29 replies to this topic

[oreofudge]

Logfile of HijackThis v1.99.1
Scan saved at 5:03:39 PM, on 3/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600) - CORAL 01
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\windows\system32\mdms.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\MICHELLI\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daosearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.webwideISP.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Webwide ISP
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {08EF606E-1613-432C-8545-1CB6162B2E0B} - (no file)
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - (no file)
O2 - BHO: (no name) - {2C5175A2-ADF3-4F57-AB70-BA90FD60A383} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717765721316} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {EB381422-F797-4A98-A266-9DC490821907} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Vvi] C:\WINDOWS\Oqa.exe
O4 - HKLM\..\Run: [Vrl] C:\WINDOWS\System32\Hqe.exe
O4 - HKLM\..\Run: [Vok] C:\WINDOWS\Kvr.exe
O4 - HKLM\..\Run: [Vno] C:\WINDOWS\System32\Jod.exe
O4 - HKLM\..\Run: [Vnm] C:\WINDOWS\Hvh.exe
O4 - HKLM\..\Run: [Vnc] C:\WINDOWS\Gmt.exe
O4 - HKLM\..\Run: [Vmh] C:\WINDOWS\System32\Acc.exe
O4 - HKLM\..\Run: [Vlj] C:\WINDOWS\Cdk.exe
O4 - HKLM\..\Run: [Vlb] C:\WINDOWS\System32\Doh.exe
O4 - HKLM\..\Run: [Vgo] C:\WINDOWS\System32\Rmf.exe
O4 - HKLM\..\Run: [Vfn] C:\WINDOWS\System32\Unp.exe
O4 - HKLM\..\Run: [Ves] C:\WINDOWS\Hsb.exe
O4 - HKLM\..\Run: [Vak] C:\WINDOWS\System32\Gku.exe
O4 - HKLM\..\Run: [Utm] C:\WINDOWS\Cke.exe
O4 - HKLM\..\Run: [Ute] C:\WINDOWS\Dvc.exe
O4 - HKLM\..\Run: [Uqn] C:\WINDOWS\Dkb.exe
O4 - HKLM\..\Run: [Upq] C:\WINDOWS\Ekb.exe
O4 - HKLM\..\Run: [Uok] C:\WINDOWS\System32\Hbp.exe
O4 - HKLM\..\Run: [Und] C:\WINDOWS\System32\Dfa.exe
O4 - HKLM\..\Run: [Umr] C:\WINDOWS\Nko.exe
O4 - HKLM\..\Run: [Ujq] C:\WINDOWS\Cub.exe
O4 - HKLM\..\Run: [Uif] C:\WINDOWS\Vbr.exe
O4 - HKLM\..\Run: [Ubg] C:\WINDOWS\System32\Ctk.exe
O4 - HKLM\..\Run: [Tqt] C:\WINDOWS\System32\Amh.exe
O4 - HKLM\..\Run: [Tnn] C:\WINDOWS\System32\Bgf.exe
O4 - HKLM\..\Run: [Tms] C:\WINDOWS\Kia.exe
O4 - HKLM\..\Run: [Tjs] C:\WINDOWS\Ohj.exe
O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [Thk] C:\WINDOWS\System32\Phi.exe
O4 - HKLM\..\Run: [Tgh] C:\WINDOWS\Upq.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [Tek] C:\WINDOWS\Omh.exe
O4 - HKLM\..\Run: [Tbu] C:\WINDOWS\System32\Lms.exe
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 - HKLM\..\Run: [Svk] C:\WINDOWS\Jgs.exe
O4 - HKLM\..\Run: [Svg] C:\WINDOWS\Vpu.exe
O4 - HKLM\..\Run: [Suh] C:\WINDOWS\System32\Fqe.exe
O4 - HKLM\..\Run: [Sru] C:\WINDOWS\Sle.exe
O4 - HKLM\..\Run: [Srn] C:\WINDOWS\Kqb.exe
O4 - HKLM\..\Run: [Sqt] C:\WINDOWS\System32\Jhn.exe
O4 - HKLM\..\Run: [Sqb] C:\WINDOWS\Foi.exe
O4 - HKLM\..\Run: [Sml] C:\WINDOWS\Lhe.exe
O4 - HKLM\..\Run: [Skb] C:\WINDOWS\System32\Ara.exe
O4 - HKLM\..\Run: [Sem] C:\WINDOWS\System32\Qtg.exe
O4 - HKLM\..\Run: [Scd] C:\WINDOWS\Ptm.exe
O4 - HKLM\..\Run: [Sbc] C:\WINDOWS\System32\Pqc.exe
O4 - HKLM\..\Run: [Rvp] C:\WINDOWS\System32\Tto.exe
O4 - HKLM\..\Run: [Rqc] C:\WINDOWS\System32\Aod.exe
O4 - HKLM\..\Run: [Rps] C:\WINDOWS\Boq.exe
O4 - HKLM\..\Run: [Rpb] C:\WINDOWS\Evl.exe
O4 - HKLM\..\Run: [Rmo] C:\WINDOWS\System32\Pgl.exe
O4 - HKLM\..\Run: [Rlu] C:\WINDOWS\Bio.exe
O4 - HKLM\..\Run: [Rjp] C:\WINDOWS\System32\Oqi.exe
O4 - HKLM\..\Run: [Rhs] C:\WINDOWS\Bhh.exe
O4 - HKLM\..\Run: [Rec] C:\WINDOWS\Kcp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Qvu] C:\WINDOWS\Nhj.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Qsh] C:\WINDOWS\System32\Mji.exe
O4 - HKLM\..\Run: [Qor] C:\WINDOWS\Mmc.exe
O4 - HKLM\..\Run: [Qoj] C:\WINDOWS\System32\Gng.exe
O4 - HKLM\..\Run: [Qmm] C:\WINDOWS\Ooh.exe
O4 - HKLM\..\Run: [Qht] C:\WINDOWS\System32\Etr.exe
O4 - HKLM\..\Run: [Qgh] C:\WINDOWS\Iku.exe
O4 - HKLM\..\Run: [Qep] C:\WINDOWS\Jmg.exe
O4 - HKLM\..\Run: [Qcg] C:\WINDOWS\System32\Ovd.exe
O4 - HKLM\..\Run: [Qbl] C:\WINDOWS\System32\Jmu.exe
O4 - HKLM\..\Run: [Qai] C:\WINDOWS\System32\Tdg.exe
O4 - HKLM\..\Run: [Qag] C:\WINDOWS\System32\Epn.exe
O4 - HKLM\..\Run: [Pue] C:\WINDOWS\Trm.exe
O4 - HKLM\..\Run: [Psf] C:\WINDOWS\Gaj.exe
O4 - HKLM\..\Run: [Prt] C:\WINDOWS\System32\Rfn.exe
O4 - HKLM\..\Run: [Ppo] C:\WINDOWS\Sbp.exe
O4 - HKLM\..\Run: [Pfq] C:\WINDOWS\System32\Otb.exe
O4 - HKLM\..\Run: [Pfl] C:\WINDOWS\System32\Ath.exe
O4 - HKLM\..\Run: [Pdd] C:\WINDOWS\System32\Blv.exe
O4 - HKLM\..\Run: [Pau] C:\WINDOWS\System32\Mlg.exe
O4 - HKLM\..\Run: [Ous] C:\WINDOWS\System32\Rlc.exe
O4 - HKLM\..\Run: [Oup] C:\WINDOWS\Rav.exe
O4 - HKLM\..\Run: [Otd] C:\WINDOWS\Tcr.exe
O4 - HKLM\..\Run: [Osr] C:\WINDOWS\Ugu.exe
O4 - HKLM\..\Run: [Osq] C:\WINDOWS\System32\Qjt.exe
O4 - HKLM\..\Run: [Osg] C:\WINDOWS\System32\Hhq.exe
O4 - HKLM\..\Run: [Ooa] C:\WINDOWS\System32\Cci.exe
O4 - HKLM\..\Run: [Onb] C:\WINDOWS\Mqo.exe
O4 - HKLM\..\Run: [Oke] C:\WINDOWS\Gfm.exe
O4 - HKLM\..\Run: [Okd] C:\WINDOWS\System32\Pgk.exe
O4 - HKLM\..\Run: [Ois] C:\WINDOWS\Ccv.exe
O4 - HKLM\..\Run: [Obv] C:\WINDOWS\System32\Tqs.exe
O4 - HKLM\..\Run: [Nsn] C:\WINDOWS\System32\Ghk.exe
O4 - HKLM\..\Run: [Nqp] C:\WINDOWS\Nbp.exe
O4 - HKLM\..\Run: [Nqo] C:\WINDOWS\Sed.exe
O4 - HKLM\..\Run: [Npu] C:\WINDOWS\System32\Bff.exe
O4 - HKLM\..\Run: [Nnn] C:\WINDOWS\System32\Uaf.exe
O4 - HKLM\..\Run: [Nmk] C:\WINDOWS\Bpv.exe
O4 - HKLM\..\Run: [Nhu] C:\WINDOWS\System32\Iqc.exe
O4 - HKLM\..\Run: [Ngd] C:\WINDOWS\Sol.exe
O4 - HKLM\..\Run: [Mop] C:\WINDOWS\Mif.exe
O4 - HKLM\..\Run: [Moa] C:\WINDOWS\System32\Uvd.exe
O4 - HKLM\..\Run: [Mli] C:\WINDOWS\Eln.exe
O4 - HKLM\..\Run: [Mht] C:\WINDOWS\Bbv.exe
O4 - HKLM\..\Run: [Mgt] C:\WINDOWS\System32\Eqh.exe
O4 - HKLM\..\Run: [Med] C:\WINDOWS\System32\Gnp.exe
O4 - HKLM\..\Run: [Mcp] C:\WINDOWS\Hdl.exe
O4 - HKLM\..\Run: [Mck] C:\WINDOWS\System32\Ane.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Mbo] C:\WINDOWS\System32\Erp.exe
O4 - HKLM\..\Run: [Luc] C:\WINDOWS\System32\Uvu.exe
O4 - HKLM\..\Run: [Lub] C:\WINDOWS\Dht.exe
O4 - HKLM\..\Run: [Lio] C:\WINDOWS\System32\Uup.exe
O4 - HKLM\..\Run: [Lgt] C:\WINDOWS\Ebj.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Lev] C:\WINDOWS\System32\Kdr.exe
O4 - HKLM\..\Run: [Lep] C:\WINDOWS\Pph.exe
O4 - HKLM\..\Run: [Lef] C:\WINDOWS\Ibb.exe
O4 - HKLM\..\Run: [Lbr] C:\WINDOWS\System32\Fur.exe
O4 - HKLM\..\Run: [Kvi] C:\WINDOWS\System32\Ehp.exe
O4 - HKLM\..\Run: [Ktg] C:\WINDOWS\Snb.exe
O4 - HKLM\..\Run: [Krk] C:\WINDOWS\System32\Pof.exe
O4 - HKLM\..\Run: [Kmf] C:\WINDOWS\Kkg.exe
O4 - HKLM\..\Run: [Kjl] C:\WINDOWS\Enb.exe
O4 - HKLM\..\Run: [Kin] C:\WINDOWS\Nio.exe
O4 - HKLM\..\Run: [Jtn] C:\WINDOWS\System32\Scs.exe
O4 - HKLM\..\Run: [Jtk] C:\WINDOWS\System32\Oio.exe
O4 - HKLM\..\Run: [Jtf] C:\WINDOWS\Qnb.exe
O4 - HKLM\..\Run: [Jsm] C:\WINDOWS\System32\Svu.exe
O4 - HKLM\..\Run: [Jna] C:\WINDOWS\System32\Hhk.exe
O4 - HKLM\..\Run: [Jhq] C:\WINDOWS\Lku.exe
O4 - HKLM\..\Run: [Jgk] C:\WINDOWS\System32\Euc.exe
O4 - HKLM\..\Run: [Jcb] C:\WINDOWS\System32\Svc.exe
O4 - HKLM\..\Run: [Ius] C:\WINDOWS\System32\Khp.exe
O4 - HKLM\..\Run: [Iuc] C:\WINDOWS\System32\Hte.exe
O4 - HKLM\..\Run: [Iso] C:\WINDOWS\System32\Tpi.exe
O4 - HKLM\..\Run: [Isl] C:\WINDOWS\Vgq.exe
O4 - HKLM\..\Run: [Iln] C:\WINDOWS\Fva.exe
O4 - HKLM\..\Run: [Ila] C:\WINDOWS\Gbs.exe
O4 - HKLM\..\Run: [Iks] C:\WINDOWS\Rmi.exe
O4 - HKLM\..\Run: [Iiv] C:\WINDOWS\Jku.exe
O4 - HKLM\..\Run: [Iie] C:\WINDOWS\System32\Uks.exe
O4 - HKLM\..\Run: [Igf] C:\WINDOWS\System32\Ojh.exe
O4 - HKLM\..\Run: [Ifl] C:\WINDOWS\Rsp.exe
O4 - HKLM\..\Run: [Iet] C:\WINDOWS\Ggg.exe
O4 - HKLM\..\Run: [Ief] C:\WINDOWS\System32\Jlq.exe
O4 - HKLM\..\Run: [Ibu] C:\WINDOWS\System32\Eet.exe
O4 - HKLM\..\Run: [Hur] C:\WINDOWS\System32\Sep.exe
O4 - HKLM\..\Run: [Hqf] C:\WINDOWS\System32\Enl.exe
O4 - HKLM\..\Run: [Hpd] C:\WINDOWS\Okm.exe
O4 - HKLM\..\Run: [Hoa] C:\WINDOWS\System32\Ocq.exe
O4 - HKLM\..\Run: [Hig] C:\WINDOWS\System32\Edi.exe
O4 - HKLM\..\Run: [Hhs] C:\WINDOWS\Eie.exe
O4 - HKLM\..\Run: [Hgh] C:\WINDOWS\Eet.exe
O4 - HKLM\..\Run: [Hfc] C:\WINDOWS\System32\Nmn.exe
O4 - HKLM\..\Run: [Gua] C:\WINDOWS\System32\Ehj.exe
O4 - HKLM\..\Run: [Gts] C:\WINDOWS\System32\Srv.exe
O4 - HKLM\..\Run: [Grt] C:\WINDOWS\System32\Jhk.exe
O4 - HKLM\..\Run: [Grq] C:\WINDOWS\System32\Imt.exe
O4 - HKLM\..\Run: [Goi] C:\WINDOWS\System32\Kvm.exe
O4 - HKLM\..\Run: [Gmq] C:\WINDOWS\System32\Krp.exe
O4 - HKLM\..\Run: [Gfd] C:\WINDOWS\System32\Soj.exe
O4 - HKLM\..\Run: [Fup] C:\WINDOWS\Qhq.exe
O4 - HKLM\..\Run: [Fui] C:\WINDOWS\System32\Lql.exe
O4 - HKLM\..\Run: [Fue] C:\WINDOWS\System32\Vjm.exe
O4 - HKLM\..\Run: [Fqi] C:\WINDOWS\Elm.exe
O4 - HKLM\..\Run: [Fpo] C:\WINDOWS\System32\Qoo.exe
O4 - HKLM\..\Run: [Fph] C:\WINDOWS\Sfq.exe
O4 - HKLM\..\Run: [Fnj] C:\WINDOWS\Tkd.exe
O4 - HKLM\..\Run: [Flm] C:\WINDOWS\System32\Ehi.exe
O4 - HKLM\..\Run: [Fle] C:\WINDOWS\System32\Bul.exe
O4 - HKLM\..\Run: [Fht] C:\WINDOWS\Tsr.exe
O4 - HKLM\..\Run: [Ffb] C:\WINDOWS\Ovm.exe
O4 - HKLM\..\Run: [Fej] C:\WINDOWS\Rpc.exe
O4 - HKLM\..\Run: [Fcl] C:\WINDOWS\Pce.exe
O4 - HKLM\..\Run: [Fce] C:\WINDOWS\System32\Qjb.exe
O4 - HKLM\..\Run: [Ete] C:\WINDOWS\System32\Hij.exe
O4 - HKLM\..\Run: [Esu] C:\WINDOWS\Ups.exe
O4 - HKLM\..\Run: [Efr] C:\WINDOWS\System32\Squ.exe
O4 - HKLM\..\Run: [Eaf] C:\WINDOWS\Dpq.exe
O4 - HKLM\..\Run: [Dpg] C:\WINDOWS\System32\Aod.exe
O4 - HKLM\..\Run: [Dlr] C:\WINDOWS\System32\Obn.exe
O4 - HKLM\..\Run: [Dgr] C:\WINDOWS\Rql.exe
O4 - HKLM\..\Run: [Dgi] C:\WINDOWS\System32\Vhn.exe
O4 - HKLM\..\Run: [Dfh] C:\WINDOWS\Eur.exe
O4 - HKLM\..\Run: [Dfd] C:\WINDOWS\System32\Jlf.exe
O4 - HKLM\..\Run: [Cql] C:\WINDOWS\System32\Pog.exe
O4 - HKLM\..\Run: [Cpr] C:\WINDOWS\Jdq.exe
O4 - HKLM\..\Run: [Cpg] C:\WINDOWS\System32\Grr.exe
O4 - HKLM\..\Run: [Cmu] C:\WINDOWS\Rkl.exe
O4 - HKLM\..\Run: [Cma] C:\WINDOWS\Ojm.exe
O4 - HKLM\..\Run: [Clp] C:\WINDOWS\System32\Cha.exe
O4 - HKLM\..\Run: [Clh] C:\WINDOWS\System32\Ltp.exe
O4 - HKLM\..\Run: [Ckg] C:\WINDOWS\Kln.exe
O4 - HKLM\..\Run: [Cjb] C:\WINDOWS\Ktp.exe
O4 - HKLM\..\Run: [Chh] C:\WINDOWS\System32\Vsk.exe
O4 - HKLM\..\Run: [Cep] C:\WINDOWS\Hjg.exe
O4 - HKLM\..\Run: [Cef] C:\WINDOWS\System32\Udb.exe
O4 - HKLM\..\Run: [Cea] C:\WINDOWS\System32\Urd.exe
O4 - HKLM\..\Run: [Bun] C:\WINDOWS\Rhb.exe
O4 - HKLM\..\Run: [Btc] C:\WINDOWS\Nsf.exe
O4 - HKLM\..\Run: [Bsj] C:\WINDOWS\System32\Rhh.exe
O4 - HKLM\..\Run: [Bpp] C:\WINDOWS\Gal.exe
O4 - HKLM\..\Run: [Bnq] C:\WINDOWS\Bvn.exe
O4 - HKLM\..\Run: [Bmq] C:\WINDOWS\Bui.exe
O4 - HKLM\..\Run: [Blq] C:\WINDOWS\System32\Ika.exe
O4 - HKLM\..\Run: [Bla] C:\WINDOWS\System32\Ahv.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Biv] C:\WINDOWS\Lcb.exe
O4 - HKLM\..\Run: [Bis] C:\WINDOWS\System32\Piu.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [Aqv] C:\WINDOWS\Hir.exe
O4 - HKLM\..\Run: [Amg] C:\WINDOWS\Eeg.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [Ahi] C:\WINDOWS\System32\Uee.exe
O4 - HKLM\..\Run: [Ach] C:\WINDOWS\System32\Spa.exe
O4 - HKLM\..\Run: [Abm] C:\WINDOWS\System32\Gkr.exe
O4 - HKLM\..\Run: [Abe] C:\WINDOWS\Jrf.exe
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\MICHELLI\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Ooa] C:\WINDOWS\System32\Cci.exe
O4 - HKCU\..\Run: [Bnq] C:\WINDOWS\Bvn.exe
O4 - HKCU\..\Run: [Qvu] C:\WINDOWS\Nhj.exe
O4 - HKCU\..\Run: [Oup] C:\WINDOWS\Rav.exe
O4 - HKCU\..\Run: [Fht] C:\WINDOWS\Tsr.exe
O4 - HKCU\..\Run: [Ois] C:\WINDOWS\Ccv.exe
O4 - HKCU\..\Run: [Cea] C:\WINDOWS\System32\Urd.exe
O4 - HKCU\..\Run: [Prt] C:\WINDOWS\System32\Rfn.exe
O4 - HKCU\..\Run: [Bpp] C:\WINDOWS\Gal.exe
O4 - HKCU\..\Run: [Cep] C:\WINDOWS\Hjg.exe
O4 - HKCU\..\Run: [Dgr] C:\WINDOWS\Rql.exe
O4 - HKCU\..\Run: [Iln] C:\WINDOWS\Fva.exe
O4 - HKCU\..\Run: [Lep] C:\WINDOWS\Pph.exe
O4 - HKCU\..\Run: [Jna] C:\WINDOWS\System32\Hhk.exe
O4 - HKCU\..\Run: [Vfn] C:\WINDOWS\System32\Unp.exe
O4 - HKCU\..\Run: [Fup] C:\WINDOWS\Qhq.exe
O4 - HKCU\..\Run: [Ous] C:\WINDOWS\System32\Rlc.exe
O4 - HKCU\..\Run: [Ifl] C:\WINDOWS\Rsp.exe
O4 - HKCU\..\Run: [Vno] C:\WINDOWS\System32\Jod.exe
O4 - HKCU\..\Run: [Tms] C:\WINDOWS\Kia.exe
O4 - HKCU\..\Run: [Cql] C:\WINDOWS\System32\Pog.exe
O4 - HKCU\..\Run: [Abm] C:\WINDOWS\System32\Gkr.exe
O4 - HKCU\..\Run: [Ach] C:\WINDOWS\System32\Spa.exe
O4 - HKCU\..\Run: [Vrl] C:\WINDOWS\System32\Hqe.exe
O4 - HKCU\..\Run: [Qag] C:\WINDOWS\System32\Epn.exe
O4 - HKCU\..\Run: [Med] C:\WINDOWS\System32\Gnp.exe
O4 - HKCU\..\Run: [Mop] C:\WINDOWS\Mif.exe
O4 - HKCU\..\Run: [Iet] C:\WINDOWS\Ggg.exe
O4 - HKCU\..\Run: [Lio] C:\WINDOWS\System32\Uup.exe
O4 - HKCU\..\Run: [Pfq] C:\WINDOWS\System32\Otb.exe
O4 - HKCU\..\Run: [Ppo] C:\WINDOWS\Sbp.exe
O4 - HKCU\..\Run: [Ves] C:\WINDOWS\Hsb.exe
O4 - HKCU\..\Run: [Nhu] C:\WINDOWS\System32\Iqc.exe
O4 - HKCU\..\Run: [Blq] C:\WINDOWS\System32\Ika.exe
O4 - HKCU\..\Run: [Ahi] C:\WINDOWS\System32\Uee.exe
O4 - HKCU\..\Run: [Sem] C:\WINDOWS\System32\Qtg.exe
O4 - HKCU\..\Run: [Vlj] C:\WINDOWS\Cdk.exe
O4 - HKCU\..\Run: [Jcb] C:\WINDOWS\System32\Svc.exe
O4 - HKCU\..\Run: [Nqp] C:\WINDOWS\Nbp.exe
O4 - HKCU\..\Run: [Kvi] C:\WINDOWS\System32\Ehp.exe
O4 - HKCU\..\Run: [Fle] C:\WINDOWS\System32\Bul.exe
O4 - HKCU\..\Run: [Vmh] C:\WINDOWS\System32\Acc.exe
O4 - HKCU\..\Run: [Grt] C:\WINDOWS\System32\Jhk.exe
O4 - HKCU\..\Run: [Qoj] C:\WINDOWS\System32\Gng.exe
O4 - HKCU\..\Run: [Luc] C:\WINDOWS\System32\Uvu.exe
O4 - HKCU\..\Run: [Fnj] C:\WINDOWS\Tkd.exe
O4 - HKCU\..\Run: [Eaf] C:\WINDOWS\Dpq.exe
O4 - HKCU\..\Run: [Hhs] C:\WINDOWS\Eie.exe
O4 - HKCU\..\Run: [Rec] C:\WINDOWS\Kcp.exe
O4 - HKCU\..\Run: [Vak] C:\WINDOWS\System32\Gku.exe
O4 - HKCU\..\Run: [Oke] C:\WINDOWS\Gfm.exe
O4 - HKCU\..\Run: [Ngd] C:\WINDOWS\Sol.exe
O4 - HKCU\..\Run: [Umr] C:\WINDOWS\Nko.exe
O4 - HKCU\..\Run: [Lbr] C:\WINDOWS\System32\Fur.exe
O4 - HKCU\..\Run: [Dpg] C:\WINDOWS\System32\Aod.exe
O4 - HKCU\..\Run: [Biv] C:\WINDOWS\Lcb.exe
O4 - HKCU\..\Run: [Goi] C:\WINDOWS\System32\Kvm.exe
O4 - HKCU\..\Run: [Gmq] C:\WINDOWS\System32\Krp.exe
O4 - HKCU\..\Run: [Onb] C:\WINDOWS\Mqo.exe
O4 - HKCU\..\Run: [Scd] C:\WINDOWS\Ptm.exe
O4 - HKCU\..\Run: [Iks] C:\WINDOWS\Rmi.exe
O4 - HKCU\..\Run: [Chh] C:\WINDOWS\System32\Vsk.exe
O4 - HKCU\..\Run: [Hqf] C:\WINDOWS\System32\Enl.exe
O4 - HKCU\..\Run: [Ujq] C:\WINDOWS\Cub.exe
O4 - HKCU\..\Run: [Iuc] C:\WINDOWS\System32\Hte.exe
O4 - HKCU\..\Run: [Iiv] C:\WINDOWS\Jku.exe
O4 - HKCU\..\Run: [Tek] C:\WINDOWS\Omh.exe
O4 - HKCU\..\Run: [Qgh] C:\WINDOWS\Iku.exe
O4 - HKCU\..\Run: [Cmu] C:\WINDOWS\Rkl.exe
O4 - HKCU\..\Run: [Otd] C:\WINDOWS\Tcr.exe
O4 - HKCU\..\Run: [Rmo] C:\WINDOWS\System32\Pgl.exe
O4 - HKCU\..\Run: [Kin] C:\WINDOWS\Nio.exe
O4 - HKCU\..\Run: [Esu] C:\WINDOWS\Ups.exe
O4 - HKCU\..\Run: [Moa] C:\WINDOWS\System32\Uvd.exe
O4 - HKCU\..\Run: [Hig] C:\WINDOWS\System32\Edi.exe
O4 - HKCU\..\Run: [Lef] C:\WINDOWS\Ibb.exe
O4 - HKCU\..\Run: [Ius] C:\WINDOWS\System32\Khp.exe
O4 - HKCU\..\Run: [Isl] C:\WINDOWS\Vgq.exe
O4 - HKCU\..\Run: [Fue] C:\WINDOWS\System32\Vjm.exe
O4 - HKCU\..\Run: [Nsn] C:\WINDOWS\System32\Ghk.exe
O4 - HKCU\..\Run: [Fej] C:\WINDOWS\Rpc.exe
O4 - HKCU\..\Run: [Mht] C:\WINDOWS\Bbv.exe
O4 - HKCU\..\Run: [Jsm] C:\WINDOWS\System32\Svu.exe
O4 - HKCU\..\Run: [Nnn] C:\WINDOWS\System32\Uaf.exe
O4 - HKCU\..\Run: [Vlb] C:\WINDOWS\System32\Doh.exe
O4 - HKCU\..\Run: [Clh] C:\WINDOWS\System32\Ltp.exe
O4 - HKCU\..\Run: [Rps] C:\WINDOWS\Boq.exe
O4 - HKCU\..\Run: [Ckg] C:\WINDOWS\Kln.exe
O4 - HKCU\..\Run: [Psf] C:\WINDOWS\Gaj.exe
O4 - HKCU\..\Run: [Thk] C:\WINDOWS\System32\Phi.exe
O4 - HKCU\..\Run: [Ubg] C:\WINDOWS\System32\Ctk.exe
O4 - HKCU\..\Run: [Dgi] C:\WINDOWS\System32\Vhn.exe
O4 - HKCU\..\Run: [Sqb] C:\WINDOWS\Foi.exe
O4 - HKCU\..\Run: [Btc] C:\WINDOWS\Nsf.exe
O4 - HKCU\..\Run: [Bla] C:\WINDOWS\System32\Ahv.exe
O4 - HKCU\..\Run: [Mbo] C:\WINDOWS\System32\Erp.exe
O4 - HKCU\..\Run: [Vnc] C:\WINDOWS\Gmt.exe
O4 - HKCU\..\Run: [Svg] C:\WINDOWS\Vpu.exe
O4 - HKCU\..\Run: [Vvi] C:\WINDOWS\Oqa.exe
O4 - HKCU\..\Run: [Svk] C:\WINDOWS\Jgs.exe
O4 - HKCU\..\Run: [Gfd] C:\WINDOWS\System32\Soj.exe
O4 - HKCU\..\Run: [Rqc] C:\WINDOWS\System32\Aod.exe
O4 - HKCU\..\Run: [Lub] C:\WINDOWS\Dht.exe
O4 - HKCU\..\Run: [Hpd] C:\WINDOWS\Okm.exe
O4 - HKCU\..\Run: [Fui] C:\WINDOWS\System32\Lql.exe
O4 - HKCU\..\Run: [Rpb] C:\WINDOWS\Evl.exe
O4 - HKCU\..\Run: [Jtn] C:\WINDOWS\System32\Scs.exe
O4 - HKCU\..\Run: [Ete] C:\WINDOWS\System32\Hij.exe
O4 - HKCU\..\Run: [Gua] C:\WINDOWS\System32\Ehj.exe
O4 - HKCU\..\Run: [Qbl] C:\WINDOWS\System32\Jmu.exe
O4 - HKCU\..\Run: [Flm] C:\WINDOWS\System32\Ehi.exe
O4 - HKCU\..\Run: [Iie] C:\WINDOWS\System32\Uks.exe
O4 - HKCU\..\Run: [Qsh] C:\WINDOWS\System32\Mji.exe
O4 - HKCU\..\Run: [Srn] C:\WINDOWS\Kqb.exe
O4 - HKCU\..\Run: [Ute] C:\WINDOWS\Dvc.exe
O4 - HKCU\..\Run: [Ila] C:\WINDOWS\Gbs.exe
O4 - HKCU\..\Run: [Jtf] C:\WINDOWS\Qnb.exe
O4 - HKCU\..\Run: [Iso] C:\WINDOWS\System32\Tpi.exe
O4 - HKCU\..\Run: [Fcl] C:\WINDOWS\Pce.exe
O4 - HKCU\..\Run: [Mcp] C:\WINDOWS\Hdl.exe
O4 - HKCU\..\Run: [Sml] C:\WINDOWS\Lhe.exe
O4 - HKCU\..\Run: [Ffb] C:\WINDOWS\Ovm.exe
O4 - HKCU\..\Run: [Rhs] C:\WINDOWS\Bhh.exe
O4 - HKCU\..\Run: [Sqt] C:\WINDOWS\System32\Jhn.exe
O4 - HKCU\..\Run: [Ktg] C:\WINDOWS\Snb.exe
O4 - HKCU\..\Run: [Tbu] C:\WINDOWS\System32\Lms.exe
O4 - HKCU\..\Run: [Grq] C:\WINDOWS\System32\Imt.exe
O4 - HKCU\..\Run: [Pau] C:\WINDOWS\System32\Mlg.exe
O4 - HKCU\..\Run: [Aqv] C:\WINDOWS\Hir.exe
O4 - HKCU\..\Run: [Cef] C:\WINDOWS\System32\Udb.exe
O4 - HKCU\..\Run: [Cjb] C:\WINDOWS\Ktp.exe
O4 - HKCU\..\Run: [Utm] C:\WINDOWS\Cke.exe
O4 - HKCU\..\Run: [Pue] C:\WINDOWS\Trm.exe
O4 - HKCU\..\Run: [Qai] C:\WINDOWS\System32\Tdg.exe
O4 - HKCU\..\Run: [Und] C:\WINDOWS\System32\Dfa.exe
O4 - HKCU\..\Run: [Clp] C:\WINDOWS\System32\Cha.exe
O4 - HKCU\..\Run: [Cpr] C:\WINDOWS\Jdq.exe
O4 - HKCU\..\Run: [Abe] C:\WINDOWS\Jrf.exe
O4 - HKCU\..\Run: [Bun] C:\WINDOWS\Rhb.exe
O4 - HKCU\..\Run: [Okd] C:\WINDOWS\System32\Pgk.exe
O4 - HKCU\..\Run: [Lev] C:\WINDOWS\System32\Kdr.exe
O4 - HKCU\..\Run: [Fph] C:\WINDOWS\Sfq.exe
O4 - HKCU\..\Run: [Uqn] C:\WINDOWS\Dkb.exe
O4 - HKCU\..\Run: [Mli] C:\WINDOWS\Eln.exe
O4 - HKCU\..\Run: [Jgk] C:\WINDOWS\System32\Euc.exe
O4 - HKCU\..\Run: [Fce] C:\WINDOWS\System32\Qjb.exe
O4 - HKCU\..\Run: [Vgo] C:\WINDOWS\System32\Rmf.exe
O4 - HKCU\..\Run: [Vnm] C:\WINDOWS\Hvh.exe
O4 - HKCU\..\Run: [Obv] C:\WINDOWS\System32\Tqs.exe
O4 - HKCU\..\Run: [Mck] C:\WINDOWS\System32\Ane.exe
O4 - HKCU\..\Run: [Fpo] C:\WINDOWS\System32\Qoo.exe
O4 - HKCU\..\Run: [Osq] C:\WINDOWS\System32\Qjt.exe
O4 - HKCU\..\Run: [Rjp] C:\WINDOWS\System32\Oqi.exe
O4 - HKCU\..\Run: [Vok] C:\WINDOWS\Kvr.exe
O4 - HKCU\..\Run: [Jtk] C:\WINDOWS\System32\Oio.exe
O4 - HKCU\..\Run: [Lgt] C:\WINDOWS\Ebj.exe
O4 - HKCU\..\Run: [Qcg] C:\WINDOWS\System32\Ovd.exe
O4 - HKCU\..\Run: [Uok] C:\WINDOWS\System32\Hbp.exe
O4 - HKCU\..\Run: [Dfd] C:\WINDOWS\System32\Jlf.exe
O4 - HKCU\..\Run: [Bsj] C:\WINDOWS\System32\Rhh.exe
O4 - HKCU\..\Run: [Sru] C:\WINDOWS\Sle.exe
O4 - HKCU\..\Run: [Hoa] C:\WINDOWS\System32\Ocq.exe
O4 - HKCU\..\Run: [Upq] C:\WINDOWS\Ekb.exe
O4 - HKCU\..\Run: [Pdd] C:\WINDOWS\System32\Blv.exe
O4 - HKCU\..\Run: [Skb] C:\WINDOWS\System32\Ara.exe
O4 - HKCU\..\Run: [Tjs] C:\WINDOWS\Ohj.exe
O4 - HKCU\..\Run: [Nqo] C:\WINDOWS\Sed.exe
O4 - HKCU\..\Run: [Jhq] C:\WINDOWS\Lku.exe
O4 - HKCU\..\Run: [Fqi] C:\WINDOWS\Elm.exe
O4 - HKCU\..\Run: [Ief] C:\WINDOWS\System32\Jlq.exe
O4 - HKCU\..\Run: [Pfl] C:\WINDOWS\System32\Ath.exe
O4 - HKCU\..\Run: [Kmf] C:\WINDOWS\Kkg.exe
O4 - HKCU\..\Run: [Rvp] C:\WINDOWS\System32\Tto.exe
O4 - HKCU\..\Run: [Mgt] C:\WINDOWS\System32\Eqh.exe
O4 - HKCU\..\Run: [Krk] C:\WINDOWS\System32\Pof.exe
O4 - HKCU\..\Run: [Qht] C:\WINDOWS\System32\Etr.exe
O4 - HKCU\..\Run: [Hfc] C:\WINDOWS\System32\Nmn.exe
O4 - HKCU\..\Run: [Cpg] C:\WINDOWS\System32\Grr.exe
O4 - HKCU\..\Run: [Uif] C:\WINDOWS\Vbr.exe
O4 - HKCU\..\Run: [Bmq] C:\WINDOWS\Bui.exe
O4 - HKCU\..\Run: [Igf] C:\WINDOWS\System32\Ojh.exe
O4 - HKCU\..\Run: [Tqt] C:\WINDOWS\System32\Amh.exe
O4 - HKCU\..\Run: [Qep] C:\WINDOWS\Jmg.exe
O4 - HKCU\..\Run: [Sbc] C:\WINDOWS\System32\Pqc.exe
O4 - HKCU\..\Run: [Suh] C:\WINDOWS\System32\Fqe.exe
O4 - HKCU\..\Run: [Ibu] C:\WINDOWS\System32\Eet.exe
O4 - HKCU\..\Run: [Amg] C:\WINDOWS\Eeg.exe
O4 - HKCU\..\Run: [Efr] C:\WINDOWS\System32\Squ.exe
O4 - HKCU\..\Run: [Tnn] C:\WINDOWS\System32\Bgf.exe
O4 - HKCU\..\Run: [Qmm] C:\WINDOWS\Ooh.exe
O4 - HKCU\..\Run: [Gts] C:\WINDOWS\System32\Srv.exe
O4 - HKCU\..\Run: [Rlu] C:\WINDOWS\Bio.exe
O4 - HKCU\..\Run: [Kjl] C:\WINDOWS\Enb.exe
O4 - HKCU\..\Run: [Osg] C:\WINDOWS\System32\Hhq.exe
O4 - HKCU\..\Run: [Hgh] C:\WINDOWS\Eet.exe
O4 - HKCU\..\Run: [Nmk] C:\WINDOWS\Bpv.exe
O4 - HKCU\..\Run: [Cma] C:\WINDOWS\Ojm.exe
O4 - HKCU\..\Run: [Dlr] C:\WINDOWS\System32\Obn.exe
O4 - HKCU\..\Run: [Osr] C:\WINDOWS\Ugu.exe
O4 - HKCU\..\Run: [Qor] C:\WINDOWS\Mmc.exe
O4 - HKCU\..\Run: [Dfh] C:\WINDOWS\Eur.exe
O4 - HKCU\..\Run: [Npu] C:\WINDOWS\System32\Bff.exe
O4 - HKCU\..\Run: [Tgh] C:\WINDOWS\Upq.exe
O4 - HKCU\..\Run: [Bis] C:\WINDOWS\System32\Piu.exe
O4 - HKCU\..\Run: [Hur] C:\WINDOWS\System32\Sep.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [sr64] C:\Documents and Settings\Administrator\Application Data\Microsoft\sr64\iokefgoa.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Mail - {15B33B52-1F84-480E-B49A-151C7BD3C3EE} - http://mail.dot1web.com (file missing) (HKCU)
O9 - Extra button: Advertise - {426BE36B-CD80-421E-A6E2-C708D70F916D} - http://www.instantwebadvertising.com (file missing) (HKCU)
O9 - Extra button: Auctions - {AAD41B37-C5BF-4186-A80B-5209CEBD9054} - http://www.webwideauctions.com (file missing) (HKCU)
O9 - Extra button: Live Help - {BAB733C9-8080-4746-B4C4-83FC6D40F633} - http://liveinstanthelp.dot1web.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.webwideISP.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest....chm::/file.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109893810765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O21 - SSODL: eplrr - {76A59BD5-A014-4E6C-9150-5EAD81C91491} - (no file)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[crunchie]

Go here to TrendMicro for an on-line scan & set it to autoclean for you. When it completes, post back the full filename of any files that cannot be cleaned or deleted.

Try this scan at Panda as well.

1. Download and install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days


2) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file


3) Click on the ‘Advanced’ button on the left and select in green:

Under Shell Integration:
*Move deleted files to recycle bin

Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information

Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT


4) Click the ‘Tweak’ button and select in green:

Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only


Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot


Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile


5. Click on ‘Proceed’ to save the settings.

6. Click ‘Start’

*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window

9. Save the log file when it asks and then click ‘finish’

10. REBOOT to complete the removal of what Ad-Aware SE found

Post another log please.

[oreofudge]

Did as you suggested, checked with housecall and panda online and found nothing. When I try to run symantec's online check it stops and says that cannot do the scan on my computer. When running Norton (with latest defs) from my computer, it finds nothing.

I tried to email myself ths hjt log and when received it in another computer, norton said that it has the bloodhound.exploit.6...

Will download Trojan Hunter and run it, Ill post what it finds...

Meanwhile, here is the latest log after running adaware se as you suggested...

Logfile of HijackThis v1.99.1
Scan saved at 7:35:43 PM, on 3/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600) - CORAL02
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\windows\system32\mdms.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {08EF606E-1613-432C-8545-1CB6162B2E0B} - (no file)
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - (no file)
O2 - BHO: (no name) - {2C5175A2-ADF3-4F57-AB70-BA90FD60A383} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717765721316} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {EB381422-F797-4A98-A266-9DC490821907} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [sr64] C:\Documents and Settings\Administrator\Application Data\Microsoft\sr64\iokefgoa.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted IP range: 67.19.185.246
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest....chm::/file.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109893810765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O21 - SSODL: eplrr - {76A59BD5-A014-4E6C-9150-5EAD81C91491} - (no file)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[crunchie]

Looks better .

Please disable spybot's tea-timer until we are done because it can interfere with the repair.

Run Hijackthis and go to the process viewer by going to Config, Misc Tools, Process Viewer, to unload all instances of the following running processes;
C:\windows\system32\mdms.exe


Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows and hit the "Fix checked" button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O2 - BHO: (no name) - {08EF606E-1613-432C-8545-1CB6162B2E0B} - (no file)
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - (no file)
O2 - BHO: (no name) - {2C5175A2-ADF3-4F57-AB70-BA90FD60A383} - (no file)
O2 - BHO: (no name) - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - (no file)
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717765721316} - (no file)

O3 - Toolbar: (no name) - {EB381422-F797-4A98-A266-9DC490821907} - (no file)

O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 - HKCU\..\Run: [sr64] C:\Documents and Settings\Administrator\Application Data\Microsoft\sr64\iokefgoa.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe

O15 - Trusted IP range: 67.19.185.246

O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest....chm::/file.exe
Adult Content Dialer

O21 - SSODL: eplrr - {76A59BD5-A014-4E6C-9150-5EAD81C91491} - (no file)

Fix the following only if you have uninstalled AOL;

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)

Now I need you to delete the following;

C:\WINDOWS\System32\ntddetect.exe << This file
C:\Documents and Settings\Administrator\Application Data\Microsoft\sr64\iokefgoa.exe << This file
c:\windows\system32\mdms.exe << This file

If any of the files will not delete, run hijackthis and go to misc tools\delete a file on reboot and enter the full path to the file. If more than 1 file needs to be entered, when asked to reboot, do so only after the last file entered.

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Download, install and keep updated, Spywareblaster from www.javacoolsoftware.com to help keep your system clean.

Reboot when done and post another log please.

[oreofudge]

Booted in Normal Mode...

Ran Hijack and followed your instructions...

Couldn't delete the following:

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)

...not even by going to misc tools\delete a file on reboot and enter the full path to the file, the file wasn't showing, which worked with deleting the MDMS.EXE file...

Rebooted and ran Spybot S&D and Adware and deleted the files found...

Ran Trojan Hunter and found nothing...

Tried to update Windows and in SAFE MODE gave me an error: 0x8007043C and in NORMAL MODE couldn't either...

Tried to run an online virus check from Symantec and said it can't run on the computer, the checks from Panda and HouseCall finds nothing...

Rebooted and ran Hijack again and this is the resulting log...

(after this log, you will find the latest log from booting in SAFE MODE too)

Logfile of HijackThis v1.99.1
Scan saved at 5:28:39 PM, on 3/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600) - CORAL 03 - NORMAL BOOT
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109893810765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

---

Logfile of HijackThis v1.99.1
Scan saved at 6:06:12 PM, on 3/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600) - COAL 01 - SAFE MODE
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\sasetup.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109893810765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[crunchie]

Hi again. Run hijackthis and go to misc tools\delete a file on reboot and enter the following;
C:\WINDOWS\System32\spoolsrv32.exe

When prompted to reboot, do so.

Go here and download and run Silent Runners.vbs. It generates a log, please post the information back in this thread.

An hijackthis log too please.

[oreofudge]

Deleted the suggested file (C:\WINDOWS\System32\spoolsrv32.exe).

Still unable to delete the following:
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)

As soon as the computer starts, my desktop changes to a grey background that flickers, in the bottom I can see the selected background, is like if this grey background is covering the original one.

This is the resulting HJTLog after rebooting, after this log you will find the one from Silent Runners...

Logfile of HijackThis v1.99.1
Scan saved at 4:09:19 PM, on 3/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600) - CORAL 031005 NORMAL BOOT
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109893810765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

---

"Silent Runners.vbs", revision 32, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Microsoft Works Update Detection" = "C:\Program Files\Microsoft Works\WkDetect.exe" ["Microsoft® Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"VTPreset" = "VTPreset.exe" ["S3 Graphics, Inc."]
"THGuard" = ""C:\Program Files\TrojanHunter 4.2\THGuard.exe"" ["Mischel Internet Security"]
"tgcmd" = ""C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper" ["BellSouth"]
"System Service" = (no data)
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]
"SSC_UserPrompt" = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Lexmark X1100 Series" = ""C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"" ["Lexmark International, Inc."]
"ccRegVfy" = ""C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ["Symantec Corporation"]
"BJCFD" = "C:\Program Files\BroadJump\Client Foundation\CFD.exe" ["BroadJump, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download Protection"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\dlprotect.dll" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard.Handler" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
"{38D4D5D0-423E-4220-B6F9-30918C2AE4A4}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\sasetup.dll" [null data]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton Internet Security Accounts Manager, NISUM, "C:\Program Files\Norton Internet Security\NISUM.EXE" ["Symantec Corporation"]
Norton Unerase Protection, NProtectService, ""C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE"" ["Symantec Corporation"]
Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Proxy Service, ccPxySvc, "C:\Program Files\Norton Internet Security\ccPxySvc.exe" ["Symantec Corporation"]
WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

[crunchie]

Run hijackthis again and select misc tools\delete a file on reboot and paste C:\WINDOWS\sasetup.dll into the line. When prompted to reboot, choose no.
Still in hijackthis and in misc tools, go to delete an NT service and click on it. Enter AOL Spyware Protection Service as the service to be removed. You may want to check in Services to make sure that name is correct.
Go to C:\PROGRA~1\COMMON~1 and delete the AOL folder.

Reboot when done and post another log please.

[oreofudge]

Hi,

Please find the resulting log from your latest instructions...

---

Logfile of HijackThis v1.99.1
Scan saved at 3:06:36 PM, on 3/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600) - CORAL 031105 NORMAL BOOT
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109893810765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

---

[oreofudge]

I forgot to tell you that I disabled the AOL Spyware Protection Service in services.msc, should I enable it and try to remove it with HijackThis?... Another thing is that Windows Update does not find any updates for my system and I know for sure that it's not updated to the fullest...

[crunchie]

Not sure why the update is not working. It does the scan of your system though, yes? You can try deleting the following entry and had the active X redownload itself.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109893810765

AOL is definitely not on your PC? There is a chance that hijackthis is misreading that entry.

[oreofudge]

Yes, it does the scan and tells me that there are no updates available, there must be something giving the update the info that the computer is ok... I asked Microsoft for support on this issue and somebody answer with some instructions on activating all necessary services for the update and deleting some old files that they instructed me to, but still the prob persists... I wrote them back telling that still not working and I that also ran the Microsoft Baseline Security Analyzer and sent them a copy of the result which I will post here for you to see along with the original instructions that they gave me... As I wrote earlier the AOL Spyware Protection Service appears disabled when I run SERVICES.MSC, I didn't enable it when I ran my last HijackThis... Another prob is that I think that my Norton apps (Firewall and Antivirus) aren't running properly, even though they are activated and LiveUpdate connects and checks and finds that everything is updated. When I try to run any online checks from them they try to download the ActiveX twice, starts the test and then stops saying that it cannot run on my computer, not even the online test that Symantec has for testing their software on a computer. So I also believe that there is something blocking those apps too... When my friend called me the computer was frozen, with porn pop-ups showing, his antivirus (McAfee) was an expired trial version, no firewall activated, Windows wasn't updated at all... he was quite exposed... so something got downloaded and keeps bugging very much.... I know that we got rid of a lot, but I really think we are done... I just need one reason to not reformat and reinstall from scratch... --- 1ST RESPONSE FROM MICROSOFT: ********************** The message for you follows ************************ Dear Customer, Thank you for contacting Microsoft Windows Update Support. My name is Louise and I am glad to work with you. To contact me, you may directly send emails to my account: v-30loso@mssupport.microsoft.com with the case ID in the subject line. To give the most accurate support possible, I would like to give a brief summary of your concern as I understand it: You encountered certain difficulies updating Windows. If I have misunderstood, please feel free to let me know. I have listed some resolution in the form of suggestions so that it will be easier for you to try them. If you are running Ad-aware, ZoneAlarm, PC-Cillin, Norton Antivirus, Norton Internet Security, Norton Personal Firewall, McAfee, Proxomitron pop-up blocker, Ad Muncher, web accelerator e.g. "Slipstream", I would recommend you to temporarily disable or shut down any of these installed on your syst em and try accessing Windows Update site. Be sure to enable them again when you complete the update process. Suggestion 1: ========= In order to resolve this issue, we need to register the ActiveX control files needed to access the Windows Update Site. We need to do this since the error can occur if these files are unregistered on your system. To do this you can try the instructions provided below: Note: There is a Single Space between the regsvr32 command and the file name JSCRIPT.DLL . The same goes with all the commands provided below. 1. Click on Start, point to "Run" 2. Type in "regsvr32 JSCRIPT.DLL" (without double quotes) and click Ok. 3. Type in "regsvr32 MSXML3.DLL" (without double quotes) and click Ok. 4. Type in "regsvr32 ATL.DLL" (without double quotes) and click Ok. 5. Type in "regsvr32 WUAPI.DLL" (without double quotes) and click Ok. 6. Type in "regsvr32 WUAUENG.DLL" (without double quotes) and click Ok. 7. Type in "regsvr32 WUAUENG1.DLL" (without double quotes) and click Ok. 8. Type in "regsvr32 WUCLTUI.DLL" (without double quotes) and click Ok. 9. Type in "regsvr32 WUPS.DLL" (without double quotes) and click Ok. 10. Type in "regsvr32 WUWEB.DLL" (without double quotes) and click Ok. Now please try accessing the Windows Update Site again. Suggestion 2: ========= If you are still encountering the above error on Windows Update Site then, we need to rename the Softwaredistribution folder from your system. By renaming the folder we will be able to get the fresh copy of ActiveX controls needed to access the Windows Update Site. To do this, please try the step s provided below: We first need to close all the Open instances of Internet Explorer Window. Step 1: We need to Stop the Automatic Update and Background Intelligent Transfer Services on your system: 1. Click Start > Run 2. Type "Services.msc" (w/o quotes) 3. Press OK 4. Find "Automatic Updates" 5. Right Click on the Automatic Updates Service and select Stop to stop the service. 6. Now Find "Background Intelligent Transfer service" 7. Right Click on the Background Intelligent Transfer service and select Stop to stop the service. Step 2: Now try the instructions provided below to rename the SoftwareDistribution from your system: 1. Click on Start, Run and in the Open box write "%systemroot%" (Without Double Quotes) and press Enter. 2. It will open the root folder ( i.e. C:\Windows if you have installed fresh copy of the Windows XP OR if you have upgraded over Windows NT then it will open C:\WINNT) from your system. 3. Locate the SoftwareDistribution folder from the opened window Right Click on the on the SoftwareDistribution folder and select Rename. Type "OldSD", and press Enter. 4. Once we have renamed the folder try the Step 3. Step 3: We need to Start the Automatic Update and Background Intelligent Transfer Services on your system: 1. Click Start > Run 2. Type "Services.msc" (w/o quotes) 3. Press OK 4. Find "Automatic Updates" 5. Right Click on the Automatic Updates Service and select Start to start the service. 6. Now Find "Background Intelligent Transfer service" 7. Right Click on the Background Intelligent Transfer service and select Start to start the service. Now try accessing the Windows Update Site and check if our issue is resolved. Thank you for your time and attention. I believe the above steps should address the problem effectively. For your convenience, I will go ahead and close this case for administrative purposes unless you have any further questions or concerns regarding this particular Service Request. If you need a ny additional assistance, please feel free to send email to me with the case ID in the subject; we will continue working together then. --- MY RESPONSE AFTER FOLLOWING THEIR INSTRUCTIONS... I followed your instructions and I am able to access the Windows Update Site, but when running "Express Install" a message displays saying that Windows Update does not find any available updates, which was the original prob... Be aware that this computer had no security at all, no antivirus, no firewall so I won't be surprise if this is due to a virus or something of that kind, I have now installed Norton Antivirus and Firewall but I think that they aren't working correctly too... The system version is 5.1 (Build 2600.xpsp2.040919-1003: Service Pack 1) I ran Microsoft Baseline Security Analyzer and this is the report... Security Updates Vulnerabilities Check failed (non-critical) Windows Security Updates 1 products are using a service pack not at the latest version or have other warnings. 6 security updates could not be confirmed. (THIS SAYS THAT I HAVE SP1 AND NEED SP2 AND THAT THE TOOL COULDN'T CONFIRM THE INSTALLATION OF THE FOLLOWING: MS03-008, 030 AND 051, MS04-416 AND 028 AND MS05-009) Security Updates Vulnerabilities Check passed MDAC Security Updates No critical security updates are missing. Security Updates Vulnerabilities Check passed MSXML Security Updates No critical security updates are missing. Security Updates Vulnerabilities Check passed Microsoft VM Security Updates No critical security updates are missing. Security Updates Vulnerabilities Check passed Office Updates No critical security updates are missing. Windows Scan Results Vulnerabilities Best practice Windows Firewall Windows Firewall is disabled or has exceptions on all network connections. Windows Scan Results Vulnerabilities Check passed Local Account Password Test No user accounts have simple passwords. Windows Scan Results Vulnerabilities Check passed File System All hard drives (1) are using the NTFS file system. Windows Scan Results Vulnerabilities Check passed Guest Account The Guest account is not disabled on this computer. Windows Scan Results Vulnerabilities Check passed Restrict Anonymous Computer is properly restricting anonymous access. Windows Scan Results Vulnerabilities Check passed Administrators No more than 2 Administrators were found on this computer. Windows Scan Results Vulnerabilities Check passed Automatic Updates Updates are automatically downloaded and installed on this computer. Windows Scan Results Vulnerabilities Check not performed Password Expiration Check is skipped on Windows XP Home Edition computers. Windows Scan Results Vulnerabilities Check not performed Autologon Check is skipped on Windows XP Home Edition computers. Windows Scan Results Additional System Information Additional information Windows Version Computer is running Windows 2000 or greater. Windows Scan Results Additional System Information Best practice Auditing Check is skipped on Windows XP Home Edition computers. Windows Scan Results Additional System Information Additional information Shares 3 share(s) are present on your computer. Windows Scan Results Additional System Information Best practice Services No potentially unnecessary services were found. Internet Information Services (IIS) Scan Results Additional System Information Best practice IIS Status IIS is not running on this computer. SQL Server Scan Results Product Status Best practice SQL Server/MSDE Status SQL Server and/or MSDE is not installed on this computer. Desktop Application Scan Results Vulnerabilities Check failed (critical) IE Zones Internet Explorer zones do not have secure settings for some users. Desktop Application Scan Results Vulnerabilities Check not performed Macro Security No Microsoft Office products are installed

[crunchie]

With regards to the fact that the MS updater is actually able to scan the PC for updates, I am at a bit of a loss as to why it finds it up-to-date. Unless of course, it is up-to-date .
I am going to ask for assistance for your problem from our experts and see if they cannot come up with something.

In the meantime can you run the following for me.

Go here and download and run Silent Runners.vbs. It generates a log, please post the information back in this thread.

[oreofudge]

Ok, I'll do that tomorrow as soon as I get my hand on that computer again... BTW, where are you located? I am asking because I see that you always answer back when is midnite here and early morning where ever you are?...

[crunchie]

I am in Western Australia. It's 1330 hours here now on a Saturday afternoon. Just finished work for the day about an hour ago .