Hi,
My girlfriend's computer recently began running very slowly. I suspect that she's picked up some sort of malware and have followed the steps outlined here on your Bboard.
Her computer is running Windows XP Professional Version 2002, Service Pack 3 on an Intel Pentium 4 2.80 Ghz with 1 GB of RAM.
She has been using Norton (Norton 360) for several years as her anti-virus software.
Below you'll find the logs for SuperAntispyware, Anti-Malware and HijackThis.
Thank you so much for taking the time to review, analyze and help with our problem.
David
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 05/17/2010 at 03:40 AM
Application Version : 4.37.1000
Core Rules Database Version : 4940
Trace Rules Database Version: 2752
Scan type : Complete Scan
Total Scan Time : 11:04:59
Memory items scanned : 614
Memory threats detected : 0
Registry items scanned : 5867
Registry threats detected : 83
File items scanned : 121135
File threats detected : 187
Adware.MyWay
HKLM\Software\Classes\CLSID\{014DA6C1-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\InprocServer32#ThreadingModel
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\Programmable
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}
HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}\1.0
HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}\1.0\0
HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}\1.0\0\win32
HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}\1.0\FLAGS
HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}\1.0\HELPDIR
C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL
HKLM\Software\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKCR\CLSID\{03333333333314DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32#ThreadingModel
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\Programmable
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014DA6C1-189F-421a-88CD-07CFE51CFF10}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C1-189F-421A-88CD-07CFE51CFF10}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKU\S-1-5-21-1701104602-4116037204-4063646189-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C1-189F-421A-88CD-07CFE51CFF10}
HKU\S-1-5-21-1701104602-4116037204-4063646189-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C1-189F-421A-88CD-07CFE51CFF10}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKU\S-1-5-21-1701104602-4116037204-4063646189-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\MyWayToolBar.SettingsPlugin
HKCR\MyWayToolBar.SettingsPlugin\CLSID
HKCR\MyWayToolBar.SettingsPlugin\CurVer
HKCR\MyWayToolBar.SettingsPlugin.1
HKCR\MyWayToolBar.SettingsPlugin.1\CLSID
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#MySearchSettingsDir
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#ShzmCurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#pl
HKLM\Software\MyWay\myBar\Partner
HKLM\Software\MyWay\myBar\Partner#test
HKLM\Software\MyWay\myBar\Partner#PM-Home
HKLM\Software\MyWay\myBar\Partner#PM-Points
HKLM\Software\MyWay\myBar\Partner#PM-Redeem
HKLM\Software\MyWay\myBar\Partner#PM-Wallet
HKLM\Software\MyWay\myBar\Partner#PM-Settings
C:\Program Files\MyWay\myBar\0.bin
C:\Program Files\MyWay\myBar
C:\Program Files\MyWay
HKCR\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}
HKCR\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid
HKCR\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32
HKCR\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKCR\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\TypeLib#Version
HKCR\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}
HKCR\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid
HKCR\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32
HKCR\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKCR\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\TypeLib#Version
HKCR\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}
HKCR\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid
HKCR\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32
HKCR\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKCR\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\TypeLib#Version
HKCR\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}
HKCR\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid
HKCR\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32
HKCR\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKCR\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\TypeLib#Version
PerfectNavBHO Class BHO
HKU\S-1-5-21-1701104602-4116037204-4063646189-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00D6A7E7-4A97-456F-848A-3B75BF7554D7}
Adware.Tracking Cookie
C:\Documents and Settings\Christine\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@247realmedia[2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@2o7[2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@adbrite[1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@adinterax[2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@adlegend[1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@adrevolver[1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@adrevolver[3].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@advertising[1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@apmebf[1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@atdmt[1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@atwola[2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@bluestreak[1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@burstnet[2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@casalemedia[2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@clicksense[1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@collective-media[1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@doubleclick[1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@fastclick[1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@hitbox[2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@indextools[2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@insightexpressai[1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@interclick[1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@media6degrees[2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@mediaplex[1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@overture[1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@partner2profit[2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@questionmarket[2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@realmedia[2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@revsci[2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@screensavers[2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@serving-sys[1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@socialmedia[1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@specificclick[2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@specificmedia[2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@statcounter[1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\adriana@tacoda[1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@tradedoubler[1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@trafficmp[1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@tribalfusion[2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][2].txt
C:\Documents and Settings\Adriana\Cookies\
[email protected][1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@yieldmanager[1].txt
C:\Documents and Settings\Adriana\Cookies\adriana@zedo[2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@2o7[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@2o7[3].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@adbrite[2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@adbureau[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@adecn[1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@adrevolver[1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@apmebf[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@apmebf[2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][3].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][3].txt
C:\Documents and Settings\Andrew\Cookies\andrew@atwola[2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@backcountry[1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][3].txt
C:\Documents and Settings\Andrew\Cookies\andrew@burstnet[2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][3].txt
C:\Documents and Settings\Andrew\Cookies\andrew@chitika[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@chitika[2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@collective-media[1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][3].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][5].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@eyewonder[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@fastclick[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@fastclick[2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@imrworldwide[2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@insightexpressai[2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@insightexpressai[3].txt
C:\Documents and Settings\Andrew\Cookies\andrew@interclick[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@interclick[2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@invitemedia[2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@media6degrees[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@mediaforgews[1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@overture[2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@pointroll[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@qnsr[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@qnsr[2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@questionmarket[2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@realmedia[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@revsci[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@revsci[2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][3].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][5].txt
C:\Documents and Settings\Andrew\Cookies\andrew@serving-sys[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@serving-sys[2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@specificclick[2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@specificclick[3].txt
C:\Documents and Settings\Andrew\Cookies\andrew@specificmedia[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@specificmedia[2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@statcounter[2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@tacoda[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@tacoda[2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@thefind[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@trafficmp[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@trafficmp[2].txt
C:\Documents and Settings\Andrew\Cookies\andrew@tribalfusion[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@tribalfusion[2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][2].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\
[email protected][1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@yieldmanager[1].txt
C:\Documents and Settings\Andrew\Cookies\andrew@zedo[1].txt
Adware.Cydoor
HKU\S-1-5-21-1701104602-4116037204-4063646189-1005\Software\Cydoor
Application.PowerReg Scheduler
C:\DOCUMENTS AND SETTINGS\ADRIANA\START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER V3.EXE
C:\DOCUMENTS AND SETTINGS\ANDREW\START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER V3.EXE
Application.Agent/Gen-TempZ
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1200\A0470638.EXE
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.orgDatabase version: 4108
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/17/2010 7:46:01 AM
mbam-log-2010-05-17 (07-46-01).txt
Scan type: Quick scan
Objects scanned: 148756
Time elapsed: 20 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 7
Files Infected: 21
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1ec6f220-cb13-42f5-8f3a-62fdac00a891} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1ec6f221-cb13-42f5-8f3a-62fdac00a891} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1ec6f222-cb13-42f5-8f3a-62fdac00a891} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Search Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\MySearch\bar\1.bin\MYBAREX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\MYSEARCHPLUGINPROXY.CLASS (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\MYWAYPLUGINPROXY.CLASS (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\NPMYWAY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\PARTNER.BMP (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\PARTNER.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\S42NS.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\UNINSTALL.INF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\UNINSTALL.OLD (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\000400E7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\00041B25.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\00041E42.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\000B71EE.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\000B8B33.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\000B8E7F.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\001031EF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\004379CD.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\00437F0D.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:13:36 AM, on 5/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/?fr=fp-yie8R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/?fr=fp-yie8R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks\osCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -
http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cabO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 12977 bytes