Recently my computer has started playing sounds at random times without any user interaction. I've tried running multiple spyware and virus scanners and can't seem to find the problem and can't seem to find any thing on this problem when I use google. The sounds that I've heard include a lion roar, a baseball bat hitting a ball, a ding, and a couple of snippets of songs. Any help would be greatly appreciated.
-Ryan
Full Version: Computer Randomly Plays Sounds
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues
Hello,fidzilla & Welcome
Please have a look at the two links in the quote box at the bottom
of my page. then come back here with an updated Ad-Aware Se logfile
and a HijackThis logfile.
Gogo
Please have a look at the two links in the quote box at the bottom
of my page. then come back here with an updated Ad-Aware Se logfile
and a HijackThis logfile.
Gogo
Here is the Ad-Aware SE Logfile
Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, January 12, 2007 10:59:53 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R143 08.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):40 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
1-12-2007 10:59:53 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Fidler\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Fidler\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\frontpage\editor
Description : default add image directory for microsoft frontpage
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent page list
Description : list of recently used pages in microsoft frontpage
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 752
ThreadCreationTime : 1-13-2007 2:33:22 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 800
ThreadCreationTime : 1-13-2007 2:33:24 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 824
ThreadCreationTime : 1-13-2007 2:33:24 AM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 868
ThreadCreationTime : 1-13-2007 2:33:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 880
ThreadCreationTime : 1-13-2007 2:33:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1044
ThreadCreationTime : 1-13-2007 2:33:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1104
ThreadCreationTime : 1-13-2007 2:33:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1248
ThreadCreationTime : 1-13-2007 2:33:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1372
ThreadCreationTime : 1-13-2007 2:33:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1476
ThreadCreationTime : 1-13-2007 2:33:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1760
ThreadCreationTime : 1-13-2007 2:33:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [defwatch.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 1856
ThreadCreationTime : 1-13-2007 2:33:26 AM
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe
#:13 [rtvscan.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 1948
ThreadCreationTime : 1-13-2007 2:33:26 AM
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2002
#:14 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1988
ThreadCreationTime : 1-13-2007 2:33:26 AM
BasePriority : Normal
FileVersion : 6.14.10.8391
ProductVersion : 6.14.10.8391
ProductName : NVIDIA Driver Helper Service, Version 83.91
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 83.91
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:15 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 304
ThreadCreationTime : 1-13-2007 2:33:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:16 [wlservice.exe]
FilePath : C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\
ProcessID : 408
ThreadCreationTime : 1-13-2007 2:33:26 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : GEMTEKS WLService
CompanyName : GEMTEKS
FileDescription : WLService
InternalName : WLService
LegalCopyright : Copyright c 2003
OriginalFilename : WLService.exe
#:17 [wmp54gv4.exe]
FilePath : C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\
ProcessID : 432
ThreadCreationTime : 1-13-2007 2:33:26 AM
BasePriority : High
FileVersion : 1.0.1.8
ProductVersion : 4.5
ProductName : WMP54Gv4
CompanyName : Linksys
FileDescription : WMP54Gv4
InternalName : WMP54Gv4
#:18 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1576
ThreadCreationTime : 1-13-2007 2:33:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:19 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1184
ThreadCreationTime : 1-13-2007 2:33:32 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:20 [itouch.exe]
FilePath : C:\Program Files\Logitech\iTouch\
ProcessID : 2508
ThreadCreationTime : 1-13-2007 2:33:52 AM
BasePriority : Normal
FileVersion : 2.15.264
ProductVersion : 2.15.264
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2002 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team
#:21 [em_exec.exe]
FilePath : C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\
ProcessID : 2516
ThreadCreationTime : 1-13-2007 2:33:52 AM
BasePriority : Normal
FileVersion : 9.70.216
ProductVersion : 9.70
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2002.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team
#:22 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 2524
ThreadCreationTime : 1-13-2007 2:33:52 AM
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2002
#:23 [cthelper.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2532
ThreadCreationTime : 1-13-2007 2:33:52 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE
#:24 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2572
ThreadCreationTime : 1-13-2007 2:33:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:25 [ww.exe]
FilePath : C:\Program Files\Weather Watcher\
ProcessID : 2620
ThreadCreationTime : 1-13-2007 2:33:53 AM
BasePriority : Normal
FileVersion : 5.06.0016
ProductVersion : 5.06.0016
ProductName : Weather Watcher
CompanyName : Singer's Creations
InternalName : ww
LegalCopyright : Copyright © 2006 Mike Singer
OriginalFilename : ww.exe
Comments : http://www.SingersCreations.com
#:26 [yahoom~1.exe]
FilePath : C:\PROGRA~1\Yahoo!\MESSEN~1\
ProcessID : 2628
ThreadCreationTime : 1-13-2007 2:33:53 AM
BasePriority : Normal
FileVersion : 8,1,0,209
ProductVersion : 8,1,0,209
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
LegalCopyright : © 1998-2006 Yahoo! Inc. All rights reserved.
#:27 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2636
ThreadCreationTime : 1-13-2007 2:33:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:28 [aim6.exe]
FilePath : C:\Program Files\AIM6\
ProcessID : 2648
ThreadCreationTime : 1-13-2007 2:33:53 AM
BasePriority : Normal
FileVersion : 1.4.9.1
ProductVersion : 1.4.9.1
ProductName : AOL Service Libraries
CompanyName : AOL LLC
FileDescription : AIM
InternalName : AOLSoftware
LegalCopyright : © 2006 AOL LLC.
OriginalFilename : AOLSoftware.exe
#:29 [aolsoftware.exe]
FilePath : C:\Program Files\AIM6\
ProcessID : 2716
ThreadCreationTime : 1-13-2007 2:33:53 AM
BasePriority : Normal
FileVersion : 1.5.6.1
ProductVersion : 1.5.6.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2006 America Online, Inc.
OriginalFilename : AOLSoftware.exe
#:30 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2724
ThreadCreationTime : 1-13-2007 2:33:53 AM
BasePriority : Normal
FileVersion : 43.1.5.000
ProductVersion : 043.001.005.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)
#:31 [hpzipm12.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1672
ThreadCreationTime : 1-13-2007 2:34:20 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 0
ProductVersion : 8, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
#:32 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 3904
ThreadCreationTime : 1-13-2007 2:42:19 AM
BasePriority : Normal
#:33 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 3836
ThreadCreationTime : 1-13-2007 3:48:41 AM
BasePriority : Normal
FileVersion : 0.1.0.3760
ProductVersion : 0.1.0.3760
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:34 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1144
ThreadCreationTime : 1-13-2007 4:58:47 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 40
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
11:09:58 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:05.344
Objects scanned:189399
Objects identified:0
Objects ignored:0
New critical objects:0
Here is the HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 11:20:13 PM, on 1/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Weather Watcher\ww.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\hijack this\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124560907561
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162682706107
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, January 12, 2007 10:59:53 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R143 08.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):40 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
1-12-2007 10:59:53 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Fidler\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Fidler\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\frontpage\editor
Description : default add image directory for microsoft frontpage
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent page list
Description : list of recently used pages in microsoft frontpage
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-436374069-117609710-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 752
ThreadCreationTime : 1-13-2007 2:33:22 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 800
ThreadCreationTime : 1-13-2007 2:33:24 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 824
ThreadCreationTime : 1-13-2007 2:33:24 AM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 868
ThreadCreationTime : 1-13-2007 2:33:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 880
ThreadCreationTime : 1-13-2007 2:33:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1044
ThreadCreationTime : 1-13-2007 2:33:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1104
ThreadCreationTime : 1-13-2007 2:33:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1248
ThreadCreationTime : 1-13-2007 2:33:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1372
ThreadCreationTime : 1-13-2007 2:33:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1476
ThreadCreationTime : 1-13-2007 2:33:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1760
ThreadCreationTime : 1-13-2007 2:33:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [defwatch.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 1856
ThreadCreationTime : 1-13-2007 2:33:26 AM
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe
#:13 [rtvscan.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 1948
ThreadCreationTime : 1-13-2007 2:33:26 AM
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2002
#:14 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1988
ThreadCreationTime : 1-13-2007 2:33:26 AM
BasePriority : Normal
FileVersion : 6.14.10.8391
ProductVersion : 6.14.10.8391
ProductName : NVIDIA Driver Helper Service, Version 83.91
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 83.91
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:15 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 304
ThreadCreationTime : 1-13-2007 2:33:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:16 [wlservice.exe]
FilePath : C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\
ProcessID : 408
ThreadCreationTime : 1-13-2007 2:33:26 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : GEMTEKS WLService
CompanyName : GEMTEKS
FileDescription : WLService
InternalName : WLService
LegalCopyright : Copyright c 2003
OriginalFilename : WLService.exe
#:17 [wmp54gv4.exe]
FilePath : C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\
ProcessID : 432
ThreadCreationTime : 1-13-2007 2:33:26 AM
BasePriority : High
FileVersion : 1.0.1.8
ProductVersion : 4.5
ProductName : WMP54Gv4
CompanyName : Linksys
FileDescription : WMP54Gv4
InternalName : WMP54Gv4
#:18 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1576
ThreadCreationTime : 1-13-2007 2:33:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:19 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1184
ThreadCreationTime : 1-13-2007 2:33:32 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:20 [itouch.exe]
FilePath : C:\Program Files\Logitech\iTouch\
ProcessID : 2508
ThreadCreationTime : 1-13-2007 2:33:52 AM
BasePriority : Normal
FileVersion : 2.15.264
ProductVersion : 2.15.264
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2002 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team
#:21 [em_exec.exe]
FilePath : C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\
ProcessID : 2516
ThreadCreationTime : 1-13-2007 2:33:52 AM
BasePriority : Normal
FileVersion : 9.70.216
ProductVersion : 9.70
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2002.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team
#:22 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 2524
ThreadCreationTime : 1-13-2007 2:33:52 AM
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2002
#:23 [cthelper.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2532
ThreadCreationTime : 1-13-2007 2:33:52 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE
#:24 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2572
ThreadCreationTime : 1-13-2007 2:33:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:25 [ww.exe]
FilePath : C:\Program Files\Weather Watcher\
ProcessID : 2620
ThreadCreationTime : 1-13-2007 2:33:53 AM
BasePriority : Normal
FileVersion : 5.06.0016
ProductVersion : 5.06.0016
ProductName : Weather Watcher
CompanyName : Singer's Creations
InternalName : ww
LegalCopyright : Copyright © 2006 Mike Singer
OriginalFilename : ww.exe
Comments : http://www.SingersCreations.com
#:26 [yahoom~1.exe]
FilePath : C:\PROGRA~1\Yahoo!\MESSEN~1\
ProcessID : 2628
ThreadCreationTime : 1-13-2007 2:33:53 AM
BasePriority : Normal
FileVersion : 8,1,0,209
ProductVersion : 8,1,0,209
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
LegalCopyright : © 1998-2006 Yahoo! Inc. All rights reserved.
#:27 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2636
ThreadCreationTime : 1-13-2007 2:33:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:28 [aim6.exe]
FilePath : C:\Program Files\AIM6\
ProcessID : 2648
ThreadCreationTime : 1-13-2007 2:33:53 AM
BasePriority : Normal
FileVersion : 1.4.9.1
ProductVersion : 1.4.9.1
ProductName : AOL Service Libraries
CompanyName : AOL LLC
FileDescription : AIM
InternalName : AOLSoftware
LegalCopyright : © 2006 AOL LLC.
OriginalFilename : AOLSoftware.exe
#:29 [aolsoftware.exe]
FilePath : C:\Program Files\AIM6\
ProcessID : 2716
ThreadCreationTime : 1-13-2007 2:33:53 AM
BasePriority : Normal
FileVersion : 1.5.6.1
ProductVersion : 1.5.6.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2006 America Online, Inc.
OriginalFilename : AOLSoftware.exe
#:30 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2724
ThreadCreationTime : 1-13-2007 2:33:53 AM
BasePriority : Normal
FileVersion : 43.1.5.000
ProductVersion : 043.001.005.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)
#:31 [hpzipm12.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1672
ThreadCreationTime : 1-13-2007 2:34:20 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 0
ProductVersion : 8, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
#:32 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 3904
ThreadCreationTime : 1-13-2007 2:42:19 AM
BasePriority : Normal
#:33 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 3836
ThreadCreationTime : 1-13-2007 3:48:41 AM
BasePriority : Normal
FileVersion : 0.1.0.3760
ProductVersion : 0.1.0.3760
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:34 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1144
ThreadCreationTime : 1-13-2007 4:58:47 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 40
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
11:09:58 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:05.344
Objects scanned:189399
Objects identified:0
Objects ignored:0
New critical objects:0
Here is the HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 11:20:13 PM, on 1/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Weather Watcher\ww.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\hijack this\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124560907561
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162682706107
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
Hi,fidzilla
Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.
Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Gogo
Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.
Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Gogo
ComboFix Log Below
"Fidler" - 07-01-12 23:46:40 Service Pack 2
ComboFix 07-01-12 - Running from: "C:\Documents and Settings\Fidler\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-12-12 to 2007-01-12 ))))))))))))))))))))))))))))))))))
2007-01-12 22:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-12 20:20 <DIR> d-------- C:\VundoFix Backups
2007-01-12 19:56 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-01-12 19:56 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-01-12 19:33 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-12 19:10 <DIR> d-------- C:\DOCUME~1\Fidler\Application Data\WinPatrol
2007-01-12 19:09 <DIR> d-------- C:\Program Files\BillP Studios
2007-01-11 23:46 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-01-11 19:47 <DIR> d-------- C:\DOCUME~1\Fidler\Application Data\Uniblue
2007-01-11 19:08 <DIR> d-------- C:\Program Files\AIM6
2007-01-11 19:04 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-11 17:44 <DIR> dr-h----- C:\DOCUME~1\Fidler\Application Data\yahoo!
2007-01-02 00:12 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-01-02 00:12 <DIR> d-------- C:\WINDOWS\nview
2007-01-01 22:34 <DIR> d-------- C:\Program Files\Driver Cleaner Pro
2007-01-01 22:21 99,840 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys
2007-01-01 16:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\NVIDIA
2006-12-30 00:28 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2006-12-30 00:28 <DIR> d-------- C:\DOCUME~1\Fidler\Application Data\acccore
2006-12-30 00:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL OCP
2006-12-30 00:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL
2006-12-30 00:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL Downloads
2006-12-30 00:24 1,950 --a------ C:\WINDOWS\system32\drivers\REGISTER.SYS
2006-12-30 00:24 <DIR> d-------- C:\Program Files\Your Company Name
2006-12-29 21:18 101,888 --a------ C:\WINDOWS\system32\nvtcp.sys
2006-12-24 10:01 <DIR> d-------- C:\Program Files\iTunes
2006-12-24 10:01 <DIR> d-------- C:\Program Files\iPod
2006-12-15 11:46 1,273,856 --------- C:\WINDOWS\UNNeroVision.exe
2006-12-15 11:46 <DIR> d-------- C:\DOCUME~1\Fidler\Application Data\NeroVision
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-12 23:48 -------- d-------- C:\Program Files\weather watcher
2007-01-12 23:28 -------- d-------- C:\Program Files\mozilla firefox
2007-01-12 23:20 -------- d-------- C:\Program Files\hijack this
2007-01-12 20:26 2318 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-12 16:54 -------- d-------- C:\Program Files\flashfxp
2007-01-12 01:47 -------- d-------- C:\Program Files\Common Files\adobe
2007-01-11 22:30 -------- d-------- C:\Program Files\linksys wireless-g pci wireless network monitor
2007-01-11 22:24 -------- d-------- C:\Program Files\ffdshow
2007-01-11 20:47 -------- d-------- C:\Program Files\Common Files\aol
2007-01-11 19:20 -------- d-------- C:\Program Files\spywareblaster
2007-01-11 19:20 -------- d-------- C:\Program Files\java
2007-01-11 19:19 -------- d-------- C:\DOCUME~1\Fidler\Application Data\aim
2007-01-11 18:58 -------- d-------- C:\Program Files\popcap games
2007-01-11 18:32 -------- d-------- C:\DOCUME~1\Fidler\Application Data\adobeum
2007-01-01 15:21 737280 --a------ C:\WINDOWS\iun6002.exe
2006-12-27 21:35 -------- d-------- C:\Program Files\ea games
2006-12-15 13:15 -------- d-------- C:\DOCUME~1\Fidler\Application Data\ahead
2006-12-15 11:46 -------- d-------- C:\Program Files\ahead
2006-12-08 07:17 -------- d-------- C:\Program Files\wmr11
2006-12-06 23:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-06 04:46 -------- d-------- C:\Program Files\Common Files\xing shared
2006-12-06 04:46 -------- d-------- C:\Program Files\Common Files\real
2006-12-06 04:15 -------- d-------- C:\Program Files\winpcap
2006-11-28 09:59 -------- d-------- C:\Program Files\e-sword
2006-11-19 02:39 -------- d-------- C:\DOCUME~1\Fidler\Application Data\flashfxp
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-05 16:34 19792 --a------ C:\DOCUME~1\Fidler\Application Data\gdipfontcachev1.dat
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvusmb.exe
2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvuide.exe
2006-10-19 07:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 06:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 06:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WeatherWatcher"="C:\\Program Files\\Weather Watcher\\ww.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"EM_EXEC"="C:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"WINDVDPatch"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunServer"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dc1874b-bac0-11da-a6a8-00301b211bbb}]
Shell\AutoRun\command F:\RunGame.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dc1874d-bac0-11da-a6a8-00301b211bbb}]
Shell\AutoRun\command H:\RunGame.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dc1874e-bac0-11da-a6a8-00301b211bbb}]
Shell\AutoRun\command I:\RunGame.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a32ab85-bcfd-11da-a6a9-00301b211bbb}]
Shell\AutoRun\command J:\Autorun.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a32ab86-bcfd-11da-a6a9-00301b211bbb}]
Shell\AutoRun\command K:\RunGame.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a32ab87-bcfd-11da-a6a9-00301b211bbb}]
Shell\AutoRun\command L:\autorun.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_GTNDIS5
Completion time: 07-01-12 23:48:46
C:\ComboFix2.txt ... 07-01-12 20:18
"Fidler" - 07-01-12 23:46:40 Service Pack 2
ComboFix 07-01-12 - Running from: "C:\Documents and Settings\Fidler\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-12-12 to 2007-01-12 ))))))))))))))))))))))))))))))))))
2007-01-12 22:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-12 20:20 <DIR> d-------- C:\VundoFix Backups
2007-01-12 19:56 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-01-12 19:56 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-01-12 19:33 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-12 19:10 <DIR> d-------- C:\DOCUME~1\Fidler\Application Data\WinPatrol
2007-01-12 19:09 <DIR> d-------- C:\Program Files\BillP Studios
2007-01-11 23:46 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-01-11 19:47 <DIR> d-------- C:\DOCUME~1\Fidler\Application Data\Uniblue
2007-01-11 19:08 <DIR> d-------- C:\Program Files\AIM6
2007-01-11 19:04 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-11 17:44 <DIR> dr-h----- C:\DOCUME~1\Fidler\Application Data\yahoo!
2007-01-02 00:12 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-01-02 00:12 <DIR> d-------- C:\WINDOWS\nview
2007-01-01 22:34 <DIR> d-------- C:\Program Files\Driver Cleaner Pro
2007-01-01 22:21 99,840 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys
2007-01-01 16:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\NVIDIA
2006-12-30 00:28 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2006-12-30 00:28 <DIR> d-------- C:\DOCUME~1\Fidler\Application Data\acccore
2006-12-30 00:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL OCP
2006-12-30 00:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL
2006-12-30 00:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL Downloads
2006-12-30 00:24 1,950 --a------ C:\WINDOWS\system32\drivers\REGISTER.SYS
2006-12-30 00:24 <DIR> d-------- C:\Program Files\Your Company Name
2006-12-29 21:18 101,888 --a------ C:\WINDOWS\system32\nvtcp.sys
2006-12-24 10:01 <DIR> d-------- C:\Program Files\iTunes
2006-12-24 10:01 <DIR> d-------- C:\Program Files\iPod
2006-12-15 11:46 1,273,856 --------- C:\WINDOWS\UNNeroVision.exe
2006-12-15 11:46 <DIR> d-------- C:\DOCUME~1\Fidler\Application Data\NeroVision
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-12 23:48 -------- d-------- C:\Program Files\weather watcher
2007-01-12 23:28 -------- d-------- C:\Program Files\mozilla firefox
2007-01-12 23:20 -------- d-------- C:\Program Files\hijack this
2007-01-12 20:26 2318 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-12 16:54 -------- d-------- C:\Program Files\flashfxp
2007-01-12 01:47 -------- d-------- C:\Program Files\Common Files\adobe
2007-01-11 22:30 -------- d-------- C:\Program Files\linksys wireless-g pci wireless network monitor
2007-01-11 22:24 -------- d-------- C:\Program Files\ffdshow
2007-01-11 20:47 -------- d-------- C:\Program Files\Common Files\aol
2007-01-11 19:20 -------- d-------- C:\Program Files\spywareblaster
2007-01-11 19:20 -------- d-------- C:\Program Files\java
2007-01-11 19:19 -------- d-------- C:\DOCUME~1\Fidler\Application Data\aim
2007-01-11 18:58 -------- d-------- C:\Program Files\popcap games
2007-01-11 18:32 -------- d-------- C:\DOCUME~1\Fidler\Application Data\adobeum
2007-01-01 15:21 737280 --a------ C:\WINDOWS\iun6002.exe
2006-12-27 21:35 -------- d-------- C:\Program Files\ea games
2006-12-15 13:15 -------- d-------- C:\DOCUME~1\Fidler\Application Data\ahead
2006-12-15 11:46 -------- d-------- C:\Program Files\ahead
2006-12-08 07:17 -------- d-------- C:\Program Files\wmr11
2006-12-06 23:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-06 04:46 -------- d-------- C:\Program Files\Common Files\xing shared
2006-12-06 04:46 -------- d-------- C:\Program Files\Common Files\real
2006-12-06 04:15 -------- d-------- C:\Program Files\winpcap
2006-11-28 09:59 -------- d-------- C:\Program Files\e-sword
2006-11-19 02:39 -------- d-------- C:\DOCUME~1\Fidler\Application Data\flashfxp
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-05 16:34 19792 --a------ C:\DOCUME~1\Fidler\Application Data\gdipfontcachev1.dat
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvusmb.exe
2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvuide.exe
2006-10-19 07:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 06:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 06:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WeatherWatcher"="C:\\Program Files\\Weather Watcher\\ww.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"EM_EXEC"="C:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"WINDVDPatch"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunServer"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dc1874b-bac0-11da-a6a8-00301b211bbb}]
Shell\AutoRun\command F:\RunGame.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dc1874d-bac0-11da-a6a8-00301b211bbb}]
Shell\AutoRun\command H:\RunGame.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dc1874e-bac0-11da-a6a8-00301b211bbb}]
Shell\AutoRun\command I:\RunGame.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a32ab85-bcfd-11da-a6a9-00301b211bbb}]
Shell\AutoRun\command J:\Autorun.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a32ab86-bcfd-11da-a6a9-00301b211bbb}]
Shell\AutoRun\command K:\RunGame.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a32ab87-bcfd-11da-a6a9-00301b211bbb}]
Shell\AutoRun\command L:\autorun.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_GTNDIS5
Completion time: 07-01-12 23:48:46
C:\ComboFix2.txt ... 07-01-12 20:18
Hi,fidzilla
Hmm the only item i see in the log is this here.
C:\WINDOWS\iun6002.exe
http://www.auditmypc.com/process/iun6002.asp
have a look at the link see what if anything you know about this.
and when did this start did you install anything new
Gogo
Hmm the only item i see in the log is this here.
C:\WINDOWS\iun6002.exe
http://www.auditmypc.com/process/iun6002.asp
have a look at the link see what if anything you know about this.
and when did this start did you install anything new
Gogo
It actually hasn't done it since my last reset, maybe something I tried finally worked, not really sure what it could have been though. It didn't even do it when I ran counterspy which was the only consistent thing about it. Hopefully it doesn't come back. I was getting sick of hearing the opening bars to Start Me Up by the Rolling Stones.
Ok, it started doing it again. I believe it's playing the Ashanti number this time. This is starting to frustrate me beyond belief. If I can't figure it out by Monday I'm just going to reformat the thing.
Hi,fidzilla
Please have a look at the link i posted for you see what if anything
you may know about it. did you install it or someone else on the PC.??
Gogo
Please have a look at the link i posted for you see what if anything
you may know about it. did you install it or someone else on the PC.??
Gogo
Don't know anything about that and not sure what could have been installed. Not really my computer. As far as I know the last things done are an update to AIM6, an update to Adobe Reader 8, and then I installed Counterspy to try to fix this problem and a little over a weak ago I installed Driver Cleaner Pro to help with some video card driver issues.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.