bwear

Members
  • Content Count

    31
  • Joined

  • Last visited

About bwear

  • Rank
    Full Member
  1. Thanks, Steamhead! Below is the activescan report. Incident Status Location Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ben Wear\Cookies\ben [email protected][1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ben Wear\Cookies\ben [email protected][2].txt Adware:Adware/SuperSpider Not disinfected C:\Documents and Settings\Ben Wear\Local Settings\Temp\mst15F.tmp Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Ben Wear\Local Settings\Temp\win163.tmp[²ÜÇ\nsProcess.dll] Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-1547161642-261478967-839522115-1003\Dc11.exe[process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-1547161642-261478967-839522115-1003\Dc13\VundoFix\process.exe
  2. Hey Steamhead, First of all, thanks for the help. It seems that the AVG quarantining of various files has fixed the blue screen problem. I have been working now for about 2.5 hours without any issues. I would like to continue with anything else that you recommend just to be sure and clean everything out. Thanks again, Ben
  3. Both of these logs are from runs in Safe Mode... can't keep the computer in Normal Mode for long without the blue screen. Thanks! --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 8:46:35 AM 7/9/2007 + Scan result: C:\Documents and Settings\bwear\Local Settings\Temporary Internet Files\Content.IE5\7KR0G75E\file[1].exe -> Downloader.Small.evy : Cleaned. C:\WINDOWS\system32\~.exe -> Downloader.Small.evy : Cleaned. D:\ARCHIVE\Application Archive\system utils\NSW 2005\rar-ed\Norton.System.Works.2005.Incl.Keygen-SSG.rar/kgnsw.exe -> Dropper.Delf.fd : Cleaned. D:\ARCHIVE\System Utilities\Norton Systemworks 2005\rar-ed\Norton.System.Works.2005.Incl.Keygen-SSG.rar/kgnsw.exe -> Dropper.Delf.fd : Cleaned. C:\Documents and Settings\bwear\Local Settings\Temporary Internet Files\Content.IE5\WDIVIN1K\movie[1].qtl -> Not-A-Virus.Exploit.Multi.Qtp.b : Cleaned. D:\MISC\Misc\Humor\NFL_1.exe -> Not-A-Virus.Joke.Win32.Flash.a : Cleaned. C:\Documents and Settings\bwear\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\bwear\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\bwear\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned. C:\Documents and Settings\bwear\Cookies\[email protected][1].txt -> TrackingCookie.Paypal : Cleaned. D:\ARCHIVE\Application Archive\Audio\QT-RP Codecs\QuickTime Pro 7.1.0.210.rar/QuickTime Pro 7.1.0.210\Keygen.exe -> Trojan.Agent.sk : Cleaned. C:\WINDOWS\system32\windev-d95-2cbe.sys -> Trojan.Tibs.ab : Cleaned. ::Report end Logfile of HijackThis v1.99.1 Scan saved at 9:27:38 AM, on 7/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Hijackthis\hjt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?source=navclient R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: SAC Desktop Alert.lnk = ? O4 - Global Startup: SetPoint.lnk = ? O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152300513515 O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - https://iasint.rtpnc.epa.gov/forms90/jinitiator/jinit.exe O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://epa.webex.com/client/T23L/training/ieatgpc.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://cdx.epa.gov/ssl/aqs/XUpload.ocx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = admin.poj O17 - HKLM\Software\..\Telephony: DomainName = admin.poj O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = admin.poj O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = admin.poj O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: lmab_device - - C:\WINDOWS\system32\LMabcoms.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Track-It! Remote Control (TIRmtCtl) - Intuit Track-It! - C:\WINDOWS\TIREMOTE\wuser32.exe O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Intuit, Inc. - C:\WINDOWS\TIREMOTE\TIRemoteService.exe
  4. My computer started locking up and going to the blue screen today. Below is a hijack this log. I ran spybot and adaware. Thanks so much for your help in advance!!! You guys rock! Logfile of HijackThis v1.99.1 Scan saved at 10:14:45 AM, on 7/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis\hjt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?source=navclient R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: SAC Desktop Alert.lnk = ? O4 - Global Startup: SetPoint.lnk = ? O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152300513515 O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - https://iasint.rtpnc.epa.gov/forms90/jinitiator/jinit.exe O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://epa.webex.com/client/T23L/training/ieatgpc.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://cdx.epa.gov/ssl/aqs/XUpload.ocx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = admin.poj O17 - HKLM\Software\..\Telephony: DomainName = admin.poj O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = admin.poj O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = admin.poj O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: lmab_device - - C:\WINDOWS\system32\LMabcoms.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Track-It! Remote Control (TIRmtCtl) - Intuit Track-It! - C:\WINDOWS\TIREMOTE\wuser32.exe O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Intuit, Inc. - C:\WINDOWS\TIREMOTE\TIRemoteService.exe
  5. I reinstalled both programs and that cleared up the problem. New Hijack Log below... Logfile of HijackThis v1.99.1 Scan saved at 8:03:46 AM, on 10/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Wave Systems Corp\Common\DataServer.exe C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HJT\HJT.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151767428203 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - https://iasint.rtpnc.epa.gov/forms90/jinitiator/jinit.exe O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://cdx.epa.gov/ssl/aqs/XUpload.ocx O20 - AppInit_DLLs: wxvault.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  6. I'll go ahead and reload both of those programs tonight.
  7. Removed "Search Assist", went back and tried, still got hijacked. Went back and removed "URL Assist" and that seems to have done the trick as far as the hijacking goes. Thanks!! Any ideas on the one program requesting Install CDs for another? I've never seen that before.
  8. OK, did that... Still getting hijacked. Tried www.cnn.com... goes to the proper website for a few seconds, then get's hijacked to the Dell Google Search site with this message "Sorry, we couldn't find http://ads.cnn.com/html.ng/site. Here are some related websites: "
  9. ACDSee 8 Ad-Aware SE Personal Adobe Acrobat 7.0.8 Standard Adobe Bridge 1.0 Adobe Common File Installer Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Stock Photos 1.0 ALPS Touch Pad Driver ArcGIS ArcInfo Workstation ArcGIS Desktop ArcGIS License Manager ArcGIS Tutorial Data AutoCAD 2007 - English Autodesk DWF Viewer AVG Anti-Spyware 7.5 AVI Codec Pack Azureus Broadcom Advanced Control Suite Broadcom TPM Driver Installer CC_ccStart ccCommon Conexant HDA D110 MDC V.92 Modem Dell Embassy Trust Suite by Wave Systems Dell Wireless WLAN Card Digital Line Detect Document Manager Lite DVD Shrink 3.2 EMBASSY Security Center EMBASSY Trust Suite by Wave Systems ETS Launch Pad GoldWave v5.08 Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB835221 HijackThis 1.99.1 Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB896344) hp LaserJet 2300 Uninstaller Intel® Graphics Media Accelerator Driver iTunes Java 2 Runtime Environment, SE v1.4.2_03 LiveReg (Symantec Corporation) LiveUpdate 1.90 (Symantec Corporation) Logitech Gaming Software Macromedia Flash Player 8 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Office Professional Edition 2003 mkw Audio Compression Toolkit Modem Helper MSRedist Nero 7 Premium NetWaiting Norton AntiVirus Norton AntiVirus Parent MSI Norton Ghost Norton SystemWorks 2004 Professional Norton SystemWorks 2004 Professional (Symantec Corporation) Norton Utilities Norton WMI Update NSW_DRM_COLLECTION NTRU Hybrid TSS v2.0.7 Oracle JInitiator 1.3.1.18 Panda ActiveScan Preboot Manager Private Information Manager Python 2.1 Python 2.1 combined Win32 extensions QuickSet QuickTime Search Assist Secure Update Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913433) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB925486) Security Wizards Sentinel System Driver 5.42.1 (32-bit) Sonic Update Manager Spybot - Search & Destroy 1.4 SpywareBlaster v3.5.1 SpywareGuard v2.2 Symantec Script Blocking Installer SymNet Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) URL Assistant Wave Infrastructure Installer Wave Support Software WeatherBug Winamp (remove only) Windows Media Connect Windows Media Format Runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 10 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 WinRAR archiver Yahoo! Photos Easy Upload Tool 1v7
  10. WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Logfile created on: 10/9/2006 7:47:42 AM WinPFind v1.5.0 Folder = C:\WinPFind\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 6.0.2900.2180) »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... UPX! 12/21/1999 8:58:02 AM 21312 C:\WINDOWS\choice.exe () Checking %System% folder... aspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation) PEC2 8/4/2004 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc () PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation) PECompact2 9/11/2006 11:37:22 AM 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation) aspack 9/11/2006 11:37:22 AM 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation) WSUD 8/4/2004 4:00:00 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation) aspack 8/4/2004 4:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation) WSUD 8/4/2004 4:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation) Umonitor 8/4/2004 4:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation) UPX! 4/27/2006 5:49:30 PM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri) UPX! 8/29/2006 7:43:54 PM 135168 C:\WINDOWS\SYSTEM32\swreg.exe (SteelWerX) UPX! 1/9/2006 10:36:06 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe () winsync 8/4/2004 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu () PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation) Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS 127.0.0.1 www.shopathomeselect.com #[Adware.SAHAgent] 127.0.0.1 web-nexus.net #[Adw.Web-Nexus.WebNexusAdServer] 127.0.0.1 ax.web-nexus.net #[TROJ_QOOLAID.R] 127.0.0.1 dl.web-nexus.net #[eTrust.Win32.Qoologic] 127.0.0.1 dl.web-nexus.net #[eTrust.Win32.Qoologic] 127.0.0.1 stech.web-nexus.net #[Trojan-Downloader.Win32.Qoologic.p] 127.0.0.1 stech.web-nexus.net #[Trojan-Downloader.Win32.Qoologic.p] 127.0.0.1 www.web-nexus.net 127.0.0.1 agentq.vpptechnologies.com 127.0.0.1 js.vpptechnologies.com 127.0.0.1 media-0.vpptechnologies.com 127.0.0.1 media-1.vpptechnologies.com 127.0.0.1 media-2.vpptechnologies.com #[siteAdvisor.fish-screensaver.com] 127.0.0.1 media-4.vpptechnologies.com 127.0.0.1 media-5.vpptechnologies.com 127.0.0.1 media-6.vpptechnologies.com 127.0.0.1 media-8.vpptechnologies.com #[siteAdvisor.fish-screensaver.com] 127.0.0.1 media-a.vpptechnologies.com #[a599.x.akamai.net] 127.0.0.1 media-b.vpptechnologies.com 127.0.0.1 media-c.vpptechnologies.com #[a1332.x.akamai.net] 127.0.0.1 media-d.vpptechnologies.com 127.0.0.1 media-e.vpptechnologies.com 127.0.0.1 media-f.vpptechnologies.com 127.0.0.1 msxml.vpptechnologies.com 127.0.0.1 static.vpptechnologies.com #[hotsearchbar.com] 127.0.0.1 xml.vpptechnologies.com #[blazeFind] 127.0.0.1 ad-w-a-r-e.com #[Win32.Canbede][Troj/Dloader-IG] 127.0.0.1 www.ad-w-a-r-e.com #[AdWare.Win32.Look2Me.ab] 127.0.0.1 abetterinternet.com #[Downloader.Stubby.A][Adware.Aurora] 127.0.0.1 download.abetterinternet.com #[Adware.StopPopupAdsNow] 127.0.0.1 st.abetterinternet.com 127.0.0.1 static.abetterinternet.com 127.0.0.1 thinstall.abetterinternet.com 127.0.0.1 www.abetterinternet.com #[Trojan-Downloader.Win32.Stubby.d] Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 10/9/2006 7:45:34 AM S 2048 C:\WINDOWS\bootstat.dat () 8/21/2006 7:00:10 AM S 11749 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat () 9/18/2006 8:40:26 AM S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486.cat () 10/9/2006 7:45:22 AM H 8192 C:\WINDOWS\system32\config\default.LOG () 10/9/2006 7:46:00 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG () 10/9/2006 7:45:36 AM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG () 10/9/2006 7:46:04 AM H 114688 C:\WINDOWS\system32\config\software.LOG () 10/9/2006 7:45:42 AM H 1089536 C:\WINDOWS\system32\config\system.LOG () 9/12/2006 3:50:28 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG () 9/28/2006 9:08:40 AM S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD () 9/2/2006 9:16:20 PM S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 () 9/28/2006 9:08:40 AM S 146 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD () 9/2/2006 9:16:20 PM S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 () 9/28/2006 10:07:08 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\e6032bf1-0d6a-4c57-bbcc-c9ea7f618b6c () 9/28/2006 10:07:08 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred () 9/28/2006 10:06:20 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3c9dd00b-39bd-4bf0-9ee6-9a7835d000aa () 9/28/2006 10:06:20 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred () 10/9/2006 7:43:22 AM H 6 C:\WINDOWS\Tasks\SA.DAT () Checking for CPL files... 8/19/2003 1:20:04 AM 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl () 8/4/2004 4:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation) 8/4/2004 4:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation) 10/28/2005 3:28:20 PM 24576 C:\WINDOWS\SYSTEM32\BACSCPL.cpl () 12/19/2005 7:08:32 AM 3096576 C:\WINDOWS\SYSTEM32\BCMWLCPL.CPL (Dell Inc.) 8/4/2004 4:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation) 8/4/2004 4:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation) 8/4/2004 4:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation) 8/4/2004 4:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation) 12/13/2005 3:43:50 PM 77824 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation) 8/4/2004 4:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation) 8/4/2004 4:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation) 8/4/2004 4:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation) 7/27/2004 3:50:48 PM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation) 8/4/2004 4:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation) 11/19/2003 4:48:12 PM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems) 8/4/2004 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation) 8/4/2004 4:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation) 8/4/2004 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation) 8/4/2004 4:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation) 4/6/2006 1:57:34 PM 172032 C:\WINDOWS\SYSTEM32\NicConfigSvc.cpl (Dell Inc.) 8/4/2004 4:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation) 8/4/2004 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation) 8/4/2004 4:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation) 3/5/2006 6:20:34 AM 266856 C:\WINDOWS\SYSTEM32\plotman.cpl (Autodesk, Inc.) 3/2/2004 2:29:30 PM 45145 C:\WINDOWS\SYSTEM32\plugincpl13118.cpl (Oracle) 8/4/2004 4:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation) 3/24/2006 3:32:26 PM 4882432 C:\WINDOWS\SYSTEM32\stacgui.cpl (SigmaTel, Inc.) 3/5/2006 6:21:32 AM 266856 C:\WINDOWS\SYSTEM32\styleman.cpl (Autodesk, Inc.) 8/4/2004 4:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation) 8/4/2004 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation) 8/4/2004 4:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation) 8/4/2004 4:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation) 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation) Checking for Downloaded Program Files... {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1151767428203 {8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} - JInitiator 1.3.1.18 - CodeBase = https://iasint.rtpnc.epa.gov/forms90/jinitiator/jinit.exe {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab {E87F6C8E-16C0-11D3-BEF7-009027438003} - Persits Software XUpload - CodeBase = https://cdx.epa.gov/ssl/aqs/XUpload.ocx »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 10/9/2006 7:37:50 AM 2335 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk () 9/20/2006 4:15:46 PM 1949 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk () 8/11/2004 4:15:06 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini () Checking files in %ALLUSERSPROFILE%\Application Data folder... 8/11/2004 4:07:12 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini () 6/21/2006 10:45:26 AM H 4 C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare () 7/10/2006 2:38:30 PM 1755 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache () Checking files in %USERPROFILE%\Startup folder... 7/6/2006 10:36:24 AM 988 C:\Documents and Settings\Ben Wear\Start Menu\Programs\Startup\Adobe Gamma.lnk () 8/11/2004 4:15:06 PM HS 84 C:\Documents and Settings\Ben Wear\Start Menu\Programs\Startup\desktop.ini () 10/7/2006 7:18:16 PM 650 C:\Documents and Settings\Ben Wear\Start Menu\Programs\Startup\SpywareGuard.lnk () Checking files in %USERPROFILE%\Application Data folder... 7/5/2006 11:05:08 AM 38445 C:\Documents and Settings\Ben Wear\Application Data\Comma Separated Values (DOS).ADR () 7/5/2006 5:33:14 PM 9327 C:\Documents and Settings\Ben Wear\Application Data\Comma Separated Values (DOS).EML () 8/11/2004 4:07:12 PM HS 62 C:\Documents and Settings\Ben Wear\Application Data\desktop.ini () 7/5/2006 10:51:24 AM 2370 C:\Documents and Settings\Ben Wear\Application Data\lp.xml () »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» >>> Internet Explorer Settings <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] \\Start Page - http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home \\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch \\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch \\Local Page - C:\windows\system32\blank.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] \\Start Page - http://www.google.com/ \\Search Bar - http://www.google.com/ie \\Search Page - http://www.google.com \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch \\Local Page - C:\windows\system32\blank.htm [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] \\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation) >>> BHO's <<< [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] \{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) \{4A368E80-174F-4872-96B5-0B27DDD11DB2} - SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll () \{53707962-6F74-2D53-2644-206D7942484F} - = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) \{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar1.dll (Google Inc.) \{AE7CD045-E861-484f-8273-0445EE161910} - Adobe PDF Conversion Toolbar Helper = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) \{BDF3E430-B101-42AD-A544-FADC6B084872} - CNavExtBho Class = C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (Symantec Corporation) \{CA6319C0-31B7-401E-A518-A07C3DB8F777} - CBrowserHelperObject Object = c:\Program Files\BAE\BAE.dll (Dell Inc.) >>> Internet Explorer Bars, Toolbars and Extensions <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] \{182EC0BE-5110-49C8-A062-BEB1D02A220B} - Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] \{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] \\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus = C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (Symantec Corporation) \\{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) \\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] \ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation) \ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus = C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (Symantec Corporation) \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation) \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.) \WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) \WebBrowser\\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} - = () [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping] \\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Console \\NEXTID - 8195 \\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 = \\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 = Windows Messenger [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = () \{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research = \{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) >>> Approved Shell Extensions (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] \\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = () \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = () \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = () \\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = () \\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = () \\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = () \\{57C51AF9-DEF7-11D3-A801-00C04F163490} - Ghost Shell Extension = C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll (Symantec Corporation) \\{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} - Adobe.Acrobat.ContextMenu = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll (Adobe Systems Inc.) \\{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) \\{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) \\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll () \\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.) \\{36A21736-36C2-4C11-8ACB-D4136F2B57BD} - AutoCAD Digital Signatures Icon Overlay Handler = C:\WINDOWS\system32\AcSignIcon.dll (Autodesk) \\{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} - Autodesk Drawing Preview = C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll (Autodesk) \\{81559C35-8464-49F7-BB0E-07A383BEF910} - = C:\Program Files\SpywareGuard\spywareguard.dll () [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] >>> Context Menu Handlers (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers] \Adobe.Acrobat.ContextMenu - {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll (Adobe Systems Inc.) \Autodesk.DWF.ContextMenu - {6C18531F-CA85-45F7-8278-FF33CF0A5964} = C:\Program Files\Common Files\Autodesk shared\dwf common\DWFShellExtension.dll (Autodesk, Inc.) \AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) \EncryptDocMgr - {52C70C7B-98B9-4626-8BD0-4D00FF028488} = C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll (Wave Systems Corp.) \Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (Symantec Corporation) \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll () \{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG) [HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers] [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers] \AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) \EncryptDocMgr - {52C70C7B-98B9-4626-8BD0-4D00FF028488} = C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll (Wave Systems Corp.) \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll () [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers] \igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation) [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers] \Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (Symantec Corporation) \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll () \{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG) >>> Column Handlers (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] \{4A681BEC-7727-49BD-B695-79F8354CD2E5} - PMF Custom Columns = C:\Program Files\Common Files\ESRI\esriShellExt.dll (ESRI ) \{7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalExt.NeroDigitalColumnHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) \{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) >>> Registry Run Keys <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Apoint - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) igfxtray - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) igfxhkcmd - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) igfxpers - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) SunJavaUpdateSched - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe () Broadcom Wireless Manager UI - C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.) SigmatelSysTrayApp - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) Document Manager - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.) Dell QuickSet - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc) ISUSPM Startup - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe (InstallShield Software Corporation) ISUSScheduler - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe (Symantec Corporation) Acrobat Assistant 7.0 - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) - Reg Data missing or invalid () NWEReboot - Reg Data missing or invalid () NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.) QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) !AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) Weather - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (AWS Convergence Technologies, Inc.) swg - C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] >>> Startup Links <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe () C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc) C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini () [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup] C:\Documents and Settings\Ben Wear\Start Menu\Programs\Startup\Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) C:\Documents and Settings\Ben Wear\Start Menu\Programs\Startup\desktop.ini () C:\Documents and Settings\Ben Wear\Start Menu\Programs\Startup\SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe () >>> MSConfig Disabled Items <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] [All Users Startup Folder Disabled Items] [Current User Startup Folder Disabled Items] >>> User Agent Post Platform <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] \\SV1 - >>> AppInit Dll's <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs] wxvault.dll = () >>> Image File Execution Options <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] \Your Image File Name Here without a path - Debugger = ntsd -d >>> Shell Service Object Delay Load <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation) \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) >>> Shell Execute Hooks <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] \\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation) \\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.) \\{81559C35-8464-49F7-BB0E-07A383BEF910} - SpywareGuard.Handler = C:\Program Files\SpywareGuard\spywareguard.dll () >>> Shared Task Scheduler <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] \\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation) \\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation) >>> Winlogon <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] \\UserInit = C:\WINDOWS\system32\userinit.exe, \\Shell = Explorer.exe \\System = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] \crypt32chain - crypt32.dll = (Microsoft Corporation) \cryptnet - cryptnet.dll = (Microsoft Corporation) \cscdll - cscdll.dll = (Microsoft Corporation) \igfxcui - igfxdev.dll = (Intel Corporation) \ScCertProp - wlnotify.dll = (Microsoft Corporation) \Schedule - wlnotify.dll = (Microsoft Corporation) \sclgntfy - sclgntfy.dll = (Microsoft Corporation) \SensLogn - WlNotify.dll = (Microsoft Corporation) \termsrv - wlnotify.dll = (Microsoft Corporation) \WgaLogon - WgaLogon.dll = (Microsoft Corporation) \wlballoon - wlnotify.dll = (Microsoft Corporation) >>> DNS Name Servers <<< {0C4820DA-049B-47A4-9B59-E8CC1E3F90BC} - (Broadcom NetXtreme 57xx Gigabit Controller) {67174D94-C2C6-43DD-9F8C-DC46BD866E75} - (1394 Net Adapter) {9F192AB2-AFAB-4330-AA32-DCB65226979A} - (Dell Wireless 1390 WLAN Mini-Card) {D72FEBE5-9395-4B06-92A9-A185C1CB1E4D} - (Broadcom NetXtreme Gigabit Ethernet) >>> All Winsock2 Catalogs <<< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries] \000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation) \000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation) \000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries] \000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation) \000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation) \000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) >>> Protocol Handlers (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler] \ipp - () \msdaipp - () >>> Protocol Filters (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter] >>> Selected AddOn's <<< »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  11. Yes, I did run the Smitfraudfix. My browser still seems to be getting hijacked, but only on certain websites and it tries to go somewere that's it can't find (Sorry, we couldn't find http://ad.doubleclick.net/adi/fandango.dart/homepage%3Bsz), so I get sent to Dell Google page. Also, when I try to open one software package (ArcGIS), it asks me for the CDs for another software package (AutoCAD) before the first one will open....I feel I may need to reinstall both of these software packages. Thanks! Logfile of HijackThis v1.99.1 Scan saved at 4:36:00 PM, on 10/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Wave Systems Corp\Common\DataServer.exe C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe c:\program files\common files\installshield\updateservice\isuspm.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HJT\HJT.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151767428203 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - https://iasint.rtpnc.epa.gov/forms90/jinitiator/jinit.exe O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://cdx.epa.gov/ssl/aqs/XUpload.ocx O20 - AppInit_DLLs: wxvault.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  12. Incident Status Location Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Ben Wear\Desktop\SmitfraudFix\SmitfraudFix\Process.exe Virus:W32/Spamta.gen.worm Renamed C:\Program Files\AutoCAD 2007\Drv\rblast9.hdi Virus:W32/Spamta.gen.worm Renamed C:\Program Files\AutoCAD 2007\Drv\rblast9_hdi.vir Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
  13. Hey Rock, thanks for the quick reply!! I ran some of the software that you suggested in another guys recent posting (vcodec-related, which is what I think got me) as well as what you had me do with the desktop... and deleted several directories that looked related to the problem. so I hoped I saved you some time. I'm scanning now...will post when done. Thanks again!
  14. Got the desktop cleaned up, now it's the laptop. Thanks in advance for any help! Logfile of HijackThis v1.99.1 Scan saved at 9:30:27 AM, on 10/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Wave Systems Corp\Common\DataServer.exe C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe c:\program files\common files\installshield\updateservice\isuspm.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HJT\HJT.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151767428203 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - https://iasint.rtpnc.epa.gov/forms90/jinitiator/jinit.exe O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://cdx.epa.gov/ssl/aqs/XUpload.ocx O20 - AppInit_DLLs: wxvault.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE