Jump to content
Sign in to follow this  
chrisj

SP2 Problems with Windows XP Professional

Recommended Posts

Please bear with me. I am new to this.I have Windows XP, and about 10 days ago installed SP2. I have had many problems since then. These are itemized below. It appears I have many types of errors. First, my machine; then what I've observed. I apologize for the length, but all of the problems that I've had are mounting, and I'm trying to record all I can.Computer: Dell Inspiron 5150. Windows XP Professional.“My computer†shows: Windows XP is: Version 5.1 (Build 2600.xpsp_sp2_rtm.040803-2158 : Service Pack 2)System properties shows: Microsoft WindowsXP Professional Version 2002 Service Pack 2Dell Computer Corporation Dell Inspiron I5150 Mobile Intel® Pentium® 4 CPU 2.80GHz 2.79 GHz, 1.00 GB of RAM.Before trying to install XP Professional SP2, the laptop was stable, worked fine. Had it for 5 months. I used it for a semester’s worth of courses. Ran all sorts of applications. The computer worked fine; no discernable problems.About 07 Jan 05, I installed SP2. I followed directions on Dell website and Microsoft (MS) website. As I remember it: I downloaded, installed, and ran Ad-Aware first. Ad-Aware found bugs, and I quaranteed them. I ran my Norton Antivirus (which I run every day). I updated bios to A37 per the Dell instructions. I installed SP2. The only question in my mind was that it asked whether I had a floppy drive, and I said no, because my floppy drive is not an integrated part of the computer; rather, it is stand-alone little drive that I connect to the laptop with a USB port. So the 3.5 floppy drive is not built into the machine. The install appeared to go fine. All aspects seemed to go fine.The following is the Dell page that I used as my starting point for installing SP2.http://support.dell.com/support/topics/glo...pindex=DS#step4After installing SP2, about 7-8 Jan 05, I started noticing problems.The first problem is that explorer.exe is monopolizing the CPU: upwards of 99%, even when I am doing anything with PC (no applications running). The PC was humming, presumably because the CPU utilization was maxed out. I would sit there staring at the laptop with no applications open, and explorer.exe would just grind away at 99% utilization. I don’t know why, nor what it was doing. I would think it would be using very little of the CPU. Let me give more detail. I would boot up the machine. Norton Antivirus would run automatically. Presumably, this was part of the SP2 installation, because Norton never ran automatically on my machine before I installed SP2. But I run Norton every day, first thing when I start up, each day, so either way is fine. The laptop would run fine; the explorer.exe would *not* run at 99% utilization *initially*. Initially it would use a very small amout of the CPU. Then, over say 30 minutes to an hour, it would creep up to 10%-20%. Then, at some later point, it would go up to 99% utilization. And it would stay at 99%. Explorer.exe would never decrease it’s CPU utilization—I’d keep it running for a couple of hours, a few times, to see if it ever decreased its CPU utilization, and it did not. The only way to stop this behavior is to shut down the machine. If I restarted, then the explorer.exe would start out at very low CPU utilization, and repeat the pattern of increasing, over time, to 99% utilization, as described immediately above.I had two viruses at this time, or perhaps slightly after, or before, this problem arose. I could not get rid of them with just Norton. Norton detects them. I would select them for deletion, but they are there when I do the next Norton antivirus scan. I went in and physically deleted one of them (c:\ Documents and Settings\chris kuhlman\Local Settings\Temporary Internet Files\Content.IE5\Q9GBA5A5\welcome1[1].htm), and also emptied the recycle bin. The second file in question is mmview_101.dll, which is supposedly (according to Norton antivirus) inside of c:\Documents and Settings\chris kuhlman\Local Settings\Temporary Internet Files\Content.IE5, but I cannot see it with MS Explorer. Anyhow, the bottom line is that I have removed them now. I got on the web and learned to use, in order, CWShredder, Ad-Aware, and Spy-bot, followed by Norton Antivirus. That got rid of the viruses. I first turn off System Restore, then I use, in order, CWShredder, Ad-Aware, Spy-bot, Norton. Then I turn back on System Restore. But every time I run Ad-Aware (about every other day) 3 to 5 new bugs are found. I delete them immediately.One day when I was using Word a lot (11 Jan 05), Word crashed on me 3 or 4 times. Got messages like: “Not enough quota is available to process this command.†I had never seen this before on this laptop--ever. Also got an error about not enough disk space, but I have a 60GB hard drive, and I’m only using about 13GB of that. I should have written the messages down exactly, but I was taking timed GRE practice tests and I was trying to complete the tests in the allotted times, so I did not take the time to write down the message; my stupidity.Also on this day (11 Jan 05), I got the following message more than once on pop-up boxes (I think I was in MS Word at the time, trying to save a Word file):“Explorer.exe—Application Errorâ€â€œThe instruction at “0x7c918fea†referenced memory at “0x00000010.†The memory could not be “written.â€â€œClick on OK to terminate the program.â€â€œClick on CANCEL to debug the program.â€Then I’d try to debug (as if I could do any good), and I got the message:“Unhandled exception in explorer.exe (NTDLL.DLL): 0xC0000005: access violation.â€I am very suspicious of that BIOS flash that that I completed prior to installing SP2, as the directions stated. These memory access violations seem to me to indicate a very fundamental memory mapping problem. On 12 Jan 05, when I tried to run the Norton Antivirus one time, I got the following pop-up message box with “Microsoft Internet Explorer†in the title bar:“Norton Antivirus: 30020 : Error in loading DLL: res://c:\Program Files\Norton Internet Security\Norton Antivirus\NAVUIRES.DLL / scan.htm: 199â€I have then updated Ad-aware SE and reran. This time, I deleted all found bugs, no matter how minor.Reran Norton antivirus, and it still found the two viruses.Ran chkdsk /f in safe mode. The final results scrolled by too fast for me to see what it found; it rebooted automatically after finishing the check process.--OK, it is 13 Jan 05, about 8:50 Eastern US time, and it has been an hour since my last reboot.--The explorer.exe, according to the Windows Task Manager, is now running at 99%; it is monopolizing the CPU. I am running Norton Antivirus and MS Word.******On 13 Jan 05 at 2:30 pm:I was surfing on web.I got the following pop-up box:Title:ISLALERT_WINDOWNAME_{DA5EAODE-0190-4755-9ABE-C6DBF5A1008B} : ccApp.exe—Application ErrorThe body of the pop-up box said:The instruction at “0x01cce04b†referenced memory at “0x00000000â€. The memory could not be “readâ€.Click on OK to terminate the program.Click on CANCEL to debug the program.When I clicked on OK, the next pop-up box said:RealPlay.exe—Bad imageThe application or DLL c:\Program Files\Common Files\Real\Update\rnat3260.dll is not a valid Windows image. Please check this against your installation diskette.But the computer did not shut down, and I continued on using it.******* On 14 Jan 05, I tried to save a file in MS Word. Note that the explorer.exe was *not* maxing out the CPU—this time. But I got the following error when I hit cntrl-s:“Not enough quota is available to process this command.â€This is not reasonable: I have a 60GB hard drive, and am only using about 13GB of it.Then, when I kept trying to hit cntrl-s, I got a slightly different message:“c:\personal\gre is not accessible.â€â€œNot enough quota is available to process this command.â€Why this directory (c:\personal\gre) is not accessible, I don’t know. I have many files there and have accessed it often; it is a directory that I created.When I kept persisting with cntrl-s, I got the message in a pop-up box:Title: WINWORD.EXE—application error.The instruction at “0x30eb87b1†referenced memory at “0x00000000â€. The memory could not be “readâ€.Click on OK to terminate the program.Click on CANCEL to debug the program.When I clicked on OK, I got the message:“Not enough quota.â€On 14 Jan 04, I called Dell for the 3rd time regarding these problems. They basically say that since I had no problems before SP2, and since I have the problems now, that it is an SP2 problem. So each of Dell and MS are suggesting it’s the other guy’s fault. But the lady from Dell did have me try one interesting experiment. I disconnected my laptop from the web. So my laptop was running stand-alone; i.e., disconnected from any other port. I did *not* get explorer.exe to rise to 99% CPU utilization. It stayed low, in the range of 0% to 10%. So the Dell lady concluded it has something to do with the internet.On 17 Jan 04, I was in MS Word. I had been on the computer about 3 hours, but not using it heavy at any time. The CPU utilization for explorer.exe did *not* rise to the 99% utilization during this time. I did all of my virus scanning: CWShredder, Ad-Aware, Spy-Bot, Norton. I was in MS Word. I wrote a letter to Brit with MS Word. I was then modifying my book list in MS Word. I hit cntrl-s to save the document. I got the following message in a pop-up box:Title: Microsoft Office WordMessage: The disk is full. Free some space o this drive, or save the document on another disk.Try one of the following:*Close any unneeded documents, programs, and windows.*Save the document on another disk.This is nonsense: I have a 60 GB hard drive, of which only 13 GB is used.So I click the OK button, and then nothing happens (the program did not shut down), so I hit cntrl-s again, and now the pop-up box reads:There is not enough disk space or memory to complete the operation.I click the OK button on that pop-up box.Then I try to open an MS Word file, named problemsWithComputer.doc.A pop-up box appears that reads:The file ‘problemsWithComputer.doc’ is not available.I click OK, and then the pop-up box appears:Title: WINWORD.EXE—Application Error.Message: The exception unknown software exception (0xc06d007e) occurred in the application at location 0x7c81eb33.Clearly, there is something very wrong with this computer. Memory appears bad, applications appear bad, explorer.exe appears bad. This is very frustrating; I am losing data and have no confidence in the machine.On Monday, 17 Jan 05, I performed the following steps per an MS technician suggestion. I am still getting the errors.1. Click Start and click Run.2. Type "services.msc" and click Ok.3. In the right panel, please double click Remote Procedure Call (RPC).4. Click the Log on tab.5. Check on Local System Account.6. Click Apply and click Ok.Have I reached the point where I just completely reinstall the OS, applications, etc. completely from scratch? That is what Dell has told me.

Share this post


Link to post
Share on other sites

First run HiJackThis and see what is actually running in your processes. It sounds like you have malware (the near 100% usuage in the Cpu by explorer). Post a log file at a site like this: http://www.techsupportforum.com/forumdisplay.php?f=50If you wish to uninstall SP2, here are directionshttp://www.compphix.com/uninstallingsp2.htmlBut definitely run HijackThis !It wouldn't be a bad idea to install the free SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.htmlthat will keep the spyware off of your computer so you won't have to keep cleaning it up.

Share this post


Link to post
Share on other sites

i've also seen automatic update attempt to download something and get a slow connection (i guess) at the microsoft site.this makes the pc run dead slow.the cure for that was to change ip address, as restarting the pc only resumed the automatic update. (microsoft obviously nails an ip address)(it was a public ip address)

Edited by Temmu

Share this post


Link to post
Share on other sites

MS has documented SP2 not behaving if Malware is present on your machine before upgrading to SP2 from SP1...

Share this post


Link to post
Share on other sites
Have I reached the point where I just completely reinstall the OS, applications, etc. completely from scratch? That is what Dell has told me.
It may be a better alternative in the long run, but if you can apply some of the above suggestions, we're glad to help you along.

Share this post


Link to post
Share on other sites

He has a spyware/virus problem. His said he is removing the same 5 files every day with Adaware. That tells me he's got something that it can't fully remove and he is getting reinfected by the hidden parts. Some new forms of Vx2 work this way.

Share this post


Link to post
Share on other sites

Nathan, Just a thought,,,Could he also need to not only stop Restore but also clear out the Restore points?.

Edited by BarryB

Share this post


Link to post
Share on other sites

Hey, thank you guys and girls for your help thus far. Am most grateful.This is what I've done, per the instructions.On 19 Jan 05, I executed the steps specified for running hijackThis! and the analyzer (I cannot find the citation right, now, but it was on Scot’s Newsletter page). Specifically, I updated all of my “contagion†software (everything was up to date anyway), shut down all open applications, turned off System Restore, ran CWShredder, Ad-Aware (but changed the settings in Ad-Aware per the instructions on that page within Scot’s). Ad-Aware found 18 things (see below); I removed them all. Then I turned back on System Restore. Then I rebooted, again per the instructions. Then I ran HouseCall virus scan from the internet. Then I turned off System Restore and ran Spy-bot. Then I turned back on System Restore. Then I rebooted. I did *not* run Norton Antivirus 2003, since I ran House Call. Then I turned off System Restore, and ran hijackThis. Then I ran the hijackThis Analyzer. Then I turned back on System Restore. Now I am posting what I found.Any time I ran any virus application, I had nothing on, except during Ad-Aware I had on Windows Task Manager.Results of scans:CWShredder found no viruses/contagions.Ad-Aware found 6 critical bugs and 12 non-critical bugs. I have attached the log file.HouseCall found no bugs.Spybot found no bugs.Now come the contents of the Ad-Aware log file, the hijackThis log file, and the hijackThis Analyzer log file.****Now the details ****<Start of the Ad-Aware log file>Ad-Aware SE Build 1.05Logfile Created on:Wednesday, January 19, 2005 5:59:17 AMCreated with Ad-Aware SE Personal, free for private use.Using definitions file:SE1R25 11.01.2005»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»References detected during the scan:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»MRU List(TAC index:0):12 total referencesTracking Cookie(TAC index:3):6 total references»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Definition File:=========================Definitions File Loaded:Reference Number : SE1R25 11.01.2005Internal build : 30File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.refFile size : 412196 BytesTotal size : 1300547 BytesSignature data size : 1270864 BytesReference data size : 29171 BytesSignatures total : 36186Fingerprints total : 604Fingerprints size : 22767 BytesTarget categories : 15Target families : 632Memory + processor status:==========================Number of processors : 1Processor architecture : Intel Pentium IVMemory available:39 %Total physical memory:1047916 kbAvailable physical memory:403936 kbTotal page file size:2523392 kbAvailable on page file:1853604 kbTotal virtual memory:2097024 kbAvailable virtual memory:2040308 kbOS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)Ad-Aware SE Settings===========================Set : Search for negligible risk entriesSet : Safe mode (always request confirmation)Set : Scan active processesSet : Scan registrySet : Deep-scan registrySet : Scan my IE Favorites for banned URLsSet : Scan within archivesSet : Scan my Hosts fileExtended Ad-Aware SE Settings===========================Set : Unload recognized processes & modules during scanSet : Scan registry for all users instead of current user onlySet : Always try to unload modules before deletionSet : During removal, unload Explorer and IE if necessarySet : Let Windows remove files in use at next rebootSet : Delete quarantined objects after restoringSet : Include basic Ad-Aware settings in log fileSet : Include additional Ad-Aware settings in log fileSet : Include reference summary in log fileSet : Include alternate data stream details in log fileSet : Play sound at scan completion if scan locates critical objects1-19-2005 5:59:17 AM - Scan started. (Custom mode)Listing running processes»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»#:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 788 ThreadCreationTime : 1-19-2005 10:37:35 AM BasePriority : Normal#:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 860 ThreadCreationTime : 1-19-2005 10:37:37 AM BasePriority : Normal#:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 900 ThreadCreationTime : 1-19-2005 10:37:43 AM BasePriority : High#:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 944 ThreadCreationTime : 1-19-2005 10:37:43 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe#:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 956 ThreadCreationTime : 1-19-2005 10:37:43 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe#:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1128 ThreadCreationTime : 1-19-2005 10:37:45 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe#:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1168 ThreadCreationTime : 1-19-2005 10:37:45 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe#:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1312 ThreadCreationTime : 1-19-2005 10:37:45 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe#:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1564 ThreadCreationTime : 1-19-2005 10:37:45 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe#:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1660 ThreadCreationTime : 1-19-2005 10:37:46 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe#:11 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1944 ThreadCreationTime : 1-19-2005 10:37:47 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE#:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 184 ThreadCreationTime : 1-19-2005 10:37:47 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe#:13 [bcmsmmsg.exe] FilePath : C:\WINDOWS\ ProcessID : 816 ThreadCreationTime : 1-19-2005 10:37:49 AM BasePriority : Normal FileVersion : 3.5.25 08/27/2003 20:04:35 ProductVersion : 3.5.25 08/27/2003 20:04:35 ProductName : BCM Modem Messaging Applet CompanyName : Broadcom Corporation FileDescription : Modem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Broadcom Corporation 1998-2000 OriginalFilename : smdmstat.exe#:14 [jusched.exe] FilePath : C:\Program Files\Java\jre1.5.0\bin\ ProcessID : 828 ThreadCreationTime : 1-19-2005 10:37:49 AM BasePriority : Normal#:15 [syntplpr.exe] FilePath : C:\Program Files\Synaptics\SynTP\ ProcessID : 1008 ThreadCreationTime : 1-19-2005 10:37:49 AM BasePriority : Normal FileVersion : 7.5.7 02May03 ProductVersion : 7.5.7 02May03 ProductName : Progressive Touch CompanyName : Synaptics, Inc. FileDescription : TouchPad Driver Helper Application InternalName : SynTPLpr LegalCopyright : Copyright © Synaptics, Inc. 1996-2003 OriginalFilename : SynTPLpr.exe#:16 [syntpenh.exe] FilePath : C:\Program Files\Synaptics\SynTP\ ProcessID : 1076 ThreadCreationTime : 1-19-2005 10:37:49 AM BasePriority : Normal FileVersion : 7.5.7 02May03 ProductVersion : 7.5.7 02May03 ProductName : Progressive Touch CompanyName : Synaptics, Inc. FileDescription : Synaptics TouchPad Enhancements InternalName : Scrolleroo LegalCopyright : Copyright © Synaptics, Inc. 1996-2003 OriginalFilename : SynTPEnh.exe#:17 [tfswctrl.exe] FilePath : C:\WINDOWS\system32\dla\ ProcessID : 1080 ThreadCreationTime : 1-19-2005 10:37:49 AM BasePriority : Normal FileVersion : 1.04.07b CompanyName : Sonic Solutions FileDescription : Drive Letter Access Component LegalCopyright : Copyright © 2004 Sonic Solutions#:18 [pcmservice.exe] FilePath : C:\Program Files\Dell\Media Experience\ ProcessID : 1248 ThreadCreationTime : 1-19-2005 10:37:50 AM BasePriority : Normal FileVersion : 1.0.1611 ProductVersion : 1.0.1611 ProductName : PCM2Launcher Application CompanyName : CyberLink Corp. FileDescription : PowerCinema Resident Program for Dell InternalName : PowerCinema Resident Program for Dell LegalCopyright : Copyright c 2003 CyberLink Corp. OriginalFilename : PCM2Launcher.EXE#:19 [dvdlauncher.exe] FilePath : C:\Program Files\CyberLink\PowerDVD\ ProcessID : 1268 ThreadCreationTime : 1-19-2005 10:37:50 AM BasePriority : Normal FileVersion : 3.00.0000 ProductVersion : 3.00.0000 ProductName : Cyberlink PowerCinema 3.0 CompanyName : CyberLink Corp. FileDescription : CyberLink PowerCinema Resident Program InternalName : CyberLink PowerCinema Resident Program LegalCopyright : Copyright © 2003 CyberLink Corp. OriginalFilename : DVDLauncher.EXE#:20 [dadapp.exe] FilePath : C:\Program Files\Dell\AccessDirect\ ProcessID : 1284 ThreadCreationTime : 1-19-2005 10:37:50 AM BasePriority : Normal#:21 [quickset.exe] FilePath : C:\Program Files\Dell\QuickSet\ ProcessID : 1400 ThreadCreationTime : 1-19-2005 10:37:50 AM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : QuickSet Application FileDescription : QuickSet MFC Application InternalName : direct LegalCopyright : Copyright © 2001 OriginalFilename : direct.EXE#:22 [realplay.exe] FilePath : C:\Program Files\Real\RealPlayer\ ProcessID : 1420 ThreadCreationTime : 1-19-2005 10:37:50 AM BasePriority : Normal FileVersion : 6.0.9.584 ProductVersion : 6.0.9.584 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealPlayer InternalName : REALPLAY LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000 LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc. OriginalFilename : REALPLAY.EXE#:23 [dadtray.exe] FilePath : C:\Program Files\Dell\AccessDirect\ ProcessID : 1440 ThreadCreationTime : 1-19-2005 10:37:50 AM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DadTray Application FileDescription : DadTray MFC Application InternalName : DadTray LegalCopyright : Copyright © 1999-2002 OriginalFilename : DadTray.EXE#:24 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1464 ThreadCreationTime : 1-19-2005 10:37:51 AM BasePriority : Normal FileVersion : 2.1.5.1 ProductVersion : 2.1.5.1 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe#:25 [mmtask.exe] FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\ ProcessID : 1532 ThreadCreationTime : 1-19-2005 10:37:51 AM BasePriority : Normal FileVersion : 1.0.0.1 ProductVersion : 1.0.0.1 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> InternalName : mmtask.exe LegalCopyright : TODO: © <Company name>. All rights reserved. OriginalFilename : mmtask.exe#:26 [mm_tray.exe] FilePath : C:\Program Files\MUSICMATCH\Musicmatch Jukebox\ ProcessID : 1560 ThreadCreationTime : 1-19-2005 10:37:51 AM BasePriority : Normal FileVersion : 8.20.2051 ProductVersion : 8.20.2051 ProductName : Musicmatch JUKEBOX CompanyName : Musicmatch, Inc. FileDescription : mm_tray InternalName : mm_tray LegalCopyright : Copyright © Musicmatch 1998-2004 LegalTrademarks : OriginalFilename : mm_tray.exe#:27 [support.exe] FilePath : C:\Program Files\Common Files\Dell\EUSW\ ProcessID : 1556 ThreadCreationTime : 1-19-2005 10:37:51 AM BasePriority : Normal FileVersion : 2, 1, 1, 0 ProductVersion : 1, 0, 0, 1 ProductName : Dell Support CompanyName : Dell FileDescription : Support InternalName : Support LegalCopyright : Copyright © 2002 OriginalFilename : Support.exe#:28 [hpztsb09.exe] FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\ ProcessID : 1672 ThreadCreationTime : 1-19-2005 10:37:51 AM BasePriority : Normal FileVersion : 2.236.2.0 ProductVersion : 2.236.2.0 ProductName : HP DeskJet CompanyName : HP LegalCopyright : Copyright © Hewlett-Packard Company 1999-2003#:29 [hpwuschd2.exe] FilePath : C:\Program Files\Hewlett-Packard\HP Software Update\ ProcessID : 1644 ThreadCreationTime : 1-19-2005 10:37:51 AM BasePriority : Normal FileVersion : 5, 0, 0, 0 ProductVersion : 5, 0, 0, 0 ProductName : HP Software Update Application CompanyName : Hewlett-Packard Company FileDescription : hpwuSchd InternalName : hpwuSchd LegalCopyright : Copyright © 2003 OriginalFilename : hpwuSchd.exe#:30 [hpcmpmgr.exe] FilePath : C:\Program Files\HP\hpcoretech\ ProcessID : 1736 ThreadCreationTime : 1-19-2005 10:37:52 AM BasePriority : Normal FileVersion : 2.1.1 ProductVersion : 2.1.1 ProductName : hp coretech (COmponent REuse TECHnology) CompanyName : Hewlett-Packard Company FileDescription : HP Framework Component Manager Service InternalName : HPComponentManagerService module LegalCopyright : Copyright © Hewlett-Packard. 2002-2003 OriginalFilename : HPCmpMgr.exe#:31 [hpotdd01.exe] FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\ ProcessID : 1748 ThreadCreationTime : 1-19-2005 10:37:52 AM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Hewlett-Packard hpotdd01 CompanyName : Hewlett-Packard FileDescription : hpotdd01 InternalName : hpotdd01 LegalCopyright : Copyright © 2002 OriginalFilename : hpotdd01.exe#:32 [notifyalert.exe] FilePath : c:\Program Files\Dell\Support\Alert\bin\ ProcessID : 1856 ThreadCreationTime : 1-19-2005 10:37:52 AM BasePriority : Normal#:33 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1876 ThreadCreationTime : 1-19-2005 10:37:52 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE#:34 [em_exec.exe] FilePath : C:\Program Files\Logitech\MouseWare\system\ ProcessID : 212 ThreadCreationTime : 1-19-2005 10:37:53 AM BasePriority : Normal FileVersion : 9.79.025 ProductVersion : 9.79.025 ProductName : MouseWare CompanyName : Logitech Inc. FileDescription : Logitech Events Handler Application InternalName : Em_Exec LegalCopyright : © 1987-2003 Logitech. All rights reserved. LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc. OriginalFilename : Em_Exec.exe Comments : Created by the MouseWare team#:35 [aoltray.exe] FilePath : C:\Program Files\America Online 9.0\ ProcessID : 288 ThreadCreationTime : 1-19-2005 10:37:54 AM BasePriority : Normal FileVersion : 9.00.000 ProductVersion : 9.00.000 ProductName : America Online CompanyName : America Online, Inc. FileDescription : AOL Tray Icon InternalName : AolTray LegalCopyright : Copyright © America Online, Inc. 1999 - 2003#:36 [spysub.exe] FilePath : C:\Program Files\interMute\SpySubtract\ ProcessID : 340 ThreadCreationTime : 1-19-2005 10:37:54 AM BasePriority : Normal FileVersion : 1, 0, 1, 49 ProductVersion : 2.60 ProductName : SpySubtract CompanyName : InterMute, Inc. FileDescription : SpySubtract Program EXE InternalName : SpySub.exe LegalCopyright : Copyright © 2004 InterMute, Inc. All rights reserved. OriginalFilename : SpySub.exe#:37 [wzqkpick.exe] FilePath : C:\Program Files\WinZip\ ProcessID : 400 ThreadCreationTime : 1-19-2005 10:37:54 AM BasePriority : Normal FileVersion : 1.0 (32-bit) ProductVersion : 9.0 (6224) ProductName : WinZip CompanyName : WinZip Computing, Inc. FileDescription : WinZip Executable InternalName : WZQKPICK.EXE LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc OriginalFilename : WZQKPICK.EXE Comments : StringFileInfo: U.S. English#:38 [acsd.exe] FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\ ProcessID : 476 ThreadCreationTime : 1-19-2005 10:37:56 AM BasePriority : Normal#:39 [ccproxy.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 716 ThreadCreationTime : 1-19-2005 10:37:56 AM BasePriority : Normal FileVersion : 2.1.5.1 ProductVersion : 2.1.5.1 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe#:40 [ccsetmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1760 ThreadCreationTime : 1-19-2005 10:37:57 AM BasePriority : Normal FileVersion : 2.1.5.1 ProductVersion : 2.1.5.1 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe#:41 [mdm.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\ ProcessID : 424 ThreadCreationTime : 1-19-2005 10:37:57 AM BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft® Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe#:42 [sqlservr.exe] FilePath : C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\ ProcessID : 864 ThreadCreationTime : 1-19-2005 10:37:57 AM BasePriority : Normal FileVersion : 2000.080.0818.00 ProductVersion : 8.00.818 ProductName : Microsoft SQL Server CompanyName : Microsoft Corporation FileDescription : SQL Server Windows NT InternalName : SQLSERVR LegalCopyright : © 1988-2003 Microsoft Corp. All rights reserved. LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows is a trademark of Microsoft Corporation OriginalFilename : SQLSERVR.EXE Comments : NT INTEL X86#:43 [navapsvc.exe] FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\ ProcessID : 2260 ThreadCreationTime : 1-19-2005 10:38:01 AM BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE#:44 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2344 ThreadCreationTime : 1-19-2005 10:38:01 AM BasePriority : Normal FileVersion : 6.14.10.4586 ProductVersion : 6.14.10.4586 ProductName : NVIDIA Driver Helper Service, Version 45.86 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 45.86 InternalName : NVSVC LegalCopyright : © NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe#:45 [savscan.exe] FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\ ProcessID : 2416 ThreadCreationTime : 1-19-2005 10:38:01 AM BasePriority : Normal FileVersion : 9.2.1.14 ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright © 2003 Symantec Corporation OriginalFilename : SAVSCAN.EXE#:46 [sndsrvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 2524 ThreadCreationTime : 1-19-2005 10:38:02 AM BasePriority : Normal FileVersion : 5.4.3.11 ProductVersion : 5.4 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe#:47 [symlcsvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\ ProcessID : 2592 ThreadCreationTime : 1-19-2005 10:38:02 AM BasePriority : Normal FileVersion : 1, 8, 52, 9 ProductVersion : 1, 8, 52, 9 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright © 2003 OriginalFilename : symlcsvc.exe#:48 [wanmpsvc.exe] FilePath : C:\WINDOWS\ ProcessID : 2616 ThreadCreationTime : 1-19-2005 10:38:02 AM BasePriority : Normal FileVersion : 7, 0, 0, 2 ProductVersion : 7, 0, 0, 2 ProductName : America Online CompanyName : America Online, Inc. FileDescription : Wan Miniport (ATW) Service InternalName : WanMPSvc LegalCopyright : Copyright © 2001 America Online, Inc. OriginalFilename : WanMPSvc.exe#:49 [wltrysvc.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2764 ThreadCreationTime : 1-19-2005 10:38:02 AM BasePriority : Normal#:50 [bcmwltry.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2852 ThreadCreationTime : 1-19-2005 10:38:03 AM BasePriority : Normal FileVersion : 3.40.67.0 ProductVersion : 3.40.67.0 ProductName : Dell Wireless WLAN Card Wireless Network Tray Applet CompanyName : Dell Computer Corporation FileDescription : Dell Wireless WLAN Card Wireless Network Tray Applet InternalName : bcmwltry.exe LegalCopyright : 1998-2003, Dell Computer Corporation All Rights Reserved. OriginalFilename : bcmwltry.exe#:51 [ccevtmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 2876 ThreadCreationTime : 1-19-2005 10:38:03 AM BasePriority : Normal FileVersion : 2.1.5.1 ProductVersion : 2.1.5.1 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe#:52 [symwsc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\ ProcessID : 2968 ThreadCreationTime : 1-19-2005 10:38:03 AM BasePriority : Normal FileVersion : 2005.1.2.20 ProductVersion : 2005.1 ProductName : Norton Security Center CompanyName : Symantec Corporation FileDescription : Norton Security Center Service InternalName : SymWSC.exe LegalCopyright : Copyright © 1997-2004 Symantec Corporation OriginalFilename : SymWSC.exe#:53 [wmiapsrv.exe] FilePath : C:\WINDOWS\System32\wbem\ ProcessID : 1960 ThreadCreationTime : 1-19-2005 10:38:13 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI Performance Adapter Service InternalName : WmiApSrv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WmiApSrv.exe#:54 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1388 ThreadCreationTime : 1-19-2005 10:38:13 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe#:55 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 324004 ThreadCreationTime : 1-19-2005 11:53:47 AM BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved#:56 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ProcessID : 346360 ThreadCreationTime : 1-19-2005 11:58:43 AM BasePriority : Normal FileVersion : 4.7.3000 ProductVersion : Version 4.7.3000 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exeMemory scan result:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»New critical objects: 0Objects found so far: 0Started registry scan»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Registry Scan result:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»New critical objects: 0Objects found so far: 0Started deep registry scan»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Deep registry scan result:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»New critical objects: 0Objects found so far: 0 MRU List Object Recognized! Location: : S-1-5-21-1668931066-2636720216-937336123-1008\software\nico mak computing\winzip\filemenu Description : winzip recently used archives MRU List Object Recognized! Location: : S-1-5-21-1668931066-2636720216-937336123-1008\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1668931066-2636720216-937336123-1008\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1668931066-2636720216-937336123-1008\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1668931066-2636720216-937336123-1008\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1668931066-2636720216-937336123-1008\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1668931066-2636720216-937336123-1008\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : C:\Documents and Settings\chris kuhlman\recent Description : list of recently opened documents MRU List Object Recognized! Location: : C:\Documents and Settings\chris kuhlman\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft officeStarted Tracking Cookie scan»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : chris kuhlman@maxserving[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:chris kuhlman@maxserving.com/ Expires : 1-16-2015 7:39:08 AM LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : chris kuhlman@bravenet[2].txt Category : Data Miner Comment : Hits:12 Value : Cookie:chris kuhlman@bravenet.com/ Expires : 1-17-2015 5:33:26 AM LastSync : Hits:12 UseCount : 0 Hits : 12 Tracking Cookie Object Recognized! Type : IECache Entry Data : chris kuhlman@z1.adserver[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:chris kuhlman@z1.adserver.com/ Expires : 1-19-2006 5:08:28 AM LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : chris kuhlman@hc2.humanclick[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:chris kuhlman@hc2.humanclick.com/ Expires : 1-18-2006 8:18:38 AM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : chris kuhlman@13527300[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:chris kuhlman@hc2.humanclick.com/hc/13527300 Expires : 1-18-2006 8:18:38 AM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : chris kuhlman@2o7[2].txt Category : Data Miner Comment : Hits:52 Value : Cookie:chris kuhlman@2o7.net/ Expires : 1-18-2010 5:36:08 AM LastSync : Hits:52 UseCount : 0 Hits : 52Tracking cookie scan result:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»New critical objects: 6Objects found so far: 18Deep scanning and examining files (C:)»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Disk Scan Result for C:\»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»New critical objects: 0Objects found so far: 18Scanning Hosts file......Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Hosts file scan result:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»1 entries scanned.New critical objects:0Objects found so far: 18Performing conditional scans...»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Conditional scan result:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»New critical objects: 0Objects found so far: 186:18:32 AM Scan CompleteSummary Of This Scan»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Total scanning time:00:19:14.900Objects scanned:244512Objects identified:6Objects ignored:0New critical objects:6<end of the Ad-Aware log file><Start hijackThis log file>Logfile of HijackThis v1.99.0Scan saved at 8:15:32 AM, on 1/19/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\BCMSMMSG.exeC:\Program Files\Java\jre1.5.0\bin\jusched.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Dell\AccessDirect\dadapp.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exeC:\Program Files\Dell\AccessDirect\DadTray.exeC:\Program Files\Common Files\Dell\EUSW\Support.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exec:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\America Online 9.0\aoltray.exeC:\Program Files\interMute\SpySubtract\SpySub.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\System32\wbem\wmiapsrv.exeC:\Program Files\Messenger\msmsgs.exeC:\downloads\hijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywayR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywayR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed InternetR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.ce1.attbb.net:8000R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ce1.attbb.net;<local>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquietO4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exeO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exeO4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exeO4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exeO4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exeO4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dllO16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\windows\system32\cm.exeO16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cabO16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cabO18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dllO21 - SSODL: ViewpointMediaPlayer - {AD6603A5-C688-72F9-D0C5-686C8AE5D297} - C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgrg.dllO23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeO23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeO23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe (file missing)< end of the hijackThis log file><Start of the hijackThis Analyzer log file>====================================================================Log was analyzed using KRC HijackThis Analyzer - Updated on 1/16/05Get updates at http://www.greyknight17.com/download.htm#programs***Security Programs Detected***C:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\interMute\SpySubtract\SpySub.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exeO4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exeO23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program F

Share this post


Link to post
Share on other sites

OK, I guess my last message was too long. Sorry.The hijackThis Analyzer log file got cut off. Here it is, in its entirety.Thank you much for your help.<Start hijackThis Analyzer log file>====================================================================Log was analyzed using KRC HijackThis Analyzer - Updated on 1/16/05Get updates at http://www.greyknight17.com/download.htm#programs***Security Programs Detected***C:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\interMute\SpySubtract\SpySub.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exeO4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exeO23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Logfile of HijackThis v1.99.0Scan saved at 8:15:32 AM, on 1/19/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Program Files\America Online 9.0\aoltray.exeC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exeC:\downloads\hijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywayR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywayR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed InternetR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.ce1.attbb.net:8000R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ce1.attbb.net;<local>O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exeO4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dllO9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\windows\system32\cm.exeO16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cabO16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cabO21 - SSODL: ViewpointMediaPlayer - {AD6603A5-C688-72F9-D0C5-686C8AE5D297} - C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgrg.dllO23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe (file missing)End of KRC HijackThis Analyzer Log.====================================================================<end hijackThis Analyzer log file>

Share this post


Link to post
Share on other sites

Ok, Just to let you know that I've seen this but I am going to be out of the office untill tonight. I'll examime and post then.Oh please leave System restore OFF untill we are satisified that your system is purged. An infected SR is worthless and hampers cleaning efforts.

Edited by nlinecomputers

Share this post


Link to post
Share on other sites

Ok sorry for not getting to this sooner. Open Hijackthis and remove all of the following:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\windows\system32\cm.exeO21 - SSODL: ViewpointMediaPlayer - {AD6603A5-C688-72F9-D0C5-686C8AE5D297} - C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgrg.dllO23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe (file missing)

After removing these files from hijackthis, please reboot IN SAFE MODE and DELETE the files C:\windows\system32\cm.exe. Delete the c:\Program Files\viewpoint directory and all files in it. Delete C:\WINDOWS\System32\WLTRYSVC.EXEThis process looks odd to me. Can you explain it?:

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

It is listed as a running process but not listed in any of HJT's startup items. So what is running it? And why are you running an SQL database? This might be fake or do you run an SQL database appllication?

Share this post


Link to post
Share on other sites

Please, no need to apologize. I cannot tell you how grateful I am for your help.I will do as you specify, immediately upon completing this note, but I will answer your questions now (to the best that I can).Issue:"This process looks odd to me. Can you explain it?"C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exeNo, I cannot explain it for sure. I do not know what it is running. I do not know why I am running an SQL database. I run no *direct* SQL database application (that I can think of; if I have, it's been rare). But lets see if I can tell you something useful. The only thing that I can think of (I am truly speculating here) is that this is MS, and it might be running as part of XP, it might be running just because of some factory (Dell) setting, it might be running because of something to do with the internet (e.g., it might keep records in a database of web sites that I have contacted, it might be used by my ISP, or perform some other support function). I know that I did not consciously turn it on (although I may have inadvertently started it as a side effect of some other action). As far as I can remember I have not used any type of database product on this machine (e.g., no MS Access, no MySQL). That doesn't mean, though, that in the future I won't, because I will most certainly. And it also doesn't mean that I am not unknowingly using it as part of another application that I use. Mainly, I use my machine to write reports, make presentations, and, most often, to develop software in Java, C, C++.I will get back to you when I have completed the steps that you have specified. Again, many thanks.

Share this post


Link to post
Share on other sites

The reason I ask about it is that I'm not sure that it is real. It may be a fake name for a virus/spyware application. I suspect that as it doesn't show up in HJT under the startup sections numbered 04 or in the service sections numberd 023. That is what is so odd and makes me suspect it. As you don't know of any software that is using it I would be tempted to try and delete it. But don't do so yet. I'm still researching this.

Share this post


Link to post
Share on other sites

I will not do anything with sqlservr.exe until you tell me to.These are my results from following your directions.I opened hijackThis, ran it, found the 6 entries that Nathan said to delete, and deleted them.I did get an error in hijackThis when I clicked on the "Fix items" button (or whatever the button name is that deletes the files). The message was:An unexpected error has occurred at procedure:modBackup_MakeBackup(sItem=021-SSODL: ViewpointMediaPlayer-{AD6603A5-C688-72F9-D0C5-686c8AE5D297}—C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgrg.dll)Error #62-Input past end of filePlease email merijn@spywareinfo.comWindows version: Windows NT 5.01.2600MSIE version: 6.0.2900.2180HijackThis version: 1.99.0<end of error message>I clicked OK, and the hijackThis program suggested I reboot, so I rebooted.I then ran hijackThis again (because of the error above), and all of the 6 processes that Nathan told me to delete were, in fact, gone. So I thought that good.I then rebooted in SAFE mode. I was to delete:-1. c:\windows\system32\cm.exe-2. c:\Program Files\viewpoint directory and all files in it.-3. C:\Windows\system32\WLTRYSVC.EXEWhile I deleted items 2 and 3 above, I could not find c:\windows\system32\cm.exe. I looked as both Administrator and my individual account (I am the only person on the machine), and I used Windows explorer to search the entire C hard drive, and I examined the specified directory using a command window (cmd.exe). I could not find it.I then rebooted into regular Windows XP.To see if I had viruses, I ran Ad-Aware, since this product seems to detect bugs. Ad-Aware found no bugs; this was the first time ever on my machine that no bugs were found with Ad-Aware. I then ran CWShredder, Spy-bot, and Norton Antivirus, and all 3 told me that there were no detected viruses.Then I used my computer a little: did some email through my ISP account (Comcast; I do not use MS outlook), read some things on the Web, and used MS Word a little.Then I ran Ad-Aware again. This time, one bug was found. I deleted it, and rebooted.Then I ran Ad-Aware again, and this time it found zero bugs.Now I am writing this note.So, I infer from this albeit one sequence of activities that when I boot up, that my disk is clean (since no bugs were found), but then I contract a bug through the use of one (or more) of: internet surfing, internet email, Windows Explorer, MS Word.

Share this post


Link to post
Share on other sites

Hey thanks Liz! :D ChrisJ. I think you are clean. Now you have quite a few items that are not spyware issues but can affect performance. I take it you are on a broadband connection via Cox cable. So you don't need all that AOL crap running. I would uninstall AOL and then rerun HJT and remove any thing that has AOL that might still be left running.

Share this post


Link to post
Share on other sites

OK. I did as directed. AOL is gone.Thank you so much. I would be embarrassed to tell you how many hours (days) I spent on this problem--a lot of floundering around before I came here and received your help. I would be happy to make a contribution to someone, if this site has such a mechanism, or to you directly, Nathan (and Liz). These problems have cost me many days of labor, and had it not been for you, I'd still be in this mess. So I will gladly contribute to something.

Share this post


Link to post
Share on other sites

No need. This is voluntary work on my part because (1)I like to help and (2) I run my own computer business and doing this helps sharpen my skill set. For example Liz found out that a mini SQL server is installed with Outlook's business manger add-on program. I didn't know that. I do now....

Share this post


Link to post
Share on other sites
Guest Paracelsus

On the other hand, Chris...If you would like to contribute toward helping to keep these forums going... Scot would be very grateful. The costs of maintaining this site comes directly out of his pocket.Please see Scot's Newsletter Homepage(Under Search, beneath Scot's portrait) B)

Share this post


Link to post
Share on other sites

Nice work, Nathan, zlim and Chris too, for your excellent work in following Nathan's suggestions. :thumbsup:By all means, give the $$ to Scot and help us keep our 'home' here! B)

Share this post


Link to post
Share on other sites

OK, I sent a snail mail envelope, per the instructions. Not to beat a dead horse, but thanks again. I am exceedingly grateful. Now I can get back to things that I should have been doing two weeks ago.

Share this post


Link to post
Share on other sites

I suppose it's too late to say send the money to me eh? :D :D B)

Share this post


Link to post
Share on other sites

Thanks James. I'll pick them up the next time the ferry runs. <_< :unsure:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...