I have followed all of your directions in the fix it yourself...ran Ad-aware, ran Spybot Search and Destroy, as well as getting all the current updates for Microsoft installed. Please check our hijack log and Ad-aware log see if you can help us.
Thanks! Debbie
Logfile of HijackThis v1.98.1
Scan saved at 9:58:50 AM, on 8/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~3\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~3\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\System32\SK9910DM.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Nova Development\Photo Explosion Deluxe\CalCheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Debbie Dreeszen.DREESZEN\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Photo Explosion Calendar Checker.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.securedsh...click/setup.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea1fd.sea1.h...ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8409881-F540-469F-9EA4-D7E3B0B69EA4}: NameServer = 64.91.3.46 209.206.199.16
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Sunday, August 15, 2004 9:14:57 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R337 11.08.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R337 11.08.2004
Internal build : 271
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\reflist.ref
Total size : 1323662 Bytes
Signature data size : 1302518 Bytes
Reference data size : 21080 Bytes
Signatures total : 28819
Target categories : 10
Target families : 530
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:43 %
Total physical memory:261424 kb
Available physical memory:112140 kb
Total page file size:632292 kb
Available on page file:444564 kb
Total virtual memory:2097024 kb
Available virtual memory:2055440 kb
OS:
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result
8-15-2004 9:14:57 AM - Scan started. (Smart mode)
Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 8-15-2004 3:29:13 AM
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 8-15-2004 3:29:20 AM
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-15-2004 3:29:21 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/30/2001 10:30:00 AM
Last accessed : 8/15/2004 1:38:17 PM
Last modified : 8/30/2001 10:30:00 AM
#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-15-2004 3:29:21 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/30/2001 10:30:00 AM
Last accessed : 8/15/2004 1:38:17 PM
Last modified : 8/29/2002 10:41:26 AM
#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-15-2004 3:29:23 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/30/2001 10:30:00 AM
Last accessed : 8/15/2004 2:14:57 PM
Last modified : 8/30/2001 10:30:00 AM
#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 8-15-2004 3:29:24 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/30/2001 10:30:00 AM
Last accessed : 8/15/2004 2:14:57 PM
Last modified : 8/30/2001 10:30:00 AM
#:7 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 8-15-2004 3:29:28 AM
BasePriority : Normal
FileSize : 229 KB
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
OriginalFilename : ccSetMgr.exe
ProductName : Common Client
Created on : 11/10/2003 1:30:12 PM
Last accessed : 8/15/2004 1:38:17 PM
Last modified : 11/10/2003 1:30:12 PM
#:8 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 8-15-2004 3:29:29 AM
BasePriority : Normal
FileSize : 249 KB
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Common Client
Created on : 11/10/2003 1:30:04 PM
Last accessed : 8/15/2004 1:38:18 PM
Last modified : 11/10/2003 1:30:04 PM
#:9 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-15-2004 3:29:30 AM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/30/2001 10:30:00 AM
Last accessed : 8/15/2004 1:38:18 PM
Last modified : 8/30/2001 10:30:00 AM
#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 8-15-2004 3:29:33 AM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 4/11/2004 12:51:00 AM
Last accessed : 8/15/2004 1:45:07 PM
Last modified : 8/29/2002 10:41:24 AM
#:11 [gearsec.exe]
FilePath : C:\WINDOWS\SYSTEM32\
ThreadCreationTime : 8-15-2004 3:29:38 AM
BasePriority : Normal
FileSize : 60 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
OriginalFilename : gearsec.exe
ProductName : gearsec
Created on : 4/18/2004 2:25:03 AM
Last accessed : 8/15/2004 1:38:18 PM
Last modified : 9/12/2001 12:59:50 PM
#:12 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ThreadCreationTime : 8-15-2004 3:29:38 AM
BasePriority : Normal
FileSize : 314 KB
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
OriginalFilename : mdm.exe
ProductName : Microsoft
Created on : 6/20/2003 4:25:00 AM
Last accessed : 8/15/2004 1:38:18 PM
Last modified : 6/20/2003 4:25:00 AM
#:13 [navapsvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Antivirus\
ThreadCreationTime : 8-15-2004 3:29:39 AM
BasePriority : Normal
FileSize : 154 KB
FileVersion : 10.00.13
ProductVersion : 10.00.13
Copyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 11/24/2003 3:46:28 PM
Last accessed : 8/15/2004 1:16:05 PM
Last modified : 11/24/2003 3:46:28 PM
#:14 [nprotect.exe]
FilePath : C:\PROGRA~1\NORTON~3\NORTON~2\
ThreadCreationTime : 8-15-2004 3:29:41 AM
BasePriority : Normal
FileSize : 80 KB
FileVersion : 17.0.0.83
ProductVersion : 17.0.0.83
Copyright : Copyright © 1997-2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
OriginalFilename : NPROTECT.EXE
ProductName : Norton Utilities
Created on : 11/24/2003 5:49:14 PM
Last accessed : 8/15/2004 1:38:18 PM
Last modified : 11/24/2003 5:49:14 PM
#:15 [gwmdmmsg.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 8-15-2004 3:29:44 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 3.3.17 10/31/2001 20:10:32
ProductVersion : 3.3.17 10/31/2001 20:10:32
Copyright : Copyright
CompanyName : GTW
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
OriginalFilename : smdmstat.exe
ProductName : GTW Modem Messaging Applet
Created on : 4/10/2004 7:59:43 PM
Last accessed : 8/15/2004 1:30:23 PM
Last modified : 12/4/2001 5:07:38 PM
#:16 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 8-15-2004 3:29:45 AM
BasePriority : Normal
FileSize : 56 KB
FileVersion : 5.13.01.1520
ProductVersion : 5.13.01.1520
Copyright : Copyright
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 15.20
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 15.20
Created on : 4/10/2004 8:14:19 PM
Last accessed : 8/15/2004 1:38:19 PM
Last modified : 8/31/2001 5:56:00 AM
#:17 [savscan.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Antivirus\
ThreadCreationTime : 8-15-2004 3:29:46 AM
BasePriority : Normal
FileSize : 189 KB
FileVersion : 9.2.1.14
ProductVersion : 9.2
Copyright : Copyright © 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
OriginalFilename : SAVSCAN.EXE
ProductName : Symantec AntiVirus AutoProtect
Created on : 11/7/2003 5:46:58 PM
Last accessed : 8/15/2004 1:38:19 PM
Last modified : 11/7/2003 5:46:58 PM
#:18 [sk9910dm.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 8-15-2004 3:29:47 AM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 1, 0, 9, 0
Copyright : Copyright © Silitek Corp. 1999, 2000
CompanyName : Silitek Corporation
FileDescription : Daemon
Created on : 4/10/2004 8:14:44 PM
Last accessed : 8/15/2004 1:38:19 PM
Last modified : 1/3/2001 8:50:56 PM
#:19 [hpztsb05.exe]
FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
ThreadCreationTime : 8-15-2004 3:29:47 AM
BasePriority : Normal
FileSize : 184 KB
FileVersion : 2,128,0,0
ProductVersion : 2,128,0,0
Copyright : Copyright © Hewlett-Packard Company 1999-2002
CompanyName : HP
ProductName : HP DeskJet
Created on : 4/10/2004 8:17:04 PM
Last accessed : 8/15/2004 1:17:33 PM
Last modified : 6/17/2002 12:41:23 PM
#:20 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 8-15-2004 3:29:48 AM
BasePriority : Normal
FileSize : 69 KB
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 11/10/2003 1:30:02 PM
Last accessed : 8/15/2004 1:38:19 PM
Last modified : 11/10/2003 1:30:02 PM
#:21 [acctmgr.exe]
FilePath : C:\Program Files\Norton SystemWorks\Password Manager\
ThreadCreationTime : 8-15-2004 3:29:48 AM
BasePriority : Normal
FileSize : 569 KB
FileVersion : 2004.1.127
ProductVersion : 2004.1.127
Copyright : Copyright © 2003-2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Password Manager Controller
InternalName : AcctMgr
OriginalFilename : AcctMgr.EXE
ProductName : Norton Password Manager
Created on : 4/15/2004 11:11:03 PM
Last accessed : 8/15/2004 1:29:21 PM
Last modified : 12/10/2003 8:56:34 PM
#:22 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 8-15-2004 3:29:49 AM
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 4/11/2004 12:47:48 AM
Last accessed : 8/15/2004 1:38:19 PM
Last modified : 8/29/2002 10:41:22 AM
#:23 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 8-15-2004 3:29:49 AM
BasePriority : Normal
FileSize : 4768 KB
FileVersion : 6.2.0137
ProductVersion : Version 6.2
Copyright : Copyright © Microsoft Corporation 1997-2004
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : MSN Messenger
Created on : 5/28/2004 8:22:04 PM
Last accessed : 8/15/2004 1:16:09 PM
Last modified : 5/28/2004 8:22:04 PM
#:24 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~3\NORTON~2\SPEEDD~1\
ThreadCreationTime : 8-15-2004 3:29:53 AM
BasePriority : Normal
FileSize : 172 KB
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
Copyright : Copyright © 1997-2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
OriginalFilename : NOPDB.dll
ProductName : Norton Speed Disk
Created on : 11/24/2003 5:29:58 PM
Last accessed : 8/15/2004 1:38:19 PM
Last modified : 11/24/2003 5:29:58 PM
#:25 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 8-15-2004 3:29:56 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/30/2001 10:30:00 AM
Last accessed : 8/15/2004 2:14:57 PM
Last modified : 8/30/2001 10:30:00 AM
#:26 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ThreadCreationTime : 8-15-2004 3:29:56 AM
BasePriority : Normal
FileSize : 572 KB
FileVersion : 1, 8, 48, 79
ProductVersion : 1, 8, 48, 79
Copyright : Copyright © 2003
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
OriginalFilename : symlcsvc.exe
ProductName : Symantec Core Component
Created on : 4/15/2004 10:43:03 PM
Last accessed : 8/15/2004 1:38:20 PM
Last modified : 4/15/2004 10:43:02 PM
#:27 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ThreadCreationTime : 8-15-2004 3:30:01 AM
BasePriority : Normal
FileSize : 24 KB
FileVersion : 6.00.1911.0
ProductVersion : 6.00.1911.0
Copyright : Copyright
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkCalRem
OriginalFilename : WKCALREM.EXE
ProductName : Microsoft
Created on : 8/7/2001 11:06:54 PM
Last accessed : 8/15/2004 1:38:20 PM
Last modified : 8/7/2001 11:06:54 PM
#:28 [calcheck.exe]
FilePath : C:\Program Files\Nova Development\Photo Explosion Deluxe\
ThreadCreationTime : 8-15-2004 3:30:46 AM
BasePriority : Normal
FileSize : 68 KB
FileVersion : 1.0
ProductVersion : 1, 0, 0, 1
Copyright : Software developed by Ulead Systems, Inc. © 1998-2002, Ulead Systems,Inc. All rights reserved. Published by Nova Development Crop. under license. Portions © 2000-2002, Nova Development Crop.
CompanyName : Nova Development.
FileDescription : Nova Development Photo Explosion
InternalName : CalCheck
OriginalFilename : CalCheck.EXE
ProductName : Calendar Checker Application
Created on : 4/17/2002 7:19:16 PM
Last accessed : 8/15/2004 1:38:20 PM
Last modified : 4/17/2002 7:19:16 PM
#:29 [notepad.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 8-15-2004 1:56:30 PM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
OriginalFilename : NOTEPAD.EXE
ProductName : Microsoft
Created on : 4/10/2004 11:42:24 AM
Last accessed : 8/15/2004 1:54:58 PM
Last modified : 8/30/2001 10:30:00 AM
#:30 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 8-15-2004 1:56:54 PM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 4/11/2004 1:07:49 AM
Last accessed : 8/15/2004 1:56:56 PM
Last modified : 8/29/2002 10:41:26 AM
#:31 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 8-15-2004 2:13:10 PM
BasePriority : Normal
FileSize : 1456 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 4/15/2003 12:30:14 AM
Last accessed : 8/15/2004 1:49:48 PM
Last modified : 4/15/2003 12:30:14 AM
#:32 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 8-15-2004 2:14:46 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 6/14/2004 12:49:35 AM
Last accessed : 8/15/2004 1:44:26 PM
Last modified : 7/13/2003 2:00:20 AM
Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0
Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0
Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 1
Objects found so far: 1
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
1 entries scanned.
New objects :0
Objects found so far: 1
Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1
9:18:49 AM Scan complete
Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:03:50:688
Objects scanned :47979
Objects identified :1
Objects ignored :0
New objects :1