------------------

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Claudia Garcia\Desktop
[12/18/2006]
[12:28:33 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Google
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Intel
C:\Documents and Settings\Administrator\Application Data\Intuit
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Sony Corporation
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Aol
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Intel
C:\Documents and Settings\All Users\Application Data\Intuit
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Help
C:\Documents and Settings\All Users\Application Data\Nvidia
C:\Documents and Settings\All Users\Application Data\Roboform
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Skype -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Sony Corporation
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Vaio Media Platform -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Blue-earth\Application Data\Google
C:\Documents and Settings\Blue-earth\Application Data\Identities
C:\Documents and Settings\Blue-earth\Application Data\Intel
C:\Documents and Settings\Blue-earth\Application Data\Intuit
C:\Documents and Settings\Blue-earth\Application Data\Microsoft
C:\Documents and Settings\Blue-earth\Application Data\Protector Suite -- EMPTY Directory
C:\Documents and Settings\Blue-earth\Application Data\Sony Corporation
C:\Documents and Settings\Blue-earth\Application Data\Symantec
C:\Documents and Settings\Claudia Garcia\Application Data\Adobe
C:\Documents and Settings\Claudia Garcia\Application Data\Adobeum
C:\Documents and Settings\Claudia Garcia\Application Data\Apple Computer
C:\Documents and Settings\Claudia Garcia\Application Data\Google
C:\Documents and Settings\Claudia Garcia\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Claudia Garcia\Application Data\Identities
C:\Documents and Settings\Claudia Garcia\Application Data\Intel
C:\Documents and Settings\Claudia Garcia\Application Data\Intervideo
C:\Documents and Settings\Claudia Garcia\Application Data\Intuit
C:\Documents and Settings\Claudia Garcia\Application Data\Lavasoft
C:\Documents and Settings\Claudia Garcia\Application Data\Leadertech
C:\Documents and Settings\Claudia Garcia\Application Data\Liveresponse -- EMPTY Directory
C:\Documents and Settings\Claudia Garcia\Application Data\Macromedia
C:\Documents and Settings\Claudia Garcia\Application Data\Microsoft
C:\Documents and Settings\Claudia Garcia\Application Data\Mozilla
C:\Documents and Settings\Claudia Garcia\Application Data\Netscape
C:\Documents and Settings\Claudia Garcia\Application Data\Openoffice.org2
C:\Documents and Settings\Claudia Garcia\Application Data\Protector Suite -- EMPTY Directory
C:\Documents and Settings\Claudia Garcia\Application Data\Share-to-web Upload Folder -- EMPTY Directory
C:\Documents and Settings\Claudia Garcia\Application Data\Skype
C:\Documents and Settings\Claudia Garcia\Application Data\Smith Micro
C:\Documents and Settings\Claudia Garcia\Application Data\Snapfish
C:\Documents and Settings\Claudia Garcia\Application Data\Sonic
C:\Documents and Settings\Claudia Garcia\Application Data\Sony Corporation
C:\Documents and Settings\Claudia Garcia\Application Data\Sun
C:\Documents and Settings\Claudia Garcia\Application Data\Symantec
C:\Documents and Settings\Claudia Garcia\Application Data\Talkback
C:\Documents and Settings\Claudia Garcia\Application Data\Thunderbird
C:\Documents and Settings\Default User\Application Data\Google
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Intel
C:\Documents and Settings\Default User\Application Data\Intuit
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sony Corporation
C:\Documents and Settings\Guest\Application Data\Google
C:\Documents and Settings\Guest\Application Data\Identities
C:\Documents and Settings\Guest\Application Data\Intel
C:\Documents and Settings\Guest\Application Data\Intuit
C:\Documents and Settings\Guest\Application Data\Microsoft
C:\Documents and Settings\Guest\Application Data\Mozilla
C:\Documents and Settings\Guest\Application Data\Protector Suite -- EMPTY Directory
C:\Documents and Settings\Guest\Application Data\Share-to-web Upload Folder -- EMPTY Directory
C:\Documents and Settings\Guest\Application Data\Sony Corporation
C:\Documents and Settings\Guest\Application Data\Symantec
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Richard\Application Data\Google
C:\Documents and Settings\Richard\Application Data\Identities
C:\Documents and Settings\Richard\Application Data\Intel
C:\Documents and Settings\Richard\Application Data\Intuit
C:\Documents and Settings\Richard\Application Data\Microsoft
C:\Documents and Settings\Richard\Application Data\Protector Suite -- EMPTY Directory
C:\Documents and Settings\Richard\Application Data\Sony Corporation
C:\Documents and Settings\Richard\Application Data\Symantec

CG95Casper

Dec 18 2006, 09:49 PM

First, sorry for taking so long to do the NoLoop scan, did not have time over the weekend!.

Ok, here is the HiJackThis log:

Next step?

-------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:49:50 PM, on 12/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\AOL\1139026753\ee\AOLHostManager.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1139026753\ee\AOLServiceHost.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HighjackThis\HijackThis.exe

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://pasadena.com"); (C:\Documents and Settings\Claudia Garcia\Application Data\Mozilla\Profiles\default\5z3zkbjn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Claudia Garcia\Application Data\Mozilla\Profiles\default\5z3zkbjn.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139026753\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Logoff - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: interact.eclasses.org
O15 - Trusted Zone: interact.hwg.org
O15 - Trusted Zone: www.membercenter.org
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c6/v15.587/qboax9.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\fusstub.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

HJThis

Dec 19 2006, 12:01 AM

Hi,CG95Casper

Sorry for the late reply here let's try something here.

first run HijackThis and place a check mark in the box next
to this item here.
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\fusstub.dll

then click fix checked and close out of HijackThis and did you try
running a full system scan in Safe Mode.

anyways do this also

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: Click to view attachment
If so, click it and then click the next icon right below and select Move incurable as you'll see in
next
image: Click to view attachment

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously, along with a new HijackThis log in your next reply.

Gogo

CG95Casper

Dec 19 2006, 12:18 AM

no did not run a full scan mode in safe mode.

Should I do it? if so, when (step order..)

HJThis

Dec 19 2006, 10:17 AM

Hi,CG95Casper

Yes but make sure to update Ad-Aware first then run a scan
in Safe Mode see if it happens again.then run the other tool
i had you download.

Gogo

CG95Casper

Dec 20 2006, 12:53 AM

ok....

1. Fixed the requested item in HijackThis
2. Ran a full scan i(AdWare) n safe mode but did not work.
3. Ran the Dr. Web scan and some files showed up and the system stated they were deleted.
(note: I ran this towards the end of the day at work, and let it finish over night. When I showed up for work the next day my laptop had re-stared...so I don't know exactly what happened so I did another scan.
4. My next reply will have an updated HijackThis log.

-----------------------------------------------------------------------------------------------------------------------------
Process.exe;C:\Documents and Settings\Claudia Garcia\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Claudia Garcia\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;

CG95Casper

Dec 20 2006, 12:56 AM

Logfile of HijackThis v1.99.1
Scan saved at 3:57:12 PM, on 12/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\AOL\1139026753\ee\AOLHostManager.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1139026753\ee\AOLServiceHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HighjackThis\HijackThis.exe

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://pasadena.com"); (C:\Documents and Settings\Claudia Garcia\Application Data\Mozilla\Profiles\default\5z3zkbjn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Claudia Garcia\Application Data\Mozilla\Profiles\default\5z3zkbjn.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139026753\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Logoff - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: interact.eclasses.org
O15 - Trusted Zone: interact.hwg.org
O15 - Trusted Zone: www.membercenter.org
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c6/v15.587/qboax9.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

------------------------------------------------------------------------------------------------------------------------

Next Step....?

HJThis

Dec 20 2006, 02:23 PM

Hi,CG95Casper

Ok just to make sure we are both on the same page here the only
problem your having right now is not being able to run Ad-Aware
and do a full system scan.is this about it??

may i ask when did you install Ad-Aware or is this a new install

Gogo

CG95Casper

Dec 20 2006, 07:34 PM

ok....

The problem started with a bunch of pop ups that i did not like, and everytime I used IE it directed me to some site about downloading software for virus removal. I couldn't change the home page settings or go any other site. I started getting alert message that did not sound right.

Figured I had some spy ware and so I downloaded the latest Ad-Ware on my laptop. I tried running a full scan but it would freeze in the same area (C:\\WINDOWS\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT) still gets stuck here!!

So I ran my NIS 2006 but it came out clean, I knew something was wrong as the laptop was "acting" weird.

So I tried running Ad-Ware overnight thinking the scan needed some time to do its job, but to no avail. So I tried running a smart scan and that is when I realized that I had a trojan and a lot of malware. I tried deleting the some files but some are still there! (I think) I did some surfing on my other computer and saw that I could get help here in the forums. So now Im here following directions.

I connect to the internet only when I need to download/upload. I try to stay away from connecting to the internet while the problem(s) is fixed.

I don't get any pop ups or alert messages any more but don't if its because of the limited internet connection. I can also change the homepage settings for IE. I use firefox as a preference!

So as soon as you can tell me the problem(s) has been fixed I will try to avoid posting an issue in this forums!

HJThis

Dec 20 2006, 07:57 PM

Hi,CG95Casper

Ok from what i have found and seen it's not a bad file so im thinking
maybe run a smart scan see if you get to the File/Folder and add it to the
ignore list. then see if we can run a Full system scan.

well it's not fixed to you say all is good

Gogo

CG95Casper

Dec 20 2006, 08:57 PM

Ok, to be sure I made sure I had the latest definitions and then performed a smart scan.

here is the log:

"Anything interesting?"

-----------------------------------------------------------------------------------------------------------

Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, December 20, 2006 11:55:01 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R140 18.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):18 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

12-20-2006 11:55:01 AM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 920
ThreadCreationTime : 12-20-2006 6:13:26 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 968
ThreadCreationTime : 12-20-2006 6:13:29 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1000
ThreadCreationTime : 12-20-2006 6:13:34 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1044
ThreadCreationTime : 12-20-2006 6:13:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1056
ThreadCreationTime : 12-20-2006 6:13:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1244
ThreadCreationTime : 12-20-2006 6:13:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1312
ThreadCreationTime : 12-20-2006 6:13:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1364
ThreadCreationTime : 12-20-2006 6:13:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [evteng.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1424
ThreadCreationTime : 12-20-2006 6:13:37 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 1
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless Event Log
CompanyName : Intel Corporation
FileDescription : Intel® PROSet/Wireless Event Log
InternalName : EvtEng
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : EvtEng.EXE

#:10 [s24evmon.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1456
ThreadCreationTime : 12-20-2006 6:13:37 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 33
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless Service
CompanyName : Intel Corporation
FileDescription : Wireless Management Service
InternalName : S24EvMon
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : S24EvMon.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1500
ThreadCreationTime : 12-20-2006 6:13:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1648
ThreadCreationTime : 12-20-2006 6:13:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1884
ThreadCreationTime : 12-20-2006 6:13:39 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:14 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1924
ThreadCreationTime : 12-20-2006 6:13:40 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:15 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 220
ThreadCreationTime : 12-20-2006 6:13:41 PM
BasePriority : Normal
FileVersion : 104.0.11.1
ProductVersion : 104.0.11.1
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:16 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 288
ThreadCreationTime : 12-20-2006 6:13:41 PM
BasePriority : Normal
FileVersion : 6.0.4.402
ProductVersion : 6.0
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002 - 2006 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:17 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 336
ThreadCreationTime : 12-20-2006 6:13:41 PM
BasePriority : Normal
FileVersion : 2.1.0.4
ProductVersion : 2.1.0.4
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004, 2005 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:18 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 396
ThreadCreationTime : 12-20-2006 6:13:41 PM
BasePriority : Normal
FileVersion : 1.9.1.762
ProductVersion : 1.9.1.762
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:19 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 892
ThreadCreationTime : 12-20-2006 6:13:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:20 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 1196
ThreadCreationTime : 12-20-2006 6:13:45 PM
BasePriority : Normal
FileVersion : 3.0.0.166
ProductVersion : 3.0.0.166
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:21 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1388
ThreadCreationTime : 12-20-2006 6:13:45 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:22 [sqlservr.exe]
FilePath : C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\
ProcessID : 1516
ThreadCreationTime : 12-20-2006 6:13:45 PM
BasePriority : Normal
FileVersion : 2000.080.0818.00
ProductVersion : 8.00.818
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © 1988-2003 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86

#:23 [sqlservr.exe]
FilePath : c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\
ProcessID : 1736
ThreadCreationTime : 12-20-2006 6:13:45 PM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86

#:24 [navapsvc.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ProcessID : 1756
ThreadCreationTime : 12-20-2006 6:13:45 PM
BasePriority : Normal
FileVersion : 12.2.0.13
ProductVersion : 12.2.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:25 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1816
ThreadCreationTime : 12-20-2006 6:13:46 PM
BasePriority : Normal
FileVersion : 6.14.10.8302
ProductVersion : 6.14.10.8302
ProductName : NVIDIA Driver Helper Service, Version 83.02
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 83.02
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:26 [regsrvc.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1836
ThreadCreationTime : 12-20-2006 6:13:46 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 1
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless Registry Service
CompanyName : Intel Corporation
FileDescription : Intel® PROSet/Wireless Registry Service
InternalName : RegSrvc
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : RegSrvc.EXE
Comments : Registry Interface for Intel Wireless Products

#:27 [sqlbrowser.exe]
FilePath : c:\Program Files\Microsoft SQL Server\90\Shared\
ProcessID : 2060
ThreadCreationTime : 12-20-2006 6:13:46 PM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Browser Service EXE
InternalName : SQLBROWSER
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLBROWSER.EXE
Comments : NT INTEL X86

#:28 [sqlwriter.exe]
FilePath : c:\Program Files\Microsoft SQL Server\90\Shared\
ProcessID : 2176
ThreadCreationTime : 12-20-2006 6:13:47 PM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server VSS Writer
InternalName : SQLWRITER
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLWRITER.EXE
Comments : NT INTEL X86

#:29 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2196
ThreadCreationTime : 12-20-2006 6:13:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:30 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2232
ThreadCreationTime : 12-20-2006 6:13:47 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:31 [vesmgr.exe]
FilePath : C:\Program Files\Sony\VAIO Event Service\
ProcessID : 2276
ThreadCreationTime : 12-20-2006 6:13:47 PM
BasePriority : Normal
FileVersion : 2.2.00.04040
ProductVersion : 2.2.00
ProductName : VAIO Event Service
CompanyName : Sony Corporation
FileDescription : VAIO Event Service (Service Module)
InternalName : VESMgr.exe
LegalCopyright : Copyright 2004,2005 Sony Corp.
OriginalFilename : VESMgr.exe

#:32 [vcsw.exe]
FilePath : C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\
ProcessID : 2300
ThreadCreationTime : 12-20-2006 6:13:47 PM
BasePriority : Normal

#:33 [ventc.exe]
FilePath : c:\program files\verizon wireless\venturi\Client\
ProcessID : 2328
ThreadCreationTime : 12-20-2006 6:13:47 PM
BasePriority : Normal
FileVersion : 3.1.4
ProductVersion : 3.1.4
ProductName : VentC
CompanyName : Venturi Wireless
FileDescription : VentC
InternalName : VentC
LegalCopyright : Copyright © Venturi Wireless. 1999 - 2004
OriginalFilename : VentC.exe

#:34 [vzcdbsvc.exe]
FilePath : C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\
ProcessID : 2408
ThreadCreationTime : 12-20-2006 6:13:48 PM
BasePriority : Normal

#:35 [wdservice.exe]
FilePath : C:\Program Files\NetDrive\
ProcessID : 2520
ThreadCreationTime : 12-20-2006 6:13:49 PM
BasePriority : Normal

#:36 [vzfw.exe]
FilePath : C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\
ProcessID : 2644
ThreadCreationTime : 12-20-2006 6:13:49 PM
BasePriority : Normal

#:37 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2992
ThreadCreationTime : 12-20-2006 6:13:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:38 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 3580
ThreadCreationTime : 12-20-2006 6:14:02 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:39 [apoint.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 3824
ThreadCreationTime : 12-20-2006 6:14:04 PM
BasePriority : Normal
FileVersion : 5.5.7.139
ProductVersion : 5.5.7.139
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2004 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:40 [zcfgsvc.exe]
FilePath : C:\Program Files\Intel\Wireless\bin\
ProcessID : 3856
ThreadCreationTime : 12-20-2006 6:14:04 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 41
ProductVersion : 10, 1, 0, 0
ProductName : ZeroCfgSvc Application
CompanyName : Intel Corporation
FileDescription : ZeroCfgSvc MFC Application
InternalName : ZeroCfgSvc
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : ZeroCfgSvc.EXE

#:41 [ifrmewrk.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 3916
ThreadCreationTime : 12-20-2006 6:14:04 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 17
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Intel Framework MFC Application
InternalName : Framework
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : iFramewrk.exe

#:42 [eouwiz.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 3940
ThreadCreationTime : 12-20-2006 6:14:04 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 14
ProductVersion : 10, 1, 0, 0
ProductName : Intel PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Ease Of Use Wizard Application
InternalName : EOUWiz
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : EOUWiz.EXE

#:43 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_09\bin\
ProcessID : 3948
ThreadCreationTime : 12-20-2006 6:14:04 PM
BasePriority : Normal

#:44 [spmgr.exe]
FilePath : C:\Program Files\Sony\VAIO Power Management\
ProcessID : 3960
ThreadCreationTime : 12-20-2006 6:14:05 PM
BasePriority : Normal
FileVersion : 1.8.00.12130
ProductVersion : 1.8.00
ProductName : VAIO Power Management
CompanyName : Sony Corporation
FileDescription : SPM Module
LegalCopyright : Copyright 2003-2006 Sony Corporation

#:45 [isbmgr.exe]
FilePath : C:\Program Files\Sony\ISB Utility\
ProcessID : 4056
ThreadCreationTime : 12-20-2006 6:14:05 PM
BasePriority : Normal

#:46 [vaioupdt.exe]
FilePath : C:\Program Files\Sony\VAIO Update 2\
ProcessID : 4080
ThreadCreationTime : 12-20-2006 6:14:06 PM
BasePriority : Normal

#:47 [apntex.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 780
ThreadCreationTime : 12-20-2006 6:14:09 PM
BasePriority : Normal
FileVersion : 5.5.1.19
ProductVersion : 5.5.1.19
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2004 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:48 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 784
ThreadCreationTime : 12-20-2006 6:14:10 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:49 [vcuserve.exe]
FilePath : C:\Program Files\Sony\VAIO Camera Utility\
ProcessID : 2376
ThreadCreationTime : 12-20-2006 6:14:13 PM
BasePriority : Normal

#:50 [aolhostmanager.exe]
FilePath : C:\Program Files\Common Files\AOL\1139026753\ee\
ProcessID : 2936
ThreadCreationTime : 12-20-2006 6:14:15 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOLHostManager
InternalName : AOLHostManager
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLHostManager.exe

#:51 [hpgs2wnd.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\
ProcessID : 3148
ThreadCreationTime : 12-20-2006 6:14:16 PM
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe

#:52 [aolservicehost.exe]
FilePath : C:\Program Files\Common Files\AOL\1139026753\ee\
ProcessID : 3180
ThreadCreationTime : 12-20-2006 6:14:16 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLServiceHost
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLServiceHost.exe

#:53 [hpgs2wnf.exe]
FilePath : C:\PROGRA~1\HEWLET~1\HPSHAR~1\
ProcessID : 1668
ThreadCreationTime : 12-20-2006 6:14:17 PM
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE

#:54 [dot1xcfg.exe]
FilePath : C:\PROGRA~1\Intel\Wireless\Bin\
ProcessID : 3932
ThreadCreationTime : 12-20-2006 6:14:20 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 79
ProductVersion : 10, 1, 0, 1
ProductName : Intel PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Intel 802.1x Server
InternalName : Dot1xCfg
LegalCopyright : Copyright © Intel Corporation 2005
OriginalFilename : Dot1xCfg.exe

#:55 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 3864
ThreadCreationTime : 12-20-2006 6:14:20 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:56 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\
ProcessID : 2708
ThreadCreationTime : 12-20-2006 6:14:23 PM
BasePriority : Normal
FileVersion : 1, 2, 908, 5008
ProductVersion : 1, 2, 908, 5008
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe

#:57 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2720
ThreadCreationTime : 12-20-2006 6:14:23 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:58 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2880
ThreadCreationTime : 12-20-2006 6:14:26 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:59 [qbupdate.exe]
FilePath : C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\
ProcessID : 3320
ThreadCreationTime : 12-20-2006 6:14:32 PM
BasePriority : Normal
FileVersion : 16.0 R8
ProductVersion : 16.0 R8
ProductName : QuickBooks Automatic Update
CompanyName : Intuit Inc.
FileDescription : QuickBooks Automatic Update
InternalName : QuickBooks Automatic Update
LegalCopyright : © 2005 Intuit Inc. All rights reserved.
OriginalFilename : QuickBooks Automatic Update.exe

#:60 [tmasy.exe]
FilePath : C:\Program Files\Trend Micro\Tmasy\
ProcessID : 3376
ThreadCreationTime : 12-20-2006 6:14:36 PM
BasePriority : Normal
FileVersion : 3,5,0,1041
ProductVersion : 3.50
ProductName : Trend Micro Anti-Spyware
CompanyName : Trend Micro Incorporated
FileDescription : Anti-Spyware Main Module
InternalName : Tmasy.exe
LegalCopyright : Copyright © 2003-2006 Trend Micro Incorporated. All rights reserved.
OriginalFilename : Tmasy.exe

#:61 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 4336
ThreadCreationTime : 12-20-2006 6:15:19 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:62 [nscsrvce.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Console\
ProcessID : 5016
ThreadCreationTime : 12-20-2006 6:15:28 PM
BasePriority : Normal
FileVersion : 2006.1.5.17
ProductVersion : 2006.1.5
ProductName : Norton Security Console
CompanyName : Symantec Corporation
FileDescription : Norton Security Console Norton Protection Center Service
InternalName : NSCService
LegalCopyright : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NSCSrvce.exe

#:63 [wmiapsrv.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 4572
ThreadCreationTime : 12-20-2006 6:16:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI Performance Adapter Service
InternalName : WmiApSrv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WmiApSrv.exe

#:64 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 4960
ThreadCreationTime : 12-20-2006 6:17:05 PM
BasePriority : Normal

#:65 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 5080
ThreadCreationTime : 12-20-2006 7:54:39 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia garcia@msnportal.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:claudia garcia@msnportal.112.2o7.net/
Expires : 12-19-2011 10:35:08 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia garcia@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:claudia garcia@atdmt.com/
Expires : 12-18-2011 4:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2

Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

Disk Scan Result for C:\DOCUME~1\CLAUDI~1\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 2

MRU List Object Recognized!
Location: : C:\Documents and Settings\Claudia Garcia\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\Claudia Garcia\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20

11:57:30 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:29.531
Objects scanned:103249
Objects identified:2
Objects ignored:0
New critical objects:2

HJThis

Dec 20 2006, 11:21 PM

Hey,CG95Casper

All i see are some cookies and that's it now is there
some way to add that folder to the ignore list then
run a full system scan. ?

Gogo

CG95Casper

Dec 20 2006, 11:40 PM

I couldn't add the file to the ignore list. So now I am running a full system scan. Lets see what the outcome is!

CG95Casper

Dec 21 2006, 02:01 AM

Nope, still getting stuck in the same area!!

HJThis

Dec 21 2006, 03:16 PM

Hi,CG95Casper

Hmm ok i am going to have one of the Ad-Aware pros have a look here
it maybe im missing something here. so i will check back on you
if i forgot give me a HEY what's up with this.

Gogo

CG95Casper

Dec 22 2006, 08:42 PM

hi......any updates!

HJThis

Dec 22 2006, 09:42 PM

Hi,CG95Casper

Yes i sent this to the Admins of the forum but please give
them sometime right now they are doing about a 1000 things
all at once.

Gogo

CG95Casper

Dec 22 2006, 10:03 PM

................Ok

!

BTW.............Happy Holidays

HJThis

Dec 22 2006, 10:12 PM

Hi,CG95Casper

And the same to you and family have a safe one

now please like i said above they have a tons to do
so give them sometime here. get to you as soon as
they can.

Gogo

LS CalamityJane

Dec 23 2006, 12:45 AM

Ok, I'm about to review all that's been covered here but first I want to merge the two topics so it's all in one place.

I'll come back with a reply after reviewing the logs

LS CalamityJane

Dec 23 2006, 01:00 AM

Ok, I know this one.

It's got a rootkit that is going to need some special treatment to get rid of. That is one reason Ad-Aware wont run.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the forum please.

LS CalamityJane

Dec 23 2006, 01:40 AM

We also need to restore an item from backups because fusstub.dll is a legitimate process that belongs to
Protective Suite Software
http://www.upek.com/products/protector.asp

If you have that program installed, please open HijackThis and instead of scan choose *Open Misc Tools Section*

Choose the *Backups* tab at the top

Find this item in the list and highlight it:

O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\fusstub.dll

Then press the *restore* button.

Close HijackThis, scan to produce a log and post the new log back here.

CG95Casper

Dec 27 2006, 01:38 AM

Hi CalamityJane,

Thanks for your assistance...............

Ok, here is the report.txt

********************************************************************************
************

Fixwareout
Last edited 12/06/2006
Post this report in the forums please
...
Prerun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

...
...
Reg Entries that were deleted
...

Random Runs removed from HKLM
...
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.
...
Postrun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""

...

CG95Casper

Dec 27 2006, 01:40 AM

here is the latest HighjakThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:42:36 PM, on 12/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\AOL\1139026753\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1139026753\ee\AOLServiceHost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\SpywareBot\SpywareBot.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\SpywareBot\Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HighjackThis\HijackThis.exe

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://pasadena.com"); (C:\Documents and Settings\Claudia Garcia\Application Data\Mozilla\Profiles\default\5z3zkbjn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Claudia Garcia\Application Data\Mozilla\Profiles\default\5z3zkbjn.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139026753\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Logoff - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: interact.eclasses.org
O15 - Trusted Zone: interact.hwg.org
O15 - Trusted Zone: www.membercenter.org
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c6/v15.587/qboax9.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\fusstub.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

LS CalamityJane

Dec 27 2006, 05:59 PM

020 tem restored from backups, good

No signs of previously detected malware, good

and the FixWareout log doesn't show any signs of that.

However, you have now picked up something new:

O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot

SpywareBot - That is a rogue antispyware program, not to be confused with the legitimate Spybot program. If you did not install this yourself, remove it via Add/Remove programs in the control panel and use HijackThis to *fix* the entry in the startups:

O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot

Ad-aware has a new definitions update today. Update your program try a full system scan and let me know what problems remain?

If you are still having problems, let's try this.

Rename the HijackThis exe file in case there is a hiding Vundo variant

Go to this file:
C:\Program Files\HighjackThis\HijackThis.exe - rightclick on the file and choose *rename* from the menu that pops up. Rename the file to: HJT.exe

Close that out. Then doubleclick on the newly renamed HJT.exe to run a scan and produce a fresh HijackThis log. Post that log back here please.

CG95Casper

Dec 27 2006, 09:55 PM

1. I downloaded the software but went ahead and removed it.
2. Ran HighjakThis and the requested deleted item was not on the list:
3. Will now download the latest definitions attempt a full scan and the an updated HighjakThis.

Here is the 1st log of the day:

Logfile of HijackThis v1.99.1
Scan saved at 3:57:12 PM, on 12/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\AOL\1139026753\ee\AOLHostManager.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1139026753\ee\AOLServiceHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HighjackThis\HijackThis.exe

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://pasadena.com"); (C:\Documents and Settings\Claudia Garcia\Application Data\Mozilla\Profiles\default\5z3zkbjn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Claudia Garcia\Application Data\Mozilla\Profiles\default\5z3zkbjn.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139026753\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Logoff - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: interact.eclasses.org
O15 - Trusted Zone: interact.hwg.org
O15 - Trusted Zone: www.membercenter.org
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c6/v15.587/qboax9.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

CG95Casper

Dec 27 2006, 10:37 PM

Im still getting stuck in the same area!

I changed the name of the .exe file as suggested, here's the updated log file:

Logfile of HijackThis v1.99.1
Scan saved at 1:40:50 PM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1139026753\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1139026753\ee\AOLServiceHost.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HighjackThis\HJT.exe

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://pasadena.com"); (C:\Documents and Settings\Claudia Garcia\Application Data\Mozilla\Profiles\default\5z3zkbjn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Claudia Garcia\Application Data\Mozilla\Profiles\default\5z3zkbjn.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139026753\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Logoff - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: interact.eclasses.org
O15 - Trusted Zone: interact.hwg.org
O15 - Trusted Zone: www.membercenter.org
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c6/v15.587/qboax9.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\fusstub.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

CG95Casper

Dec 27 2006, 10:43 PM

Even though the scan did not fully run, here's a log of what it did scan:

Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, December 27, 2006 1:01:36 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R141 27.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

12-27-2006 1:01:36 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Claudia Garcia\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 808
ThreadCreationTime : 12-27-2006 8:39:18 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 988
ThreadCreationTime : 12-27-2006 8:39:23 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1012
ThreadCreationTime : 12-27-2006 8:39:26 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1056
ThreadCreationTime : 12-27-2006 8:39:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1068
ThreadCreationTime : 12-27-2006 8:39:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1268
ThreadCreationTime : 12-27-2006 8:39:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1336
ThreadCreationTime : 12-27-2006 8:39:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1492
ThreadCreationTime : 12-27-2006 8:39:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [evteng.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1560
ThreadCreationTime : 12-27-2006 8:39:29 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 1
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless Event Log
CompanyName : Intel Corporation
FileDescription : Intel® PROSet/Wireless Event Log
InternalName : EvtEng
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : EvtEng.EXE

#:10 [s24evmon.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1592
ThreadCreationTime : 12-27-2006 8:39:29 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 33
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless Service
CompanyName : Intel Corporation
FileDescription : Wireless Management Service
InternalName : S24EvMon
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : S24EvMon.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1680
ThreadCreationTime : 12-27-2006 8:39:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1896
ThreadCreationTime : 12-27-2006 8:39:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 268
ThreadCreationTime : 12-27-2006 8:39:30 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:14 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 284
ThreadCreationTime : 12-27-2006 8:39:31 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:15 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 580
ThreadCreationTime : 12-27-2006 8:39:32 PM
BasePriority : Normal
FileVersion : 104.0.11.1
ProductVersion : 104.0.11.1
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:16 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 644
ThreadCreationTime : 12-27-2006 8:39:33 PM
BasePriority : Normal
FileVersion : 6.0.4.402
ProductVersion : 6.0
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002 - 2006 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:17 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 1772
ThreadCreationTime : 12-27-2006 8:39:34 PM
BasePriority : Normal
FileVersion : 2.1.0.4
ProductVersion : 2.1.0.4
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004, 2005 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:18 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1980
ThreadCreationTime : 12-27-2006 8:39:34 PM
BasePriority : Normal
FileVersion : 1.9.1.762
ProductVersion : 1.9.1.762
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:19 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 12-27-2006 8:39:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:20 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 1072
ThreadCreationTime : 12-27-2006 8:39:43 PM
BasePriority : Normal
FileVersion : 3.0.0.166
ProductVersion : 3.0.0.166
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:21 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1388
ThreadCreationTime : 12-27-2006 8:39:43 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:22 [sqlservr.exe]
FilePath : C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\
ProcessID : 1416
ThreadCreationTime : 12-27-2006 8:39:43 PM
BasePriority : Normal
FileVersion : 2000.080.0818.00
ProductVersion : 8.00.818
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © 1988-2003 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86

#:23 [sqlservr.exe]
FilePath : c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\
ProcessID : 1848
ThreadCreationTime : 12-27-2006 8:39:47 PM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86

#:24 [navapsvc.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ProcessID : 1920
ThreadCreationTime : 12-27-2006 8:39:47 PM
BasePriority : Normal
FileVersion : 12.2.0.13
ProductVersion : 12.2.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:25 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2068
ThreadCreationTime : 12-27-2006 8:39:47 PM
BasePriority : Normal
FileVersion : 6.14.10.8302
ProductVersion : 6.14.10.8302
ProductName : NVIDIA Driver Helper Service, Version 83.02
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 83.02
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:26 [regsrvc.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 2144
ThreadCreationTime : 12-27-2006 8:39:47 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 1
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless Registry Service
CompanyName : Intel Corporation
FileDescription : Intel® PROSet/Wireless Registry Service
InternalName : RegSrvc
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : RegSrvc.EXE
Comments : Registry Interface for Intel Wireless Products

#:27 [sqlbrowser.exe]
FilePath : c:\Program Files\Microsoft SQL Server\90\Shared\
ProcessID : 2320
ThreadCreationTime : 12-27-2006 8:39:48 PM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Browser Service EXE
InternalName : SQLBROWSER
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLBROWSER.EXE
Comments : NT INTEL X86

#:28 [sqlwriter.exe]
FilePath : c:\Program Files\Microsoft SQL Server\90\Shared\
ProcessID : 2380
ThreadCreationTime : 12-27-2006 8:39:48 PM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server VSS Writer
InternalName : SQLWRITER
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLWRITER.EXE
Comments : NT INTEL X86

#:29 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2432
ThreadCreationTime : 12-27-2006 8:39:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:30 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2500
ThreadCreationTime : 12-27-2006 8:39:48 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:31 [vesmgr.exe]
FilePath : C:\Program Files\Sony\VAIO Event Service\
ProcessID : 2544
ThreadCreationTime : 12-27-2006 8:39:48 PM
BasePriority : Normal
FileVersion : 2.2.00.04040
ProductVersion : 2.2.00
ProductName : VAIO Event Service
CompanyName : Sony Corporation
FileDescription : VAIO Event Service (Service Module)
InternalName : VESMgr.exe
LegalCopyright : Copyright 2004,2005 Sony Corp.
OriginalFilename : VESMgr.exe

#:32 [vcsw.exe]
FilePath : C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\
ProcessID : 2576
ThreadCreationTime : 12-27-2006 8:39:49 PM
BasePriority : Normal

#:33 [ventc.exe]
FilePath : c:\program files\verizon wireless\venturi\Client\
ProcessID : 2620
ThreadCreationTime : 12-27-2006 8:39:49 PM
BasePriority : Normal
FileVersion : 3.1.4
ProductVersion : 3.1.4
ProductName : VentC
CompanyName : Venturi Wireless
FileDescription : VentC
InternalName : VentC
LegalCopyright : Copyright © Venturi Wireless. 1999 - 2004
OriginalFilename : VentC.exe

#:34 [vzcdbsvc.exe]
FilePath : C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\
ProcessID : 2696
ThreadCreationTime : 12-27-2006 8:39:49 PM
BasePriority : Normal

#:35 [wdservice.exe]
FilePath : C:\Program Files\NetDrive\
ProcessID : 2812
ThreadCreationTime : 12-27-2006 8:39:50 PM
BasePriority : Normal

#:36 [vzfw.exe]
FilePath : C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\
ProcessID : 2936
ThreadCreationTime : 12-27-2006 8:39:50 PM
BasePriority : Normal

#:37 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3476
ThreadCreationTime : 12-27-2006 8:39:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:38 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1500
ThreadCreationTime : 12-27-2006 8:40:01 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:39 [apoint.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 2956
ThreadCreationTime : 12-27-2006 8:40:03 PM
BasePriority : Normal
FileVersion : 5.5.7.139
ProductVersion : 5.5.7.139
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2004 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:40 [zcfgsvc.exe]
FilePath : C:\Program Files\Intel\Wireless\bin\
ProcessID : 3168
ThreadCreationTime : 12-27-2006 8:40:03 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 41
ProductVersion : 10, 1, 0, 0
ProductName : ZeroCfgSvc Application
CompanyName : Intel Corporation
FileDescription : ZeroCfgSvc MFC Application
InternalName : ZeroCfgSvc
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : ZeroCfgSvc.EXE

#:41 [ifrmewrk.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 3200
ThreadCreationTime : 12-27-2006 8:40:03 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 17
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Intel Framework MFC Application
InternalName : Framework
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : iFramewrk.exe

#:42 [eouwiz.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 3256
ThreadCreationTime : 12-27-2006 8:40:04 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 14
ProductVersion : 10, 1, 0, 0
ProductName : Intel PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Ease Of Use Wizard Application
InternalName : EOUWiz
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : EOUWiz.EXE

#:43 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_09\bin\
ProcessID : 3412
ThreadCreationTime : 12-27-2006 8:40:04 PM
BasePriority : Normal

#:44 [spmgr.exe]
FilePath : C:\Program Files\Sony\VAIO Power Management\
ProcessID : 3304
ThreadCreationTime : 12-27-2006 8:40:04 PM
BasePriority : Normal
FileVersion : 1.8.00.12130
ProductVersion : 1.8.00
ProductName : VAIO Power Management
CompanyName : Sony Corporation
FileDescription : SPM Module
LegalCopyright : Copyright 2003-2006 Sony Corporation

#:45 [isbmgr.exe]
FilePath : C:\Program Files\Sony\ISB Utility\
ProcessID : 3536
ThreadCreationTime : 12-27-2006 8:40:04 PM
BasePriority : Normal

#:46 [vaioupdt.exe]
FilePath : C:\Program Files\Sony\VAIO Update 2\
ProcessID : 3644
ThreadCreationTime : 12-27-2006 8:40:04 PM
BasePriority : Normal

#:47 [menusw.exe]
FilePath : C:\Program Files\Protector Suite QL\
ProcessID : 3688
ThreadCreationTime : 12-27-2006 8:40:04 PM
BasePriority : Normal
FileVersion : 5.2.0.2564
ProductVersion : 5.2.0
ProductName : Protector Suite QL
CompanyName : UPEK Inc.
FileDescription : Biometrics User Switcher
InternalName : MENUSW
LegalCopyright : Copyright © 2001-2005 UPEK Inc.
LegalTrademarks : TouchChip, Protector Suite
OriginalFilename : menusw.exe

#:48 [switcher.exe]
FilePath : C:\Program Files\Sony\Wireless Switch Setting Utility\
ProcessID : 3708
ThreadCreationTime : 12-27-2006 8:40:05 PM
BasePriority : Normal
FileVersion : 3.1.0.01200
ProductVersion : 3.1
ProductName : Wireless Switch Setting Utility
CompanyName : Sony Corporation
FileDescription : Wireless Switch Setting Utility
InternalName : Wireless Switch Setting Utility
LegalCopyright : Copyright 2004-2005 Sony Corp.
OriginalFilename : Switcher.exe
Comments : Wireless Switch Setting Utility

#:49 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 3808
ThreadCreationTime : 12-27-2006 8:40:06 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:50 [vcuserve.exe]
FilePath : C:\Program Files\Sony\VAIO Camera Utility\
ProcessID : 3980
ThreadCreationTime : 12-27-2006 8:40:10 PM
BasePriority : Normal

#:51 [apntex.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 4044
ThreadCreationTime : 12-27-2006 8:40:11 PM
BasePriority : Normal
FileVersion : 5.5.1.19
ProductVersion : 5.5.1.19
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2004 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:52 [hpgs2wnd.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\
ProcessID : 4036
ThreadCreationTime : 12-27-2006 8:40:12 PM
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe

#:53 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1296
ThreadCreationTime : 12-27-2006 8:40:14 PM
BasePriority : Normal
FileVersion : 7.1.3
ProductVersion : QuickTime 7.1.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:54 [aolhostmanager.exe]
FilePath : C:\Program Files\Common Files\AOL\1139026753\ee\
ProcessID : 1876
ThreadCreationTime : 12-27-2006 8:40:14 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOLHostManager
InternalName : AOLHostManager
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLHostManager.exe

#:55 [aolservicehost.exe]
FilePath : C:\Program Files\Common Files\AOL\1139026753\ee\
ProcessID : 1728
ThreadCreationTime : 12-27-2006 8:40:14 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLServiceHost
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLServiceHost.exe

#:56 [hpgs2wnf.exe]
FilePath : C:\PROGRA~1\HEWLET~1\HPSHAR~1\
ProcessID : 2212
ThreadCreationTime : 12-27-2006 8:40:14 PM
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE

#:57 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2064
ThreadCreationTime : 12-27-2006 8:40:16 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:58 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 3264
ThreadCreationTime : 12-27-2006 8:40:19 PM
BasePriority : Normal

#:59 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\
ProcessID : 3356
ThreadCreationTime : 12-27-2006 8:40:21 PM
BasePriority : Normal
FileVersion : 1, 2, 908, 5008
ProductVersion : 1, 2, 908, 5008
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe

#:60 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 3380
ThreadCreationTime : 12-27-2006 8:40:21 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:61 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 476
ThreadCreationTime : 12-27-2006 8:40:25 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:62 [dot1xcfg.exe]
FilePath : C:\PROGRA~1\Intel\Wireless\Bin\
ProcessID : 3892
ThreadCreationTime : 12-27-2006 8:40:25 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 79
ProductVersion : 10, 1, 0, 1
ProductName : Intel PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Intel 802.1x Server
InternalName : Dot1xCfg
LegalCopyright : Copyright © Intel Corporation 2005
OriginalFilename : Dot1xCfg.exe

#:63 [tosbtmng.exe]
FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
ProcessID : 3824
ThreadCreationTime : 12-27-2006 8:40:29 PM
BasePriority : Normal

#:64 [qbupdate.exe]
FilePath : C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\
ProcessID : 3912
ThreadCreationTime : 12-27-2006 8:40:33 PM
BasePriority : Normal
FileVersion : 16.0 R8
ProductVersion : 16.0 R8
ProductName : QuickBooks Automatic Update
CompanyName : Intuit Inc.
FileDescription : QuickBooks Automatic Update
InternalName : QuickBooks Automatic Update
LegalCopyright : © 2005 Intuit Inc. All rights reserved.
OriginalFilename : QuickBooks Automatic Update.exe

#:65 [tmasy.exe]
FilePath : C:\Program Files\Trend Micro\Tmasy\
ProcessID : 4220
ThreadCreationTime : 12-27-2006 8:40:37 PM
BasePriority : Normal
FileVersion : 3,5,0,1041
ProductVersion : 3.50
ProductName : Trend Micro Anti-Spyware
CompanyName : Trend Micro Incorporated
FileDescription : Anti-Spyware Main Module
InternalName : Tmasy.exe
LegalCopyright : Copyright © 2003-2006 Trend Micro Incorporated. All rights reserved.
OriginalFilename : Tmasy.exe

#:66 [tosa2dp.exe]
FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
ProcessID : 4352
ThreadCreationTime : 12-27-2006 8:40:39 PM
BasePriority : Normal

#:67 [tosbthid.exe]
FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
ProcessID : 4540
ThreadCreationTime : 12-27-2006 8:40:45 PM
BasePriority : Normal
FileVersion : 4, 0, 804, 0
ProductVersion : 4, 0, 804, 0
ProductName : Bluetooth Stack for Windows by TOSHIBA
CompanyName : TOSHIBA CORPORATION.
LegalCopyright : Copyright © 2005 TOSHIBA CORPORATION, All rights reserved.
OriginalFilename : TosBtHid.exe

#:68 [tosbtbty.exe]
FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
ProcessID : 4592
ThreadCreationTime : 12-27-2006 8:40:46 PM
BasePriority : Normal
FileVersion : 4, 0, 902, 0
ProductVersion : 4, 0, 902, 0
ProductName : Bluetooth Stack for Windows by TOSHIBA
CompanyName : TOSHIBA CORPORATION.
LegalCopyright : Copyright © 2005 TOSHIBA CORPORATION, All rights reserved.
OriginalFilename : TosBtBty.exe

#:69 [tosbthsp.exe]
FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
ProcessID : 4672
ThreadCreationTime : 12-27-2006 8:40:48 PM
BasePriority : Normal

#:70 [tosobex.exe]
FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
ProcessID : 5016
ThreadCreationTime : 12-27-2006 8:40:57 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : tosOBEX
CompanyName : TOSHIBA CORPORATION.
FileDescription : tosOBEX
InternalName : tosOBEX
LegalCopyright : Copyright © 2002-2004 TOSHIBA CORPORATION. All rights reserved.
OriginalFilename : tosOBEX.EXE

#:71 [tosbtproc.exe]
FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
ProcessID : 5936
ThreadCreationTime : 12-27-2006 8:41:08 PM
BasePriority : Normal
FileVersion : 1.02.11.US-ALL
ProductVersion : 1.02.11.0
ProductName : TOSHIBA CORPORATION
CompanyName : TOSHIBA CORPORATION.
FileDescription : TosBtProc
InternalName : TosBtProc
LegalCopyright : Copyright 2002-2005 TOSHIBA CORPORATION All rights reserved
OriginalFilename : TosBtProc.exe

#:72 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 6020
ThreadCreationTime : 12-27-2006 8:41:09 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:73 [nscsrvce.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Console\
ProcessID : 4896
ThreadCreationTime : 12-27-2006 8:41:47 PM
BasePriority : Normal
FileVersion : 2006.1.5.17
ProductVersion : 2006.1.5
ProductName : Norton Security Console
CompanyName : Symantec Corporation
FileDescription : Norton Security Console Norton Protection Center Service
InternalName : NSCService
LegalCopyright : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NSCSrvce.exe

#:74 [wmiapsrv.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 2232
ThreadCreationTime : 12-27-2006 8:42:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI Performance Adapter Service
InternalName : WmiApSrv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WmiApSrv.exe

#:75 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1176
ThreadCreationTime : 12-27-2006 9:00:41 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
<STOP>

LS CalamityJane

Dec 28 2006, 04:30 PM

I can't see any remaining malware as being the cause for Ad-Aware freezing.

Let's try going through the usual steps for the freezing problem assuming all malware has now been cleared.

First, do a disk cleanup to clear the browser cache and other unnecessary files.

Go to Start > Run and type in the box: Cleanmgr
Wait while Windows scans your system for files to delete.
Make sure these 3 are checkmarked and press *ok* to delete them.

Temporary Files
Temporary Internet Files
Recycle Bin

If you are still having a problem, there can be a number of reasons for this issue. Please try these steps next to see if any resolve the problem.

From the Ad-Aware FAQ

Q: Ad-Aware freezes while performing a scan.

A:
There are a number of possible reasons behind this problem. To correct:

* First, update to Build 1.06 and download the latest definition file if you have not done so.
Note: You have the correct build installed, so this is not needed.

This one may do it:

* Second, it is highly recommended that you run a disk defragmentation on your computer, then a thorough *Check* or *Scan Disk* depending on your Windows version. Try scanning in safe mode.

To run Check Disk
1. Open My Computer and right-click on Local Disk (C:)
2. Select "Properties" and click on the "Tools" Tab
3. Under Error-checking, click on the button that says "Check Now..."
4. Under Check Disk Options, check "Automatically fix file system errors" and "Scan for and attempt recovery of bad sectors.

* Third, start Ad-Aware scan from the Windows command line. Do as follows:
o Click "Start", then "Run". Next, type the text shown below (including the quotation marks and with the same spacing as shown) for your version of Ad-Aware SE:
"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
o Click *ok*.
o Note: The path above (between the quotes) is the default location of Ad-Aware SE. If you installed your Ad-Aware to a different directory, adjust the path accordingly. For Ad-Aware SE Personal, when the GUI launches, click *Start*, then *Full System Scan*. Click *Next*, then *OK*.
o When the scan is complete, select *Next*. In the *Scanning Results* window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove, then click *Next*, then *OK*.

* If you still have problems, cancel before the scan reaches the point of stalling -- for example, after 20 objects are detected. Click *Cancel* on your log file. Remove any objects you want and rescan. Again, stop the scan before it reaches the point of stalling and remove any additional objects. Then try a full scan without stopping it. This should work for you now.

If still no joy, try these steps:

Ad-Aware Freezing Issue
http://www.lavasoftsupport.com/index.php?s...amp;hl=Freezing

CG95Casper

Dec 29 2006, 01:05 AM

Hi CJ,

Ok, the "Check Disk" solved the issue.

Looks like all my troubles are gone. (Hopefully, want to return to work on my laptop).

Here is a scan log of the "Full Scan".

Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, December 28, 2006 3:43:23 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R141 27.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):10 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

12-28-2006 3:43:23 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Claudia Garcia\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1712770966-3980373320-4118900520-1006\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 944
ThreadCreationTime : 12-28-2006 10:26:07 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1000
ThreadCreationTime : 12-28-2006 10:26:14 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1032
ThreadCreationTime : 12-28-2006 10:26:22 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1076
ThreadCreationTime : 12-28-2006 10:26:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1088
ThreadCreationTime : 12-28-2006 10:26:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1248
ThreadCreationTime : 12-28-2006 10:26:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1352
ThreadCreationTime : 12-28-2006 10:26:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1524
ThreadCreationTime : 12-28-2006 10:26:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [evteng.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1604
ThreadCreationTime : 12-28-2006 10:26:41 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 1
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless Event Log
CompanyName : Intel Corporation
FileDescription : Intel® PROSet/Wireless Event Log
InternalName : EvtEng
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : EvtEng.EXE

#:10 [s24evmon.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1640
ThreadCreationTime : 12-28-2006 10:26:43 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 33
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless Service
CompanyName : Intel Corporation
FileDescription : Wireless Management Service
InternalName : S24EvMon
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : S24EvMon.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1808
ThreadCreationTime : 12-28-2006 10:26:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1960
ThreadCreationTime : 12-28-2006 10:26:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 996
ThreadCreationTime : 12-28-2006 10:26:54 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:14 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1776
ThreadCreationTime : 12-28-2006 10:27:02 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:15 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1916
ThreadCreationTime : 12-28-2006 10:27:04 PM
BasePriority : Normal
FileVersion : 104.0.11.1
ProductVersion : 104.0.11.1
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:16 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1932
ThreadCreationTime : 12-28-2006 10:27:04 PM
BasePriority : Normal
FileVersion : 6.0.4.402
ProductVersion : 6.0
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002 - 2006 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:17 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 200
ThreadCreationTime : 12-28-2006 10:27:05 PM
BasePriority : Normal
FileVersion : 2.1.0.4
ProductVersion : 2.1.0.4
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004, 2005 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:18 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 272
ThreadCreationTime : 12-28-2006 10:27:06 PM
BasePriority : Normal
FileVersion : 1.9.1.762
ProductVersion : 1.9.1.762
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:19 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 700
ThreadCreationTime : 12-28-2006 10:27:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:20 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 824
ThreadCreationTime : 12-28-2006 10:27:16 PM
BasePriority : Normal
FileVersion : 3.0.0.166
ProductVersion : 3.0.0.166
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:21 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 872
ThreadCreationTime : 12-28-2006 10:27:17 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:22 [sqlservr.exe]
FilePath : C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\
ProcessID : 920
ThreadCreationTime : 12-28-2006 10:27:18 PM
BasePriority : Normal
FileVersion : 2000.080.0818.00
ProductVersion : 8.00.818
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © 1988-2003 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86

#:23 [sqlservr.exe]
FilePath : c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\
ProcessID : 1416
ThreadCreationTime : 12-28-2006 10:27:19 PM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86

#:24 [navapsvc.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ProcessID : 1908
ThreadCreationTime : 12-28-2006 10:27:25 PM
BasePriority : Normal
FileVersion : 12.2.0.13
ProductVersion : 12.2.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:25 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2016
ThreadCreationTime : 12-28-2006 10:27:26 PM
BasePriority : Normal
FileVersion : 6.14.10.8302
ProductVersion : 6.14.10.8302
ProductName : NVIDIA Driver Helper Service, Version 83.02
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 83.02
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:26 [regsrvc.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 2088
ThreadCreationTime : 12-28-2006 10:27:27 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 1
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless Registry Service
CompanyName : Intel Corporation
FileDescription : Intel® PROSet/Wireless Registry Service
InternalName : RegSrvc
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : RegSrvc.EXE
Comments : Registry Interface for Intel Wireless Products

#:27 [sqlbrowser.exe]
FilePath : c:\Program Files\Microsoft SQL Server\90\Shared\
ProcessID : 2120
ThreadCreationTime : 12-28-2006 10:27:28 PM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Browser Service EXE
InternalName : SQLBROWSER
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLBROWSER.EXE
Comments : NT INTEL X86

#:28 [sqlwriter.exe]
FilePath : c:\Program Files\Microsoft SQL Server\90\Shared\
ProcessID : 2248
ThreadCreationTime : 12-28-2006 10:27:29 PM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server VSS Writer
InternalName : SQLWRITER
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLWRITER.EXE
Comments : NT INTEL X86

#:29 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2280
ThreadCreationTime : 12-28-2006 10:27:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:30 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2388
ThreadCreationTime : 12-28-2006 10:27:32 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:31 [vesmgr.exe]
FilePath : C:\Program Files\Sony\VAIO Event Service\
ProcessID : 2436
ThreadCreationTime : 12-28-2006 10:27:33 PM
BasePriority : Normal
FileVersion : 2.2.00.04040
ProductVersion : 2.2.00
ProductName : VAIO Event Service
CompanyName : Sony Corporation
FileDescription : VAIO Event Service (Service Module)
InternalName : VESMgr.exe
LegalCopyright : Copyright 2004,2005 Sony Corp.
OriginalFilename : VESMgr.exe

#:32 [vcsw.exe]
FilePath : C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\
ProcessID : 2452
ThreadCreationTime : 12-28-2006 10:27:34 PM
BasePriority : Normal

#:33 [ventc.exe]
FilePath : c:\program files\verizon wireless\venturi\Client\
ProcessID : 2512
ThreadCreationTime : 12-28-2006 10:27:36 PM
BasePriority : Normal
FileVersion : 3.1.4
ProductVersion : 3.1.4
ProductName : VentC
CompanyName : Venturi Wireless
FileDescription : VentC
InternalName : VentC
LegalCopyright : Copyright © Venturi Wireless. 1999 - 2004
OriginalFilename : VentC.exe

#:34 [vzcdbsvc.exe]
FilePath : C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\
ProcessID : 2612
ThreadCreationTime : 12-28-2006 10:27:38 PM
BasePriority : Normal

#:35 [wdservice.exe]
FilePath : C:\Program Files\NetDrive\
ProcessID : 2692
ThreadCreationTime : 12-28-2006 10:27:40 PM
BasePriority : Normal

#:36 [vzfw.exe]
FilePath : C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\
ProcessID : 2744
ThreadCreationTime : 12-28-2006 10:27:43 PM
BasePriority : Normal

#:37 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3704
ThreadCreationTime : 12-28-2006 10:27:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:38 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 732
ThreadCreationTime : 12-28-2006 11:37:26 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:39 [apoint.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 3096
ThreadCreationTime : 12-28-2006 11:37:32 PM
BasePriority : Normal
FileVersion : 5.5.7.139
ProductVersion : 5.5.7.139
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2004 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:40 [zcfgsvc.exe]
FilePath : C:\Program Files\Intel\Wireless\bin\
ProcessID : 1124
ThreadCreationTime : 12-28-2006 11:37:34 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 41
ProductVersion : 10, 1, 0, 0
ProductName : ZeroCfgSvc Application
CompanyName : Intel Corporation
FileDescription : ZeroCfgSvc MFC Application
InternalName : ZeroCfgSvc
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : ZeroCfgSvc.EXE

#:41 [ifrmewrk.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 3408
ThreadCreationTime : 12-28-2006 11:37:35 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 17
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Intel Framework MFC Application
InternalName : Framework
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : iFramewrk.exe

#:42 [eouwiz.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 592
ThreadCreationTime : 12-28-2006 11:37:35 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 14
ProductVersion : 10, 1, 0, 0
ProductName : Intel PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Ease Of Use Wizard Application
InternalName : EOUWiz
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : EOUWiz.EXE

#:43 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_09\bin\
ProcessID : 1348
ThreadCreationTime : 12-28-2006 11:37:36 PM
BasePriority : Normal

#:44 [spmgr.exe]
FilePath : C:\Program Files\Sony\VAIO Power Management\
ProcessID : 3068
ThreadCreationTime : 12-28-2006 11:37:37 PM
BasePriority : Normal
FileVersion : 1.8.00.12130
ProductVersion : 1.8.00
ProductName : VAIO Power Management
CompanyName : Sony Corporation
FileDescription : SPM Module
LegalCopyright : Copyright 2003-2006 Sony Corporation

#:45 [apntex.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 1240
ThreadCreationTime : 12-28-2006 11:37:37 PM
BasePriority : Normal
FileVersion : 5.5.1.19
ProductVersion : 5.5.1.19
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2004 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:46 [isbmgr.exe]
FilePath : C:\Program Files\Sony\ISB Utility\
ProcessID : 4008
ThreadCreationTime : 12-28-2006 11:37:38 PM
BasePriority : Normal

#:47 [vaioupdt.exe]
FilePath : C:\Program Files\Sony\VAIO Update 2\
ProcessID : 2500
ThreadCreationTime : 12-28-2006 11:37:38 PM
BasePriority : Normal

#:48 [menusw.exe]
FilePath : C:\Program Files\Protector Suite QL\
ProcessID : 3140
ThreadCreationTime : 12-28-2006 11:37:39 PM
BasePriority : Normal
FileVersion : 5.2.0.2564
ProductVersion : 5.2.0
ProductName : Protector Suite QL
CompanyName : UPEK Inc.
FileDescription : Biometrics User Switcher
InternalName : MENUSW
LegalCopyright : Copyright © 2001-2005 UPEK Inc.
LegalTrademarks : TouchChip, Protector Suite
OriginalFilename : menusw.exe

#:49 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2756
ThreadCreationTime : 12-28-2006 11:37:39 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:50 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 612
ThreadCreationTime : 12-28-2006 11:37:41 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:51 [vcuserve.exe]
FilePath : C:\Program Files\Sony\VAIO Camera Utility\
ProcessID : 3436
ThreadCreationTime : 12-28-2006 11:37:43 PM
BasePriority : Normal

#:52 [dot1xcfg.exe]
FilePath : C:\PROGRA~1\Intel\Wireless\Bin\
ProcessID : 1904
ThreadCreationTime : 12-28-2006 11:37:45 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 79
ProductVersion : 10, 1, 0, 1
ProductName : Intel PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Intel 802.1x Server
InternalName : Dot1xCfg
LegalCopyright : Copyright © Intel Corporation 2005
OriginalFilename : Dot1xCfg.exe

#:53 [aolhostmanager.exe]
FilePath : C:\Program Files\Common Files\AOL\1139026753\ee\
ProcessID : 900
ThreadCreationTime : 12-28-2006 11:37:46 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOLHostManager
InternalName : AOLHostManager
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLHostManager.exe

#:54 [aolservicehost.exe]
FilePath : C:\Program Files\Common Files\AOL\1139026753\ee\
ProcessID : 3228
ThreadCreationTime : 12-28-2006 11:37:46 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLServiceHost
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLServiceHost.exe

#:55 [hpgs2wnd.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\
ProcessID : 2928
ThreadCreationTime : 12-28-2006 11:37:46 PM
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe

#:56 [hpgs2wnf.exe]
FilePath : C:\PROGRA~1\HEWLET~1\HPSHAR~1\
ProcessID : 3756
ThreadCreationTime : 12-28-2006 11:37:49 PM
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE

#:57 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2356
ThreadCreationTime : 12-28-2006 11:37:52 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:58 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\
ProcessID : 2864
ThreadCreationTime : 12-28-2006 11:37:56 PM
BasePriority : Normal
FileVersion : 1, 2, 908, 5008
ProductVersion : 1, 2, 908, 5008
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe

#:59 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 3424
ThreadCreationTime : 12-28-2006 11:37:57 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:60 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3500
ThreadCreationTime : 12-28-2006 11:37:58 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:61 [qbupdate.exe]
FilePath : C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\
ProcessID : 584
ThreadCreationTime : 12-28-2006 11:38:05 PM
BasePriority : Normal
FileVersion : 16.0 R8
ProductVersion : 16.0 R8
ProductName : QuickBooks Automatic Update
CompanyName : Intuit Inc.
FileDescription : QuickBooks Automatic Update
InternalName : QuickBooks Automatic Update
LegalCopyright : © 2005 Intuit Inc. All rights reserved.
OriginalFilename : QuickBooks Automatic Update.exe

#:62 [tmasy.exe]
FilePath : C:\Program Files\Trend Micro\Tmasy\
ProcessID : 3340
ThreadCreationTime : 12-28-2006 11:38:08 PM
BasePriority : Normal
FileVersion : 3,5,0,1041
ProductVersion : 3.50
ProductName : Trend Micro Anti-Spyware
CompanyName : Trend Micro Incorporated
FileDescription : Anti-Spyware Main Module
InternalName : Tmasy.exe
LegalCopyright : Copyright © 2003-2006 Trend Micro Incorporated. All rights reserved.
OriginalFilename : Tmasy.exe

#:63 [ventcfg.exe]
FilePath : c:\program files\verizon wireless\venturi\Configurator\
ProcessID : 4948
ThreadCreationTime : 12-28-2006 11:38:28 PM
BasePriority : Normal
FileVersion : 3.1.4
ProductVersion : 3.1.4
ProductName : Venturi Client 3.1.4
CompanyName : Venturi Wireless
FileDescription : Venturi Client
InternalName : Venturi Configurator
LegalCopyright : Copyright © Venturi Wireless. 1999 - 2004
OriginalFilename : ventcfg.exe
Comments : Venturi Client

#:64 [nscsrvce.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Console\
ProcessID : 4108
ThreadCreationTime : 12-28-2006 11:39:05 PM
BasePriority : Normal
FileVersion : 2006.1.5.17
ProductVersion : 2006.1.5
ProductName : Norton Security Console
CompanyName : Symantec Corporation
FileDescription : Norton Security Console Norton Protection Center Service
InternalName : NSCService
LegalCopyright : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NSCSrvce.exe

#:65 [wmiapsrv.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 5368
ThreadCreationTime : 12-28-2006 11:39:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI Performance Adapter Service
InternalName : WmiApSrv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WmiApSrv.exe

#:66 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 5444
ThreadCreationTime : 12-28-2006 11:39:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:67 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 4128
ThreadCreationTime : 12-28-2006 11:39:58 PM
BasePriority : Normal

#:68 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 5244
ThreadCreationTime : 12-28-2006 11:43:15 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 10

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10

4:03:44 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:20:20.421
Objects scanned:243836
Objects identified:0
Objects ignored:0
New critical objects:0

CG95Casper

Dec 29 2006, 01:06 AM

So, if you can tell me that the trojan, and malware are gone. I will try my best to never put another post in this forum.......

LS CalamityJane

Dec 29 2006, 01:23 AM

Hooray! Glad we got that sorted. And yes, I think we already got rid of the malware pest a while back. Solving the full system scan with Ad-Aware was the last final issue

...And you are quite welcome to post here anytime. We just hope you don't run into anymore malware problems

Some final cleanup and prevention recomendations follow.

You can go ahead and delete any special tools we used (SmitfraudFix, ComboFix, etc). They won't serve a future purpose and are replaced with updated versions frequently, so the copies you have are probably already out of date and no need to keep them.

Do a disk cleanup. Go to Start > Run and type in the box: Cleanmgr
Wait while Windows scans your system for files to delete.
Make sure these 3 are checkmarked and press *ok* to delete them.

Temporary Files
Temporary Internet Files
Recycle Bin

Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405
......................
Ad-Aware Plus has realtime protection to prevent infections before they have a chance to a get stronghold on your PC
http://www.lavasoft.com/

Also, I can't stress enough the importance of having your Windows critical Security Updates. Most malware today uses exploits on unpatched systems to creep onto your system without your even doing anything but visiting an infected webpage!!

Watch what you download, be careful where you surf, and don't trust attachments or even links in email and Instant messages. Even if they come from a buddy, that buddy could be the one infected and it is the virus sending that link from his account. You click on it thinking he is trusted, and *boom* you're infected.
Many "Phishing" attempts are made by cleverly crafted email to look like it is coming from an "official" source (like Microsoft, or your bank, or some other provider). Don't click on links in those. Go directly to the site instead and navigate the menus - don't trust email you think came from a "safe source" unless you are expecting it! There is more in the link I will provide below, but those are the choice avenues of infection these days.
Stay far AWAY from cracks and warez sites - you're sure to get infected files there, and the same can be said for files downloaded from p2p (more than half are usually infected and probably not detectable by your current security software - the newest nasties are always released in those venues).

A word about shared computers and networks.
Share Your PC
http://www.microsoft.com/windowsxp/using/s...hare/intro.mspx
Not all users need to have Admin Accounts. It is much safer to have most of your users on a shared system running as Limited User accounts. That way, if there is "an accident", it will only affect one user's account and not the entire system.

Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help

.
How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620

I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.microsoft.com/microsoftupdate/

And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.

Also visit this Free Online Scanner from Microsoft for PC Health and Safety
http://safety.live.com/site/en-US/default.htm
and Microsoft Security At Home
http://www.microsoft.com/athome/security/default.mspx
for tips to Protect your Pc, Protect yourself and Protect your Family.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.