Hijacking browser

[Guest]

Hi experts,
I have recently downloaded ad aware 6.0 and it detected a registry value with an attempt to hijack my browser .It redirects to a blacklisted site it says.I have tried to delete it so many times and each time i do another search it again shows attempted browser hijack.I m sending my log file for your analysis
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :11 July 2004 17:00:41
Created with Ad-aware Personal, free for private use.
Using reference-file :01R331 08.07.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


11-07-2004 17:00:41 - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 11-07-2004 15:56:23
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 11-07-2004 15:56:26
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 11-07-2004 15:56:27
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 31/12/1979 23:00:00
Last accessed : 10/07/2004 23:00:00
Last modified : 18/08/2001 19:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 11-07-2004 15:56:27
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 31/12/1979 23:00:00
Last accessed : 10/07/2004 23:00:00
Last modified : 29/08/2002 02:41:26

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 11-07-2004 15:56:28
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 31/12/1979 23:00:00
Last accessed : 10/07/2004 23:00:00
Last modified : 18/08/2001 19:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-07-2004 15:56:28
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 31/12/1979 23:00:00
Last accessed : 10/07/2004 23:00:00
Last modified : 18/08/2001 19:00:00

#:7 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 11-07-2004 15:56:31
BasePriority : Normal
FileSize : 229 KB
FileVersion : 2.1.1.700
ProductVersion : 2.1.1.700
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
OriginalFilename : ccSetMgr.exe
ProductName : Common Client
Created on : 08/12/2003 16:18:44
Last accessed : 10/07/2004 23:00:00
Last modified : 08/12/2003 16:18:44

#:8 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 11-07-2004 15:56:31
BasePriority : Normal
FileSize : 249 KB
FileVersion : 2.1.1.700
ProductVersion : 2.1.1.700
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Common Client
Created on : 08/12/2003 16:18:36
Last accessed : 10/07/2004 23:00:00
Last modified : 08/12/2003 16:18:36

#:9 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 11-07-2004 15:56:32
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 31/12/1979 23:00:00
Last accessed : 10/07/2004 23:00:00
Last modified : 18/08/2001 19:00:00

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 11-07-2004 15:56:35
BasePriority : Normal
FileSize : 973 KB
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 11/05/2003 20:12:10
Last accessed : 10/07/2004 23:00:00
Last modified : 11/05/2003 20:12:10

#:11 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 11-07-2004 15:56:35
BasePriority : Normal
FileSize : 213 KB
FileVersion : 2.1.2.800
ProductVersion : 2.1.2.800
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Network Proxy Service
InternalName : ccProxy
OriginalFilename : ccProxy.exe
ProductName : Common Client
Created on : 30/06/2004 12:28:10
Last accessed : 10/07/2004 23:00:00
Last modified : 27/01/2004 18:06:54

#:12 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ThreadCreationTime : 11-07-2004 15:56:35
BasePriority : Normal
FileSize : 314 KB
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
OriginalFilename : mdm.exe
ProductName : Microsoft
Created on : 19/06/2003 22:25:00
Last accessed : 10/07/2004 23:00:00
Last modified : 19/06/2003 22:25:00

#:13 [navapsvc.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ThreadCreationTime : 11-07-2004 15:56:36
BasePriority : Normal
FileSize : 155 KB
FileVersion : 10.00.2
ProductVersion : 10.00.2
Copyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 30/06/2004 12:28:09
Last accessed : 10/07/2004 23:00:00
Last modified : 23/04/2004 10:04:18

#:14 [savscan.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ThreadCreationTime : 11-07-2004 15:56:36
BasePriority : Normal
FileSize : 189 KB
FileVersion : 9.2.1.14
ProductVersion : 9.2
Copyright : Copyright (c) 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
OriginalFilename : SAVSCAN.EXE
ProductName : Symantec AntiVirus AutoProtect
Created on : 07/11/2003 17:46:58
Last accessed : 10/07/2004 23:00:00
Last modified : 07/11/2003 17:46:58

#:15 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 11-07-2004 15:56:37
BasePriority : Normal
FileSize : 189 KB
FileVersion : 5.3.2.67
ProductVersion : 5.3
Copyright : Copyright 2002, 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
OriginalFilename : SndSrvc.exe
ProductName : Symantec Security Drivers
Created on : 29/06/2004 15:14:38
Last accessed : 10/07/2004 23:00:00
Last modified : 29/06/2004 15:14:38

#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-07-2004 15:56:38
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 31/12/1979 23:00:00
Last accessed : 10/07/2004 23:00:00
Last modified : 18/08/2001 19:00:00

#:17 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ThreadCreationTime : 11-07-2004 15:56:38
BasePriority : Normal
FileSize : 572 KB
FileVersion : 1, 8, 48, 79
ProductVersion : 1, 8, 48, 79
Copyright : Copyright (C) 2003
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
OriginalFilename : symlcsvc.exe
ProductName : Symantec Core Component
Created on : 30/06/2004 11:44:40
Last accessed : 10/07/2004 23:00:00
Last modified : 30/06/2004 11:44:42

#:18 [igfxtray.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-07-2004 15:56:39
BasePriority : Normal
FileSize : 152 KB
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
Copyright : Copyright 1999-2003, Intel Corporation
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
OriginalFilename : IGFXTRAY.EXE
ProductName : Intel(R) Common User Interface
Created on : 19/05/2003 22:52:39
Last accessed : 10/07/2004 23:00:00
Last modified : 06/04/2003 23:19:52

#:19 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-07-2004 15:56:39
BasePriority : Normal
FileSize : 112 KB
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
Copyright : Copyright 1999-2003, Intel Corporation
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
OriginalFilename : HKCMD.EXE
ProductName : Intel(R) Common User Interface
Created on : 19/05/2003 22:52:38
Last accessed : 10/07/2004 23:00:00
Last modified : 06/04/2003 23:07:38

#:20 [almxptray.exe]
FilePath : C:\Program Files\Acer\Notebook Manager\
ThreadCreationTime : 11-07-2004 15:56:39
BasePriority : Normal
FileSize : 498 KB
FileVersion : 2.0.10.3
ProductVersion : 2.0.10
CompanyName : Acer
Created on : 16/05/2003 16:09:34
Last accessed : 10/07/2004 23:00:00
Last modified : 16/05/2003 16:09:34

#:21 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ThreadCreationTime : 11-07-2004 15:56:39
BasePriority : Normal
FileSize : 108 KB
FileVersion : 7.5.5 24Apr03
ProductVersion : 7.5.5 24Apr03
Copyright : Copyright (C) Synaptics, Inc. 1996-2003
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
OriginalFilename : SynTPLpr.exe
ProductName : Progressive Touch
Created on : 26/05/2003 14:30:15
Last accessed : 10/07/2004 23:00:00
Last modified : 24/04/2003 15:51:36

#:22 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ThreadCreationTime : 11-07-2004 15:56:40
BasePriority : Normal
FileSize : 596 KB
FileVersion : 7.5.5 24Apr03
ProductVersion : 7.5.5 24Apr03
Copyright : Copyright (C) Synaptics, Inc. 1996-2003
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
OriginalFilename : SynTPEnh.exe
ProductName : Progressive Touch
Created on : 26/05/2003 14:30:15
Last accessed : 10/07/2004 23:00:00
Last modified : 24/04/2003 15:44:56

#:23 [launchap.exe]
FilePath : C:\Program Files\Launch Manager\
ThreadCreationTime : 11-07-2004 15:56:40
BasePriority : Normal
FileSize : 32 KB
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
Copyright : Copyright (C) 2001
FileDescription : LaunchAp MFC Application
InternalName : LaunchAp
OriginalFilename : LaunchAp.EXE
ProductName : LaunchAp Application
Created on : 19/05/2003 22:58:00
Last accessed : 10/07/2004 23:00:00
Last modified : 12/05/2003 13:28:50

#:24 [powerkey.exe]
FilePath : C:\Program Files\Launch Manager\
ThreadCreationTime : 11-07-2004 15:56:40
BasePriority : Normal
FileSize : 92 KB
FileVersion : 1, 4, 4, 0
ProductVersion : 1, 4, 4, 0
Copyright : Copyright
FileDescription : Powerkey
InternalName : Powerkey
OriginalFilename : Powerkey.exe
Created on : 02/06/2003 10:45:26
Last accessed : 10/07/2004 23:00:00
Last modified : 30/08/2002 14:02:48

#:25 [hotkeyapp.exe]
FilePath : C:\Program Files\Launch Manager\
ThreadCreationTime : 11-07-2004 15:56:40
BasePriority : Normal
FileSize : 44 KB
FileVersion : 1, 0, 4, 7
ProductVersion : 1, 0, 4, 7
Copyright : Copyright c 2002
CompanyName : Wistron
FileDescription : HotkeyApp
InternalName : HotkeyApp
OriginalFilename : HotkeyApp.exe
ProductName : Wistron HotkeyApp
Created on : 02/06/2003 10:45:25
Last accessed : 10/07/2004 23:00:00
Last modified : 19/05/2003 10:51:32

#:26 [ctrlvol.exe]
FilePath : C:\Program Files\Launch Manager\
ThreadCreationTime : 11-07-2004 15:56:41
BasePriority : Normal
FileSize : 164 KB
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
Copyright : Copyright c 2003
CompanyName : Wistron
FileDescription : ctrlvol
InternalName : ctrlvol
OriginalFilename : ctrlvol.exe
ProductName : Wistron ctrlvol
Created on : 02/06/2003 10:45:25
Last accessed : 10/07/2004 23:00:00
Last modified : 12/05/2003 14:05:16

#:27 [wbutton.exe]
FilePath : C:\Program Files\Launch Manager\
ThreadCreationTime : 11-07-2004 15:56:41
BasePriority : Normal
FileSize : 52 KB
FileVersion : 1, 0, 2, 4
ProductVersion : 1, 0, 2, 4
Copyright : Copyright (C) 2001
FileDescription : WButton MFC Application
InternalName : WButton
OriginalFilename : WButton.EXE
ProductName : WButton Application
Created on : 02/06/2003 10:45:25
Last accessed : 10/07/2004 23:00:00
Last modified : 28/05/2003 09:02:34

#:28 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 11-07-2004 15:56:41
BasePriority : Normal
FileSize : 86 KB
FileVersion : 2.1.25 2.1.25 02/14/2003 11:58:58
ProductVersion : 2.1.25 2.1.25 02/14/2003 11:58:58
Copyright : Copyright
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
OriginalFilename : smdmstat.exe
ProductName : Agere SoftModem Messaging Applet
Created on : 31/12/1979 23:00:00
Last accessed : 10/07/2004 23:00:00
Last modified : 14/02/2003 10:59:00

#:29 [ltmoh.exe]
FilePath : C:\Program Files\ltmoh\
ThreadCreationTime : 11-07-2004 15:56:41
BasePriority : Normal
FileSize : 168 KB
FileVersion : 1.68
ProductVersion : 1.68
Copyright : Agere Copyright
CompanyName : Agere Systems
FileDescription : LtMoh MFC Application
InternalName : LtMoh
OriginalFilename : LtMoh.EXE
ProductName : LtMoh Application
Created on : 29/06/2004 20:22:24
Last accessed : 10/07/2004 23:00:00
Last modified : 25/11/2002 09:23:20

#:30 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 11-07-2004 15:56:41
BasePriority : Normal
FileSize : 69 KB
FileVersion : 2.1.1.700
ProductVersion : 2.1.1.700
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 08/12/2003 16:18:34
Last accessed : 10/07/2004 23:00:00
Last modified : 08/12/2003 16:18:34

#:31 [realplay.exe]
FilePath : C:\Program Files\Real\RealPlayer\
ThreadCreationTime : 11-07-2004 15:56:42
BasePriority : Normal
FileSize : 20 KB
FileVersion : 6.0.8.122
ProductVersion : 6.0.8.122
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
OriginalFilename : REALPLAY.EXE
ProductName : RealPlayer (32-bit)
Created on : 02/07/2004 10:02:07
Last accessed : 10/07/2004 23:00:00
Last modified : 02/07/2004 10:02:08

#:32 [lvcoms.exe]
FilePath : C:\Program Files\Common Files\Logitech\QCDriver3\
ThreadCreationTime : 11-07-2004 15:56:42
BasePriority : Normal
FileSize : 124 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
OriginalFilename : LVComS.exe
ProductName : Logitech ImageStudio
Created on : 02/07/2004 10:05:06
Last accessed : 10/07/2004 23:00:00
Last modified : 10/12/2002 16:54:04

#:33 [logitray.exe]
FilePath : C:\Program Files\Logitech\ImageStudio\
ThreadCreationTime : 11-07-2004 15:56:42
BasePriority : Normal
FileSize : 60 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
OriginalFilename : LogiTray.exe
ProductName : Logitech ImageStudio
Created on : 10/12/2002 17:31:34
Last accessed : 10/07/2004 23:00:00
Last modified : 10/12/2002 17:31:34

#:34 [backweb-8876480.exe]
FilePath : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
ThreadCreationTime : 11-07-2004 15:56:42
BasePriority : Normal
FileSize : 16 KB
Created on : 02/07/2004 10:00:27
Last accessed : 10/07/2004 23:00:00
Last modified : 02/07/2004 10:00:26

#:35 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-07-2004 15:56:42
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 31/12/1979 23:00:00
Last accessed : 10/07/2004 23:00:00
Last modified : 29/08/2002 02:41:22

#:36 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ThreadCreationTime : 11-07-2004 15:56:43
BasePriority : Normal
FileSize : 28 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
OriginalFilename : hpotdd01.exe
ProductName : Hewlett-Packard hpotdd01
Created on : 06/04/2003 00:06:58
Last accessed : 10/07/2004 23:00:00
Last modified : 06/04/2003 00:06:58

#:37 [hpobnz08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ThreadCreationTime : 11-07-2004 15:56:43
BasePriority : Normal
FileSize : 316 KB
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBNZ08
OriginalFilename : HPOBNZ08.EXE
ProductName : hp digital imaging - hp all-in-one series
Created on : 05/04/2003 23:37:10
Last accessed : 10/07/2004 23:00:00
Last modified : 05/04/2003 23:37:10

#:38 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 11-07-2004 15:56:50
BasePriority : Normal
FileSize : 1456 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 14/04/2003 18:30:14
Last accessed : 10/07/2004 23:00:00
Last modified : 14/04/2003 18:30:14

#:39 [hpoevm08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ThreadCreationTime : 11-07-2004 15:56:52
BasePriority : Normal
FileSize : 280 KB
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
OriginalFilename : HPOEVM08.EXE
ProductName : hp digital imaging - hp all-in-one series
Created on : 05/04/2003 23:45:10
Last accessed : 10/07/2004 23:00:00
Last modified : 05/04/2003 23:45:10

#:40 [tesconet.exe]
FilePath : C:\Program Files\Tesconet\
ThreadCreationTime : 11-07-2004 15:56:53
BasePriority : Normal
FileSize : 120 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) Rytec Consultants Ltd 2001.
CompanyName : Rytec Consultants Ltd.
FileDescription : RyDial MFC Application
InternalName : RyDial
OriginalFilename : RyDial.EXE
ProductName : RyDial Application
Created on : 01/08/2002 16:58:42
Last accessed : 10/07/2004 23:00:00
Last modified : 01/08/2002 16:58:42

#:41 [hposts08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\
ThreadCreationTime : 11-07-2004 15:56:57
BasePriority : Normal
FileSize : 304 KB
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
OriginalFilename : HPOSTS08.EXE
ProductName : hp digital imaging - hp all-in-one series
Created on : 05/04/2003 23:55:04
Last accessed : 10/07/2004 23:00:00
Last modified : 05/04/2003 23:55:04

#:42 [ad-aware.exe]
FilePath : C:\PROGRA~1\LAVASOFT\AD-AWA~1\
ThreadCreationTime : 11-07-2004 16:00:24
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 10/07/2004 22:56:32
Last accessed : 10/07/2004 23:00:00
Last modified : 12/07/2003 20:00:20

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"


Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Deep scanning and examining files (C
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 1


17:03:18 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:02:36:445
Objects scanned :48661
Objects identified :1
Objects ignored :0
New objects :1
Thanks in advance

 

[Doug Knox MS-MVP]

I don't see anything here that would be a likely cause. You also need to check what's running in Startup, some programs may not remain resident, or may run as a Service.

Click Start, Run and enter MSCONFIG and go to the Startup tab. Look for anything unfamiliar there. Also look in the Services tab, and check the box Hide all Microsoft Services. Any other services should have a description of some type. Some do, some don't, so use your own judgement there.

Additionally, see www.dougknox.com, Win XP Utilities, Startup Programs Tracker.

And last but not least, it could simply be a plug-in for Internet Explorer (toolbar, helper object) that only executes when IE is loaded.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

Hi experts,
I have recently downloaded ad aware 6.0 and it detected a registry value with an attempt to hijack my browser .It redirects to a blacklisted site it says.I have tried to delete it so many times and each time i do another search it again shows attempted browser hijack.I m sending my log file for your analysis
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :11 July 2004 17:00:41
Created with Ad-aware Personal, free for private use.
Using reference-file :01R331 08.07.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


11-07-2004 17:00:41 - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 11-07-2004 15:56:23
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 11-07-2004 15:56:26
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 11-07-2004 15:56:27
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 31/12/1979 23:00:00
Last accessed : 10/07/2004 23:00:00
Last modified : 18/08/2001 19:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 11-07-2004 15:56:27
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 31/12/1979 23:00:00
Last accessed : 10/07/2004 23:00:00
Last modified : 29/08/2002 02:41:26

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 11-07-2004 15:56:28
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 31/12/1979 23:00:00
Last accessed : 10/07/2004 23:00:00
Last modified : 18/08/2001 19:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-07-2004 15:56:28
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 31/12/1979 23:00:00
Last accessed : 10/07/2004 23:00:00
Last modified : 18/08/2001 19:00:00

#:7 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 11-07-2004 15:56:31
BasePriority : Normal
FileSize : 229 KB
FileVersion : 2.1.1.700
ProductVersion : 2.1.1.700
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
OriginalFilename : ccSetMgr.exe
ProductName : Common Client
Created on : 08/12/2003 16:18:44
Last accessed : 10/07/2004 23:00:00
Last modified : 08/12/2003 16:18:44

#:8 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 11-07-2004 15:56:31
BasePriority : Normal
FileSize : 249 KB
FileVersion : 2.1.1.700
ProductVersion : 2.1.1.700
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Common Client
Created on : 08/12/2003 16:18:36
Last accessed : 10/07/2004 23:00:00
Last modified : 08/12/2003 16:18:36

#:9 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 11-07-2004 15:56:32
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 31/12/1979 23:00:00
Last accessed : 10/07/2004 23:00:00
Last modified : 18/08/2001 19:00:00

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 11-07-2004 15:56:35
BasePriority : Normal
FileSize : 973 KB
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 11/05/2003 20:12:10
Last accessed : 10/07/2004 23:00:00
Last modified : 11/05/2003 20:12:10

#:11 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 11-07-2004 15:56:35
BasePriority : Normal
FileSize : 213 KB
FileVersion : 2.1.2.800
ProductVersion : 2.1.2.800
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Network Proxy Service
InternalName : ccProxy
OriginalFilename : ccProxy.exe
ProductName : Common Client
Created on : 30/06/2004 12:28:10
Last accessed : 10/07/2004 23:00:00
Last modified : 27/01/2004 18:06:54

#:12 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ThreadCreationTime : 11-07-2004 15:56:35
BasePriority : Normal
FileSize : 314 KB
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
OriginalFilename : mdm.exe
ProductName : Microsoft
Created on : 19/06/2003 22:25:00
Last accessed : 10/07/2004 23:00:00
Last modified : 19/06/2003 22:25:00

#:13 [navapsvc.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ThreadCreationTime : 11-07-2004 15:56:36
BasePriority : Normal
FileSize : 155 KB
FileVersion : 10.00.2
ProductVersion : 10.00.2
Copyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 30/06/2004 12:28:09
Last accessed : 10/07/2004 23:00:00
Last modified : 23/04/2004 10:04:18

#:14 [savscan.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ThreadCreationTime : 11-07-2004 15:56:36
BasePriority : Normal
FileSize : 189 KB
FileVersion : 9.2.1.14
ProductVersion : 9.2
Copyright : Copyright (c) 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
OriginalFilename : SAVSCAN.EXE
ProductName : Symantec AntiVirus AutoProtect
Created on : 07/11/2003 17:46:58
Last accessed : 10/07/2004 23:00:00
Last modified : 07/11/2003 17:46:58

#:15 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 11-07-2004 15:56:37
BasePriority : Normal
FileSize : 189 KB
FileVersion : 5.3.2.67
ProductVersion : 5.3
Copyright : Copyright 2002, 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
OriginalFilename : SndSrvc.exe
ProductName : Symantec Security Drivers
Created on : 29/06/2004 15:14:38
Last accessed : 10/07/2004 23:00:00
Last modified : 29/06/2004 15:14:38

#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-07-2004 15:56:38
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 31/12/1979 23:00:00
Last accessed : 10/07/2004 23:00:00
Last modified : 18/08/2001 19:00:00

#:17 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ThreadCreationTime : 11-07-2004 15:56:38
BasePriority : Normal
FileSize : 572 KB
FileVersion : 1, 8, 48, 79
ProductVersion : 1, 8, 48, 79
Copyright : Copyright (C) 2003
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
OriginalFilename : symlcsvc.exe
ProductName : Symantec Core Component
Created on : 30/06/2004 11:44:40
Last accessed : 10/07/2004 23:00:00
Last modified : 30/06/2004 11:44:42

#:18 [igfxtray.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-07-2004 15:56:39
BasePriority : Normal
FileSize : 152 KB
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
Copyright : Copyright 1999-2003, Intel Corporation
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
OriginalFilename : IGFXTRAY.EXE
ProductName : Intel(R) Common User Interface
Created on : 19/05/2003 22:52:39
Last accessed : 10/07/2004 23:00:00
Last modified : 06/04/2003 23:19:52

#:19 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-07-2004 15:56:39
BasePriority : Normal
FileSize : 112 KB
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
Copyright : Copyright 1999-2003, Intel Corporation
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
OriginalFilename : HKCMD.EXE
ProductName : Intel(R) Common User Interface
Created on : 19/05/2003 22:52:38
Last accessed : 10/07/2004 23:00:00
Last modified : 06/04/2003 23:07:38

#:20 [almxptray.exe]
FilePath : C:\Program Files\Acer\Notebook Manager\
ThreadCreationTime : 11-07-2004 15:56:39
BasePriority : Normal
FileSize : 498 KB
FileVersion : 2.0.10.3
ProductVersion : 2.0.10
CompanyName : Acer
Created on : 16/05/2003 16:09:34
Last accessed : 10/07/2004 23:00:00
Last modified : 16/05/2003 16:09:34

#:21 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ThreadCreationTime : 11-07-2004 15:56:39
BasePriority : Normal
FileSize : 108 KB
FileVersion : 7.5.5 24Apr03
ProductVersion : 7.5.5 24Apr03
Copyright : Copyright (C) Synaptics, Inc. 1996-2003
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
OriginalFilename : SynTPLpr.exe
ProductName : Progressive Touch
Created on : 26/05/2003 14:30:15
Last accessed : 10/07/2004 23:00:00
Last modified : 24/04/2003 15:51:36

#:22 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ThreadCreationTime : 11-07-2004 15:56:40
BasePriority : Normal
FileSize : 596 KB
FileVersion : 7.5.5 24Apr03
ProductVersion : 7.5.5 24Apr03
Copyright : Copyright (C) Synaptics, Inc. 1996-2003
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
OriginalFilename : SynTPEnh.exe
ProductName : Progressive Touch
Created on : 26/05/2003 14:30:15
Last accessed : 10/07/2004 23:00:00
Last modified : 24/04/2003 15:44:56

#:23 [launchap.exe]
FilePath : C:\Program Files\Launch Manager\
ThreadCreationTime : 11-07-2004 15:56:40
BasePriority : Normal
FileSize : 32 KB
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
Copyright : Copyright (C) 2001
FileDescription : LaunchAp MFC Application
InternalName : LaunchAp
OriginalFilename : LaunchAp.EXE
ProductName : LaunchAp Application
Created on : 19/05/2003 22:58:00
Last accessed : 10/07/2004 23:00:00
Last modified : 12/05/2003 13:28:50

#:24 [powerkey.exe]
FilePath : C:\Program Files\Launch Manager\
ThreadCreationTime : 11-07-2004 15:56:40
BasePriority : Normal
FileSize : 92 KB
FileVersion : 1, 4, 4, 0
ProductVersion : 1, 4, 4, 0
Copyright : Copyright
FileDescription : Powerkey
InternalName : Powerkey
OriginalFilename : Powerkey.exe
Created on : 02/06/2003 10:45:26
Last accessed : 10/07/2004 23:00:00
Last modified : 30/08/2002 14:02:48

#:25 [hotkeyapp.exe]
FilePath : C:\Program Files\Launch Manager\
ThreadCreationTime : 11-07-2004 15:56:40
BasePriority : Normal
FileSize : 44 KB
FileVersion : 1, 0, 4, 7
ProductVersion : 1, 0, 4, 7
Copyright : Copyright c 2002
CompanyName : Wistron
FileDescription : HotkeyApp
InternalName : HotkeyApp
OriginalFilename : HotkeyApp.exe
ProductName : Wistron HotkeyApp
Created on : 02/06/2003 10:45:25
Last accessed : 10/07/2004 23:00:00
Last modified : 19/05/2003 10:51:32

#:26 [ctrlvol.exe]
FilePath : C:\Program Files\Launch Manager\
ThreadCreationTime : 11-07-2004 15:56:41
BasePriority : Normal
FileSize : 164 KB
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
Copyright : Copyright c 2003
CompanyName : Wistron
FileDescription : ctrlvol
InternalName : ctrlvol
OriginalFilename : ctrlvol.exe
ProductName : Wistron ctrlvol
Created on : 02/06/2003 10:45:25
Last accessed : 10/07/2004 23:00:00
Last modified : 12/05/2003 14:05:16

#:27 [wbutton.exe]
FilePath : C:\Program Files\Launch Manager\
ThreadCreationTime : 11-07-2004 15:56:41
BasePriority : Normal
FileSize : 52 KB
FileVersion : 1, 0, 2, 4
ProductVersion : 1, 0, 2, 4
Copyright : Copyright (C) 2001
FileDescription : WButton MFC Application
InternalName : WButton
OriginalFilename : WButton.EXE
ProductName : WButton Application
Created on : 02/06/2003 10:45:25
Last accessed : 10/07/2004 23:00:00
Last modified : 28/05/2003 09:02:34

#:28 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 11-07-2004 15:56:41
BasePriority : Normal
FileSize : 86 KB
FileVersion : 2.1.25 2.1.25 02/14/2003 11:58:58
ProductVersion : 2.1.25 2.1.25 02/14/2003 11:58:58
Copyright : Copyright
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
OriginalFilename : smdmstat.exe
ProductName : Agere SoftModem Messaging Applet
Created on : 31/12/1979 23:00:00
Last accessed : 10/07/2004 23:00:00
Last modified : 14/02/2003 10:59:00

#:29 [ltmoh.exe]
FilePath : C:\Program Files\ltmoh\
ThreadCreationTime : 11-07-2004 15:56:41
BasePriority : Normal
FileSize : 168 KB
FileVersion : 1.68
ProductVersion : 1.68
Copyright : Agere Copyright
CompanyName : Agere Systems
FileDescription : LtMoh MFC Application
InternalName : LtMoh
OriginalFilename : LtMoh.EXE
ProductName : LtMoh Application
Created on : 29/06/2004 20:22:24
Last accessed : 10/07/2004 23:00:00
Last modified : 25/11/2002 09:23:20

#:30 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 11-07-2004 15:56:41
BasePriority : Normal
FileSize : 69 KB
FileVersion : 2.1.1.700
ProductVersion : 2.1.1.700
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 08/12/2003 16:18:34
Last accessed : 10/07/2004 23:00:00
Last modified : 08/12/2003 16:18:34

#:31 [realplay.exe]
FilePath : C:\Program Files\Real\RealPlayer\
ThreadCreationTime : 11-07-2004 15:56:42
BasePriority : Normal
FileSize : 20 KB
FileVersion : 6.0.8.122
ProductVersion : 6.0.8.122
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
OriginalFilename : REALPLAY.EXE
ProductName : RealPlayer (32-bit)
Created on : 02/07/2004 10:02:07
Last accessed : 10/07/2004 23:00:00
Last modified : 02/07/2004 10:02:08

#:32 [lvcoms.exe]
FilePath : C:\Program Files\Common Files\Logitech\QCDriver3\
ThreadCreationTime : 11-07-2004 15:56:42
BasePriority : Normal
FileSize : 124 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
OriginalFilename : LVComS.exe
ProductName : Logitech ImageStudio
Created on : 02/07/2004 10:05:06
Last accessed : 10/07/2004 23:00:00
Last modified : 10/12/2002 16:54:04

#:33 [logitray.exe]
FilePath : C:\Program Files\Logitech\ImageStudio\
ThreadCreationTime : 11-07-2004 15:56:42
BasePriority : Normal
FileSize : 60 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
OriginalFilename : LogiTray.exe
ProductName : Logitech ImageStudio
Created on : 10/12/2002 17:31:34
Last accessed : 10/07/2004 23:00:00
Last modified : 10/12/2002 17:31:34

#:34 [backweb-8876480.exe]
FilePath : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
ThreadCreationTime : 11-07-2004 15:56:42
BasePriority : Normal
FileSize : 16 KB
Created on : 02/07/2004 10:00:27
Last accessed : 10/07/2004 23:00:00
Last modified : 02/07/2004 10:00:26

#:35 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-07-2004 15:56:42
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 31/12/1979 23:00:00
Last accessed : 10/07/2004 23:00:00
Last modified : 29/08/2002 02:41:22

#:36 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ThreadCreationTime : 11-07-2004 15:56:43
BasePriority : Normal
FileSize : 28 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
OriginalFilename : hpotdd01.exe
ProductName : Hewlett-Packard hpotdd01
Created on : 06/04/2003 00:06:58
Last accessed : 10/07/2004 23:00:00
Last modified : 06/04/2003 00:06:58

#:37 [hpobnz08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ThreadCreationTime : 11-07-2004 15:56:43
BasePriority : Normal
FileSize : 316 KB
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBNZ08
OriginalFilename : HPOBNZ08.EXE
ProductName : hp digital imaging - hp all-in-one series
Created on : 05/04/2003 23:37:10
Last accessed : 10/07/2004 23:00:00
Last modified : 05/04/2003 23:37:10

#:38 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 11-07-2004 15:56:50
BasePriority : Normal
FileSize : 1456 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 14/04/2003 18:30:14
Last accessed : 10/07/2004 23:00:00
Last modified : 14/04/2003 18:30:14

#:39 [hpoevm08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ThreadCreationTime : 11-07-2004 15:56:52
BasePriority : Normal
FileSize : 280 KB
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
OriginalFilename : HPOEVM08.EXE
ProductName : hp digital imaging - hp all-in-one series
Created on : 05/04/2003 23:45:10
Last accessed : 10/07/2004 23:00:00
Last modified : 05/04/2003 23:45:10

#:40 [tesconet.exe]
FilePath : C:\Program Files\Tesconet\
ThreadCreationTime : 11-07-2004 15:56:53
BasePriority : Normal
FileSize : 120 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) Rytec Consultants Ltd 2001.
CompanyName : Rytec Consultants Ltd.
FileDescription : RyDial MFC Application
InternalName : RyDial
OriginalFilename : RyDial.EXE
ProductName : RyDial Application
Created on : 01/08/2002 16:58:42
Last accessed : 10/07/2004 23:00:00
Last modified : 01/08/2002 16:58:42

#:41 [hposts08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\
ThreadCreationTime : 11-07-2004 15:56:57
BasePriority : Normal
FileSize : 304 KB
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
OriginalFilename : HPOSTS08.EXE
ProductName : hp digital imaging - hp all-in-one series
Created on : 05/04/2003 23:55:04
Last accessed : 10/07/2004 23:00:00
Last modified : 05/04/2003 23:55:04

#:42 [ad-aware.exe]
FilePath : C:\PROGRA~1\LAVASOFT\AD-AWA~1\
ThreadCreationTime : 11-07-2004 16:00:24
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 10/07/2004 22:56:32
Last accessed : 10/07/2004 23:00:00
Last modified : 12/07/2003 20:00:20

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"


Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Deep scanning and examining files (C
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 1


17:03:18 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:02:36:445
Objects scanned :48661
Objects identified :1
Objects ignored :0
New objects :1
Thanks in advance

 

[Guest]

Thank you for a quick reply.I checked as you had advised.There is nothing suspicious in services.i am not sure about start up.I am sending the log file for your analysis.i downloaded the start up tarcker.11/07/2004 19:42:07

-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

No Items Found

-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

LaunchApp LaunApp
IgfxTray C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
AcerNotebookManager C:\Program Files\Acer\Notebook Manager\almxptray.exe
SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
LaunchAp C:\Program Files\Launch Manager\LaunchAp.exe
PowerKey "C:\Program Files\Launch Manager\PowerKey.exe"
LManager C:\Program Files\Launch Manager\HotkeyApp.exe
CtrlVol C:\Program Files\Launch Manager\CtrlVol.exe
Wbutton "C:\Program Files\Launch Manager\Wbutton.exe"
AGRSMMSG AGRSMMSG.exe
LtMoh C:\Program Files\ltmoh\Ltmoh.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
URLLSTCK.exe C:\Program Files\Norton Internet Security\UrlLstCk.exe
RealTray C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
LVCOMS C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
LogitechGalleryRepair C:\Program Files\Logitech\ImageStudio\ISStart.exe
LogitechImageStudioTray C:\Program Files\Logitech\ImageStudio\LogiTray.exe

-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

No Items Found

-- Start Menu - Current User --
No Items Found

-- Start Menu - All Users --
Logitech Desktop Messenger.lnk
hpoddt01.exe.lnk
hp psc 2000 Series.lnk

-- Disabled Items --
No Items Found

-- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon --
Explorer.exe

-- Running Processes --
System Idle Process
System
SMSS.EXE \SystemRoot\System32\smss.exe
CSRSS.EXE
WINLOGON.EXE winlogon.exe
SERVICES.EXE C:\WINDOWS\system32\services.exe
LSASS.EXE C:\WINDOWS\system32\lsass.exe
SVCHOST.EXE C:\WINDOWS\system32\svchost -k rpcss
SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
ccSetMgr.exe "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ccEvtMgr.exe "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
SPOOLSV.EXE C:\WINDOWS\system32\spoolsv.exe
ALG.EXE
CCPROXY.EXE "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
MDM.EXE "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
NAVAPSVC.EXE "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
SAVScan.exe "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe"
SNDSrvc.exe "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k imgsvc
SYMLCSVC.EXE "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
EXPLORER.EXE C:\WINDOWS\Explorer.EXE
IGFXTRAY.EXE "C:\WINDOWS\System32\igfxtray.exe"
HKCMD.EXE "C:\WINDOWS\System32\hkcmd.exe"
almxptray.exe "C:\Program Files\Acer\Notebook Manager\almxptray.exe"
SynTPLpr.exe "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
SynTPEnh.exe "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
LaunchAp.exe "C:\Program Files\Launch Manager\LaunchAp.exe"
Powerkey.exe "C:\Program Files\Launch Manager\PowerKey.exe"
HotkeyApp.exe "C:\Program Files\Launch Manager\HotkeyApp.exe"
CTRLVOL.EXE "C:\Program Files\Launch Manager\CtrlVol.exe"
WButton.exe "C:\Program Files\Launch Manager\Wbutton.exe"
AGRSMMSG.EXE "C:\WINDOWS\AGRSMMSG.exe"
LTMOH.EXE "C:\Program Files\ltmoh\Ltmoh.exe"
ccApp.exe "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
REALPLAY.EXE "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
LVComS.exe "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
LogiTray.exe "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
backWeb-8876480.exe "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
CTFMON.EXE "C:\WINDOWS\System32\ctfmon.exe"
HPOTDD01.EXE "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
HPOBNZ08.EXE "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe"
MSMSGS.EXE "C:\Program Files\Messenger\msmsgs.exe" -Embedding
HPOEVM08.EXE "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding
HPOSTS08.EXE "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp psc 2170 series#1089057350" /Startup
Tesconet.exe "C:\Program Files\Tesconet\Tesconet.exe"
rsvp.exe C:\WINDOWS\System32\rsvp.exe
HelpCtr.exe "C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe" -FromStartHelp
HelpSvc.exe "C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe" /Embedding
HelpHost.exe "C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe" -guid {B86D8E59-80B0-43E7-AF96-BC742A284581}
IEXPLORE.EXE "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
StartupTracker3.exe "C:\Documents and Settings\Jibanananda\Local Settings\Temp\Temporary Directory 1 for StartupTracker3.zip\StartupTracker3.exe"
wmiprvse.exe

-- Running Services --

Name: ALG
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall
Startup Mode: Manual
Run from: C:\WINDOWS\System32\alg.exe

Name: AudioSrv
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: ccEvtMgr
Description: Symantec Event Manager
Startup Mode: Auto
Run from: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

Name: ccProxy
Description: Symantec Network Proxy Service
Startup Mode: Auto
Run from: "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"

Name: ccSetMgr
Description: Symantec Settings Manager
Startup Mode: Auto
Run from: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

Name: CryptSvc
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

Name: Dhcp
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: dmserver
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: Dnscache
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k NetworkService

Name: ERSvc
Description: Allows error reporting for services and applictions running in non-standard environments.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: Eventlog
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe

Name: EventSystem
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: FastUserSwitchingCompatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: helpsvc
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: Irmon
Description: Supports infrared devices installed on the computer and detects other devices that are in range.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: lanmanserver
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: lanmanworkstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: LmHosts
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService

Name: MDM
Description: Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly.
Startup Mode: Auto
Run from: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"

Name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: navapsvc
Description: Handles Norton AntiVirus Auto-Protect events.
Startup Mode: Auto
Run from: "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"

Name: Netman
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: Nla
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: PlugPlay
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe

Name: PolicyAgent
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\lsass.exe

Name: ProtectedStorage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe

Name: RasMan
Description: Creates a network connection.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: RemoteRegistry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k LocalService

Name: RpcSs
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost -k rpcss

Name: RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\rsvp.exe

Name: SamSs
Description: Stores security information for local user accounts.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe

Name: SAVScan
Description: Handles Norton AntiVirus Auto-Protect Archive Scanning
Startup Mode: Auto
Run from: C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

Name: Schedule
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: seclogon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: SENS
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

Name: SharedAccess
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: ShellHWDetection
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: SNDSrvc
Description: Symantec Network Drivers Service
Startup Mode: Auto
Run from: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Name: Spooler
Description: Loads files to memory for later printing.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\spoolsv.exe

Name: srservice
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: SSDPSRV
Description: Enables discovery of UPnP devices on your home network.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService

Name: stisvc
Description: Provides image acquisition services for scanners and cameras.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k imgsvc

Name: Symantec Core LC
Description: Symantec Core LC
Startup Mode: Auto
Run from: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Name: TapiSrv
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: TermService
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: Themes
Description: Provides user experience theme management.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: TrkWks
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

Name: uploadmgr
Description: Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: W32Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService

Name: winmgmt
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

Name: wuauserv
Description: Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

Name: WZCSVC
Description: Provides automatic configuration for the 802.11 adapters
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

 

[Guest]

Try running AdWare in Safe mode. Enter Safe mode by hitting F8 when you're computer is booting. This will prevent any startup services from running.

I had to just format my hard drive and start fresh.
--
Rick

Thank you for a quick reply.I checked as you had advised.There is nothing suspicious in services.i am not sure about start up.I am sending the log file for your analysis.i downloaded the start up tarcker.11/07/2004 19:42:07

-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

No Items Found

-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

LaunchApp LaunApp
IgfxTray C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
AcerNotebookManager C:\Program Files\Acer\Notebook Manager\almxptray.exe
SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
LaunchAp C:\Program Files\Launch Manager\LaunchAp.exe
PowerKey "C:\Program Files\Launch Manager\PowerKey.exe"
LManager C:\Program Files\Launch Manager\HotkeyApp.exe
CtrlVol C:\Program Files\Launch Manager\CtrlVol.exe
Wbutton "C:\Program Files\Launch Manager\Wbutton.exe"
AGRSMMSG AGRSMMSG.exe
LtMoh C:\Program Files\ltmoh\Ltmoh.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
URLLSTCK.exe C:\Program Files\Norton Internet Security\UrlLstCk.exe
RealTray C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
LVCOMS C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
LogitechGalleryRepair C:\Program Files\Logitech\ImageStudio\ISStart.exe
LogitechImageStudioTray C:\Program Files\Logitech\ImageStudio\LogiTray.exe

-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

No Items Found

-- Start Menu - Current User --
No Items Found

-- Start Menu - All Users --
Logitech Desktop Messenger.lnk
hpoddt01.exe.lnk
hp psc 2000 Series.lnk

-- Disabled Items --
No Items Found

-- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon --
Explorer.exe

-- Running Processes --
System Idle Process
System
SMSS.EXE \SystemRoot\System32\smss.exe
CSRSS.EXE
WINLOGON.EXE winlogon.exe
SERVICES.EXE C:\WINDOWS\system32\services.exe
LSASS.EXE C:\WINDOWS\system32\lsass.exe
SVCHOST.EXE C:\WINDOWS\system32\svchost -k rpcss
SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
ccSetMgr.exe "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ccEvtMgr.exe "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
SPOOLSV.EXE C:\WINDOWS\system32\spoolsv.exe
ALG.EXE
CCPROXY.EXE "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
MDM.EXE "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
NAVAPSVC.EXE "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
SAVScan.exe "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe"
SNDSrvc.exe "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k imgsvc
SYMLCSVC.EXE "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
EXPLORER.EXE C:\WINDOWS\Explorer.EXE
IGFXTRAY.EXE "C:\WINDOWS\System32\igfxtray.exe"
HKCMD.EXE "C:\WINDOWS\System32\hkcmd.exe"
almxptray.exe "C:\Program Files\Acer\Notebook Manager\almxptray.exe"
SynTPLpr.exe "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
SynTPEnh.exe "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
LaunchAp.exe "C:\Program Files\Launch Manager\LaunchAp.exe"
Powerkey.exe "C:\Program Files\Launch Manager\PowerKey.exe"
HotkeyApp.exe "C:\Program Files\Launch Manager\HotkeyApp.exe"
CTRLVOL.EXE "C:\Program Files\Launch Manager\CtrlVol.exe"
WButton.exe "C:\Program Files\Launch Manager\Wbutton.exe"
AGRSMMSG.EXE "C:\WINDOWS\AGRSMMSG.exe"
LTMOH.EXE "C:\Program Files\ltmoh\Ltmoh.exe"
ccApp.exe "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
REALPLAY.EXE "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
LVComS.exe "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
LogiTray.exe "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
backWeb-8876480.exe "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
CTFMON.EXE "C:\WINDOWS\System32\ctfmon.exe"
HPOTDD01.EXE "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
HPOBNZ08.EXE "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe"
MSMSGS.EXE "C:\Program Files\Messenger\msmsgs.exe" -Embedding
HPOEVM08.EXE "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding
HPOSTS08.EXE "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp psc 2170 series#1089057350" /Startup
Tesconet.exe "C:\Program Files\Tesconet\Tesconet.exe"
rsvp.exe C:\WINDOWS\System32\rsvp.exe
HelpCtr.exe "C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe" -FromStartHelp
HelpSvc.exe "C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe" /Embedding
HelpHost.exe "C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe" -guid {B86D8E59-80B0-43E7-AF96-BC742A284581}
IEXPLORE.EXE "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
StartupTracker3.exe "C:\Documents and Settings\Jibanananda\Local Settings\Temp\Temporary Directory 1 for StartupTracker3.zip\StartupTracker3.exe"
wmiprvse.exe

-- Running Services --

Name: ALG
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall
Startup Mode: Manual
Run from: C:\WINDOWS\System32\alg.exe

Name: AudioSrv
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: ccEvtMgr
Description: Symantec Event Manager
Startup Mode: Auto
Run from: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

Name: ccProxy
Description: Symantec Network Proxy Service
Startup Mode: Auto
Run from: "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"

Name: ccSetMgr
Description: Symantec Settings Manager
Startup Mode: Auto
Run from: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

Name: CryptSvc
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

Name: Dhcp
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: dmserver
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: Dnscache
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k NetworkService

Name: ERSvc
Description: Allows error reporting for services and applictions running in non-standard environments.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: Eventlog
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe

Name: EventSystem
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: FastUserSwitchingCompatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: helpsvc
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: Irmon
Description: Supports infrared devices installed on the computer and detects other devices that are in range.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: lanmanserver
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: lanmanworkstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: LmHosts
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService

Name: MDM
Description: Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly.
Startup Mode: Auto
Run from: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"

Name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: navapsvc
Description: Handles Norton AntiVirus Auto-Protect events.
Startup Mode: Auto
Run from: "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"

Name: Netman
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: Nla
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: PlugPlay
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe

Name: PolicyAgent
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\lsass.exe

Name: ProtectedStorage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe

Name: RasMan
Description: Creates a network connection.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: RemoteRegistry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k LocalService

Name: RpcSs
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost -k rpcss

Name: RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\rsvp.exe

Name: SamSs
Description: Stores security information for local user accounts.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe

Name: SAVScan
Description: Handles Norton AntiVirus Auto-Protect Archive Scanning
Startup Mode: Auto
Run from: C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

Name: Schedule
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: seclogon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: SENS
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

Name: SharedAccess
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: ShellHWDetection
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: SNDSrvc
Description: Symantec Network Drivers Service
Startup Mode: Auto
Run from: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Name: Spooler
Description: Loads files to memory for later printing.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\spoolsv.exe

Name: srservice
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: SSDPSRV
Description: Enables discovery of UPnP devices on your home network.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService

Name: stisvc
Description: Provides image acquisition services for scanners and cameras.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k imgsvc

Name: Symantec Core LC
Description: Symantec Core LC
Startup Mode: Auto
Run from: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Name: TapiSrv
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: TermService
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: Themes
Description: Provides user experience theme management.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: TrkWks
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

Name: uploadmgr
Description: Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: W32Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService

Name: winmgmt
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

Name: wuauserv
Description: Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

Name: WZCSVC
Description: Provides automatic configuration for the 802.11 adapters
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

 

[Guest]

Had same issue, but my start page was hijacked. Have NIS2004-Ad-Aware6.0-Spybot Search&Destroy-XoftSpy - None found the problem. Downloaded log files to XoftSpy, they found the issue & updated their program to correct it. Issue was "Coolwebsearch.com" adware & some variants. Check anti-spyware sites for a "Coolwebsearch" killer, it may solve the problem without any additional programs.

 

[Guest]

Hi Everybody,
Thank you very much for ll your suggestions.The problem seems to be solved.I did a repeat ad aware search nd now it doesnt detected any registry value.My start page doesnt get redirected now.Earlier it used to open a MSN page(duplicate one).Microsoft was showing this one as a restricted site.so obviously it was a spyware pagewhich was loooking like an original msn web page.The few thing I did is i downloaded a start up tracker and changed my start up page from about blank to a tesco.net web page.I have quarantined 14 items which includes a registry key and tracking cookies.I dont know whether i should delete them or not.I am posting the details here for your suggestion.Now an Ad-aware search doesnt detect anything.Thank you very much for your kind suggestions.
ArchiveData(auto-quarantine- 11-07-2004 00-46-30.bckp)
======================================================

ALEXA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegKey : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

POSSIBLE BROWSER HIJACK ATTEMPT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[1]=RegData : Software\Microsoft\Internet Explorer\Main

ArchiveData(auto-quarantine- 11-07-2004 00-13-52.bckp)
======================================================

TRACKING COOKIE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=File : c:\documents and settings\\cookies\@2o7[2].txt
obj[1]=File : c:\documents and settings\\cookies\@qksrv[1].txt
obj[2]=File : c:\documents and settings\\cookies\@questionmarket[2].txt
obj[3]=File : c:\documents and settings\\cookies\
@bravenet[2].txt
obj[4]=File : c:\documents and settings\\cookies\
@cgi-bin[2].txt
obj[5]=File : c:\documents and settings\\cookies\@etype.adbureau[1].txt

 

[MowGreen [MVP]]

Darkhorse,

If you're homepage was set to about: blank when you scanned the
system with AdAware this was falsely detected as a *possible*
homepage hijacking. If you did not add this to the Ignorelist than
AdAware resets the page to MSN ( the default setting ). By setting
your homepage to tesco.net AdAware no longer sees a *possible*
homepage hijack attempt.
You do not list the 14 items in your post, but you did list 8 of
them . Quarantining the Alexa registry key is recommended , but it
in itself is NOT spyware, just a questionable service.
You can delete any tracking cookies that AdAware has now quarantined.
This entry has been quarantined and *most likely* is related to the
about: blank issue :

POSSIBLE BROWSER HIJACK ATTEMPT

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ obj[1]=RegData :
Software\Microsoft\Internet Explorer\Main

ArchiveData(auto-quarantine- 11-07-2004 00-13-52.bckp)

Go to the quarantined objects and either right click it to choose
more details on it or click once on it to highlight it and then
click the More Details button.
Hope this clears up any confusion.

MowGreen [MVP]
===============
*-343-* FDNY
Never Forgotten
===============

Hi Everybody, Thank you very much for ll your suggestions.The
problem seems to be solved.I did a repeat ad aware search nd now
it doesnt detected any registry value.My start page doesnt get
redirected now.Earlier it used to open a MSN page(duplicate
one).Microsoft was showing this one as a restricted site.so
obviously it was a spyware pagewhich was loooking like an
original msn web page.The few thing I did is i downloaded a start
up tracker and changed my start up page from about blank to a
tesco.net web page.I have quarantined 14 items which includes a
registry key and tracking cookies.I dont know whether i should
delete them or not.I am posting the details here for your
suggestion.Now an Ad-aware search doesnt detect anything.Thank
you very much for your kind suggestions.
ArchiveData(auto-quarantine- 11-07-2004 00-46-30.bckp)
======================================================

ALEXA ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ obj[0]=RegKey :
SOFTWARE\Microsoft\Internet
Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

POSSIBLE BROWSER HIJACK ATTEMPT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ obj[1]=RegData :
Software\Microsoft\Internet Explorer\Main

ArchiveData(auto-quarantine- 11-07-2004 00-13-52.bckp)
======================================================

TRACKING COOKIE ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=File : c:\documents and settings\\cookies\@2o7[2].txt
obj[1]=File : c:\documents and settings\\cookies\@qksrv[1].txt
obj[2]=File : c:\documents and
settings\\cookies\@questionmarket[2].txt obj[3]=File :
c:\documents and settings\\cookies\ @bravenet[2].txt obj[4]=File
: c:\documents and settings\\cookies\ @cgi-bin[2].txt obj[5]=File
: c:\documents and settings\\cookies\@etype.adbureau[1].txt

 

[Guest]

I thought igfxtray.exe = hkcmmd.exe. but WTFD eye no? : )

Darkhorse,

If you're homepage was set to about: blank when you scanned the
system with AdAware this was falsely detected as a *possible*
homepage hijacking. If you did not add this to the Ignorelist than
AdAware resets the page to MSN ( the default setting ). By setting
your homepage to tesco.net AdAware no longer sees a *possible*
homepage hijack attempt.
You do not list the 14 items in your post, but you did list 8 of
them . Quarantining the Alexa registry key is recommended , but it
in itself is NOT spyware, just a questionable service.
You can delete any tracking cookies that AdAware has now quarantined.
This entry has been quarantined and *most likely* is related to the
about: blank issue :

POSSIBLE BROWSER HIJACK ATTEMPT

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ obj[1]=RegData :
Software\Microsoft\Internet Explorer\Main

ArchiveData(auto-quarantine- 11-07-2004 00-13-52.bckp)

Go to the quarantined objects and either right click it to choose
more details on it or click once on it to highlight it and then
click the More Details button.
Hope this clears up any confusion.

MowGreen [MVP]
===============
*-343-* FDNY
Never Forgotten
===============

Hi Everybody, Thank you very much for ll your suggestions.The
problem seems to be solved.I did a repeat ad aware search nd now
it doesnt detected any registry value.My start page doesnt get
redirected now.Earlier it used to open a MSN page(duplicate
one).Microsoft was showing this one as a restricted site.so
obviously it was a spyware pagewhich was loooking like an
original msn web page.The few thing I did is i downloaded a start
up tracker and changed my start up page from about blank to a
tesco.net web page.I have quarantined 14 items which includes a
registry key and tracking cookies.I dont know whether i should
delete them or not.I am posting the details here for your
suggestion.Now an Ad-aware search doesnt detect anything.Thank
you very much for your kind suggestions.
ArchiveData(auto-quarantine- 11-07-2004 00-46-30.bckp)
======================================================

ALEXA ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ obj[0]=RegKey :
SOFTWARE\Microsoft\Internet
Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

POSSIBLE BROWSER HIJACK ATTEMPT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ obj[1]=RegData :
Software\Microsoft\Internet Explorer\Main

ArchiveData(auto-quarantine- 11-07-2004 00-13-52.bckp)
======================================================

TRACKING COOKIE ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=File : c:\documents and settings\\cookies\@2o7[2].txt
obj[1]=File : c:\documents and settings\\cookies\@qksrv[1].txt
obj[2]=File : c:\documents and
settings\\cookies\@questionmarket[2].txt obj[3]=File :
c:\documents and settings\\cookies\ @bravenet[2].txt obj[4]=File
: c:\documents and settings\\cookies\ @cgi-bin[2].txt obj[5]=File
: c:\documents and settings\\cookies\@etype.adbureau[1].txt

 

[Wesley Vogel]

igfxtray.exe is a process which allows you to access access the Intel
Graphics configuration and diagnostic application for the Intel 810 series
graphics chipset.

hkcmd.exe is installed alongside Intel multimedia devices and allows
configuration and diagnostic options for these devices. It seems like every
manufacturer has their own hotkey programming application and this is the
one brought to you by Intel.

File hkcmd.exe is the Intel Hot Keys Command Module which handles keyboard
shortcuts for Intel based graphix chips. It is reported that the program may
contact some sites on the Internet via TCP.



--
Hope this helps. Let us know.
Wes

In

I thought igfxtray.exe = hkcmmd.exe. but WTFD eye no? : )

Darkhorse,

If you're homepage was set to about: blank when you scanned the
system with AdAware this was falsely detected as a *possible*
homepage hijacking. If you did not add this to the Ignorelist than
AdAware resets the page to MSN ( the default setting ). By setting
your homepage to tesco.net AdAware no longer sees a *possible*
homepage hijack attempt.
You do not list the 14 items in your post, but you did list 8 of
them . Quarantining the Alexa registry key is recommended , but it
in itself is NOT spyware, just a questionable service.
You can delete any tracking cookies that AdAware has now quarantined.
This entry has been quarantined and *most likely* is related to the
about: blank issue :

POSSIBLE BROWSER HIJACK ATTEMPT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[1]=RegData : Software\Microsoft\Internet Explorer\Main

ArchiveData(auto-quarantine- 11-07-2004 00-13-52.bckp)

Go to the quarantined objects and either right click it to choose
more details on it or click once on it to highlight it and then
click the More Details button.
Hope this clears up any confusion.

MowGreen [MVP]
===============
*-343-* FDNY
Never Forgotten
===============

Hi Everybody, Thank you very much for ll your suggestions.The
problem seems to be solved.I did a repeat ad aware search nd now
it doesnt detected any registry value.My start page doesnt get
redirected now.Earlier it used to open a MSN page(duplicate
one).Microsoft was showing this one as a restricted site.so
obviously it was a spyware pagewhich was loooking like an
original msn web page.The few thing I did is i downloaded a start
up tracker and changed my start up page from about blank to a
tesco.net web page.I have quarantined 14 items which includes a
registry key and tracking cookies.I dont know whether i should
delete them or not.I am posting the details here for your
suggestion.Now an Ad-aware search doesnt detect anything.Thank
you very much for your kind suggestions.
ArchiveData(auto-quarantine- 11-07-2004 00-46-30.bckp)
======================================================

ALEXA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegKey : SOFTWARE\Microsoft\Internet
Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

POSSIBLE BROWSER HIJACK ATTEMPT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[1]=RegData : Software\Microsoft\Internet Explorer\Main

ArchiveData(auto-quarantine- 11-07-2004 00-13-52.bckp)
======================================================

TRACKING COOKIE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=File : c:\documents and settings\\cookies\@2o7[2].txt
obj[1]=File : c:\documents and settings\\cookies\@qksrv[1].txt
obj[2]=File : c:\documents and
settings\\cookies\@questionmarket[2].txt obj[3]=File :
c:\documents and settings\\cookies\ @bravenet[2].txt obj[4]=File
c:\documents and settings\\cookies\ @cgi-bin[2].txt obj[5]=File
c:\documents and settings\\cookies\@etype.adbureau[1].txt