no specific file threat! Help!

my pc seems to be running very slow atm.i've got 512mb ddr yet my pc struggles to keep mIRC and MSN open at the same time! however,i've noticed 2 new icons which have appeared on my desktop which i haven't a clue what they are.was just wondering if someone could look through my hijackthis log and my processview log.i've tried spybot and adaware but nothing is found via them.
one of the files on my desktop is called: 䀀欀¼
the other one is called: 攀⸀⸀⸀
any help is appreciated!

Hijackthis log:
Logfile of HijackThis v1.97.7
Scan saved at 11:48:36, on 25/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\BTYAHO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Steven Houston\My Documents\Downloaded Programs\Computer Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btopenworld.com/gateway_2/0,8314,,00.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe "
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTYAHO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe "
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: BT Yahoo! Sidebar (HKLM)
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: BT (HKCU)
O9 - Extra button: Homepage (HKCU)
O15 - Trusted Zone: http://www.empireskingdom.tk
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v44/pool/pool.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38001.2899421296
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/installs/yab_af.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com/BTYahoo!Help//PreQual/files/MotivePreQual.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5A555D2-0AC7-492F-99D1-D950FE4C5C54}: NameServer = 194.72.9.55 194.74.65.85


Process Viewer:
Process PID CPU Description Company Name
System Idle Process 0 74
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 464 Windows NT Session Manager Microsoft Corporation
csrss.exe 512 1 Client Server Runtime Process Microsoft Corporation
winlogon.exe 536 Windows NT Logon Application Microsoft Corporation
services.exe 580 6 Services and Controller app Microsoft Corporation
svchost.exe 752 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 776 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 884 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 924 Generic Host Process for Win32 Services Microsoft Corporation
CCSETMGR.EXE 960 Common Client Settings Manager Service Symantec Corporation
CCEVTMGR.EXE 984 Common Client Event Manager Service Symantec Corporation
spoolsv.exe 1140 Spooler SubSystem App Microsoft Corporation
alg.exe 1236 Application Layer Gateway Service Microsoft Corporation
CCPROXY.EXE 1252 Common Client Network Proxy Service Symantec Corporation
GHOSTS~2.EXE 1304 Norton Ghost Start Symantec Corporation
NAVAPSVC.EXE 1332 Norton AntiVirus Auto-Protect Service Symantec Corporation
NPROTECT.EXE 1396 Norton Protection Status Symantec Corporation
nvsvc32.exe 1432
SAVSCAN.EXE 1488 Symantec AntiVirus Scanner Symantec Corporation
SNDSrvc.exe 1544 Network Driver Service Symantec Corporation
NOPDB.EXE 1576 NOPDB Symantec Corporation
svchost.exe 1624 Generic Host Process for Win32 Services Microsoft Corporation
symlcsvc.exe 1648
lsass.exe 592 1 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 120 Windows Explorer Microsoft Corporation
MsgPlus.exe 1928 1 Messenger Plus! Patchou
dragdiag.exe 1936 SpeedTouch Statistics THOMSON Telecom Belgium
MotiveSB.exe 1948 BT Yahoo! Help Notifier Motive Communications, Inc.
CCAPP.EXE 584 Common Client User Session Symantec Corporation
msnappau.exe 2060 MSN Updater Microsoft Corporation
mmtask.exe 2084 <Musicmatch System Tray Application> Musicmatch Inc.
msnmsgr.exe 2752 MSN Messenger Microsoft Corporation
iexplore.exe 3636 Internet Explorer Microsoft Corporation
procexp.exe 188 17 Sysinternals Process Explorer Sysinternals

Process: Procexp Pid: -2

Type Name

 

Hello smhouston,

Right click on the icons > properties. What are they?

If they are shortcuts, what are the targets?

Regards - Charles

 

Other "diagnostics" to run in the meantime:

Have you tried disabling programs one at a time, run like like that for awhile, then renabling and disabling another and running, so on, and so on?

I also think you're running programs at startup that should be on-demand, check your startups at this site and disable the ones that are useless or can be used at need instead running all the time:

http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

Regards - Charles

 

After reading the Hijackthis log: my suggestion would be to get rid of ALL SYMANTEC items other than the ones related to Anti-Virus and/or Firewall.

Also I would shut down everything that it not needed by Windows.

I know it is to have things work a bit quicker when you access them. But, on the other hand there are times when the COMBINATION of things loading creates more problems and wastes more time by creating hangups.

As far as I am concerned ( from experience ) Norton is nothing but a System hoging waste of time and disk space.

A question. Why is Norton Ghost shown as a running process ?

BillyBob

 

If you shut down NPROTECT ( Norton Protection for the Recycle Bin ) make sure it is emptied out first.

BB

 

thanks for your replies.firstly:
charles: the 䀀欀¼ file isn't a shortcut.the only information there is about it is that the name of it is 䀀欀¼.no manufacturer,version...nothing! i can't simply just select delete for it as it says its being used!

as for the 攀⸀⸀⸀ file,the description for that is "MSN Updater Install Helper ".i assume that its part of the following and if so is it safe to delete all of it?:
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe "

also,thanks for the website about taskmanager.i've gone through all my processes and disabled what isn't required.however BillyBob,i've left a bulk of symantec up and running (except a few of them) as it says i should do?

broni,i've fixed both those things you've told me to,aswell as deleting the folder.

should i post my new hijackthis log up?any other things which can be deleted?

 

I do not care what Symantec says. Their products DO NOT RUN WELL on all machines. And just the same as most any software of the type It may not run well when in combination with other things.

I myself know from a HANDS ON experience that Symantec loaded with default setup Can SLOW a machine to a CRAWL

Also there may be a fight between Symantec and Microsoft for control of something.

And when there is an existing problems it may be required to shut them down to see if they are causing problems.

For testing purposes there is no better advise. And Symantec products should be included.

BillyBob

 

Hi smhouston,

By your description, those items shouldn't be on the Desktop. Don't know what will happen if they are deleted. BTW, do the characters really look like that or is that a font problem? 䀀欀¼

Can you rename them? That's a way to find out if they are being used and by what, whatever is using them won't find them.

Or you can try deleting them. If you're running XP or WinME, make a System Restore point prior to trying to delete them.

To delete: Try Safe Mode first. Boot up hitting the F8 key and delete, than reboot normally.

If the file still won't delete - Use Move On Boot, download from here: http://www.snapfiles.com/get/moveonboot.html to delete it. It will add a new item to your right click Context Menu, target that file with Move on Boot, and then reboot.

Do another log.

Regards - Charles

 

well,it seems to be running ok atm,however,i need to know what that file is! its only appeared recently.i'll also try shutting down symantecs services 1 at a time except the firewall and antivirus (if thats alright by you )

 

yes those really are the file names.i've just managed to change the name of 1 though! i've already tried that move-on-boot program on the no-info known file,but it wouldn't allow it to happen!

Edited: i'll try deleting in safe mode and i'll post another log up in a few minutes

 

the troublesome file has now been deleted.there's still 1 more left but t least i know its by microsoft.here's my current hijackthis log and process view log

HijackThis
Logfile of HijackThis v1.97.7
Scan saved at 13:36:09, on 26/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Steven Houston\My Documents\Downloaded Programs\Computer Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btopenworld.com/gateway_2/0,8314,,00.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe "
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: BT Yahoo! Sidebar (HKLM)
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: BT (HKCU)
O9 - Extra button: Homepage (HKCU)
O15 - Trusted Zone: http://www.empireskingdom.tk
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v44/pool/pool.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38001.2899421296
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/installs/yab_af.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com/BTYahoo!Help//PreQual/files/MotivePreQual.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5A555D2-0AC7-492F-99D1-D950FE4C5C54}: NameServer = 194.72.9.55 194.74.65.85

Process View
Process PID CPU Description Company Name
System Idle Process 0 89
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 452 Windows NT Session Manager Microsoft Corporation
csrss.exe 500 1 Client Server Runtime Process Microsoft Corporation
winlogon.exe 536 Windows NT Logon Application Microsoft Corporation
services.exe 580 3 Services and Controller app Microsoft Corporation
svchost.exe 752 Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 2824 WMI Microsoft Corporation
svchost.exe 776 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 2696 Automatic Updates Microsoft Corporation
svchost.exe 888 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 928 Generic Host Process for Win32 Services Microsoft Corporation
CCSETMGR.EXE 964 Common Client Settings Manager Service Symantec Corporation
CCEVTMGR.EXE 988 Common Client Event Manager Service Symantec Corporation
spoolsv.exe 1144 Spooler SubSystem App Microsoft Corporation
alg.exe 1240 Application Layer Gateway Service Microsoft Corporation
CCPROXY.EXE 1256 Common Client Network Proxy Service Symantec Corporation
NAVAPSVC.EXE 1304 Norton AntiVirus Auto-Protect Service Symantec Corporation
NPROTECT.EXE 1384 Norton Protection Status Symantec Corporation
SAVSCAN.EXE 1444 Symantec AntiVirus Scanner Symantec Corporation
SNDSrvc.exe 1728 Network Driver Service Symantec Corporation
svchost.exe 1848 3 Generic Host Process for Win32 Services Microsoft Corporation
symlcsvc.exe 1884
lsass.exe 592 1 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1708 Windows Explorer Microsoft Corporation
dragdiag.exe 1280 SpeedTouch Statistics THOMSON Telecom Belgium
CCAPP.EXE 1300 Common Client User Session Symantec Corporation
msnappau.exe 1436 MSN Updater Microsoft Corporation
UsrPrmpt.exe 1492 Norton Security Center Helper Symantec Corporation
iexplore.exe 2276 Internet Explorer Microsoft Corporation
procexp.exe 2672 3 Sysinternals Process Explorer Sysinternals

Process: Procexp Pid: -2

Type Name

 

Hello smhouston,

LOL, I forgot to ask the obvious, if you double click on that icon, what happens?

Regards - Charles

 

it just says windows cannot open the file

 

That was an anti-climax.

Can you move this "thing" to a folder of it's own on the HD? At least it won't be in your face.

BTW, how big is it?

Regards - Charles

 

the size is... 90.6 KB (92,864 bytes)
yeh,i can shift it
guess that means my problem is sorted
cheers

 

Re: the MSN toolbar piece,
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe "

You might want to take a look at This thread.