BUBears46

Logfile of HijackThis v1.99.1 Scan saved at 9:01:50 PM, on 12/28/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\spoolsv.exe C:\progra~1\scansoft\paperp~1\pptd40nt.exe C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINNT\system32\UMonit2k.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINNT\system32\devldr32.exe C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\WINNT\system32\RUNDLL32.EXE C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\BUFFALO\HDBackup\HDBackup.exe C:\Program Files\BUFFALO\HDManage\HDManage.exe C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe C:\Program Files\TrueAssistant\TrueAssistant.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINNT\System32\CTsvcCDA.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\system32\BRMFRSMG.EXE C:\Program Files\AIM\aim.exe C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Messenger\msmsgs.exe C:\hijackthis\HijackThis.exe R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe O4 - HKLM\..\Run: [speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [updReg] C:\WINNT\Updreg.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2k.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab O16 - DPF: {ACF93F61-9F60-4C1E-A015-E3B3812BD58C} (PVDMDocViewControls.PVDMDocView) - https://login.imagesilo.com/CABS/PVDMDocView400.cab O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Thanks!

Logfile of HijackThis v1.99.1 Scan saved at 11:43:13 AM, on 12/21/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\spoolsv.exe C:\progra~1\scansoft\paperp~1\pptd40nt.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe C:\WINNT\system32\UMonit2k.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\WINNT\system32\devldr32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe C:\Program Files\Netscape\Netscape\Netscp.exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\WINNT\system32\RUNDLL32.EXE C:\WINNT\system32\??pPatch\winword.exe C:\Program Files\daei\siha.exe C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe C:\WINNT\System32\CTsvcCDA.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINNT\System32\nvsvc32.exe C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\system32\BRMFRSMG.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\BUFFALO\HDBackup\HDBackup.exe C:\Program Files\BUFFALO\HDManage\HDManage.exe C:\Program Files\TrueAssistant\TrueAssistant.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Messenger\msmsgs.exe C:\hijackthis\HijackThis.exe R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FF9D5EEA-B50E-B8F9-2C06-CC891C5E62B1} - C:\WINNT\system32\ekcgmvcq.dll (file missing) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe O4 - HKLM\..\Run: [speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [updReg] C:\WINNT\Updreg.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2k.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [Hnttj] C:\WINNT\system32\??pPatch\winword.exe O4 - HKCU\..\Run: [Aarr] "C:\Program Files\daei\siha.exe" -vt ndrv O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab O16 - DPF: {ACF93F61-9F60-4C1E-A015-E3B3812BD58C} (PVDMDocViewControls.PVDMDocView) - https://login.imagesilo.com/CABS/PVDMDocView400.cab O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 11:32:52 AM, 12/21/2005 + Report-Checksum: FDBB1D5D + Scan result: HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\AutoLoader\owuY1KdQZILK -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\Classes\Applications\STC.exe -> Spyware.SecondThought : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup HKU\S-1-5-21-861567501-436374069-854245398-1000\Software\Bundles -> Spyware.SecondThought : Cleaned with backup :mozilla.18:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.19:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.20:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.23:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.24:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.25:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.26:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.27:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.28:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.29:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.30:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.31:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.32:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.33:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.35:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.61:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.62:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.63:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.64:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.65:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.66:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.67:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.68:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.69:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.70:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.71:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.76:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.77:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.78:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.83:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.84:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.85:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.86:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.87:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.88:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.89:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.90:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.91:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.96:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.97:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.98:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.99:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.100:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.101:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.105:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup :mozilla.107:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.108:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.118:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.120:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.128:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.129:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.130:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.131:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.132:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.133:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.134:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.135:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.146:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.147:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.148:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.151:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup :mozilla.152:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.153:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.154:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.155:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.156:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.157:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.158:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.159:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.160:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.175:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup :mozilla.190:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.191:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.194:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.195:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.196:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.219:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Carl Weber\Cookies\carl weber@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Carl Weber\Cookies\carl weber@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Carl Weber\Cookies\carl weber@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Carl Weber\Cookies\carl weber@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup C:\Documents and Settings\Carl Weber\Cookies\carl weber@data4.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Carl Weber\Cookies\carl weber@e-2dj6wfkoegcjcbp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Carl Weber\Cookies\carl weber@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup C:\Documents and Settings\Carl Weber\Cookies\carl weber@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\Documents and Settings\Carl Weber\Cookies\carl weber@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Carl Weber\Cookies\carl weber@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup C:\Documents and Settings\Carl Weber\Cookies\carl weber@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Carl Weber\Cookies\carl weber@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\Program Files\AutoUpdate -> Spyware.AproposMedia : Cleaned with backup C:\Program Files\AutoUpdate\libexpat.dll -> Spyware.AproposMedia : Cleaned with backup C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\095DEF73-8690-49AE-BBBD-DF5EFB\184FD302-24BE-46E8-954A-34E4AB -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\095DEF73-8690-49AE-BBBD-DF5EFB\5A01015E-EE83-4A51-A7B3-2A32D5 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\095DEF73-8690-49AE-BBBD-DF5EFB\862FB812-2A0C-4B2A-99FB-94E07D -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\095DEF73-8690-49AE-BBBD-DF5EFB\9133E87B-97DF-43AE-B275-3110EE -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\0F8B0789-3C0D-44EC-A701-CC9DA7\17EBE2A6-73A4-41B8-8671-A0D2EB -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\0F8B0789-3C0D-44EC-A701-CC9DA7\3A4778D2-5AF6-42FE-94B6-60E021 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\0F8B0789-3C0D-44EC-A701-CC9DA7\86743C82-2193-4C0F-9068-CCBB86 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\0F8B0789-3C0D-44EC-A701-CC9DA7\DCF44376-9142-41C7-A2FE-CA7F31 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\1C44C474-E4EF-49B2-879B-18BD89\0663B960-E848-4A94-969B-83F5E6 -> Spyware.IBIS : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\1C44C474-E4EF-49B2-879B-18BD89\194A072E-7F6D-44F1-B14C-BC3E32 -> Spyware.IBIS : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\87021279-8824-47AB-AD52-140EB7\82CB59A5-C061-4D79-819D-50A101 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\87021279-8824-47AB-AD52-140EB7\8AEA7A84-5DCF-496D-920C-F8498C -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\87021279-8824-47AB-AD52-140EB7\8DB3C38B-19B1-485E-9F69-8C35EF -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\87021279-8824-47AB-AD52-140EB7\93900A27-55B1-4913-BF98-FAE3E3 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\934FEF93-DA20-4CC5-A57D-67B1CD\0703AB12-8299-4393-999B-434908 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\934FEF93-DA20-4CC5-A57D-67B1CD\115E3F81-99E0-4315-AEED-EB43E1 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\934FEF93-DA20-4CC5-A57D-67B1CD\6B5DD2AD-0BAF-453F-9062-A4A38D -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\934FEF93-DA20-4CC5-A57D-67B1CD\DC79A9D5-150B-4142-BEDB-435C8C -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\ACDDD455-82D7-4D30-8C09-C28DD5\3D336174-E5A9-438E-ACDC-612692 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\ACDDD455-82D7-4D30-8C09-C28DD5\66C3AE27-F68D-4D69-92F3-5F9536 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\ACDDD455-82D7-4D30-8C09-C28DD5\DB702687-D523-496A-9015-14C0EA -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\ACDDD455-82D7-4D30-8C09-C28DD5\EFB8A2AB-1783-4868-A841-8C1712 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\B7DE2129-3165-4268-8D6A-4EE0A2\3E52001D-0E9B-43CF-B937-761085 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\B7DE2129-3165-4268-8D6A-4EE0A2\567A85E5-8A51-4AE3-B302-20F37D -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\B7DE2129-3165-4268-8D6A-4EE0A2\84140CAA-B418-4FE3-A39D-CFDC5F -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\B7DE2129-3165-4268-8D6A-4EE0A2\E0879F63-CC66-4A2C-BADC-0DC101 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\F0152215-8DFF-4F2D-B46F-AB5275\4747C0F9-B719-4BA4-A26B-25CB45 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\F0152215-8DFF-4F2D-B46F-AB5275\7A158BA6-61DF-4D1C-9D28-133545 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\F0152215-8DFF-4F2D-B46F-AB5275\B52FD6B2-5586-406F-AA35-E4926B -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\F0152215-8DFF-4F2D-B46F-AB5275\DE6358EB-3E14-4672-94BC-E281BB -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\F04A2154-4FC7-4D5E-A97C-0E8106\25FA7260-E4A6-4E59-9871-F491E0 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\F04A2154-4FC7-4D5E-A97C-0E8106\37C9D1EB-CE2E-408F-A886-4A5898 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\F04A2154-4FC7-4D5E-A97C-0E8106\C8A8EFEB-6EB5-42BB-9C4F-BF569F -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\F04A2154-4FC7-4D5E-A97C-0E8106\CEB303EF-64E8-4AD9-A0C7-CCB5F1 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\F38EC441-EB82-49AC-8DF2-EF5A82\2451DD94-76AA-4816-9BA9-FF40A5 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\F38EC441-EB82-49AC-8DF2-EF5A82\B5D30564-25C4-4190-A9E0-020AF5 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\F38EC441-EB82-49AC-8DF2-EF5A82\F8F2F3FA-D28F-475D-9796-44B7E8 -> Trojan.Pakes : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\F38EC441-EB82-49AC-8DF2-EF5A82\F9DDE356-34D8-426F-A099-2BDBFF -> Trojan.Pakes : Cleaned with backup C:\WINNT\system32\ekcgmvcq.dll -> Adware.PurityScan : Cleaned with backup ::Report End

Hi, sorry I don't know how to locate that folder...I've tried looking in the C drive under My Computer and I also did a search but didn't find it.

it worked! here's what was in notepad: Volume in drive C has no label. Volume Serial Number is 1475-3D3F Directory of C:\WINNT\system32 12/16/2005 01:27 PM <DIR> ??pPatch 0 File(s) 0 bytes Directory of C:\Documents and Settings\Carl Weber\Desktop Here's the new HJT log; Logfile of HijackThis v1.99.1 Scan saved at 12:01:01 PM, on 12/20/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\spoolsv.exe C:\progra~1\scansoft\paperp~1\pptd40nt.exe C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINNT\system32\UMonit2k.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\WINNT\system32\devldr32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe C:\Program Files\Netscape\Netscape\Netscp.exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\WINNT\system32\RUNDLL32.EXE C:\WINNT\system32\??pPatch\winword.exe C:\Program Files\daei\siha.exe C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINNT\System32\CTsvcCDA.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\system32\BRMFRSMG.EXE C:\Program Files\BUFFALO\HDBackup\HDBackup.exe C:\Program Files\BUFFALO\HDManage\HDManage.exe C:\Program Files\TrueAssistant\TrueAssistant.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Messenger\msmsgs.exe C:\hijackthis\HijackThis.exe R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FF9D5EEA-B50E-B8F9-2C06-CC891C5E62B1} - C:\WINNT\system32\ekcgmvcq.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe O4 - HKLM\..\Run: [speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [updReg] C:\WINNT\Updreg.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2k.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [Hnttj] C:\WINNT\system32\??pPatch\winword.exe O4 - HKCU\..\Run: [Aarr] "C:\Program Files\daei\siha.exe" -vt ndrv O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab O16 - DPF: {ACF93F61-9F60-4C1E-A015-E3B3812BD58C} (PVDMDocViewControls.PVDMDocView) - https://login.imagesilo.com/CABS/PVDMDocView400.cab O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Thanks!

Ok, I did the search again and it still only came up with 1 folder...called AppPatch. The contents were: acgenral.dll, aclayers.dll, aclua.dll, acspecfc.dll, acxtrnal.dll, apph_sp, apphelp, drvmain, msimain, and sysmain Thanks!

Ok, the search found 1 folder called AppPatch.

Hi, I tried the notepad/findfile thing, but when I went to open the findfile.bat from my desktop, notepad opened up with nothing in it and a black box appeared that said "This system cannot find the file specified."

Logfile of HijackThis v1.99.1 Scan saved at 3:58:34 PM, on 12/16/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\spoolsv.exe C:\progra~1\scansoft\paperp~1\pptd40nt.exe C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe C:\WINNT\system32\UMonit2k.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\WINNT\system32\devldr32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe C:\Program Files\Netscape\Netscape\Netscp.exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\WINNT\system32\RUNDLL32.EXE C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe C:\WINNT\system32\??pPatch\winword.exe C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe C:\WINNT\System32\CTsvcCDA.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\BUFFALO\HDBackup\HDBackup.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINNT\System32\nvsvc32.exe C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\system32\BRMFRSMG.EXE C:\Program Files\BUFFALO\HDManage\HDManage.exe C:\Program Files\TrueAssistant\TrueAssistant.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\daei\siha.exe C:\Program Files\Messenger\msmsgs.exe C:\hijackthis\HijackThis.exe R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FF9D5EEA-B50E-B8F9-2C06-CC891C5E62B1} - C:\WINNT\system32\ekcgmvcq.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe O4 - HKLM\..\Run: [speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [updReg] C:\WINNT\Updreg.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2k.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [Hnttj] C:\WINNT\system32\??pPatch\winword.exe O4 - HKCU\..\Run: [Aarr] "C:\Program Files\daei\siha.exe" -vt ndrv O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab O16 - DPF: {ACF93F61-9F60-4C1E-A015-E3B3812BD58C} (PVDMDocViewControls.PVDMDocView) - https://login.imagesilo.com/CABS/PVDMDocView400.cab O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Logfile of HijackThis v1.99.1 Scan saved at 11:07:25 AM, on 12/14/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINNT\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\CTsvcCDA.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\system32\BRMFRSMG.EXE C:\progra~1\scansoft\paperp~1\pptd40nt.exe C:\WINNT\system32\devldr32.exe C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINNT\system32\UMonit2k.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe C:\Program Files\Netscape\Netscape\Netscp.exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\WINNT\system32\RUNDLL32.EXE C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\BUFFALO\HDBackup\HDBackup.exe C:\Program Files\BUFFALO\HDManage\HDManage.exe C:\Program Files\TrueAssistant\TrueAssistant.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\Program Files\Mozilla Firefox\plugins\GetFlash.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINNT\system32\wuauclt.exe C:\hijackthis\HijackThis.exe R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe O4 - HKLM\..\Run: [speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [updReg] C:\WINNT\Updreg.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2k.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [Aarr] "C:\Program Files\daei\siha.exe" -vt tzt O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab O16 - DPF: {ACF93F61-9F60-4C1E-A015-E3B3812BD58C} (PVDMDocViewControls.PVDMDocView) - https://login.imagesilo.com/CABS/PVDMDocView400.cab O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Thanks so much!!