Intermittent application crash

Question

Logfile of HijackThis v1.99.1
Scan saved at 10:01:09 AM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = ?
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Note:When I have a crash it asks if I want to reoprt it to M/S. When I say yes and ask to see the file name to be included in the report the name is always different. However, it always starts with "c:\docume~1\users\locals~Temp\". The problem almost always occurs when the internet is involved. However, it did occur once when using TaxCut.So far it has not resulted in the loss of any files. Thanks for your help. J. Gibson

bamajim · Answer

jdsgibson

1. Go HERE and download XP Temp File Cleaner

Save it to your Desktop
Double click to run the CleantempXP program
A Cmd window will open briefly, and it will appear nothing has happened, but that's O.K.

2. Please download F-Secure Blacklight (blbeta.exe)

and Save to your Desktop
Double click the file to run it
It will create the "fsbl-xxxxxxx.log" on your desktop.
The log will have a list of all items found. Do not choose to rename any yet! I want to see the log first because legitimate items can also be present...like "wbemtest.exe".
Exit Blacklight and post the contents of the log in your next reply.

bamajim Graduate of MRU

jdsgibson · Answer

bamajim: After running the XP Temp file cleaner, the F-Decure Blacklight (blbeta.exe) scan detected zero files. What do it do next? Thanks for your help. Jack Gibson

bamajim · Answer

jdsgibson

I am trying to determine if your crashes are the result of infection. I noticed that there were signs of infection. No files showing in Blacklight is a good thing.

1. Rerun Hijackthis(scan only) and place checks beside the following entries

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C <<-And Unless you are still using Earthlink check this item also->>

Close all other open windows except Hijackthis and Select " Fix checked"

Close Hijackthis->>Reboot your PC

2. Please perform an Ewido Online Malware Scan

When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download.
Click on Start Scan.
after the scan completes i twill produce a log for you, copy and paste the results of that scan as a reply to this thread
If any infections are found, (After you save the logfile), Click on Remove Infections.

bamajim Graduate of MRU

bamajim · Answer

jdsgibson

The entry with that java version is not needed for the version you have is out of date and I had planned on giving instructions on installing the new version.

Go ahead with the instructions

bamajim Graduate of MRU

jdsgibson · Answer

bamajim: I have yet to carry out your latest instructions. However in looking them over I see one of the files you recommend I delete is 'O4 - HKLM\..Run: [SunJavaUpdateSched] C:\Java\jre1.5.0_06\bin\jusched.exe'. For some time I have been getting messages that Java update S/W is available to download. I have tried to download it several times and it has always failed to successfully download.  Does this information help you in our search for a fix? Thanks , Jack Gibson

bamajim · Answer

jdsgibson

No you were not required to 'pay'. I only recommend programs and scans that are free.

Lets to this

1. *NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here to clean temp files from your computer.

Double click on the file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location. Click Install then finish to complete installation.
Double click the CCleaner shortcut on the desktop to start the program.
On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
Click on the "Options" icon at the left side of the window, then click on "Advanced." deselect "Only delete files in Windows Temp folders older than 48 hours."
Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
After CCleaner has completed its process, click Exit.

2. Go HERE and Download System Repair Engine by smallfrogs

Save it to your Desktop
Rt Click sreng2.zip->>Extract all->>Extract it to your desktop
Open the sreng folder
Double click SREng->>Click Run
At the main Window, in the left Pane,Select Smart Scan
At the next window make sure all of the boxes are checked and Select Scan
When the scan is complete Select Save reports
Save it to your desktop and Close the tool
Double Click SREngLog.txt copy and paste that log as a reply to this thread

Do not run any other options with this tool unless instructed to do so.

You may have to post the results in more than one reply

bamajim Graduate of MRU

jdsgibson · Answer

bamajim: I Was able to Rerun Hijackthis scan only. I checked the 4 items you suggested and selected 'Fix checked'. Once during the fix operations, it stopped and presented this message 'An unexpected error has occurred at procedure:modMD5_GetFileFromAutoStart.('/C)  Error#5-Invalid procedure or argument. After continuing the process it seemed to complete successfully. I was never able to run an Ewido Online Malware Scan. I did get as far as getting a message '665.422 threats in database'. One problen was that I never was able to find the 'Yes' that was to start the scan' I did hit 'Run Scan' several times. I never arrange to pay for anything. Was that necessary? Thanks for your help Jack Gibson

bamajim · Answer

jdgibson   Skip that for a bit. I'll check into that. Just proceed with step 2   bamajim   Graduate of MRU

jdsgibson · Answer

bamajim: I am having difficulty following your latest instructions. I am not sure to determine whether I have anything of importance in a temp folder. I have a C:	emp folder.  It is It contains one item. It is 656k and is 'SGDESetupLog.txt. If it is all that will be at risk I can easily back it up. However, I am not sure that is all my temp files. I regularly delete temperory internet files and cookies. A second problem is that I am not sure how to follow the instruction ' Double click on the file to start  the installation of the program. I have been clicking on ' Download CCleaner now' and I get no language choice of licience agreement screen. I also get an option for a registary cleaner which I don't think is what  you are recommended. Any more detailed instructions you could provide would be appreciated. Thanks for your help. Jack Gibson

jdsgibson · Answer

bamajim:Report will not transmit in one piece due to 20000 character limit. I could not send the first half of it for the same reason, so I have keep cutting it down until it was able to transmit. How do you want me to transmit the entire file? Thanks for your help, Jack Gibson

CODE]

2007-03-07,20:02:02

System Repair Engineer 2.3.13.690
Smallfrogs ( http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <"C:\Program Files\Messenger\MSMSGS.EXE" /background> [(Verified)Microsoft Corporation]
    [Scansoft Inc.]
    <"C:\Program Files\Dell Support\DSAgnt.exe" /startup> [Gteko Ltd.]
    [(Verified)Microsoft Corporation]
    <"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1> [N/A]
    [(Verified)Google Inc.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    [(Verified)Intel Corporation]
    [(Verified)Intel Corporation]
    [(Verified)Broadcom Corporation]
    <"C:\Program Files\Microsoft Money\System\Activation.exe"> [Microsoft Corporation]
    <"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"> [Roxio]
    [Visioneer Inc]
    [Microsoft® Corporation]
    <"C:\Program Files\iTunes\iTunesHelper.exe"> [Apple Computer, Inc.]
    <"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
    <"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
    <"C:\Program Files\Norton Internet Security\osCheck.exe"> [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    [(Verified)Microsoft Corporation]
    [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    [(Verified)Microsoft Corporation]

==================================
Startup Folders
[Adobe Reader Speed Launch]
C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE [Adobe Systems Incorporated]>
[Dell Network Assistant]
C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [N/A]>
[Device Detector 3]
C:\PROGRA~1\Olympus\DEVICE~1\DevDtct2.exe [OLYMPUS IMAGING CORP.]>
[Directrec Configuration Tool]
C:\PROGRA~1\Olympus\DSSPLA~1\DIRECT~1.EXE [OLYMPUS IMAGING CORP.]>
[Microsoft Office Shortcut Bar]
C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe [N/A]>

==================================
Services
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]

[Automatic LiveUpdate Scheduler / Automatic LiveUpdate Scheduler][Running/Auto Start]
<"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe">
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon>
[Symantec Lic NetConnect service / CLTNetCnService][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon>
[COM Host / comHost][Stopped/Manual Start]
<"C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe">
[DM1Service / DM1Service][Running/Auto Start]

[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe">
[Human Interface Device Access / HidServ][Stopped/Disabled]
%SystemRoot%\System32\hidserv.dll>
[Advanced Networking Service / hnmsvc][Running/Auto Start]
<"C:\Program Files\Dell Network Assistant\hnm_svc.exe">
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe">
[iPodService / iPodService][Running/Manual Start]

[Symantec IS Password Validation / ISPwdSvc][Stopped/Manual Start]
<"C:\Program Files\Norton Internet Security\isPwdSvc.exe">
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
<"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE">
[Symantec Core LC / Symantec Core LC][Running/Manual Start]
<"C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe">
[Symantec AppCore Service / SymAppCore][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe">

==================================
Drivers
[aeaudio / aeaudio][Running/Manual Start]

[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]

[BCM V.92 56K Modem / BCMModem][Running/Manual Start]

[Symantec Eraser Control driver / eeCtrl][Running/System Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Running/Manual Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]

[ialm / ialm][Running/Manual Start]

[NAVENG / NAVENG][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070307.037\NAVENG.SYS>
[NAVEX15 / NAVEX15][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070307.037\NAVEX15.SYS>
[OMCI / OMCI][Running/System Start]
<\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS>
[Auto Internet Protocol / Packet][Running/Auto Start]

[Direct Parallel Link Driver / Ptilink][Running/Manual Start]

[Secdrv / Secdrv][Stopped/Manual Start]

[smwdm / smwdm][Running/Manual Start]

[SPBBCDrv / SPBBCDrv][Running/System Start]
<\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys>
[SRTSP / SRTSP][Running/Manual Start]

[SRTSPL / SRTSPL][Stopped/Manual Start]

[SRTSPX / SRTSPX][Running/System Start]

[SYMDNS / SYMDNS][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMDNS.SYS>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS>
[SYMFW / SYMFW][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMFW.SYS>
[SYMIDS / SYMIDS][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMIDS.SYS>
[SYMIDSCO / SYMIDSCO][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070302.001\SymIDSCo.sys>
[SYMNDIS / SYMNDIS][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMNDIS.SYS>
[SYMREDRV / SYMREDRV][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS>
[SYMTDI / SYMTDI][Running/System Start]
<\SystemRoot\System32\Drivers\SYMTDI.SYS>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Stopped/System Start]

[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Stopped/Manual Start]

==================================

jdsgibson · Answer

bamajim: the 4th piece of SREngLOG transission was the remainder of the file. Thanks for your help. Jack

jdsgibson · Answer

bamajim: Below is the 2nd piece of SREngLOG. Thanks for your help. Jack Gibson.

==================================
Browser Add-ons
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}
[]
{53707962-6F74-2D53-2644-206D7942484F}
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7}
[Java Plug-in]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
[]
{120E090D-9136-4b78-8258-F0B44B4BD2AC}
[&Research]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}
[]
{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683}
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[Show Norton Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF}
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
[ewidoOnlineScan Control]
{193C772A-87BE-4B19-A7BB-445B226FE9A1}
[Office Update Installation Engine]
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}
[Java Plug-in]
{8AD9C840-044E-11D1-B3E9-00805F499D93}
[Java Plug-in]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
[Java Plug-in 1.5.0_06]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700}
[ewidoOnlineScan Control]
{193C772A-87BE-4B19-A7BB-445B226FE9A1}
[]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
[]
{53707962-6F74-2D53-2644-206D7942484F}
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C}
[Microsoft Shell UI Helper]
{64AB4BB7-111E-11D1-8F79-00C04FC2FBE1}
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6}
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
[Show Norton Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF}
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7}
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\MSXML3.DLL, N/A>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\MSXML3.DLL, N/A>
[E&xport to Microsoft Excel]

==================================
Running Processes
[PID: 580][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 688][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4342]
[PID: 732][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 744][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 896][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 976][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1072][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1144][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1300][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1436][C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe] [Symantec Corporation, 106.1.3.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL60U.dll] [Symantec Corporation, 106.1.3.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 106.1.3.3]
    [C:\Program Files\Common Files\Symantec Shared\ccSvc.dll] [Symantec Corporation, 106.1.3.3]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 106.1.3.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETPLG.DLL] [Symantec Corporation, 106.1.3.3]
    [C:\PROGRA~1\NORTON~1\NORTON~1\AVPSVC32.DLL] [Symantec Corporation, 14.0.0.89]
    [C:\PROGRA~1\NORTON~1\NORTON~1\AVPSVC32.loc] [Symantec Corporation, 14.0.0.89]
    [C:\Program Files\Norton Internet Security\Norton AntiVirus\AVSubmit.dll] [Symantec Corporation, 14.0.0.89]
    [C:\Program Files\Norton Internet Security\Norton AntiVirus\AVSubmit.loc] [Symantec Corporation, 14.0.0.89]
    [C:\PROGRA~1\NORTON~1\ISDATASV.DLL] [Symantec Corporation, 10.0.0.247]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\NPC\NPCWMIMN.DLL] [Symantec Corporation, 2007.1.00.118]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSVC.DLL] [Symantec Corporation, 7.0.0.170]
    [C:\Program Files\Common Files\Symantec Shared\ccL60.dll] [Symantec Corporation, 106.1.3.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SUBMIS~1\SUBENG.DLL] [Symantec Corporation, 2.0.0.164]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SUBMIS~1\SUBRES.loc] [Symantec Corporation, 2.0.0.164]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\TPROCPLG.DLL] [Symantec Corporation, 3.0.1.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVTPLG.DLL] [Symantec Corporation, 106.1.3.3]
    [C:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll] [Symantec Corporation, 106.1.3.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\FIREWALL\FWAGENT.DLL] [Symantec Corporation, 1.0.0.184]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] [Symantec Corporation, 3.0.1.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SRTSP\SRTSP32.DLL] [Symantec Corporation, 10.1.3.9]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 106.1.3.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] [Symantec Corporation, 106.1.3.3]
    [C:\PROGRA~1\NORTON~1\ISSVC.DLL] [Symantec Corporation, 10.0.0.86]
    [C:\PROGRA~1\NORTON~1\NORTON~1\NAVEVENT.DLL] [Symantec Corporation, 14.0.0.89]
    [C:\WINDOWS\SYSTEM32\SYMNETI.DLL] [Symantec Corporation, 7.0.0.170]
    [C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVIfc.dll] [Symantec Corporation, 1.0.00.194]
    [C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll] [Symantec Corporation, 1.0.00.101]
    [C:\Program Files\Common Files\Symantec Shared\Firewall\FWHelper.dll] [Symantec Corporation, 1.0.0.184]
    [C:\Program Files\Norton Internet Security\isDataCl.dll] [Symantec Corporation, 10.0.0.247]
    [C:\Program Files\Norton Internet Security\fwPlugin.dll] [Symantec Corporation, 10.0.0.247]
    [C:\Program Files\Norton Internet Security\fwEvent.dll] [Symantec Corporation, 10.0.0.247]
    [C:\Program Files\Norton Internet Security\SetEvtHp.dll] [Symantec Corporation, 10.0.0.247]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\OPC\{31011~1\CLTNETCN.DLL] [Symantec Corporation, 7.0.0.108]
    [C:\Program Files\Common Files\Symantec Shared\NcoItf.dll] [Symantec Corporation, 2007.1.00.133]
    [C:\Program Files\Norton Internet Security\IMCfg.dll] [Symantec Corporation, 10.0.0.247]
    [C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll] [Symantec Corporation, 3.0.1.10]
    [C:\Program Files\Common Files\Symantec Shared\NPC\npcWmiDt.dll] [Symantec Corporation, 2007.1.00.118]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SUBMIS~1\SubConn.dll] [Symantec Corporation, 2.0.0.164]
    [C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll] [Symantec Corporation, 3.2.10.0]
    [C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVLOGV.dll] [Symantec Corporation, 14.0.0.89]
    [C:\Program Files\Norton Internet Security\Norton AntiVirus\navlogv.loc] [Symantec Corporation, 14.0.0.89]
    [C:\Program Files\Common Files\Symantec Shared\ccALEng.dll] [Symantec Corporation, 106.1.3.3]
    [C:\Program Files\Common Files\Symantec Shared\SPBBC\ccTrstPc.dll] [Symantec Corporation, 3.0.1.10]
    [C:\Program Files\Common Files\Symantec Shared\ccScanw.dll] [Symantec Corporation, 106.1.3.3]
    [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] [Symantec Corporation, 61.3.0.17]
    [C:\Program Files\Common Files\Symantec Shared\MSL\msl.dll] [Symantec Corporation, 5.0.071.000]
[PID: 1524][C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe] [Symantec Corporation, 1.0.00.101]
    [C:\Program Files\Common Files\Symantec Shared\ccL60U.dll] [Symantec Corporation, 106.1.3.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 106.1.3.3]
    [C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll] [Symantec Corporation, 1.0.00.101]
    [C:\Program Files\Common Files\Symantec Shared\AppCore\AppSet32.dll] [Symantec Corporation, 1.0.00.101]
    [C:\Program Files\Common Files\Symantec Shared\ccSvc.dll] [Symantec Corporation, 106.1.3.3]
    [C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVScan.dll] [Symantec Corporation, 1.0.00.194]
    [C:\Program Files\Common Files\Symantec Shared\AntiVirus\AV.loc] [Symantec Corporation, 1.0.00.194]
    [C:\Program Files\Common Files\Symantec Shared\AntiVirus\avDefMgr.dll] [Symantec Corporation, 1.0.00.194]
    [C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll] [Symantec Corporation, 3.2.10.0]
    [C:\Program Files\Common Files\Symantec Shared\AntiVirus\avModule.dll] [Symantec Corporation, 1.0.00.194]
    [C:\Program Files\Common Files\Symantec Shared\QBackup.dll] [Symantec Corporation, 1.0.00.194]
    [C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVExclu.dll] [Symantec Corporation, 1.0.00.194]
    [C:\Program Files\Common Files\Symantec Shared\SRTSP\Srtsp32.dll] [Symantec Corporation, 10.1.3.9]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 106.1.3.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtCli.dll] [Symantec Corporation, 106.1.3.3]
    [C:\Program Files\Common Files\Symantec Shared\ccScanw.dll] [Symantec Corporation, 106.1.3.3]
    [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] [Symantec Corporation, 61.3.0.17]
    [C:\Program Files\Common Files\Symantec Shared\MSL\msl.dll] [Symantec Corporation, 5.0.071.000]
    [C:\Program Files\Common Files\Symantec Shared\dec_abi.dll] [Symantec Corporation, 1.0.6.41]
[PID: 1632][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\pdf995mon.dll] [N/A, N/A]
[PID: 1060][C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe] [Symantec Corporation, 3.1.0.99]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 106.1.3.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL60U.dll] [Symantec Corporation, 106.1.3.3]
    [C:\Program Files\Symantec\LiveUpdate\PSLuComServer_3_1.DLL] [Symantec Corporation, 3.1.0.99]
[PID: 1164][C:\WINDOWS\system32\cisvc.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1188][C:\Program Files\Olympus\DeviceDetector\DM1Service.exe] [OLYMPUS Corporation, 1, 2, 1, 0]
[PID: 1252][C:\Program Files\Dell Network Assistant\hnm_svc.exe] [SingleClick Systems, 1, 0, 2, 0]

jdsgibson · Answer

bamajin: This is the 3rd piece of Gibson SREngLOG file. ================================== [PID: 1252][C:\Program Files\Dell Network Assistant\hnm_svc.exe]  [SingleClick Systems, 1, 0, 2, 0]     [C:\Program Files\Dell Network Assistant\ezi.dll]  [SingleClick Systems, 1, 0, 6, 0]     [C:\Program Files\Dell Network Assistant\ezi_comm.dll]  [SingleClick Systems, 1, 0, 6, 0]     [C:\Program Files\Dell Network Assistant\ezi_crypt.dll]  [SingleClick Systems, 1, 0, 6, 0]     [C:\Program Files\Dell Network Assistant\ezi_dev.dll]  [SingleClick Systems, 1, 0, 6, 0]     [C:\Program Files\Dell Network Assistant\ezi_registry.dll]  [SingleClick Systems, 1, 0, 6, 0]     [C:\Program Files\Dell Network Assistant\ezi_dun.dll]  [SingleClick Systems, 1, 0, 6, 0]     [C:\Program Files\Dell Network Assistant\ezi_http.dll]  [SingleClick Systems, 1, 0, 6, 0]     [C:\Program Files\Dell Network Assistant\ezi_ip_hlpr.dll]  [SingleClick Systems, 1, 0, 6, 0]     [C:\Program Files\Dell Network Assistant\ezi_oui.dll]  [SingleClick Systems, 1, 0, 6, 0]     [C:\Program Files\Dell Network Assistant\ezi_snetcfg.dll]  [SingleClick Systems, 1, 0, 6, 0]     [C:\Program Files\Dell Network Assistant\ezi_socket.dll]  [SingleClick Systems, 1, 0, 6, 0]     [C:\Program Files\Dell Network Assistant\ezi_sys32.dll]  [SingleClick Systems, 1, 0, 6, 0]     [C:\Program Files\Dell Network Assistant\ezi_wmi.dll]  [SingleClick Systems, 1, 0, 6, 0]     [C:\Program Files\Dell Network Assistant\hnm_ipc.dll]  [SingleClick Systems, 1, 0, 2, 0] [PID: 1352][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe]  [Microsoft Corporation, 7.00.9466] [PID: 1488][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]     [C:\WINDOWS\System32\wiamicro.dll]  [Visioneer Corporation, 1, 0, 0, 60] [PID: 472][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1672][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]     [C:\PROGRA~1\COMMON~1\SYMANT~1\NPC\NSCEXT.DLL]  [Symantec Corporation, 2007.1.00.118]     [C:\Program Files\Common Files\Symantec Shared\ccL60U.dll]  [Symantec Corporation, 106.1.3.3]     [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 106.1.3.3]     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]     [C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll]  [Symantec Corporation, 14.0.0.89]     [C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.loc]  [N/A, N/A]     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.7.2006011200]     [C:\Program Files\Spybot - Search & Destroy\SDHelper.dll]  [Safer Networking Limited, 1, 4, 0, 0] [PID: 2852][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4342]     [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4342]     [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.4342]     [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4342]     [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.4342]     [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4342] [PID: 3012][C:\WINDOWS\BCMSMMSG.exe]  [Broadcom Corporation,  3.5.25 08/27/2003 20:04:35] [PID: 3236][C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe]  [Roxio, 5.2.0.91]     [C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\CDUDFLIB.dll]  [Roxio, 5.2.0.91]     [C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\UDFRWLIB.dll]  [Roxio, 5.2.0.91] [PID: 3452][C:\PROGRA~1\VISION~1\ONETOU~2.EXE]  [Visioneer Inc, 3, 1, 2, 20]     [C:\PROGRA~1\VISION~1\OneTouchRes.dll]  [Visioneer Inc, 3, 1, 2, 20]     [C:\PROGRA~1\VISION~1\ON68E8~1.DLL]  [Visioneer Inc, 3, 1, 2, 20] [PID: 3480][C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe]  [Microsoft® Corporation, 9.00.0607.0] [PID: 3488][C:\Program Files\iTunes\iTunesHelper.exe]  [Apple Computer, Inc., 6.0.5.20]     [C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL]  [Apple Computer, Inc., 6.0.5.20]     [C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL]  [Apple Computer, Inc., 6.0.5.20] [PID: 3704][C:\Program Files\QuickTime\qttask.exe]  [Apple Computer, Inc., 7.1] [PID: 3712][C:\Program Files\iPod\bin\iPodService.exe]  [Apple Computer, Inc., 6.0.5.20]     [C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL]  [Apple Computer, Inc., 6.0.5.20]     [C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL]  [Apple Computer, Inc., 6.0.5.20] [PID: 3724][C:\Program Files\Common Files\Symantec Shared\ccApp.exe]  [Symantec Corporation, 106.1.3.3]     [C:\Program Files\Common Files\Symantec Shared\ccL60U.dll]  [Symantec Corporation, 106.1.3.3]     [C:\WINDOWS\system32\SymNeti.dll]  [Symantec Corporation, 7.0.0.170]     [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 106.1.3.3]     [C:\Program Files\Common Files\Symantec Shared\ccSvc.dll]  [Symantec Corporation, 106.1.3.3]     [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 106.1.3.3]     [C:\Program Files\Common Files\Symantec Shared\AppCore\AppPlg32.dll]  [Symantec Corporation, 1.0.00.101]     [C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll]  [Symantec Corporation, 1.0.00.101]     [C:\Program Files\Common Files\Symantec Shared\AppCore\AppSet32.dll]  [Symantec Corporation, 1.0.00.101]     [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL]  [Symantec Corporation, 106.1.3.3]     [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL]  [Symantec Corporation, 106.1.3.3]     [C:\Program Files\Norton Internet Security\fwAlert.dll]  [Symantec Corporation, 10.0.0.247]     [C:\Program Files\Norton Internet Security\fwAlRes.dll]  [Symantec Corporation, 10.0.0.247]     [C:\PROGRA~1\NORTON~1\NORTON~1\DEFALERT.DLL]  [Symantec Corporation, 14.0.0.89]     [C:\PROGRA~1\NORTON~1\NORTON~1\AVPAPP32.DLL]  [Symantec Corporation, 14.0.0.89]     [C:\PROGRA~1\NORTON~1\NISTRAY.DLL]  [Symantec Corporation, 10.0.0.86]     [C:\PROGRA~1\NORTON~1\ISLALERT.DLL]  [Symantec Corporation, 10.0.0.86]     [C:\Program Files\Common Files\Symantec Shared\NPC
pcTRAY.dll]  [Symantec Corporation, 2007.1.00.118]     [C:\Program Files\Common Files\Symantec Shared\CF\PEP2.dll]  [Symantec Corporation, 2006.1.00.58]     [C:\Program Files\Common Files\Symantec Shared\COH\sesHlp.dll]  [Symantec Corporation, 6,0,2,1]     [C:\PROGRA~1\NORTON~1\AlertRes.dll]  [Symantec Corporation, 10.0.0.86]     [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 106.1.3.3]     [C:\Program Files\Common Files\Symantec Shared\NPC\DataPvdr.dll]  [Symantec Corporation, 2007.1.00.118]     [C:\PROGRA~1\NORTON~1\NISTrRes.dll]  [Symantec Corporation, 10.0.0.86]     [C:\Program Files\Common Files\Symantec Shared\NPC\NSCHlpr2.dll]  [Symantec Corporation, 2007.1.00.118]     [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 106.1.3.3]     [C:\PROGRA~1\NORTON~1\NORTON~1\AVPAPP32.loc]  [Symantec Corporation, 14.0.0.89]     [C:\Program Files\Norton Internet Security\SetEvtHp.dll]  [Symantec Corporation, 10.0.0.247]     [C:\Program Files\Norton Internet Security\fwEvent.dll]  [Symantec Corporation, 10.0.0.247]     [C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtCli.dll]  [Symantec Corporation, 106.1.3.3]     [C:\Program Files\Norton Internet Security\isDataCl.dll]  [Symantec Corporation, 10.0.0.247]     [C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVIfc.dll]  [Symantec Corporation, 1.0.00.194]     [C:\Program Files\Common Files\Symantec Shared\NPC\pcStatus.dll]  [Symantec Corporation, 2007.1.00.118]     [C:\PROGRA~1\COMMON~1\SYMANT~1cEmlPxy.dll]  [Symantec Corporation, 106.0.1.10]     [C:\WINDOWS\system32\SymRedir.dll]  [Symantec Corporation, 7.0.0.170]     [C:\Program Files\Common Files\Symantec Shared\NPC\uiLicPlg.dll]  [Symantec Corporation, 2007.1.00.118]     [C:\Program Files\Common Files\Symantec Shared\NPC\NSCWSCR2.DLL]  [Symantec Corporation, 2007.1.00.118]     [C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVMail.dll]  [Symantec Corporation, 1.0.00.194]     [C:\Program Files\Common Files\Symantec Shared\NPC
pcWmiCl.dll]  [Symantec Corporation, 2007.1.00.118]     [C:\Program Files\Common Files\Symantec Shared\NPC
pcWmiDt.dll]  [Symantec Corporation, 2007.1.00.118]     [C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVExclu.dll]  [Symantec Corporation, 1.0.00.194]     [C:\Program Files\Common Files\Symantec Shared\NcoItf.dll]  [Symantec Corporation, 2007.1.00.133]     [C:\Program Files\Common Files\Symantec Shared\NPC\PEPEvnt.dll]  [Symantec Corporation, 2007.1.00.118]     [C:\Program Files\Common Files\Symantec Shared\CF\cfV2Pack.dll]  [Symantec Corporation, 2006.1.00.58]     [C:\Program Files\Common Files\Symantec Shared\CF\cfEPack.dll]  [Symantec Corporation, 2006.1.00.58]     [C:\PROGRA~1\COMMON~1\SYMANT~1cAlert.dll]  [Symantec Corporation, 106.0.1.10]     [C:\PROGRA~1\NORTON~1\NORTON~1\defalert.loc]  [Symantec Corporation, 14.0.0.89]     [C:\Program Files\Norton Internet Security\IMCfg.dll]  [Symantec Corporation, 10.0.0.247] [PID: 3792][C:\Program Files\Messenger\MSMSGS.EXE]  [Microsoft Corporation, 4.7.3001]     [C:\WINDOWS\System32\quartz.dll]  [N/A, N/A]     [C:\WINDOWS\System32\devenum.dll]  [N/A, N/A]     [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A] [PID: 3892][C:\Program Files\Dell Support\DSAgnt.exe]  [Gteko Ltd., 1, 1, 0, 73]     [C:\Program Files\Dell Support\AUPNP.dll]  [Gteko Ltd., 1, 0, 0, 11]     [C:\Program Files\Dell Support\AUReg.dll]  [Gteko Ltd., 1, 1, 0, 9] [PID: 3960][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1036][C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 1128, 5462]     [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462es_en.dll]  [Google Inc., 1, 2, 1128, 5462]     [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll]  [Google Inc., 1, 2, 1128, 5462] [PID: 2148][C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe]  [OLYMPUS IMAGING CORP., 3, 2, 1, 1]     [C:\WINDOWS\system32\OdiAPI.dll]  [N/A, N/A]     [C:\Program Files\Olympus\DeviceDetector\DevDtctResource.dll]  [OLYMPUS IMAGING CORP., 3, 1, 2, 0]     [C:\WINDOWS\system32\DirrecAPI.dll]  [OLYMPUS IMAGING CORP., 1, 0, 0, 1]     [C:\WINDOWS\system32\OdiOlDVR.dll]  [N/A, N/A]     [C:\WINDOWS\system32\STRDEVAPI.dll]  [OLYMPUS Corpration, 0, 8, 0, 0]     [C:\WINDOWS\system32\DSXUSB.dll]  [OLYMPUS CORPORATION, 1.1.1.0]     [C:\WINDOWS\system32\dssusb1.dll]  [OLYMPUS CORPORATION, 1.7.1.0]     [C:\WINDOWS\system32\dssusb.dll]  [OLYMPUS OPTICAL CO.,LTD., 1, 8, 0, 0]     [C:\WINDOWS\system32\DM1USBAPI.dll]  [OLYMPUS OPTICAL CO.,LTD, 1, 2, 0, 0]     [C:\Program Files\Olympus\DeviceDetector\DSSCancel.dll]  [N/A, N/A] [PID: 2156][C:\Program Files\Olympus\DSSPlayer\DirectrecConfig.exe]  [OLYMPUS IMAGING CORP., 1, 0, 0, 0]     [C:\WINDOWS\system32\DirrecAPI.dll]  [OLYMPUS IMAGING CORP., 1, 0, 0, 1]     [C:\Program Files\Olympus\DSSPlayer\DirectrecConfigRes.dll]  [OLYMPUS IMAGING CORP., 1, 0, 0, 0] [PID: 2532][C:\Program Files\Microsoft Office\Office10\msoffice.exe]  [Microsoft Corporation, 10.0.2609]     [C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll]  [Symantec Corporation, 14.0.0.89]     [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 106.1.3.3]     [C:\Program Files\Common Files\Symantec Shared\ccL60U.dll]  [Symantec Corporation, 106.1.3.3]     [C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.loc]  [N/A, N/A] [PID: 3968][C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe]  [Symantec Corporation, 1.9.1.1034]     [C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll]  [Symantec Corporation, 1.9.1.1034] [PID: 2332][C:\WINDOWS\system32\cidaemon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2312][C:\Documents and Settings\jack\Desktop\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]

jdsgibson · Answer

bamajim:This is the 4th piece of the Gibson SREngLOG. Thanks, J Gibson

[PID: 2332][C:\WINDOWS\system32\cidaemon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2312][C:\Documents and Settings\jack\Desktop\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost
127.0.0.1       www.f1organizer.com #removed adware url
127.0.0.1       www.netpalnow.com   #removed adware url
127.0.0.1       www.addictivetechnologies.com #removed adware url
127.0.0.1       www.mindseti.com #removed adware url
127.0.0.1       www.mindsetinteractive.com #removed adware url
127.0.0.1 coolwebsearch.com
127.0.0.1 stats.coolwebsearch.com
127.0.0.1 www.coolwebsearch.com #[cws/iefeats]
127.0.0.1 1-se.com #[cws.aboutblank][w32.tuoba.trojan]
127.0.0.1 www.1-se.com #[vbs.startpage.c]
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 www.31234.com #[cws.msconfig]
127.0.0.1 356563.net #[win32.winshow.g]
127.0.0.1 www.356563.net
127.0.0.1 4-counter.com #[cws.winproc32][icanfindit.net]
127.0.0.1 75tz.com #[win32.winshow.g]
127.0.0.1 www.75tz.com
127.0.0.1 8ad.com #[parasite.winshow]
127.0.0.1 www.8ad.com
127.0.0.1 adasearch.com
127.0.0.1 www.adasearch.com
127.0.0.1 adulthyperlinks.com #[parasite.coolwebsearch]
127.0.0.1 www.adulthyperlinks.com
127.0.0.1 acc.count-all.com #[cws.tapicfg]
127.0.0.1 aifind.biz
127.0.0.1 www.aifind.biz #[aifind.cc][troj/startpg-bg]
127.0.0.1 aifind.com
127.0.0.1 www.aifind.com
127.0.0.1 aifind.info #[cws.xmlmimefilter][trojan.bookmarker.b,f]
127.0.0.1 allhyperlinks.com #[cws.dnsrelay]
127.0.0.1 www.allhyperlinks.com #[cws.oslogo][cws.oemsyspnp]
127.0.0.1 alfa-search.com #[cws.alfasearch]
127.0.0.1 www.alfa-search.com
127.0.0.1 allneedsearch.com #[troj_startpage.b][find-itnow.com]
127.0.0.1 approvedlinks.com #[super-spider.com]
127.0.0.1 best-search.info #[cws.smartfinder.2]
127.0.0.1 blanksearch.biz #[cws.jksearch]
127.0.0.1 cashsearch.biz #[cws.jksearch]
127.0.0.1 www.clearsearch.net
127.0.0.1 www.coolfreehost.com
127.0.0.1 coolwebsearch.biz
127.0.0.1 www.crooder.com
127.0.0.1 defaultsearching.com #[cws.sounddrv][searchmeup.com]
127.0.0.1 www.e-finder.cc #[cws.addclass.2][startpage-da]
127.0.0.1 ehttp.cc #[cws.addclass][troj_startpage.d]
127.0.0.1 enjoysearch.info #[cws.xxxvideo]
127.0.0.1 www.enjoysearch.info
127.0.0.1 e-plus.cc #[adware.worldsearch]
127.0.0.1 fastsearch.cc #[cws.tapicfg.2][adware.searchcounter]
127.0.0.1 fast-search.us #[cws.docobj]
127.0.0.1 fastwebfinder.com #[app/fastweb-a][adware.fastwebfinder]
127.0.0.1 www.fastwebfinder.com #[cws.aff.tooncomics.2][search.targetwords.com]
127.0.0.1 findemnow.com
127.0.0.1 www.findemnow.com
127.0.0.1 find-itnow.com #[w32.bizten][cws.alfasearch.2]
127.0.0.1 just.find-itnow.com #[startpage-au]
127.0.0.1 www.find-itnow.com #[w32.hostidel.trojan][troj_hostidel.a]
127.0.0.1 findloss.com #[umaxsearch.com]
127.0.0.1 www.findloss.com
127.0.0.1 find-online.net #[troj_startpag.gy]
127.0.0.1 www.find-online.net
127.0.0.1 firstbookmark.com #[parasite.clientman]
127.0.0.1 www.firstbookmark.com
127.0.0.1 www.geo-traffic.com #[redirects to search.msmn.com]
127.0.0.1 globe-finder.cc #[win32.startpage.n]
127.0.0.1 globe-finder.net #[clearsearch.net]
127.0.0.1 www.globe-finder.net
127.0.0.1 global-finder.com #[cws.msinfo]
127.0.0.1 www.global-finder.com
127.0.0.1 gonnasearch.com #[cws.gonnasearch]
127.0.0.1 www.gonnasearch.com #[supaseek.com]
127.0.0.1 greatsearch.biz #[cws.jksearch]
127.0.0.1 greg-search.com #[trojandropper.win32.small.cw]
127.0.0.1 www.greg-search.com
127.0.0.1 hotbookmark.com #[troj/iestart-f]
127.0.0.1 www.hotbookmark.com
127.0.0.1 idgsearch.com #[googlems search helper][cws.googlems]
127.0.0.1 www.idgsearch.com #[trojan.digits]
127.0.0.1 icansearch.net
127.0.0.1 www.icansearch.net
127.0.0.1 ie-search.com #[cws.loadbat][umaxsearch.com]
127.0.0.1 www.ie-search.com
127.0.0.1 iefeadsl.com #[win32.winshow.g]
127.0.0.1 jksearch.biz #[cws.jksearch][startpage-dc]
127.0.0.1 lookfor.cc #[troj_iefeats.a]
127.0.0.1 www.lookfor.cc
127.0.0.1 luckysearch.net #[cws.tapicfg]
127.0.0.1 www.luckysearch.net
127.0.0.1 lustler.com
127.0.0.1 www.lustler.com
127.0.0.1 madfinder.com #[backdoor.madfind][madfinder]
127.0.0.1 www.madfinder.com #[cws.aff.madfinder][downloader-eu]
127.0.0.1 martfinder.com #[adware.startpage][troj/startpa-gh]
127.0.0.1 www.martfinder.com
127.0.0.1 404.msmn.com
127.0.0.1 search.msmn.com
127.0.0.1 gotosearch.msmn.com
127.0.0.1 bjvvhk.t.muxa.cc #[adware.raxums][random sub-domains]
127.0.0.1 myexexex.com #[cws.jsconsole]
127.0.0.1 www.myexexex.com
127.0.0.1 ntsearch.com
127.0.0.1 www.ntsearch.com #[trojan.win32.spooner.d][adware-nsearch]
127.0.0.1 omega-search.com #[cws.olehelp][trojan.bookmarker.d]
127.0.0.1 best.omega-search.com
127.0.0.1 www.omega-search.com
127.0.0.1 payfortraffic.net #[cws.dnsrelay.3][cws.msole]
127.0.0.1 www.payfortraffic.net
127.0.0.1 power-search.info #[trojan.bookmarker.g]

bamajim · Answer

jdgibson

Sorry for the delay in repling

1. Using Windows Explorer

(Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)

Locate and Delete the following file

C:\WINDOWS\System32\ms.exe

Close Windows Explorer->>Reboot your PC.

2. Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As") to download Silent Runners.

Save it to the desktop.
Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
Once you receive the prompt "All Done!", double-click the new text file on the desktop, copy that entire log, and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

bamajim Graduate of MRU

Virus & Spyware

Intermittent application crash

Was this post helpful?