Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - FriscoMikey

Pages: [1]

Tech Clinic / Spyware Problem

« on: November 10, 2005, 02:56:20 AM »

Ewido Log

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         1:53:08 AM, 11/10/2005
+ Report-Checksum:      E0A47239

+ Scan result:

   C:\backup.zip/d80m0id1e80.dll -> Spyware.Look2Me : Cleaned with backup
   C:\backup.zip/iyetpp.dll -> Spyware.Look2Me : Cleaned with backup
   :mozilla.9:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.12:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.13:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.14:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.15:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.16:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.17:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.22:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.34:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.35:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.36:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.37:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.39:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.40:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.43:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.44:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.45:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.46:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.47:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.53:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.56:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
   :mozilla.57:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\7r7h6ulr.Default User\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Cookies\michael auskings@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Cookies\michael auskings@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Cookies\michael [email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Cookies\michael [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Cookies\michael [email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Cookies\michael auskings@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Cookies\michael auskings@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Cookies\michael auskings@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Cookies\michael [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Cookies\michael [email protected][2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Cookies\michael [email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Cookies\michael auskings@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Cookies\michael [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Cookies\michael auskings@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup

::Report End
=================================================

HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 1:55:09 AM, on 11/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\hjt\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128566035106
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

=============================================

Thanks again.

Tech Clinic / Spyware Problem

« on: November 08, 2005, 08:37:45 PM »

bump

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />

Tech Clinic / Spyware Problem

« on: November 08, 2005, 12:36:43 PM »

Should I be in SAFE MODE when I re-run Ewidos?

About the AV, I'm not sure if it was functioning properly yesterday when I was doing the scans. Normally I see a Norton AV icon in the system tray, which I did not see today...I removed, reinstalled, and updated Norton AV and the icon shows in my system tray again.

I'll get the changes/scans done and post them up. My browser doesn't seem to be opening randomly anymore, but I want to make sure it doesn't re-install itself.

Thanks again.

Tech Clinic / Spyware Problem

« on: November 08, 2005, 01:12:39 AM »

Oops...forgot to post the new HijackThis file...

Logfile of HijackThis v1.99.1
Scan saved at 12:09:30 AM, on 11/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michael Auskings\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O1 - Hosts: here.com
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128566035106
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\d8j02i1mg8.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Tech Clinic / Spyware Problem

« on: November 08, 2005, 12:52:08 AM »

Okay, guys...here are the results of the ewido, ad-aware, and l2mfix scans...looks like ewido found a bunch of trojans, but the browser is still opening randomly...

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         11:24:12 PM, 11/7/2005
+ Report-Checksum:      716E7274

+ Scan result:

   HKU\S-1-5-21-3306207928-2317988759-2504321181-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
   [656] C:\WINDOWS\system32\iyetpp.dll -> Spyware.Look2Me : Error during cleaning
   [788] C:\WINDOWS\system32\iyetpp.dll -> Spyware.Look2Me : Error during cleaning
   :mozilla.6:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.9:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.10:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.11:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.12:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.13:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.14:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.15:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.16:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.17:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.18:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.21:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.22:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.23:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.24:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.26:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.27:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.30:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.41:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.42:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.43:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.44:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.45:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
   :mozilla.46:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.47:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.48:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
   :mozilla.49:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.50:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.51:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.52:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.57:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.58:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.59:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.70:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
   :mozilla.71:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
   :mozilla.72:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
   :mozilla.73:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
   :mozilla.74:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
   :mozilla.75:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
   :mozilla.77:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.78:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
   :mozilla.79:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
   :mozilla.80:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.81:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.82:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.83:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.84:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.86:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.87:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.88:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.89:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.90:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.104:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.105:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.106:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.107:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.108:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.117:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.118:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.119:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.120:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.121:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.122:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.123:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.124:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.126:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
   :mozilla.127:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
   :mozilla.150:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.151:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.152:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.153:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.154:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.155:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.156:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.157:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.158:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.159:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.160:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.161:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.162:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.163:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.164:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.165:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.166:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.167:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.168:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.169:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.170:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.171:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.172:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.173:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.174:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   :mozilla.175:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
   :mozilla.176:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
   :mozilla.177:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
   :mozilla.178:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
   :mozilla.179:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
   :mozilla.180:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
   :mozilla.181:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   :mozilla.200:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.206:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
   :mozilla.208:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.209:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.228:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.229:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.230:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.231:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.252:C:\Documents and Settings\Michael Auskings\Application Data\Mozilla\Firefox\Profiles\nwcxgx22.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Cookies\michael [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Cookies\michael [email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Cookies\michael auskings@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Cookies\michael [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Cookies\michael auskings@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Cookies\michael auskings@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Cookies\michael [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Cookies\michael auskings@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Cookies\michael [email protected][1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Cookies\michael auskings@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Cookies\michael auskings@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Cookies\michael auskings@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Temporary Internet Files\Content.IE5\D0S1HLF4\prompt[1].htm -> TrojanDownloader.IstBar.j : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Temporary Internet Files\Content.IE5\LRCXR26Y\prompt[1].htm -> TrojanDownloader.IstBar.j : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temporary Internet Files\Content.IE5\6TDARYX4\installer[1].exe -> Spyware.Look2Me : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temporary Internet Files\Content.IE5\7QKVRLGH\ysb_prompt[1].htm -> TrojanDownloader.IstBar.j : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temporary Internet Files\Content.IE5\FLFVOWPI\contextplus[1].exe -> Trojan.Crypt.t : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temporary Internet Files\Content.IE5\OJHZYMND\mte3ndi6odoxng[1].exe -> TrojanDownloader.Small.buy : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temporary Internet Files\Content.IE5\OJHZYMND\sp2update00[1].exe -> TrojanDownloader.VB.nh : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temporary Internet Files\Content.IE5\XGZI12LM\drsmartload[1].exe -> Spyware.SmartLoad : Cleaned with backup
   C:\Documents and Settings\Michael Auskings\Local Settings\Temporary Internet Files\Content.IE5\XGZI12LM\mm[2].js -> Spyware.Chitika : Cleaned with backup
   C:\WINDOWS\system32\acifil32.dll -> Spyware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\lv8o09l3e.dll -> Spyware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\mmls2.dll -> Spyware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\wdsdmoe.dll -> Spyware.Look2Me : Cleaned with backup

::Report End
==================================

Lavasoft Ad-Aware Professional Build 1.03
Logfile created on:Monday, November 07, 2005 11:28:58 PM
Using definitions file:SE1R73 03.11.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):11 total references
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects

11-7-2005 11:28:58 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Michael Auskings\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-3306207928-2317988759-2504321181-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-3306207928-2317988759-2504321181-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-3306207928-2317988759-2504321181-1005\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : S-1-5-21-3306207928-2317988759-2504321181-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-3306207928-2317988759-2504321181-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-3306207928-2317988759-2504321181-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-3306207928-2317988759-2504321181-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 488
ThreadCreationTime : 11-8-2005 5:28:08 AM
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 568
ThreadCreationTime : 11-8-2005 5:28:11 AM
BasePriority : High

#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 612
ThreadCreationTime : 11-8-2005 5:28:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 624
ThreadCreationTime : 11-8-2005 5:28:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 772
ThreadCreationTime : 11-8-2005 5:28:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 872
ThreadCreationTime : 11-8-2005 5:28:15 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [acs.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 948
ThreadCreationTime : 11-8-2005 5:28:15 AM
BasePriority : Normal

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1392
ThreadCreationTime : 11-8-2005 5:28:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:9 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1492
ThreadCreationTime : 11-8-2005 5:28:18 AM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:10 [ctsvccda.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1512
ThreadCreationTime : 11-8-2005 5:28:19 AM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:11 [defwatch.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1528
ThreadCreationTime : 11-8-2005 5:28:19 AM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2004 Symantec Corporation. All rights reserved.
OriginalFilename : DefWatch.exe

#:12 [dvdramsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1552
ThreadCreationTime : 11-8-2005 5:28:19 AM
BasePriority : Normal
FileVersion : 2, 0, 5, 0
ProductVersion : 2, 0, 5, 0
CompanyName : Matsu[censored]a Electric Industrial Co., Ltd.
FileDescription : Service of RAMAsst for Windows XP
LegalCopyright : Copyright © Matsu[censored]a Electric Industrial Co., Ltd. 2002
OriginalFilename : DVDRAMSV.EXE

#:13 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 1584
ThreadCreationTime : 11-8-2005 5:28:19 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:14 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1612
ThreadCreationTime : 11-8-2005 5:28:19 AM
BasePriority : Normal
FileVersion : 6.13.10.3240
ProductVersion : 6.13.10.3240
ProductName : NVIDIA Driver Helper Service, Version 32.40
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 32.40
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:15 [rtvscan.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1708
ThreadCreationTime : 11-8-2005 5:28:20 AM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:16 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1876
ThreadCreationTime : 11-8-2005 5:28:21 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:17 [mspmspsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1976
ThreadCreationTime : 11-8-2005 5:28:21 AM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:18 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1996
ThreadCreationTime : 11-8-2005 5:28:21 AM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:19 [ezsp_px.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1320
ThreadCreationTime : 11-8-2005 5:28:32 AM
BasePriority : Normal

#:20 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 1524
ThreadCreationTime : 11-8-2005 5:28:34 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:21 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1096
ThreadCreationTime : 11-8-2005 5:28:34 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:22 [aim.exe]
FilePath : C:\PROGRA~1\AIM\
ProcessID : 1740
ThreadCreationTime : 11-8-2005 5:28:35 AM
BasePriority : Normal
FileVersion : 5.9.3861
ProductVersion : 5.9.3861
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2005 America Online, Inc.
OriginalFilename : AIM.EXE

#:23 [nmbgmonitor.exe]
FilePath : C:\Program Files\Common Files\Ahead\lib\
ProcessID : 1752
ThreadCreationTime : 11-8-2005 5:28:36 AM
BasePriority : Normal

#:24 [ramasst.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2076
ThreadCreationTime : 11-8-2005 5:28:38 AM
BasePriority : Normal
FileVersion : 1, 0, 8, 0
ProductVersion : 1, 0, 8, 0
CompanyName : Matsu[censored]a Electric Industrial Co., Ltd.
FileDescription : CD Burning of Windows XP disabling tool for DVD MULTI Drive
LegalCopyright : Copyright © Matsu[censored]a Electric Industrial Co., Ltd. 2002
OriginalFilename : RAMASST.EXE

#:25 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 2572
ThreadCreationTime : 11-8-2005 5:28:42 AM
BasePriority : Normal
FileVersion : 6.2.0.161
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : michael auskings@trafficmp[2].txt
Category : Data Miner
Comment : Cookie:michael [email protected]/
Value : Cookie:michael [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : michael auskings@findwhat[1].txt
Category : Data Miner
Comment : Cookie:michael [email protected]/
Value : Cookie:michael [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : michael auskings@abcsearch[1].txt
Category : Data Miner
Comment : Cookie:michael [email protected]/
Value : Cookie:michael [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : michael auskings@questionmarket[1].txt
Category : Data Miner
Comment : Cookie:michael [email protected]/
Value : Cookie:michael [email protected]/

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 15

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : michael auskings@abcsearch[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Michael Auskings\Local Settings\Temp\Cookies\michael auskings@abcsearch[1].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
46 entries scanned.
New critical objects:0
Objects found so far: 16

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16

11:41:17 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:19.110
Objects scanned:125950
Objects identified:5
Objects ignored:0
New critical objects:5
========================

L2MFIX find log 1.04a
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"Logoff"="NavLogoffEvent"
"DllName"="C:\\WINDOWS\\System32\\NavLogon.dll"
"StartShell"="NavStartShellEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\d8j02i1mg8.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access    NT AUTHORITY\SYSTEM
(IO) ALLOW Full access    NT AUTHORITY\SYSTEM
(NI) ALLOW Full access    NT AUTHORITY\SYSTEM
(IO) ALLOW Full access    NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read     BUILTIN\Users
(ID-IO) ALLOW Read     BUILTIN\Users
(ID-NI) ALLOW Full access    BUILTIN\Administrators
(ID-IO) ALLOW Full access    BUILTIN\Administrators
(ID-NI) ALLOW Full access    NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access    NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access    CREATOR OWNER

********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{F0327992-AC38-78CF-EAD3-8E962E07E3A6}"=""

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CC

Tech Clinic / Spyware Problem

« on: November 07, 2005, 10:09:33 PM »

I'll give it a shot. Thanks.

Tech Clinic / Spyware Problem

« on: November 07, 2005, 09:46:29 PM »

I have FireFox set as my default browser. Recently it began opening up randomly. All windows that pop-up have the checker flag symbol next to the site in the address bar, if that helps at all. I have run Ad-aware, SpyBot, a^2, pcpitstop.com...nothing seems to work. Scans showed CWS and CoolWWWSearch registry entries, which I have removed, and they have not come back yet. Browser still randomly opens, though.

Here's the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:38:04 PM, on 11/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Michael Auskings\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O1 - Hosts: here.com
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128566035106
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\enlql1351.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Thanks in advance for your help!

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - FriscoMikey

Tech Clinic / Spyware Problem

Tech Clinic / Spyware Problem

Tech Clinic / Spyware Problem

Tech Clinic / Spyware Problem

Tech Clinic / Spyware Problem

Tech Clinic / Spyware Problem

Tech Clinic / Spyware Problem