Internet Explorer freezes all of a sudden

edited February 2007 in Spyware & Virus Removal
My Internet Explorer all of a sudden stopped working. When I open it, the application freezes. When I go to my Task Manager and click on the Processes tab, I see a bunch of IEXPLORE.EXE entries, like 15. I manually delete the processes, but slowly they will come back and slow down my whole computer to a standstill.

I think the problem started on Friday. When I turned my computer on, I got a message saying that my Adobe Flash version was outdated. It probably wasnt from Adobe. Like an idiot, I clicked on the download button and my IE has been hosed ever since. I used my friends computer to download Mozilla and that's how i'm able to get onto this website. Appreciate any help you can give me to rid my computer of whatever virus/malware it has. Here's my HijackThis log. I've run an Anti-virus scan (no entries), Adaware scan and a Spyware-Spybot scan.

Logfile of HijackThis v1.99.1
Scan saved at 2:46:08 PM, on 1/14/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\acs.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\acstp\icserv.exe
C:\WINDOWS\system32\acstp\wake_up.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Network ICE\BlackICE\RapApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\taskmgr.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\hijackthis\Scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEWorkaround Class - {08442457-929D-4522-AE24-9D3E4664A0C1} - C:\Program Files\IE URL Spoofing Patch\IEWorkaround3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\System32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Accenture Connection] "C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [aauclient] C:\Program Files\ACNU\ACNUpdater.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Simp] C:\PROGRA~1\Secway\SIMPPR~1.1\SimpPro.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /registry /service
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BPS Security Console] C:\Program Files\BulletProofSoft.com\BPS Security Console\SecCon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: RealSecure(r) Desktop Protector.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=https://portal.accenture.com
O15 - Trusted Zone: *.accenture.com
O15 - Trusted Zone: *.accenture.com (HKLM)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121906339945
O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
O16 - DPF: {a2001dd0-c7bd-11d4-a3e1-00c04fa32518} - http://t3oraweb.solar.cat.com/dev6/plugin/jinit1183.exe
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/CentraDownloader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BF17C411-9ADA-4C73-B12C-BD814BDE187F} (ScheduleServices.CtlScheduleServices) - https://mylearning.accenture.com/accenture/core/common/ScheduleServices/ScheduleServices.cab
O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} (SDWAPI.clsWAPI) - https://mylearning.accenture.com/codebase/SDWAPI.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Accenture.com
O17 - HKLM\Software\..\Telephony: DomainName = Accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AA60204-E8D5-4808-8B22-8E427B7C9BB4}: Domain = accenture.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Accenture.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: ACNUSvc - - c:\program files\acnu\acnupdatersvc.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - C:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - C:\WINDOWS\system32\acstp\icserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Comments

  • edited January 2007
    new HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:17:11 AM, on 1/23/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\System32\acs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\Program Files\Network ICE\BlackICE\blackd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\acstp\icserv.exe
    C:\WINDOWS\system32\acstp\wake_up.exe
    C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    C:\Program Files\Network ICE\BlackICE\RapApp.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Network ICE\BlackICE\blackice.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\hijackthis\Scanner.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [Accenture Connection] "C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe"
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [aauclient] C:\Program Files\ACNU\ACNUpdater.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Simp] C:\PROGRA~1\Secway\SIMPPR~1.1\SimpPro.exe
    O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
    O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /registry /service
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: RealSecure(r) Desktop Protector.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O14 - IERESET.INF: START_PAGE_URL=https://portal.accenture.com
    O15 - Trusted Zone: *.accenture.com
    O15 - Trusted Zone: *.accenture.com (HKLM)
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121906339945
    O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
    O16 - DPF: {a2001dd0-c7bd-11d4-a3e1-00c04fa32518} - http://t3oraweb.solar.cat.com/dev6/plugin/jinit1183.exe
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/CentraDownloader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BF17C411-9ADA-4C73-B12C-BD814BDE187F} (ScheduleServices.CtlScheduleServices) - https://mylearning.accenture.com/accenture/core/common/ScheduleServices/ScheduleServices.cab
    O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
    O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} (SDWAPI.clsWAPI) - https://mylearning.accenture.com/codebase/SDWAPI.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Accenture.com
    O17 - HKLM\Software\..\Telephony: DomainName = Accenture.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4AA60204-E8D5-4808-8B22-8E427B7C9BB4}: Domain = accenture.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Accenture.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: ACNUSvc - - c:\program files\acnu\acnupdatersvc.exe
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - C:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - C:\WINDOWS\system32\acstp\icserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
    O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • jmoney3457jmoney3457 Maine
    edited January 2007
    You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!

    Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
    • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    Once in Safe Mode:

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
        scanavgjk2.jpg
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot back into Normal Mode please post back the AVG log and new HJT log
  • edited February 2007
    Sorry for the delay. Attached is the AVG and HJT logs.

    AVG Log:
    AVG Anti-Spyware - Scan Report

    + Created at: 7:33:16 AM 2/5/2007

    + Scan result:



    C:\Program Files\SpySheriff -> Adware.SpySheriff : Ignored.
    C:\Program Files\SpySheriff\SpySheriff.dvm -> Adware.SpySheriff : Ignored.
    C:\Program Files\SpySheriff\SpySheriff.exe -> Adware.SpySheriff : Ignored.
    C:\Program Files\SpySheriff\Uninstall.exe -> Adware.SpySheriff : Ignored.
    C:\Program Files\SpySheriff\base.avd -> Adware.SpySheriff : Ignored.
    C:\Program Files\SpySheriff\base001.avd -> Adware.SpySheriff : Ignored.
    C:\Program Files\SpySheriff\base002.avd -> Adware.SpySheriff : Ignored.
    C:\Program Files\SpySheriff\found.wav -> Adware.SpySheriff : Ignored.
    C:\Program Files\SpySheriff\heur000.dll -> Adware.SpySheriff : Ignored.
    C:\Program Files\SpySheriff\heur001.dll -> Adware.SpySheriff : Ignored.
    C:\Program Files\SpySheriff\heur002.dll -> Adware.SpySheriff : Ignored.
    C:\Program Files\SpySheriff\heur003.dll -> Adware.SpySheriff : Ignored.
    C:\Program Files\SpySheriff\notfound.wav -> Adware.SpySheriff : Ignored.
    C:\Program Files\SpySheriff\removed.wav -> Adware.SpySheriff : Ignored.
    :mozilla.230:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.234:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.235:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.110:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.111:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.112:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.113:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.114:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.115:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.102:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.104:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.105:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.106:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.107:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.103:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.147:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
    :mozilla.256:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
    :mozilla.257:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
    :mozilla.258:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
    :mozilla.79:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.80:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.81:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.82:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.83:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.84:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.85:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.233:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
    :mozilla.57:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.116:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.117:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.118:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.119:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.148:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.149:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.150:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.158:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.159:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.160:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.161:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.162:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.174:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.205:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.206:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.207:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.208:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.225:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.226:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.227:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.151:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.152:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.168:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.126:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.127:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.128:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.130:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.131:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.122:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.125:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.67:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.68:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.69:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.70:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.71:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.75:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.216:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.217:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.218:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.219:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.211:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.213:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    C:\Documents and Settings\glendon.a.jacques\Cookies\glendon.a.jacques@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.210:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.212:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\glendon.a.jacques\Cookies\glendon.a.jacques@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.86:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.87:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.88:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.89:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.90:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.91:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.92:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.93:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.76:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.48:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.49:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.50:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.51:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.52:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.53:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.54:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\glendon.a.jacques\Cookies\glendon.a.jacques@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


    ::Report end



    HJT Log:
    Logfile of HijackThis v1.99.1
    Scan saved at 7:42:14 AM, on 2/5/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\System32\acs.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\carpserv.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Network ICE\BlackICE\blackd.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\PROGRA~1\SYMANT~2\VPTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\acstp\icserv.exe
    C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    C:\WINDOWS\system32\acstp\wake_up.exe
    C:\Program Files\Network ICE\BlackICE\RapApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Network ICE\BlackICE\blackice.exe
    C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\Notepad.exe
    C:\Program Files\hijackthis\Scanner.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [Accenture Connection] "C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe"
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [aauclient] C:\Program Files\ACNU\ACNUpdater.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Simp] C:\PROGRA~1\Secway\SIMPPR~1.1\SimpPro.exe
    O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
    O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /registry /service
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: RealSecure(r) Desktop Protector.lnk = ?
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O14 - IERESET.INF: START_PAGE_URL=https://portal.accenture.com
    O15 - Trusted Zone: *.accenture.com
    O15 - Trusted Zone: *.accenture.com (HKLM)
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121906339945
    O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
    O16 - DPF: {a2001dd0-c7bd-11d4-a3e1-00c04fa32518} - http://t3oraweb.solar.cat.com/dev6/plugin/jinit1183.exe
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/CentraDownloader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BF17C411-9ADA-4C73-B12C-BD814BDE187F} (ScheduleServices.CtlScheduleServices) - https://mylearning.accenture.com/accenture/core/common/ScheduleServices/ScheduleServices.cab
    O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
    O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} (SDWAPI.clsWAPI) - https://mylearning.accenture.com/codebase/SDWAPI.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Accenture.com
    O17 - HKLM\Software\..\Telephony: DomainName = Accenture.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4AA60204-E8D5-4808-8B22-8E427B7C9BB4}: Domain = accenture.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Accenture.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: ACNUSvc - - c:\program files\acnu\acnupdatersvc.exe
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - C:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - C:\WINDOWS\system32\acstp\icserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
    O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • jmoney3457jmoney3457 Maine
    edited February 2007
    no problem,You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

    Download smitRem.exe and save the file to your desktop.
    Double click on the file to extract it to it's own folder on the desktop.

    Next, please reboot your computer in Safe Mode by doing the following:
    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.

    Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
    Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

    Restart your computer in normal mode.
    Please post a new HijackThis log as well as the log from the smitRem tool, which will be located at C:\smitfiles.txt.
  • edited February 2007
    Here's my SMITREM Log:


    smitRem © log file
    version 3.2

    by noahdfear


    Microsoft Windows XP [Version 5.1.2600]
    "IE"="6.0000"
    The current date is: Mon 02/05/2007
    The current time is: 22:59:30.49

    Running from
    C:\Documents and Settings\glendon.a.jacques\Desktop\smitRem

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Pre-run SharedTask Export

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
    Copyright(C) 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Appinitdll check ........ Thank you Grinler!

    dumphive.exe (C)2000-2004 Markus Stephany
    REGEDIT4

    [Windows]
    "AppInit_DLLs"=""
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    XP Firewall allowed access

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key


    PSGuard.com key not present!


    checking for WinHound.com key


    WinHound.com key not present!


    checking for drsmartload2 key


    drsmartload2 key not present!

    spyaxe uninstaller NOT present
    Winhound uninstaller NOT present
    SpywareStrike uninstaller NOT present
    AlfaCleaner uninstaller NOT present
    SpyFalcon uninstaller NOT present
    SpywareQuake uninstaller NOT present
    SpywareSheriff uninstaller NOT present
    Trust Cleaner uninstaller NOT present
    SpyHeal uninstaller NOT present
    VirusBurst uninstaller NOT present
    BraveSentry uninstaller NOT present
    AntiVermins uninstaller NOT present
    VirusBursters uninstaller NOT present

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Existing Pre-run Files


    ~~~ Program Files ~~~

    SpySheriff


    ~~~ Shortcuts ~~~

    Install.dat


    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~

    amcompat.tlb
    nscompat.tlb
    logfiles


    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 780 'explorer.exe'
    Killing PID 780 'explorer.exe'

    Starting registry repairs

    Registry repairs complete

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SharedTask Export after registry fix

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
    Copyright(C) 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Deleting files

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Remaining Post-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~



    ~~~ Wininet.dll ~~~

    CLEAN! :)


    HJT Log:
    Logfile of HijackThis v1.99.1
    Scan saved at 10:25:54 AM, on 2/6/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\System32\acs.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Network ICE\BlackICE\blackd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\acstp\icserv.exe
    C:\WINDOWS\system32\acstp\wake_up.exe
    C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    C:\Program Files\Network ICE\BlackICE\RapApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~2\VPTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Network ICE\BlackICE\blackice.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\hijackthis\Scanner.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [Accenture Connection] "C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe"
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [aauclient] C:\Program Files\ACNU\ACNUpdater.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Simp] C:\PROGRA~1\Secway\SIMPPR~1.1\SimpPro.exe
    O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
    O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /registry /service
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: RealSecure(r) Desktop Protector.lnk = ?
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O14 - IERESET.INF: START_PAGE_URL=https://portal.accenture.com
    O15 - Trusted Zone: *.accenture.com
    O15 - Trusted Zone: *.accenture.com (HKLM)
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121906339945
    O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
    O16 - DPF: {a2001dd0-c7bd-11d4-a3e1-00c04fa32518} - http://t3oraweb.solar.cat.com/dev6/plugin/jinit1183.exe
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/CentraDownloader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BF17C411-9ADA-4C73-B12C-BD814BDE187F} (ScheduleServices.CtlScheduleServices) - https://mylearning.accenture.com/accenture/core/common/ScheduleServices/ScheduleServices.cab
    O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
    O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} (SDWAPI.clsWAPI) - https://mylearning.accenture.com/codebase/SDWAPI.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Accenture.com
    O17 - HKLM\Software\..\Telephony: DomainName = Accenture.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4AA60204-E8D5-4808-8B22-8E427B7C9BB4}: Domain = accenture.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Accenture.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: ACNUSvc - - c:\program files\acnu\acnupdatersvc.exe
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - C:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - C:\WINDOWS\system32\acstp\icserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
    O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • jmoney3457jmoney3457 Maine
    edited February 2007
    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
  • edited February 2007
    Here you go:
    SmitFraudFix v2.141

    Scan done at 16:32:17.98, Thu 02/08/2007
    Run from C:\Documents and Settings\glendon.a.jacques\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\glendon.a.jacques


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\glendon.a.jacques\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GLENDO~1.JAC\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "system"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
  • jmoney3457jmoney3457 Maine
    edited February 2007
    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    ______________________________

    Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
    Select option #2 - Clean by typing 2 and press Enter.
    Wait for the tool to complete and disk cleanup to finish.
    You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
    The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

    A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

    The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with new HJT log
  • edited February 2007
    Here's the Rapport log:

    SmitFraudFix v2.141

    Scan done at 22:15:19.85, Thu 02/08/2007
    Run from C:\Documents and Settings\glendon.a.jacques\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "system"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End



    Here's the HJT log:
    Logfile of HijackThis v1.99.1
    Scan saved at 12:01:16 AM, on 2/9/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\System32\acs.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Network ICE\BlackICE\blackd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\acstp\icserv.exe
    C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    C:\WINDOWS\system32\acstp\wake_up.exe
    C:\Program Files\Network ICE\BlackICE\RapApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\carpserv.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~2\VPTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Network ICE\BlackICE\blackice.exe
    C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\Apoint\HidFind.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\hijackthis\Scanner.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [Accenture Connection] "C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe"
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [aauclient] C:\Program Files\ACNU\ACNUpdater.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Simp] C:\PROGRA~1\Secway\SIMPPR~1.1\SimpPro.exe
    O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
    O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /registry /service
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: RealSecure(r) Desktop Protector.lnk = ?
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O14 - IERESET.INF: START_PAGE_URL=https://portal.accenture.com
    O15 - Trusted Zone: *.accenture.com
    O15 - Trusted Zone: *.accenture.com (HKLM)
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121906339945
    O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
    O16 - DPF: {a2001dd0-c7bd-11d4-a3e1-00c04fa32518} - http://t3oraweb.solar.cat.com/dev6/plugin/jinit1183.exe
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/CentraDownloader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BF17C411-9ADA-4C73-B12C-BD814BDE187F} (ScheduleServices.CtlScheduleServices) - https://mylearning.accenture.com/accenture/core/common/ScheduleServices/ScheduleServices.cab
    O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
    O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} (SDWAPI.clsWAPI) - https://mylearning.accenture.com/codebase/SDWAPI.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Accenture.com
    O17 - HKLM\Software\..\Telephony: DomainName = Accenture.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4AA60204-E8D5-4808-8B22-8E427B7C9BB4}: Domain = accenture.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Accenture.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: ACNUSvc - - c:\program files\acnu\acnupdatersvc.exe
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - C:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - C:\WINDOWS\system32\acstp\icserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
    O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • jmoney3457jmoney3457 Maine
    edited February 2007
    I need to see another log from HijackThis.
    • Run Hijackthis.
    • Click on Open the Misc Tools section.
    • Next click on Open uninstall manager.
    • Press the Save list button.
    • Save the file to your desktop, with the default name of uninstall_list
    • Copy & Paste the entire contents of that file in your in next post.
  • edited February 2007
    Here you go j:

    Accenture Connection
    Accenture Delivery Estimating Models
    Ad-Aware SE Personal
    Adobe Flash Player 9 ActiveX
    Adobe Reader 8
    Adobe® Photoshop® Album Starter Edition 3.0
    ALPS Touch Pad Driver
    AnswerWorks Runtime
    AOL Instant Messenger
    Apache Tomcat 4.1 (remove only)
    Application Compatibility Toolkit
    ArcSoft Camera Suite
    ARTES U.S. Version 6.0.0.20
    ATI Control Panel
    ATI Display Driver
    AvantGo Client
    AVG Anti-Spyware 7.5
    Bazooka Scanner
    BI Methodology Guide v2.1
    Broadcom 802.11 Control Panel
    Broadcom 802.11 Driver
    BusinessCaseToolbar v1.0
    Canon Camera Window for ZoomBrowser EX
    Canon PhotoRecord
    Canon Utilities File Viewer Utility 1.2
    Canon Utilities PhotoStitch 3.1
    Canon Utilities RemoteCapture 2.7
    Canon Utilities ZoomBrowser EX
    Centra Client
    ClearVue Installer for SP
    CLIE MS SCSI Driver
    Communicate For Results v2.0
    Conexant D480 MDC V.92 Modem
    Confidential Protecting Assets and Information v1.0
    Critical Elements of Our Financial Statements v3.01
    DeadAIM
    D-Link AirPlus Xtreme G Adapter
    Enterprise Remote Access V5
    Express Burn Uninstall
    Express Rip Uninstall
    Google Toolbar for Internet Explorer
    HijackThis 1.99.1
    Hotfix for Windows XP (KB909394)
    IceDesktop
    Intel(R) PROSet
    InterVideo WinDVD
    iPassConnect
    iPod for Windows 2005-02-07
    iPod for Windows 2005-11-17
    iTunes
    Java 2 Runtime Environment, SE v1.4.1_05
    Java 2 Runtime Environment, SE v1.4.2_02
    Java 2 SDK, SE v1.4.1_05
    Java Web Start
    LiveUpdate 2.6 (Symantec Corporation)
    Logitech SetPoint
    Lotus Notes 6.0.2
    Memory Stick Formatter
    MetaFrame Presentation Server Client
    Microsoft .NET Framework (English) v1.0.3705
    Microsoft .NET Framework 1.1
    Microsoft ActiveSync 4.0
    Microsoft Data Access Components KB870669
    Microsoft Office FrontPage 2003
    Microsoft Office Live Meeting
    Microsoft Office OneNote 2003
    Microsoft Office Professional Edition 2003
    Microsoft Office Project Professional 2003
    Microsoft Office Visio Professional 2003
    Microsoft Organization Chart 2.0
    Microsoft XML Parser
    Mozilla Firefox (2.0.0.1)
    MSN Messenger 7.0
    Music Visualizer Library 1.2
    MySpaceIM
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    O2Micro Smartcard Driver
    OpenMG CLIE Additional Module
    OpenMG Limited Patch 3.0.01-01-12-13-01
    OpenMG Limited Patch 3.0.01-02-01-12-01
    OpenMG Secure Module 3.0.01
    Openwares IE Security Patch
    Oracle JInitiator 1.1.8.3
    Outlook Express Q837009
    Palm Desktop
    People Directory Offline
    Quicken 2006
    QuickSet
    QuickTime
    RealArcade
    RealPlayer Intranet
    RecordPad Sound Recorder Uninstall
    Rem_ICAWEB71
    Remove Hidden Data Tool
    RSA Keon Web PassPort
    RSA SecurID Software Token
    SereneScreen Aquarium
    Shockwave
    SigmaTel AC97 Audio Drivers
    SimpPro 2.1
    SonicStage 1.1.10
    Spades
    SPS Run Time v3.1.1
    Spybot - Search & Destroy 1.4
    SVD & Account Development v1.0
    Switch Uninstall
    Symantec AntiVirus
    Symantec Ghost
    TextPad 4.6
    TiVo Desktop
    Using the Estimator - Quick Tour and Demos
    Viewpoint Media Player
    WavePad Uninstall
    Windows Installer 3.1 (KB893803)
    Windows Live OneCare safety scanner
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix - KB894476
    Windows Media Player 9 Series
    Windows Messenger 5.0
    Windows Rights Management client
    Windows Support Tools
    Windows XP Hotfix - KB328237
    Windows XP Hotfix - KB814841
    Windows XP Hotfix - KB816941
    Windows XP Hotfix - KB821578
    Windows XP Hotfix - KB823182
    Windows XP Hotfix - KB823559
    Windows XP Hotfix - KB824424
    Windows XP Hotfix - KB825119
    Windows XP Hotfix - KB828035
    Windows XP Hotfix - KB828741
    Windows XP Hotfix - KB829558
    Windows XP Hotfix - KB833987
    Windows XP Hotfix - KB835732
    Windows XP Hotfix - KB837001
    Windows XP Hotfix - KB839645
    Windows XP Hotfix - KB840315
    Windows XP Hotfix - KB840987
    Windows XP Hotfix - KB841356
    Windows XP Hotfix - KB841533
    Windows XP Hotfix - KB841873
    Windows XP Hotfix - KB842773
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB871250
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB873376
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB889293
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB891711
    Windows XP Hotfix - KB891781
    Windows XP Hotfix (SP2) [See Q328368 for more information]
    Windows XP Hotfix (SP2) [See Q329048 for more information]
    Windows XP Hotfix (SP2) [See Q329115 for more information]
    Windows XP Hotfix (SP2) [See Q329390 for more information]
    Windows XP Hotfix (SP2) [See Q329834 for more information]
    Windows XP Hotfix (SP2) Q329170
    Windows XP Hotfix (SP2) Q331320
    Windows XP Hotfix (SP2) Q810565
    Windows XP Hotfix (SP2) Q810833
    Windows XP Hotfix (SP2) Q811493
    Windows XP Hotfix (SP2) Q812937
    Windows XP Hotfix (SP2) Q815021
    Windows XP Hotfix (SP2) Q815227
    Windows XP Hotfix (SP2) Q817606
    Windows XP Hotfix (SP2) Q819696
    WinZip
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Messenger Explorer Bar
  • jmoney3457jmoney3457 Maine
    edited February 2007
    thanks for the list glen, ok first off I would HIGHLY recommend you uninstall Viewpoint Media Player via add/remove programs..it's not necessarily "bad" like spyware but it does collect information from your computer without your consent therefore I would recommend removing it but it's entirely up to you..then please find and delete the following folder (make sure you can view hidden files/folders http://www.xtra.co.nz/help/0,,4155-1916458,00.html) delete the folder in red-->C:\Program Files\SpySheriff note: if it gives you problems deleting in normal mode such as "file in use" then reboot into safe mode and try deleting it then..once your done doing the above reboot and post new HJT log along with if you decided to uninstall viewpoint and how the delete went:)
    EDIT: also glen, did you install this->SereneScreen Aquarium?
  • edited February 2007
    Hey jmoney, I deleted the Viewpoint software. I've deleted that once before but now its back. I think it comes along when you download aol im. Oh and the SereneScreen Aquarium is something I downloaded. Its that aquarium style screen saver. Do you want it? ;-)

    Anyways, I wasn't able to find SpySheriff anywhere. I changed my settings to view hidden folders and couldn't find. I searched my computer, no luck. I even looked at my Program Files directory through the command prompt and didn't see it. Are you sure its there? Do you have any other ideas on how to find it? I didnt see it in my HJT log. I'll post a new log:

    Logfile of HijackThis v1.99.1
    Scan saved at 3:14:02 PM, on 2/9/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\System32\acs.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Network ICE\BlackICE\blackd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\acstp\icserv.exe
    C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    C:\WINDOWS\system32\acstp\wake_up.exe
    C:\Program Files\Network ICE\BlackICE\RapApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\carpserv.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~2\VPTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Network ICE\BlackICE\blackice.exe
    C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\Apoint\HidFind.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\cmd.exe
    C:\Program Files\hijackthis\Scanner.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [Accenture Connection] "C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe"
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKCU\..\Run: [aauclient] C:\Program Files\ACNU\ACNUpdater.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Simp] C:\PROGRA~1\Secway\SIMPPR~1.1\SimpPro.exe
    O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
    O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /registry /service
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: RealSecure(r) Desktop Protector.lnk = ?
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O14 - IERESET.INF: START_PAGE_URL=https://portal.accenture.com
    O15 - Trusted Zone: *.accenture.com
    O15 - Trusted Zone: *.accenture.com (HKLM)
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121906339945
    O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
    O16 - DPF: {a2001dd0-c7bd-11d4-a3e1-00c04fa32518} - http://t3oraweb.solar.cat.com/dev6/plugin/jinit1183.exe
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/CentraDownloader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BF17C411-9ADA-4C73-B12C-BD814BDE187F} (ScheduleServices.CtlScheduleServices) - https://mylearning.accenture.com/accenture/core/common/ScheduleServices/ScheduleServices.cab
    O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
    O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} (SDWAPI.clsWAPI) - https://mylearning.accenture.com/codebase/SDWAPI.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Accenture.com
    O17 - HKLM\Software\..\Telephony: DomainName = Accenture.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4AA60204-E8D5-4808-8B22-8E427B7C9BB4}: Domain = accenture.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Accenture.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: ACNUSvc - - c:\program files\acnu\acnupdatersvc.exe
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - C:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - C:\WINDOWS\system32\acstp\icserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
    O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • jmoney3457jmoney3457 Maine
    edited February 2007
    I thought it was a screen saver, the only bad thing about downloading SS's off the net is some come bundled with spyware..with that being said I'll leave it up to you on whether to keep it or not;) lol..and the reason I asked about spywaresheriff is because it showed up in your AVG log in post #4->http://www.short-media.com/forum/showpost.php?p=460674&postcount=4 strange why you couldn't find it..so please do this for me..could you please refollow my instructions from post #3 on AVG and post that new log for me to see along with new HJT log and if you decided to keep that screen saver:)
    EDIT: glen when you said
    glen wrote:
    I even looked at my Program Files directory through the command prompt and didn't see it.
    what exactly do you mean by that? and how did you do that? i'm curious:bigggrin:
  • edited February 2007
    Ok, so I deleted the screensaver. :) I got it from a friend, but you're right, it could have spyware with it. What I meant by checking the command prompt is I went to Start --> Run --> and entered 'cmd'. In the command prompt, I went to the root directory, then entered 'cd Program Files'. Then I couldn't see the directory. Maybe i used the wrong terminology there ;)

    I also wanted to let you know that everytime I reboot my computer to enter safe mode, my computer does not shut down. I always have to hold down the power button. I'm not sure if that means I still have some problems with my computer or not?
    Here's my new AVG log:

    AVG Anti-Spyware - Scan Report

    + Created at: 12:39:29 AM 2/10/2007

    + Scan result:



    :mozilla.149:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.67:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.68:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.69:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.70:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.71:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.72:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.73:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.74:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.180:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.181:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.182:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.183:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.184:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.185:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.25:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.26:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.27:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.28:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.29:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.32:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.135:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.136:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.137:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.36:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.124:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.125:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.126:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.30:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.31:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.187:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.188:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.189:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.190:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.75:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.76:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.43:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.44:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.117:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.118:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.119:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.80:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.81:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.82:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.83:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.84:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.89:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.156:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.157:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.158:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.127:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.128:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.129:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.130:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.131:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.132:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.133:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.134:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.186:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.85:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.86:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.87:C:\Documents and Settings\glendon.a.jacques\Application Data\Mozilla\Firefox\Profiles\eqc5sern.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\glendon.a.jacques\Cookies\glendon.a.jacques@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


    ::Report end

    New HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:58:00 AM, on 2/10/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\System32\acs.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Network ICE\BlackICE\blackd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\acstp\icserv.exe
    C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    C:\WINDOWS\system32\acstp\wake_up.exe
    C:\Program Files\Network ICE\BlackICE\RapApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\SYMANT~2\VPTray.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\Notepad.exe
    C:\Program Files\hijackthis\Scanner.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [Accenture Connection] "C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe"
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKCU\..\Run: [aauclient] C:\Program Files\ACNU\ACNUpdater.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Simp] C:\PROGRA~1\Secway\SIMPPR~1.1\SimpPro.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: RealSecure(r) Desktop Protector.lnk = ?
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O14 - IERESET.INF: START_PAGE_URL=https://portal.accenture.com
    O15 - Trusted Zone: *.accenture.com
    O15 - Trusted Zone: *.accenture.com (HKLM)
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121906339945
    O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
    O16 - DPF: {a2001dd0-c7bd-11d4-a3e1-00c04fa32518} - http://t3oraweb.solar.cat.com/dev6/plugin/jinit1183.exe
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/CentraDownloader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BF17C411-9ADA-4C73-B12C-BD814BDE187F} (ScheduleServices.CtlScheduleServices) - https://mylearning.accenture.com/accenture/core/common/ScheduleServices/ScheduleServices.cab
    O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
    O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} (SDWAPI.clsWAPI) - https://mylearning.accenture.com/codebase/SDWAPI.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Accenture.com
    O17 - HKLM\Software\..\Telephony: DomainName = Accenture.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4AA60204-E8D5-4808-8B22-8E427B7C9BB4}: Domain = accenture.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Accenture.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: ACNUSvc - - c:\program files\acnu\acnupdatersvc.exe
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - C:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - C:\WINDOWS\system32\acstp\icserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
    O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • jmoney3457jmoney3457 Maine
    edited February 2007
    fix this line in HJT:R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) then reboot post new log, besides that your log is clean:) about your safe mode problem..what exactly happens?
  • edited February 2007
    Well when I shutdown my computer, it goes through the regular process. The background changes to blue, like normal and the text under the Windows sign says something like 'Saving Settings'. Then it gets stuck there forever. Eventually, I just hold down the power key to turn it off. Have any ideas?

    Ok so I fixed R3 and here's my new HJT log:
    Logfile of HijackThis v1.99.1
    Scan saved at 7:43:19 PM, on 2/10/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\System32\acs.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Network ICE\BlackICE\blackd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\acstp\icserv.exe
    C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    C:\WINDOWS\system32\acstp\wake_up.exe
    C:\Program Files\Network ICE\BlackICE\RapApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\SYMANT~2\VPTray.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\hijackthis\Scanner.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [Accenture Connection] "C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe"
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKCU\..\Run: [aauclient] C:\Program Files\ACNU\ACNUpdater.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Simp] C:\PROGRA~1\Secway\SIMPPR~1.1\SimpPro.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: RealSecure(r) Desktop Protector.lnk = ?
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O14 - IERESET.INF: START_PAGE_URL=https://portal.accenture.com
    O15 - Trusted Zone: *.accenture.com
    O15 - Trusted Zone: *.accenture.com (HKLM)
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121906339945
    O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
    O16 - DPF: {a2001dd0-c7bd-11d4-a3e1-00c04fa32518} - http://t3oraweb.solar.cat.com/dev6/plugin/jinit1183.exe
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/CentraDownloader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BF17C411-9ADA-4C73-B12C-BD814BDE187F} (ScheduleServices.CtlScheduleServices) - https://mylearning.accenture.com/accenture/core/common/ScheduleServices/ScheduleServices.cab
    O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
    O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} (SDWAPI.clsWAPI) - https://mylearning.accenture.com/codebase/SDWAPI.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Accenture.com
    O17 - HKLM\Software\..\Telephony: DomainName = Accenture.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4AA60204-E8D5-4808-8B22-8E427B7C9BB4}: Domain = accenture.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Accenture.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: ACNUSvc - - c:\program files\acnu\acnupdatersvc.exe
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - C:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - C:\WINDOWS\system32\acstp\icserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
    O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • jmoney3457jmoney3457 Maine
    edited February 2007
    oops I forgot to mention that..yeah I did a little research on that problem and its associated with XP service pack 1 (SP1) from http://support.microsoft.com/kb/307274
    RESOLUTION
    To resolve this problem obtain the latest service pack for Microsoft Windows XP. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
    so to fix this and so your secure and update to date with all the patches/fixes/security updates click HERE to download & install service pack 2 (SP2) reboot then post new HJT log:) and the update to sp2 should also take care of the saving settings hang problem:wink:
  • edited February 2007
    hey thanks J, but my computer is used for work and they are planning to formally roll out Service Pack 2 in a package in about a month to our computers (their always really late in rolling this kind of stuff out). So I'll probably just wait for that. thanks though!

    Here's my latest HJT log. Are there any other updates that I need to make now? Thanks for all your help. My computer seems to be runnin ok overall now.

    Logfile of HijackThis v1.99.1
    Scan saved at 4:22:42 PM, on 2/11/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\System32\acs.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Network ICE\BlackICE\blackd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\acstp\icserv.exe
    C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    C:\WINDOWS\system32\acstp\wake_up.exe
    C:\Program Files\Network ICE\BlackICE\RapApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\SYMANT~2\VPTray.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\hijackthis\Scanner.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [Accenture Connection] "C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe"
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKCU\..\Run: [aauclient] C:\Program Files\ACNU\ACNUpdater.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Simp] C:\PROGRA~1\Secway\SIMPPR~1.1\SimpPro.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: RealSecure(r) Desktop Protector.lnk = ?
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O14 - IERESET.INF: START_PAGE_URL=https://portal.accenture.com
    O15 - Trusted Zone: *.accenture.com
    O15 - Trusted Zone: *.accenture.com (HKLM)
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121906339945
    O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
    O16 - DPF: {a2001dd0-c7bd-11d4-a3e1-00c04fa32518} - http://t3oraweb.solar.cat.com/dev6/plugin/jinit1183.exe
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - https://virtualclassroomext.accenture.com/SiteRoots/main/Install/CentraDownloader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BF17C411-9ADA-4C73-B12C-BD814BDE187F} (ScheduleServices.CtlScheduleServices) - https://mylearning.accenture.com/accenture/core/common/ScheduleServices/ScheduleServices.cab
    O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
    O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} (SDWAPI.clsWAPI) - https://mylearning.accenture.com/codebase/SDWAPI.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Accenture.com
    O17 - HKLM\Software\..\Telephony: DomainName = Accenture.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4AA60204-E8D5-4808-8B22-8E427B7C9BB4}: Domain = accenture.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Accenture.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: ACNUSvc - - c:\program files\acnu\acnupdatersvc.exe
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - C:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - C:\WINDOWS\system32\acstp\icserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
    O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • jmoney3457jmoney3457 Maine
    edited February 2007
    oh ok, I understand but I'd say so! ..why would your company wait so long?! SP2 has been out for over a year now! they need to get that out to you guys pronto or your just prone to infection:wink: but your hjt log is clean please reply to this topic once more so I can mark it resolved:D
  • edited February 2007
    I know, I don't know why they take so long to test everything and send it out. Its pretty ridiculous, but I should get sp2 soon. Anyways thanks for all your help. I really appreciate it :-) My computer is running smooth now thanks to you!
  • jmoney3457jmoney3457 Maine
    edited February 2007
    your welcome:) and yes it does seem ridiculous lol;) Glad I could be of assistance! The help you received here was free. Please read through some of these Prevention Tips that Short-Media offers.

    This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.

    Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.

    If you are not the user who started this thread, you must start a new Thread instead :)

    Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available here
This discussion has been closed.