Help - Search - Members - Calendar
Full Version: Netpumper problem...I think
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues
B Foulks
Jan 30 2007, 07:41 AM
Hello and help. I had download (and since have uninstalled) net pumper. I still get pop-ups. Also dll's keep reappearing, even after dfeleteing and/or changing the names and manulally going into the reg for deletion. I ran nolop and it detected and removed an itme. Norton has found trojans and had them removed. host file was overraned and has been cleared. Seek and destroy keeps finding and clean reg entries. Here is the logs. Please help me out and thanks.


Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, January 29, 2007 11:15:52 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R148 29.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
DriveCleaner(TAC index:3):1 total references
MRU List(TAC index:0):14 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


1-29-2007 11:15:52 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Brian\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1392284910-3364022493-502944281-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1392284910-3364022493-502944281-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1392284910-3364022493-502944281-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1392284910-3364022493-502944281-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1392284910-3364022493-502944281-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1392284910-3364022493-502944281-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1392284910-3364022493-502944281-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1392284910-3364022493-502944281-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1392284910-3364022493-502944281-1006\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1392284910-3364022493-502944281-1006\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 740
ThreadCreationTime : 1-30-2007 5:57:30 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 796
ThreadCreationTime : 1-30-2007 5:57:33 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 832
ThreadCreationTime : 1-30-2007 5:57:42 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 876
ThreadCreationTime : 1-30-2007 5:57:43 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 888
ThreadCreationTime : 1-30-2007 5:57:43 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1064
ThreadCreationTime : 1-30-2007 5:57:44 AM
BasePriority : Normal
FileVersion : 6.14.10.4155
ProductVersion : 6.14.10.4155
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2006 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1084
ThreadCreationTime : 1-30-2007 5:57:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1164
ThreadCreationTime : 1-30-2007 5:57:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1224
ThreadCreationTime : 1-30-2007 5:57:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1316
ThreadCreationTime : 1-30-2007 5:57:45 AM
BasePriority : Normal
FileVersion : 6.14.10.4155
ProductVersion : 6.14.10.4155
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2006 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1356
ThreadCreationTime : 1-30-2007 5:57:45 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1484
ThreadCreationTime : 1-30-2007 5:57:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1556
ThreadCreationTime : 1-30-2007 5:57:48 AM
BasePriority : Normal
FileVersion : 103.0.8.2
ProductVersion : 103.0.8.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:14 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1568
ThreadCreationTime : 1-30-2007 5:57:48 AM
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:15 [issvc.exe]
FilePath : C:\Program Files\Norton Internet Security\
ProcessID : 1580
ThreadCreationTime : 1-30-2007 5:57:48 AM
BasePriority : Normal
FileVersion : 8.0.5.14
ProductVersion : 8.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : IS Service
InternalName : ISSVC.exe
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : ISSVC.exe

#:16 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1592
ThreadCreationTime : 1-30-2007 5:57:49 AM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:17 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 1608
ThreadCreationTime : 1-30-2007 5:57:49 AM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:18 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1708
ThreadCreationTime : 1-30-2007 5:57:51 AM
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:19 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1852
ThreadCreationTime : 1-30-2007 5:57:52 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 280
ThreadCreationTime : 1-30-2007 5:57:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:21 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 556
ThreadCreationTime : 1-30-2007 5:58:03 AM
BasePriority : Normal
FileVersion : 3.0.0.166
ProductVersion : 3.0.0.166
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:22 [ctsvccda.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 584
ThreadCreationTime : 1-30-2007 5:58:03 AM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:23 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 636
ThreadCreationTime : 1-30-2007 5:58:03 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:24 [syslogd_service.exe]
FilePath : C:\Program Files\Syslogd\
ProcessID : 652
ThreadCreationTime : 1-30-2007 5:58:04 AM
BasePriority : Normal
FileVersion : 7.00.0003
ProductVersion : 7.00.0003
ProductName : Kiwi Syslog Daemon
CompanyName : Kiwi Enterprises
FileDescription : Syslog Daemon for Windows 9x/ME/NT4/2K/XP
InternalName : Syslogd_Service
LegalCopyright : Copyright 1996-2002 by Andrew Ross of Kiwi Enterprises
OriginalFilename : Syslogd_Service.exe
Comments : Kiwi Syslog Daemon for Windows 9x/ME/NT4/2K/XP

#:25 [navapsvc.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ProcessID : 760
ThreadCreationTime : 1-30-2007 5:58:05 AM
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:26 [nmssvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 936
ThreadCreationTime : 1-30-2007 5:58:05 AM
BasePriority : Normal
FileVersion : 2.1.9.0
ProductVersion : 2.1.9.0
ProductName : NMS
CompanyName : Intel Corporation
FileDescription : NMS Module
InternalName : NMS Module
LegalCopyright : Copyright © 2000-2002 Intel Corp. All Rights Reserved

#:27 [nprotect.exe]
FilePath : C:\PROGRA~1\NORTON~2\NORTON~1\
ProcessID : 1212
ThreadCreationTime : 1-30-2007 5:58:05 AM
BasePriority : Normal
FileVersion : 18.0.0.62
ProductVersion : 18.0.0.62
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation.
OriginalFilename : NPROTECT.EXE

#:28 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\
ProcessID : 1700
ThreadCreationTime : 1-30-2007 5:58:09 AM
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : NOPDB.dll

#:29 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1760
ThreadCreationTime : 1-30-2007 5:58:10 AM
BasePriority : Normal
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:30 [mspmspsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2116
ThreadCreationTime : 1-30-2007 5:58:10 AM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:31 [wmpnetwk.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 2260
ThreadCreationTime : 1-30-2007 5:58:11 AM
BasePriority : Normal
FileVersion : 11.0.5721.5145 (WMP_11.061018-2006)
ProductVersion : 11.0.5721.5145
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player Network Sharing Service
InternalName : Windows Media Player Network Sharing Service
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPNetwk.exe

#:32 [savscan.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ProcessID : 2684
ThreadCreationTime : 1-30-2007 5:58:19 AM
BasePriority : Normal
FileVersion : 9.4.2.1
ProductVersion : 9.4
ProductName : AutoProtect
CompanyName : Symantec Corporation
FileDescription : AutoProtect
InternalName : SAVSCAN
LegalCopyright : Copyright © 2005 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:33 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2720
ThreadCreationTime : 1-30-2007 5:58:21 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:34 [mhotkey.exe]
FilePath : C:\WINDOWS\
ProcessID : 3672
ThreadCreationTime : 1-30-2007 5:59:35 AM
BasePriority : Normal
FileVersion : 2, 2, 1, 0
ProductVersion : 2, 2, 1, 0
ProductName : Chicony Multimedia Driver
CompanyName : Chicony
FileDescription : Chicony Multimedia Driver
InternalName : Multimedia Hotkey Driver
LegalCopyright : Copyright © 2001 Chicony
OriginalFilename : mHotkey.res

#:35 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 3792
ThreadCreationTime : 1-30-2007 5:59:36 AM
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:36 [ctsysvol.exe]
FilePath : C:\Program Files\Creative\SBAudigy2\Surround Mixer\
ProcessID : 3800
ThreadCreationTime : 1-30-2007 5:59:38 AM
BasePriority : Normal
FileVersion : 1.1.3.0
ProductVersion : 1.0.0.0
ProductName : Creative Volume Control
CompanyName : Creative Technology Ltd
FileDescription : CTSysVol.exe
LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.
OriginalFilename : CTSysVol.exe

#:37 [ctdvddet.exe]
FilePath : C:\Program Files\Creative\SBAudigy2\DVDAudio\
ProcessID : 3808
ThreadCreationTime : 1-30-2007 5:59:38 AM
BasePriority : Normal
FileVersion : 1.0.2.0
ProductVersion : 1.0.2.0
ProductName : CTDVDDET
CompanyName : Creative Technology Ltd
FileDescription : CTDVDDET
InternalName : CTDVDDET
LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.
OriginalFilename : CTDVDDET.EXE

#:38 [cthelper.exe]
FilePath : C:\WINDOWS\
ProcessID : 3844
ThreadCreationTime : 1-30-2007 5:59:39 AM
BasePriority : Normal
FileVersion : 2, 0, 0, 41
ProductVersion : 2, 0, 0, 41
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright © 2004
OriginalFilename : CtHelper.EXE

#:39 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3860
ThreadCreationTime : 1-30-2007 5:59:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:40 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 3916
ThreadCreationTime : 1-30-2007 5:59:43 AM
BasePriority : Normal


#:41 [nmbgmonitor.exe]
FilePath : C:\Program Files\Common Files\Ahead\lib\
ProcessID : 3960
ThreadCreationTime : 1-30-2007 5:59:45 AM
BasePriority : Normal


#:42 [mtdacq.exe]
FilePath : C:\Program Files\Creative\Shared Files\Media Sniffer\
ProcessID : 4020
ThreadCreationTime : 1-30-2007 5:59:47 AM
BasePriority : Normal
FileVersion : 1.1.0.0
ProductVersion : 1.0.0.0
ProductName : Metadata monitor
CompanyName : Creative Technology Ltd
FileDescription : Metadata monitor
InternalName : MtdAcq.exe
LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.
OriginalFilename : MtdAcq.exe

#:43 [wmpnscfg.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 1780
ThreadCreationTime : 1-30-2007 5:59:48 AM
BasePriority : Normal
FileVersion : 11.0.5721.5145 (WMP_11.061018-2006)
ProductVersion : 11.0.5721.5145
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player Network Sharing Service Configuration Application
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPNSCFG.EXE

#:44 [syslogd_manager.exe]
FilePath : C:\Program Files\Syslogd\
ProcessID : 1452
ThreadCreationTime : 1-30-2007 5:59:52 AM
BasePriority : Normal
FileVersion : 7.00.0003
ProductVersion : 7.00.0003
ProductName : Kiwi Syslog Daemon
CompanyName : Kiwi Enterprises
FileDescription : Syslog Daemon for Windows 9x/ME/NT4/2K/XP
InternalName : Syslogd_Manager
LegalCopyright : Copyright 1996-2002 by Andrew Ross of Kiwi Enterprises
OriginalFilename : Syslogd_Manager.exe
Comments : Kiwi Syslog Daemon for Windows 9x/ME/NT4/2K/XP

#:45 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 1368
ThreadCreationTime : 1-30-2007 5:59:53 AM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 10.0 (6595)
ProductName : WinZip
CompanyName : WinZip Computing LP
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip International LLC 1991-2005 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip International LLC
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:46 [fileopenapi.exe]
FilePath : C:\Program Files\FileOpen\plug_ins\
ProcessID : 988
ThreadCreationTime : 1-30-2007 5:59:54 AM
BasePriority : Normal
FileVersion : 1, 1, 0, 0
ProductVersion : 1, 1, 0, 0
ProductName : FileOpen Certification Manager
CompanyName : FileOpen Systems, Inc.
FileDescription : FileOpen Certification Manager
InternalName : FileOpenAPI
LegalCopyright : Copyright © 2004
OriginalFilename : FileOpenAPI.EXE
Comments : Copyright © FileOpen Systems, Inc. All rights reserved.

#:47 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 3492
ThreadCreationTime : 1-30-2007 6:00:16 AM
BasePriority : Normal


#:48 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 3456
ThreadCreationTime : 1-30-2007 6:00:17 AM
BasePriority : Normal


#:49 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\
ProcessID : 132
ThreadCreationTime : 1-30-2007 6:06:19 AM
BasePriority : Normal
FileVersion : 1, 2, 908, 8472
ProductVersion : 1, 2, 908, 8472
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe

#:50 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3388
ThreadCreationTime : 1-30-2007 6:14:22 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DriveCleaner Object Recognized!
Type : File
Data : UDC6_0001_D19M1908NetInstaller.exe
TAC Rating : 3
Category : Misc
Comment :
Object : C:\WINDOWS\Downloaded Program Files\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 15




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

11:44:07 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:28:15.703
Objects scanned:266631
Objects identified:1
Objects ignored:0
New critical objects:1


Logfile of HijackThis v1.99.1
Scan saved at 11:52:11 PM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Syslogd\Syslogd_Service.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Syslogd\Syslogd_Manager.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\FileOpen\plug_ins\FileOpenAPI.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\downloads\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-blv-proxy.boeing.com:31060
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.boeing.com; *.bna.boeing.com;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: FileOpenAPI.exe.lnk = C:\Program Files\FileOpen\plug_ins\FileOpenAPI.exe
O4 - Global Startup: Kiwi Syslog Daemon.lnk = C:\Program Files\Syslogd\Syslogd_Manager.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O15 - Trusted Zone: http://webmail.adelphia.net
O15 - Trusted Zone: aimexpress.aim.com
O15 - Trusted Zone: *.bidz.com
O15 - Trusted Zone: *.boeing.com
O15 - Trusted Zone: astalavista.box.sk
O15 - Trusted Zone: *.canon.com
O15 - Trusted Zone: www.certificationtalk.com
O15 - Trusted Zone: *.cisco.com
O15 - Trusted Zone: *.creative.com
O15 - Trusted Zone: ecomm.dell.com
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: *.ebay.com
O15 - Trusted Zone: *.fatboyslim.net
O15 - Trusted Zone: wx1.getthere.net
O15 - Trusted Zone: *.getthere.net
O15 - Trusted Zone: http://www.governmentauction.com
O15 - Trusted Zone: wcorp.itn.net
O15 - Trusted Zone: www.labbb.org
O15 - Trusted Zone: mail.mda.mil
O15 - Trusted Zone: *.mvea.org
O15 - Trusted Zone: *.myfreevod.com
O15 - Trusted Zone: *.nero.com
O15 - Trusted Zone: *.nfl.com
O15 - Trusted Zone: *.onqhome.com
O15 - Trusted Zone: *.onqtech.com
O15 - Trusted Zone: *.paypal.com
O15 - Trusted Zone: software-dl.real.com
O15 - Trusted Zone: *.real.com
O15 - Trusted Zone: *.scifi.com
O15 - Trusted Zone: www.thefreedictionary.com
O15 - Trusted Zone: www.xbox.com
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - http://supportcenter.adelphia.net/sdccommo...ad/tgctlins.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://baird-morro-bay.ourlinksys.com:1024...amPlayerWeb.ocx
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://sslvpn.boeing.com/dana-cached/setup...oterisSetup.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1116052081764
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124342351569
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7DC0F36-5907-4B4B-94AC-F789125B3567}: NameServer = 66.113.1.1,66.113.1.2
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kiwi Syslog Daemon - Kiwi Enterprises - C:\Program Files\Syslogd\Syslogd_Service.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: PIX Firewall Syslog Server (syslogd) - Unknown owner - C:\Program Files\Cisco\PIX Firewall Syslog Server\syslogdm.exe
Ai_Tak
Jan 31 2007, 02:26 AM
Why do you have so many sites in your trusted site zone? At least a few of them should be un-trusted. Also you appear to have chosen to install an installer active-x control for drivecleaner, another malware.
B Foulks
Jan 31 2007, 05:43 AM
Hello,

Drive cleaner is one of the several programs that has been popping up since the initial attack. I had thought I blocked that one as well. How can I get that out? As to the trusted, what shouldn't be trusted?

Thanks,

Brian
Ai_Tak
Feb 1 2007, 01:07 AM
QUOTE(B Foulks @ Jan 30 2007, 11:43 PM) *
Drive cleaner is one of the several programs that has been popping up since the initial attack. I had thought I blocked that one as well. How can I get that out? As to the trusted, what shouldn't be trusted?
For one, "astalavista.box.sk", while this site may be handy to some, I have seen exploits and malware on the site's ads (and sometimes it's content).

Putting a site in the trusted site zone automatically installs any (signed) active-x software they want; also, it will prompt you to install software that is definitely unsafe rather than ignoring unsafe software.

If you have not modified the settings for the trusted site zone to higher than normal safety, why do you have any sites at all in there?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.