Hello, can someone please help me.
I have some spyware or adware on my home pc.
It is calling itself Spy Sheriff and it has also changed my desktop background image so that it looked like an error message:
SYSTEM STOPPED
System has been stopped due to a serious malfunction.
Spyware activity has been detected.
It is recommended to use spyware removal tool to prevent data loss.
Do not use the computer before all spyware removed.
Since seeing the above message on my desktop, I have used my Norton and McAfee to do a clean on it but it is still there.
It removed 2 out of the 5 infected files but it cannot remove:
C://winstall.exe
C://windows/system32/vxh8jkdq6.exe
C://windows/system32/vxh8jkdq2.exe
I have also tried to go task manager but no matter which way I try a message comes on screen saving that my administrator has blocked my access to this.
Also I have tried to go to “Add/ Remove Programs” but it is not there. I have tried to get rid of something called winstall but it doesn’t go.
This Spy Sheriff is not even letting me connect to the internet. I am using my wireless connection on my laptop to send this to anyone who can help me please.
Thank You
Full Version: Spy Sheriff Infected My PC...Please Help
You'll have to download and then copy some utilities to either floppy or CD, then take them to the problem computer and copy them to that system.
Post a hijackthis log please. Download and then extract Hijackthis.exe to a new folder. Do not run it from the zip the desktop or a temp folder.
Here's a link:
http://www.merijn.org/files/hijackthis.zip
Do not remove anything using HijackThis. Save the log and then copy and paste the contents into your next reply here in this same topic. It lists many types of entries. Some are good, and others need to be removed. We will help you sort it out.
-----------------
Copy these instructions to notepad and save them to your desktop for easy reference.
You will be restarting into Safe mode later. Here's help if you need it.
To use the F8 key to start Windows XP in Safe mode
Restart the computer.
Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening.
As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again.
Using the arrow keys on the keyboard, select Safe mode and then press Enter.
------
Download
smitrem.zip
Save the file to your desktop.
Double click on smitRem.exe to extract the files it contains.
This will create a folder named smitrem on your desktop.
We'll use it later.
------------
Download CCleaner.
http://www.filehippo.com/download_ccleaner.html
Install CCleaner
Launch CCleaner and look in the upper right corner and click on the "Options" button.
Click "Advanced" and remove the check by "Only delete files in Windows temp folders older than 48 hours".
Click OK
Do not run CCleaner yet. You will run it later in safe mode.
Download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/
Install ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe mode.
--------------------------
Restart into Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop
Start Ccleaner and click Run Cleaner
Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
Go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar.If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.
Restart back into regular windows.
Go for a free online Virus scan here:
http://www.pandasoftware.com/activescan/
Allow it to clean
Panda will have the option to create a log afer the scan has finished. Click the See Report button. Then click the save Report button. It will be saved under the name activescan.txt Do that and post that log into your next reply here.
Post a new HiJackThis log along with the results from ActiveScan and the ewido scan
Open C:\smitfiles.txt and post the contents of that file
Post a hijackthis log please. Download and then extract Hijackthis.exe to a new folder. Do not run it from the zip the desktop or a temp folder.
Here's a link:
http://www.merijn.org/files/hijackthis.zip
Do not remove anything using HijackThis. Save the log and then copy and paste the contents into your next reply here in this same topic. It lists many types of entries. Some are good, and others need to be removed. We will help you sort it out.
-----------------
Copy these instructions to notepad and save them to your desktop for easy reference.
You will be restarting into Safe mode later. Here's help if you need it.
To use the F8 key to start Windows XP in Safe mode
Restart the computer.
Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening.
As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again.
Using the arrow keys on the keyboard, select Safe mode and then press Enter.
------
Download
smitrem.zip
Save the file to your desktop.
Double click on smitRem.exe to extract the files it contains.
This will create a folder named smitrem on your desktop.
We'll use it later.
------------
Download CCleaner.
http://www.filehippo.com/download_ccleaner.html
Install CCleaner
Launch CCleaner and look in the upper right corner and click on the "Options" button.
Click "Advanced" and remove the check by "Only delete files in Windows temp folders older than 48 hours".
Click OK
Do not run CCleaner yet. You will run it later in safe mode.
Download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/
Install ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe mode.
--------------------------
Restart into Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop
Start Ccleaner and click Run Cleaner
Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
Go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar.If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.
Restart back into regular windows.
Go for a free online Virus scan here:
http://www.pandasoftware.com/activescan/
Allow it to clean
Panda will have the option to create a log afer the scan has finished. Click the See Report button. Then click the save Report button. It will be saved under the name activescan.txt Do that and post that log into your next reply here.
Post a new HiJackThis log along with the results from ActiveScan and the ewido scan
Open C:\smitfiles.txt and post the contents of that file
^^^^^^
Mosaic1,
Many thanks for your response and detailed instructions thus far.....it is appreciated!
Please find below the log as you requested.
Logfile of HijackThis v1.99.1
Scan saved at 12:04:41, on 16/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\pupxpman.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\PcBoost\PcBoost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\WINDOWS\system32\kernels64.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\BUFFALO\HDManage\HDManage.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\system32\vxh8jkdq2.exe
C:\WINDOWS\system32\vxh8jkdq5.exe
C:\WINDOWS\system32\vxh8jkdq6.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.t-online.de/software/ie401/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=221.186.138.132:80
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [PcBoost] "C:\Program Files\PcBoost\PcBoost.exe" /start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [WinGet.exe] C:\Program Files\Indentix\WinGet\WinGet.exe /silent
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...vp/content.html
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.maitreya.org/JAVA/To_See_Applets/msjavx86.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/providers...yer/awswaxf.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/toolbars/bundl...ezt-toolbar.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all02.1and1.co.uk/app/static/activex/msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw12fd.law12.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PC
O17 - HKLM\Software\..\Telephony: DomainName = PC
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PC
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Mosaic1,
Many thanks for your response and detailed instructions thus far.....it is appreciated!
Please find below the log as you requested.
Logfile of HijackThis v1.99.1
Scan saved at 12:04:41, on 16/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\pupxpman.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\PcBoost\PcBoost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\WINDOWS\system32\kernels64.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\BUFFALO\HDManage\HDManage.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\system32\vxh8jkdq2.exe
C:\WINDOWS\system32\vxh8jkdq5.exe
C:\WINDOWS\system32\vxh8jkdq6.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.t-online.de/software/ie401/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=221.186.138.132:80
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [PcBoost] "C:\Program Files\PcBoost\PcBoost.exe" /start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [WinGet.exe] C:\Program Files\Indentix\WinGet\WinGet.exe /silent
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...vp/content.html
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.maitreya.org/JAVA/To_See_Applets/msjavx86.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/providers...yer/awswaxf.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/toolbars/bundl...ezt-toolbar.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all02.1and1.co.uk/app/static/activex/msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw12fd.law12.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PC
O17 - HKLM\Software\..\Telephony: DomainName = PC
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PC
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
This looks odd unless you know it belongs, run hijackthis and select these items. Press the fix checked button. If indoublt. leave the entries there for now.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PC
O17 - HKLM\Software\..\Telephony: DomainName = PC
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PC
-----------------
Copy the contents of the code box to notepad.
Name the file task.reg
Save as type: All files
-----
Download Pocket Killbox here
http://www.downloads.subratam.org/KillBox.exe
Run Killbox.exe by double clicking on it.
Select Delete on Reboot.
Select End Explorer Shell while deleting file.
Copy this entire list to the clipboard.
C:\WINDOWS\system32\kernels64.exe
C:\winstall.exe
C:\WINDOWS\system32\vxh8jkdq2.exe
C:\WINDOWS\system32\vxh8jkdq5.exe
C:\WINDOWS\system32\vxh8jkdq6.exe
(Highlight the list. Press CTRL + C)
In the Killbox,
Go to the toolbar to File> Paste from clipboard. Click Paste from Clipboard.
All of the files you pasted in might not show up on the list in Killbox. That's normal. Some may not be present and so will not be listed. Go ahead to the next step.
Click the red icon with the white X at the upper right.
You will be prompted to restart. Say yes and exit.
-------------
Restart into Safe mode. Go right to Start >Run and type
hijackthis
Press enter.
Select these items. Press the fix checked button:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...vp/content.html
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/toolbars/bundl...ezt-toolbar.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
---------------------------
Double click on task.reg and say yes to the prompt.
Restart into regular Windows.
Can you get on the internet now?
-------------
I'd like to see another hijackthis log.
Also:
Download Autoruns from this page:
http://www.sysinternals.com/Utilities/Autoruns.html
Unzip to a folder and the double click on autoruns.exe
Wait until the program has finished running (the status line will show 'Ready')
Under the 'Options' menu, make sure that 'Include Empty Sections' is checked.
Wait again until ready.
Be sure the 'Everything' tab is selected.
Select 'File -> Save' and save the output file.
Copy the contents of the Autoruns text file and post its contents in your next reply here.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PC
O17 - HKLM\Software\..\Telephony: DomainName = PC
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PC
-----------------
Copy the contents of the code box to notepad.
Name the file task.reg
Save as type: All files
CODE
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr" = -
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr" = -
-----
Download Pocket Killbox here
http://www.downloads.subratam.org/KillBox.exe
Run Killbox.exe by double clicking on it.
Select Delete on Reboot.
Select End Explorer Shell while deleting file.
Copy this entire list to the clipboard.
C:\WINDOWS\system32\kernels64.exe
C:\winstall.exe
C:\WINDOWS\system32\vxh8jkdq2.exe
C:\WINDOWS\system32\vxh8jkdq5.exe
C:\WINDOWS\system32\vxh8jkdq6.exe
(Highlight the list. Press CTRL + C)
In the Killbox,
Go to the toolbar to File> Paste from clipboard. Click Paste from Clipboard.
All of the files you pasted in might not show up on the list in Killbox. That's normal. Some may not be present and so will not be listed. Go ahead to the next step.
Click the red icon with the white X at the upper right.
You will be prompted to restart. Say yes and exit.
-------------
Restart into Safe mode. Go right to Start >Run and type
hijackthis
Press enter.
Select these items. Press the fix checked button:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...vp/content.html
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/toolbars/bundl...ezt-toolbar.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
---------------------------
Double click on task.reg and say yes to the prompt.
Restart into regular Windows.
Can you get on the internet now?
-------------
I'd like to see another hijackthis log.
Also:
Download Autoruns from this page:
http://www.sysinternals.com/Utilities/Autoruns.html
Unzip to a folder and the double click on autoruns.exe
Wait until the program has finished running (the status line will show 'Ready')
Under the 'Options' menu, make sure that 'Include Empty Sections' is checked.
Wait again until ready.
Be sure the 'Everything' tab is selected.
Select 'File -> Save' and save the output file.
Copy the contents of the Autoruns text file and post its contents in your next reply here.
^^^^^^
Mosaic 1....
hope alls well!
I have tried to follow your instructions....but everytime I try to restart in safe mode, these are the options that I am given:
After tapping F8 at Restart:
Select First Boot Device
Floppy: 1.44MB 3.5
IDE-O: Samsung SV0602H
CD ROM: LITE-ON DVD RW SOHW-1673S
: NETWORK
NETWORK:
I remember going into safe mode several months ago...and do not remember seeing this message...so im not sure if im doing something wrong (tried to go into safe mode several times and the same box appears everytime) or whether this virus is worse than I first imagined
hope to hear from you
thanks in advance
Mosaic 1....
hope alls well!
I have tried to follow your instructions....but everytime I try to restart in safe mode, these are the options that I am given:
After tapping F8 at Restart:
Select First Boot Device
Floppy: 1.44MB 3.5
IDE-O: Samsung SV0602H
CD ROM: LITE-ON DVD RW SOHW-1673S
: NETWORK
NETWORK:
I remember going into safe mode several months ago...and do not remember seeing this message...so im not sure if im doing something wrong (tried to go into safe mode several times and the same box appears everytime) or whether this virus is worse than I first imagined
hope to hear from you
thanks in advance
^^^^
Please ignore the above, was able to access it by tapping F5 instead....
only 1 problem, in that i cannot access the net, so cannot update the definitions of the EWIDO SECURITY SUITE.
I have carried out the step before this...( Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.)
So....what should I do next?
many thanks in advance
this pc virus is beginning to effect my brain...LOL
Please ignore the above, was able to access it by tapping F5 instead....
only 1 problem, in that i cannot access the net, so cannot update the definitions of the EWIDO SECURITY SUITE.
I have carried out the step before this...( Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.)
So....what should I do next?
many thanks in advance
this pc virus is beginning to effect my brain...LOL
Mosaic1,
I have carried out all your instructions upto the point where you have askes me to go online to www.pandasoftware.com and carry out a virus scan.
unfortnately im not able to do this as the PC is still not letting me log on the web, keep getting the error page.
However, here is the scan report from EWIDO:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 16:15:48, 18/12/2005
+ Report-Checksum: 79895740
+ Scan result:
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{88C51E90-8E9C-4C96-8A45-574D88B63FAF} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1647371527-1465058494-1690550294-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-1647371527-1465058494-1690550294-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3023AF97-870E-476A-B30E-3923DF2B84BD} -> Spyware.EZtracks : Cleaned with backup
HKU\S-1-5-21-1647371527-1465058494-1690550294-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CE93AE-4987-483C-9ABE-F2BD5301AB70} -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-1647371527-1465058494-1690550294-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1647371527-1465058494-1690550294-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
[1020] C:\WINDOWS\system32\vxh8jkdq2.exe -> Hijacker.Spywad.l : Cleaned with backup
[1036] C:\WINDOWS\system32\vxh8jkdq5.exe -> Downloader.Small.axn : Cleaned with backup
[1048] C:\WINDOWS\system32\vxh8jkdq6.exe -> Downloader.Small.atl : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.471:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.491:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.558:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.559:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.560:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.561:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.565:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.566:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.567:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.574:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.578:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.579:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.581:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.588:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.589:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.590:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.591:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.610:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.611:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.612:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.616:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.636:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.651:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.652:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.658:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.659:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.660:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.662:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.664:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.666:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.667:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.668:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.669:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.670:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.685:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.686:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.687:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.688:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.697:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.727:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.734:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.735:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.741:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.766:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.770:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.783:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.784:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.788:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.789:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.801:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.802:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.803:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.804:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.805:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.817:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.818:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.821:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.822:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.823:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.825:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.828:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.829:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.832:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.833:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.834:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.850:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.851:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.852:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.853:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.863:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.864:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.865:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.866:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.867:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.868:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.878:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.879:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.887:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.888:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.889:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.890:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.891:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.892:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.893:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.894:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.895:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.896:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.897:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.898:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.899:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.915:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.917:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.918:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\WINDOWS\autoload.exe -> Not-A-Virus.Tool.Autoloader : Cleaned with backup
C:\WINDOWS\system\svchost.dll -> Downloader.Agent.zi : Cleaned with backup
C:\WINDOWS\system\svchost.exe -> Dropper.Agent.aax : Cleaned with backup
C:\WINDOWS\system\svwhost.exe -> Backdoor.Agent.px : Cleaned with backup
C:\WINDOWS\system32\vxgamet2.exe -> Downloader.Small.bxc : Cleaned with backup
C:\WINDOWS\system32\vxgamet4.exe -> Downloader.Small.bpz : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq2.exe -> Hijacker.Spywad.l : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq5.exe -> Downloader.Small.axn : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq6.exe -> Downloader.Small.atl : Cleaned with backup
::Report End
I have carried out all your instructions upto the point where you have askes me to go online to www.pandasoftware.com and carry out a virus scan.
unfortnately im not able to do this as the PC is still not letting me log on the web, keep getting the error page.
However, here is the scan report from EWIDO:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 16:15:48, 18/12/2005
+ Report-Checksum: 79895740
+ Scan result:
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{88C51E90-8E9C-4C96-8A45-574D88B63FAF} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1647371527-1465058494-1690550294-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-1647371527-1465058494-1690550294-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3023AF97-870E-476A-B30E-3923DF2B84BD} -> Spyware.EZtracks : Cleaned with backup
HKU\S-1-5-21-1647371527-1465058494-1690550294-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CE93AE-4987-483C-9ABE-F2BD5301AB70} -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-1647371527-1465058494-1690550294-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1647371527-1465058494-1690550294-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
[1020] C:\WINDOWS\system32\vxh8jkdq2.exe -> Hijacker.Spywad.l : Cleaned with backup
[1036] C:\WINDOWS\system32\vxh8jkdq5.exe -> Downloader.Small.axn : Cleaned with backup
[1048] C:\WINDOWS\system32\vxh8jkdq6.exe -> Downloader.Small.atl : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.471:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.491:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.558:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.559:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.560:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.561:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.565:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.566:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.567:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.574:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.578:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.579:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.581:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.588:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.589:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.590:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.591:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.610:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.611:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.612:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.616:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.636:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.651:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.652:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.658:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.659:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.660:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.662:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.664:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.666:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.667:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.668:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.669:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.670:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.685:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.686:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.687:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.688:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.697:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.727:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.734:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.735:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.741:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.766:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.770:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.783:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.784:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.788:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.789:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.801:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.802:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.803:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.804:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.805:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.817:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.818:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.821:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.822:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.823:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.825:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.828:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.829:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.832:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.833:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.834:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.850:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.851:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.852:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.853:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.863:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.864:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.865:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.866:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.867:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.868:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.878:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.879:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.887:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.888:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.889:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.890:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.891:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.892:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.893:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.894:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.895:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.896:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.897:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.898:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.899:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.915:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.917:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.918:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\WINDOWS\autoload.exe -> Not-A-Virus.Tool.Autoloader : Cleaned with backup
C:\WINDOWS\system\svchost.dll -> Downloader.Agent.zi : Cleaned with backup
C:\WINDOWS\system\svchost.exe -> Dropper.Agent.aax : Cleaned with backup
C:\WINDOWS\system\svwhost.exe -> Backdoor.Agent.px : Cleaned with backup
C:\WINDOWS\system32\vxgamet2.exe -> Downloader.Small.bxc : Cleaned with backup
C:\WINDOWS\system32\vxgamet4.exe -> Downloader.Small.bpz : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq2.exe -> Hijacker.Spywad.l : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq5.exe -> Downloader.Small.axn : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq6.exe -> Downloader.Small.atl : Cleaned with backup
::Report End
______________________________________________________________________
AND TO ADD, here's another HJT report:
Logfile of HijackThis v1.99.1
Scan saved at 16:37:20, on 18/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\pupxpman.exe
C:\WINDOWS\system32\kernels64.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\PcBoost\PcBoost.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\BUFFALO\HDManage\HDManage.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=221.186.138.132:80
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [PcBoost] "C:\Program Files\PcBoost\PcBoost.exe" /start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [WinGet.exe] C:\Program Files\Indentix\WinGet\WinGet.exe /silent
O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...vp/content.html
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.maitreya.org/JAVA/To_See_Applets/msjavx86.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/providers...yer/awswaxf.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/toolbars/bundl...ezt-toolbar.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all02.1and1.co.uk/app/static/activex/msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw12fd.law12.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PC
O17 - HKLM\Software\..\Telephony: DomainName = PC
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PC
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
___________________________________________________________________
also when i restarted in normal mode, on startup SpySweeper detects the following 3 programmes that start when windows starts.
STARTUP ITEM: system tools
PRODUCT NAME: is not provided
COMPANY NAME: is not provided
COPYRIGHT INFORMATION: is not provided
LOCATION: C:\windows\system32\kernels64.exe
REGISTRY OR STARTUP FOLDER: HKLM:Run Services
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
STARTUP ITEM: system
PRODUCT NAME: is not provided
COMPANY NAME: is not provided
COPYRIGHT INFORMATION: is not provided
LOCATION: C:\windows\system32\kernels64.exe
REGISTRY OR STARTUP FOLDER: HKLM:Run
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
STARTUP ITEM: winstall
PRODUCT NAME: is not provided
COMPANY NAME: is not provided
COPYRIGHT INFORMATION: is not provided
LOCATION: C:\winstall
REGISTRY OR STARTUP FOLDER: Run
I know winstall is most definetly part of the problem, but am not sure of the other 2, but to be on the safe side i have denied all 3 programs to run on startup....until i hear differently from you.
best regards
thanking you in anticipation....
AND TO ADD, here's another HJT report:
Logfile of HijackThis v1.99.1
Scan saved at 16:37:20, on 18/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\pupxpman.exe
C:\WINDOWS\system32\kernels64.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\PcBoost\PcBoost.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\BUFFALO\HDManage\HDManage.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=221.186.138.132:80
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [PcBoost] "C:\Program Files\PcBoost\PcBoost.exe" /start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [WinGet.exe] C:\Program Files\Indentix\WinGet\WinGet.exe /silent
O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...vp/content.html
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.maitreya.org/JAVA/To_See_Applets/msjavx86.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/providers...yer/awswaxf.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/toolbars/bundl...ezt-toolbar.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all02.1and1.co.uk/app/static/activex/msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw12fd.law12.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PC
O17 - HKLM\Software\..\Telephony: DomainName = PC
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PC
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
___________________________________________________________________
also when i restarted in normal mode, on startup SpySweeper detects the following 3 programmes that start when windows starts.
STARTUP ITEM: system tools
PRODUCT NAME: is not provided
COMPANY NAME: is not provided
COPYRIGHT INFORMATION: is not provided
LOCATION: C:\windows\system32\kernels64.exe
REGISTRY OR STARTUP FOLDER: HKLM:Run Services
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
STARTUP ITEM: system
PRODUCT NAME: is not provided
COMPANY NAME: is not provided
COPYRIGHT INFORMATION: is not provided
LOCATION: C:\windows\system32\kernels64.exe
REGISTRY OR STARTUP FOLDER: HKLM:Run
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
STARTUP ITEM: winstall
PRODUCT NAME: is not provided
COMPANY NAME: is not provided
COPYRIGHT INFORMATION: is not provided
LOCATION: C:\winstall
REGISTRY OR STARTUP FOLDER: Run
I know winstall is most definetly part of the problem, but am not sure of the other 2, but to be on the safe side i have denied all 3 programs to run on startup....until i hear differently from you.
best regards
thanking you in anticipation....
Copy the contents of the code box to Notepd.
Name the file bye.bat
Save as Type: All files
Double click on bye.bat
When bye.bat has finished running, it will start Hijackthis.
Select the following and press the fix checked button:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/toolbars/bundl...ezt-toolbar.cab
------------------
Restart the computer (If Spysweeper asks if you want to accept the changes you made, allow them) and run hijackthis again. Post the new log here.
Post a startuplist too please. In Hijackthis press the Config Button
Click Misc Tools
Check both boxes next to the Generate StartupList log and then click the generate startuplist log button.
Paste the contents into your next reply here.
Did you get any messages from Spywsweeper at startup?
---------------
Also you are runing two firewalls and two AV's in ths background. This can cause conflicts and system problems.
You need to decide which to run all the time, Either run Norton or McAfee. But not Both!
Does CTRL + ALT + DEL now work?
Does the internet Work?
Name the file bye.bat
Save as Type: All files
Double click on bye.bat
CODE
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoRestartShell /t REG_DWORD /d 0 /f
tskill kernels64
attrib -s -h -r C:\windows\system32\kernels64.exe
del C:\windows\system32\kernels64.exe
attrib -s -h -r C:\winstall.exe
del C:\winstall.exe
Start Hijackthis
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoRestartShell /t REG_DWORD /d 1 /f
tskill kernels64
attrib -s -h -r C:\windows\system32\kernels64.exe
del C:\windows\system32\kernels64.exe
attrib -s -h -r C:\winstall.exe
del C:\winstall.exe
Start Hijackthis
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoRestartShell /t REG_DWORD /d 1 /f
When bye.bat has finished running, it will start Hijackthis.
Select the following and press the fix checked button:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/toolbars/bundl...ezt-toolbar.cab
------------------
Restart the computer (If Spysweeper asks if you want to accept the changes you made, allow them) and run hijackthis again. Post the new log here.
Post a startuplist too please. In Hijackthis press the Config Button
Click Misc Tools
Check both boxes next to the Generate StartupList log and then click the generate startuplist log button.
Paste the contents into your next reply here.
Did you get any messages from Spywsweeper at startup?
---------------
Also you are runing two firewalls and two AV's in ths background. This can cause conflicts and system problems.
You need to decide which to run all the time, Either run Norton or McAfee. But not Both!
Does CTRL + ALT + DEL now work?
Does the internet Work?
Here's a page where you can download the updates for Ewido and install manually:
http://www.ewido.net/en/download/updates/
http://www.ewido.net/en/download/updates/
Mosaic1,
Many thanks again....
Please find below the Hijack Log after carrying out your instructions from yesterday.
Logfile of HijackThis v1.99.1
Scan saved at 10:33:37, on 19/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pupxpman.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\PcBoost\PcBoost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\BUFFALO\HDManage\HDManage.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=221.186.138.132:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [PcBoost] "C:\Program Files\PcBoost\PcBoost.exe" /start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [WinGet.exe] C:\Program Files\Indentix\WinGet\WinGet.exe /silent
O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...vp/content.html
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.maitreya.org/JAVA/To_See_Applets/msjavx86.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/providers...yer/awswaxf.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all02.1and1.co.uk/app/static/activex/msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw12fd.law12.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PC
O17 - HKLM\Software\..\Telephony: DomainName = PC
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PC
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Many thanks again....
Please find below the Hijack Log after carrying out your instructions from yesterday.
Logfile of HijackThis v1.99.1
Scan saved at 10:33:37, on 19/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pupxpman.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\PcBoost\PcBoost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\BUFFALO\HDManage\HDManage.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=221.186.138.132:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [PcBoost] "C:\Program Files\PcBoost\PcBoost.exe" /start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [WinGet.exe] C:\Program Files\Indentix\WinGet\WinGet.exe /silent
O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...vp/content.html
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.maitreya.org/JAVA/To_See_Applets/msjavx86.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/providers...yer/awswaxf.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all02.1and1.co.uk/app/static/activex/msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw12fd.law12.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PC
O17 - HKLM\Software\..\Telephony: DomainName = PC
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PC
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Please find below the START-UP LIST as requested:
StartupList report, 19/12/2005, 10:35:59
StartupList version: 1.52.2
Started from : C:\HJT\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pupxpman.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\PcBoost\PcBoost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\BUFFALO\HDManage\HDManage.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Ali\Start Menu\Programs\Startup]
BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
hp psc 1000 series.lnk = ?
hpoddt01.exe.lnk = ?
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
mspwr = C:\WINDOWS\System32\pupxpman.exe
McAfee Guardian = "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
PcBoost = "C:\Program Files\PcBoost\PcBoost.exe" /start
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
Imonitor = "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
SSBkgdUpdate = C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
WireLessMouse = C:\Program Files\Multimedia Combo Set\MouseDrv.exe
WireLessKeyboard = C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
WinGet.exe = C:\Program Files\Indentix\WinGet\WinGet.exe /silent
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{68498E36-E7C3-11D4-8D77-00A024534F21}TBC728] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
--------------------------------------------------
Enumerating Task Scheduler jobs:
FRU Task #Hewlett-Packard#hp psc 1200 series#1106131413.job
Norton AntiVirus - Scan my computer - Ali.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
[{00000055-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/fhg.CAB
[{00000161-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/msaudio.cab
[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab
[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab
[{03F998B2-0E00-11D3-A498-00104B6EB52E}]
CODEBASE = https://components.viewpoint.com/MTSInstall...vp/content.html
[Microsoft VM]
CODEBASE = http://www.maitreya.org/JAVA/To_See_Applets/msjavx86.exe
[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPitstop.dll
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
[Macromedia Authorware Web Player Control]
InProcServer32 = C:\WINDOWS\system32\macromed\authorwa\awswax.ocx
CODEBASE = http://courses.learndirect.co.uk/providers...yer/awswaxf.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab
[iCC Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpConnCheck.dll
CODEBASE = http://www.pcpitstop.com/internet/pcpConnCheck.cab
[{3334504D-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab
[{33363249-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/i263_32.cab
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
[EPUImageControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
CODEBASE = http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
[McUpdatePortalFactory Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\McUpdatePortal.dll
CODEBASE = https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
[XML DOM Document 4.0]
InProcServer32 = %SystemRoot%\system32\msxml4.dll
CODEBASE = http://cm4all02.1and1.co.uk/app/static/activex/msxml4.cab
[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMesse...pDownloader.cab
[Java Plug-in 1.4.2]
InProcServer32 = C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab
[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
[PB_Uploader Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\uploader.ocx
CODEBASE = http://static.photobox.co.uk/sg/common/uploader.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://fpdownload.macromedia.com/get/shock...ash/swflash.cab
[Hotmail Attachments Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx
CODEBASE = http://lw12fd.law12.hotmail.msn.com/activex/HMAtchmt.ocx
[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab
[DiskHealth2 Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\DiskFAU.dll
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\System32\CSLSP.DLL
Protocol #2: C:\WINDOWS\System32\CSLSP.DLL
Protocol #3: C:\WINDOWS\System32\CSLSP.DLL
Protocol #4: C:\WINDOWS\System32\CSLSP.DLL
Protocol #5: C:\WINDOWS\System32\CSLSP.DLL
Protocol #6: C:\WINDOWS\System32\CSLSP.DLL
Protocol #7: C:\WINDOWS\System32\CSLSP.DLL
Protocol #8: C:\WINDOWS\System32\CSLSP.DLL
Protocol #9: C:\WINDOWS\System32\CSLSP.DLL
Protocol #10: C:\WINDOWS\System32\CSLSP.DLL
Protocol #11: C:\WINDOWS\System32\CSLSP.DLL
Protocol #12: C:\WINDOWS\System32\CSLSP.DLL
Protocol #13: C:\WINDOWS\System32\CSLSP.DLL
Protocol #14: C:\WINDOWS\System32\CSLSP.DLL
Protocol #15: C:\WINDOWS\System32\CSLSP.DLL
Protocol #16: C:\WINDOWS\System32\CSLSP.DLL
Protocol #17: C:\WINDOWS\System32\CSLSP.DLL
Protocol #18: C:\WINDOWS\System32\CSLSP.DLL
Protocol #19: C:\WINDOWS\System32\CSLSP.DLL
Protocol #20: C:\WINDOWS\System32\CSLSP.DLL
Protocol #21: C:\WINDOWS\System32\CSLSP.DLL
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\rsvpsp.dll
Protocol #26: C:\WINDOWS\system32\rsvpsp.dll
Protocol #27: C:\WINDOWS\system32\mswsock.dll
Protocol #28: C:\WINDOWS\system32\mswsock.dll
Protocol #29: C:\WINDOWS\system32\mswsock.dll
Protocol #30: C:\WINDOWS\system32\mswsock.dll
Protocol #31: C:\WINDOWS\system32\mswsock.dll
Protocol #32: C:\WINDOWS\system32\mswsock.dll
Protocol #33: C:\WINDOWS\system32\mswsock.dll
Protocol #34: C:\WINDOWS\system32\mswsock.dll
Protocol #35: C:\WINDOWS\system32\mswsock.dll
Protocol #36: C:\WINDOWS\system32\mswsock.dll
Protocol #37: C:\WINDOWS\system32\mswsock.dll
Protocol #38: C:\WINDOWS\system32\mswsock.dll
Protocol #39: C:\WINDOWS\system32\mswsock.dll
Protocol #40: C:\WINDOWS\system32\mswsock.dll
Protocol #41: C:\WINDOWS\system32\mswsock.dll
Protocol #42: C:\WINDOWS\system32\mswsock.dll
Protocol #43: C:\WINDOWS\System32\CSLSP.DLL
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Trust Ami PS/2 Port Mouse Driver (2): System32\DRIVERS\Amps2prt.sys (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (autostart)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Dual-Mode DSC(2770): System32\Drivers\SQcaptur.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
EPSON Printer Status Agent2: C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido\security suite\ewidoctrl.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
VIA Rhine-Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5bv.sys (manual start)
VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver: System32\DRIVERS\fetnd5.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
SEMC DSS-20 SyncStation Serial Converter Driver: system32\drivers\ftdibus.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Lundinova Filter Driver: system32\drivers\ftlund.sys (manual start)
SEMC DSS SyncStation Driver: system32\drivers\ftser2k.sys (manual start)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Hid to Joystick Port Enabler: System32\DRIVERS\hidgame.sys (manual start)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
Intel® 536EP V.92 Modem: System32\DRIVERS\Intels51.sys (manual start)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
McAfee Firewall: "C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (autostart)
McAfee Firewall Network Filter Miniport: System32\DRIVERS\fw220.sys (manual start)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
MSCSPTISRV: C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (manual start)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Norton AntiVirus Auto-Protect Service: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051207.023\NAVENG.Sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051207.023\NavEx15.Sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton AntiVirus Firewall Monitor Service: "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" (autostart)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
PACSPTISVR: C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
S3Psddr: System32\DRIVERS\s3gnbm.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS (system)
SAVScan: "C:\Program Files\Norton AntiVirus\SAVScan.exe" (manual start)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Serial Mouse Driver: System32\DRIVERS\sermouse.sys (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (autostart)
Sony USB Filter Driver (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start)
SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (system)
Symantec SPBBCSvc: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Sony SPTI Service: C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (manual start)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
SSI: system32\Drivers\SSI.SYS (system)
Still Serial Digital Camera Driver: System32\DRIVERS\serscan.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Webroot Spy Sweeper Engine: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{56652934-96F4-46BB-9FA3-E98128F3A2A4} (manual start)
Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20051208.051\symidsco.sys (manual start)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
USB Cable Modem 351000 NDIS Driver: System32\DRIVERS\usbcm.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB Root Hub (usbport): System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: System32\DRIVERS\viaagp.sys (system)
VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system)
ViaIde: System32\DRIVERS\viaidexp.sys (system)
VIAPFD: \SystemRoot\System32\Drivers\VIAPFD.SYS (system)
VIA AC'97 Audio Controller (WDM): system32\drivers\viaudio.sys (manual start)
vsdatant: \??\C:\WINDOWS\System32\vsdatant.sys (manual start)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 42,376 bytes
Report generated in 0.250 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
StartupList report, 19/12/2005, 10:35:59
StartupList version: 1.52.2
Started from : C:\HJT\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pupxpman.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\PcBoost\PcBoost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\BUFFALO\HDManage\HDManage.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Ali\Start Menu\Programs\Startup]
BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
hp psc 1000 series.lnk = ?
hpoddt01.exe.lnk = ?
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
mspwr = C:\WINDOWS\System32\pupxpman.exe
McAfee Guardian = "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
PcBoost = "C:\Program Files\PcBoost\PcBoost.exe" /start
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
Imonitor = "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
SSBkgdUpdate = C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
WireLessMouse = C:\Program Files\Multimedia Combo Set\MouseDrv.exe
WireLessKeyboard = C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
WinGet.exe = C:\Program Files\Indentix\WinGet\WinGet.exe /silent
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{68498E36-E7C3-11D4-8D77-00A024534F21}TBC728] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
--------------------------------------------------
Enumerating Task Scheduler jobs:
FRU Task #Hewlett-Packard#hp psc 1200 series#1106131413.job
Norton AntiVirus - Scan my computer - Ali.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
[{00000055-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/fhg.CAB
[{00000161-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/msaudio.cab
[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab
[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab
[{03F998B2-0E00-11D3-A498-00104B6EB52E}]
CODEBASE = https://components.viewpoint.com/MTSInstall...vp/content.html
[Microsoft VM]
CODEBASE = http://www.maitreya.org/JAVA/To_See_Applets/msjavx86.exe
[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPitstop.dll
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
[Macromedia Authorware Web Player Control]
InProcServer32 = C:\WINDOWS\system32\macromed\authorwa\awswax.ocx
CODEBASE = http://courses.learndirect.co.uk/providers...yer/awswaxf.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab
[iCC Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpConnCheck.dll
CODEBASE = http://www.pcpitstop.com/internet/pcpConnCheck.cab
[{3334504D-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab
[{33363249-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/i263_32.cab
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
[EPUImageControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
CODEBASE = http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
[McUpdatePortalFactory Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\McUpdatePortal.dll
CODEBASE = https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
[XML DOM Document 4.0]
InProcServer32 = %SystemRoot%\system32\msxml4.dll
CODEBASE = http://cm4all02.1and1.co.uk/app/static/activex/msxml4.cab
[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMesse...pDownloader.cab
[Java Plug-in 1.4.2]
InProcServer32 = C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab
[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
[PB_Uploader Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\uploader.ocx
CODEBASE = http://static.photobox.co.uk/sg/common/uploader.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://fpdownload.macromedia.com/get/shock...ash/swflash.cab
[Hotmail Attachments Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx
CODEBASE = http://lw12fd.law12.hotmail.msn.com/activex/HMAtchmt.ocx
[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab
[DiskHealth2 Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\DiskFAU.dll
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\System32\CSLSP.DLL
Protocol #2: C:\WINDOWS\System32\CSLSP.DLL
Protocol #3: C:\WINDOWS\System32\CSLSP.DLL
Protocol #4: C:\WINDOWS\System32\CSLSP.DLL
Protocol #5: C:\WINDOWS\System32\CSLSP.DLL
Protocol #6: C:\WINDOWS\System32\CSLSP.DLL
Protocol #7: C:\WINDOWS\System32\CSLSP.DLL
Protocol #8: C:\WINDOWS\System32\CSLSP.DLL
Protocol #9: C:\WINDOWS\System32\CSLSP.DLL
Protocol #10: C:\WINDOWS\System32\CSLSP.DLL
Protocol #11: C:\WINDOWS\System32\CSLSP.DLL
Protocol #12: C:\WINDOWS\System32\CSLSP.DLL
Protocol #13: C:\WINDOWS\System32\CSLSP.DLL
Protocol #14: C:\WINDOWS\System32\CSLSP.DLL
Protocol #15: C:\WINDOWS\System32\CSLSP.DLL
Protocol #16: C:\WINDOWS\System32\CSLSP.DLL
Protocol #17: C:\WINDOWS\System32\CSLSP.DLL
Protocol #18: C:\WINDOWS\System32\CSLSP.DLL
Protocol #19: C:\WINDOWS\System32\CSLSP.DLL
Protocol #20: C:\WINDOWS\System32\CSLSP.DLL
Protocol #21: C:\WINDOWS\System32\CSLSP.DLL
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\rsvpsp.dll
Protocol #26: C:\WINDOWS\system32\rsvpsp.dll
Protocol #27: C:\WINDOWS\system32\mswsock.dll
Protocol #28: C:\WINDOWS\system32\mswsock.dll
Protocol #29: C:\WINDOWS\system32\mswsock.dll
Protocol #30: C:\WINDOWS\system32\mswsock.dll
Protocol #31: C:\WINDOWS\system32\mswsock.dll
Protocol #32: C:\WINDOWS\system32\mswsock.dll
Protocol #33: C:\WINDOWS\system32\mswsock.dll
Protocol #34: C:\WINDOWS\system32\mswsock.dll
Protocol #35: C:\WINDOWS\system32\mswsock.dll
Protocol #36: C:\WINDOWS\system32\mswsock.dll
Protocol #37: C:\WINDOWS\system32\mswsock.dll
Protocol #38: C:\WINDOWS\system32\mswsock.dll
Protocol #39: C:\WINDOWS\system32\mswsock.dll
Protocol #40: C:\WINDOWS\system32\mswsock.dll
Protocol #41: C:\WINDOWS\system32\mswsock.dll
Protocol #42: C:\WINDOWS\system32\mswsock.dll
Protocol #43: C:\WINDOWS\System32\CSLSP.DLL
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Trust Ami PS/2 Port Mouse Driver (2): System32\DRIVERS\Amps2prt.sys (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (autostart)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Dual-Mode DSC(2770): System32\Drivers\SQcaptur.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
EPSON Printer Status Agent2: C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido\security suite\ewidoctrl.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
VIA Rhine-Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5bv.sys (manual start)
VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver: System32\DRIVERS\fetnd5.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
SEMC DSS-20 SyncStation Serial Converter Driver: system32\drivers\ftdibus.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Lundinova Filter Driver: system32\drivers\ftlund.sys (manual start)
SEMC DSS SyncStation Driver: system32\drivers\ftser2k.sys (manual start)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Hid to Joystick Port Enabler: System32\DRIVERS\hidgame.sys (manual start)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
Intel® 536EP V.92 Modem: System32\DRIVERS\Intels51.sys (manual start)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
McAfee Firewall: "C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (autostart)
McAfee Firewall Network Filter Miniport: System32\DRIVERS\fw220.sys (manual start)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
MSCSPTISRV: C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (manual start)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Norton AntiVirus Auto-Protect Service: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051207.023\NAVENG.Sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051207.023\NavEx15.Sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton AntiVirus Firewall Monitor Service: "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" (autostart)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
PACSPTISVR: C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
S3Psddr: System32\DRIVERS\s3gnbm.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS (system)
SAVScan: "C:\Program Files\Norton AntiVirus\SAVScan.exe" (manual start)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Serial Mouse Driver: System32\DRIVERS\sermouse.sys (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (autostart)
Sony USB Filter Driver (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start)
SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (system)
Symantec SPBBCSvc: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Sony SPTI Service: C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (manual start)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
SSI: system32\Drivers\SSI.SYS (system)
Still Serial Digital Camera Driver: System32\DRIVERS\serscan.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Webroot Spy Sweeper Engine: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{56652934-96F4-46BB-9FA3-E98128F3A2A4} (manual start)
Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20051208.051\symidsco.sys (manual start)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
USB Cable Modem 351000 NDIS Driver: System32\DRIVERS\usbcm.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB Root Hub (usbport): System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: System32\DRIVERS\viaagp.sys (system)
VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system)
ViaIde: System32\DRIVERS\viaidexp.sys (system)
VIAPFD: \SystemRoot\System32\Drivers\VIAPFD.SYS (system)
VIA AC'97 Audio Controller (WDM): system32\drivers\viaudio.sys (manual start)
vsdatant: \??\C:\WINDOWS\System32\vsdatant.sys (manual start)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 42,376 bytes
Report generated in 0.250 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Unfortunately still not able to connect the web....
Still getting the "The page cannot be displayed" message....with an additional pop-up saying "Internet Explorer could not open the search page".
Although at the bottom of the IE window, I keep seeing the message
Downloading from site: res//C:\\WINDOWS\system32\shdoclc.dll/dsnerror.htm
Also the logo in top right corner of IE (spinning T....think its the deutsche telecom logo...on account of being in Germany with this PC, and having installed their net service)...I remember that this would only happen if the net connection was "live"....so it could be that something is either blocking or redirecting the access to the net?? or at least thats my theory on it :boh:
Still not able to access task manager via right clicking on taskbar.
Pushing Ctrl+Alt+Del brings up several pop up messages stating "Task manager has been disabled by your administrator"
I have manually downloaded the updates for the EWIDO suite....and am running the programme again....and will post its findings again once the scan is complete.
This time SpySweeper only found 2 programmes at start up, (as before, minus winstall....which i think is now off the system) and i allowed them to start up.
Also, the message I originally had on the desktop as desribed on my first post has gone LOL so im sure we are mos'def' on the right track!!
Thanks for all the help thus far.....
eagerly await your next instructions
Still getting the "The page cannot be displayed" message....with an additional pop-up saying "Internet Explorer could not open the search page".
Although at the bottom of the IE window, I keep seeing the message
Downloading from site: res//C:\\WINDOWS\system32\shdoclc.dll/dsnerror.htm
Also the logo in top right corner of IE (spinning T....think its the deutsche telecom logo...on account of being in Germany with this PC, and having installed their net service)...I remember that this would only happen if the net connection was "live"....so it could be that something is either blocking or redirecting the access to the net?? or at least thats my theory on it :boh:
Still not able to access task manager via right clicking on taskbar.
Pushing Ctrl+Alt+Del brings up several pop up messages stating "Task manager has been disabled by your administrator"
I have manually downloaded the updates for the EWIDO suite....and am running the programme again....and will post its findings again once the scan is complete.
This time SpySweeper only found 2 programmes at start up, (as before, minus winstall....which i think is now off the system) and i allowed them to start up.
Also, the message I originally had on the desktop as desribed on my first post has gone LOL so im sure we are mos'def' on the right track!!
Thanks for all the help thus far.....
eagerly await your next instructions
Ran another ewido scan with the updates installed:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 13:17:17, 19/12/2005
+ Report-Checksum: BCCF13B8
+ Scan result:
No infected objects found.
::Report End
________________________________________
Also ran norton, but that also gave the all clear
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 13:17:17, 19/12/2005
+ Report-Checksum: BCCF13B8
+ Scan result:
No infected objects found.
::Report End
________________________________________
Also ran norton, but that also gave the all clear
That's looking much better. Copy the contents of the code box to notepad.
Name the file task.reg
Save as type: All files
Double click on task.reg and say yes to the prompt.
I'll have a quick look for an answer to your internet problem. But I am going away for the holiday and may not be able to finish this up.
Name the file task.reg
Save as type: All files
Double click on task.reg and say yes to the prompt.
CODE
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr" = -
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr" = -
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr" = -
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr" = -
I'll have a quick look for an answer to your internet problem. But I am going away for the holiday and may not be able to finish this up.
I had asked you earlier about that Proxy Server. Is that something you need? It may be why you cannot connect.
You are also runing the Windows Firewall and two instances of the McAfee Firewall plus the Norton Firewall. That is a very bad situation. You need to turn some of this off! This may be why you cannot connect.
The rule is:
1 Firewall only
1 AV scanner in the background only
Disable the Windows Firewall please and then sort out the other.
--------------
You have many old versions of Sun java installed. You need internet connectivity to do the following:
There has been an issue found recently with Sun Java.
When newer versions are installed, the older versions are left behind and malware can call these older versions to exploit flaws. Some malware has been found to install this way.
First update to the very latest version of Sun Java.
Then go into Add Remove programs and uninstall any older versions you find listed there.
You are also runing the Windows Firewall and two instances of the McAfee Firewall plus the Norton Firewall. That is a very bad situation. You need to turn some of this off! This may be why you cannot connect.
The rule is:
1 Firewall only
1 AV scanner in the background only
Disable the Windows Firewall please and then sort out the other.
--------------
You have many old versions of Sun java installed. You need internet connectivity to do the following:
There has been an issue found recently with Sun Java.
When newer versions are installed, the older versions are left behind and malware can call these older versions to exploit flaws. Some malware has been found to install this way.
First update to the very latest version of Sun Java.
Then go into Add Remove programs and uninstall any older versions you find listed there.
The sheriff has been 
Many thanks for getting me out of this mess!!!
I will take one of norton/mcafee down 2ite....and have taken note re java....and will do it asap.
I would also like to tap into your expertise once more....what is the best all-in-one product out there as a firewall/pop-up blocker/anti-virus that you recommend, as my sibscriptions are all due to expire in the coming weeks and would gladly welcome your recommendations!!
and what is better (security wise) out of explorer and mozilla?
once again thanks for all your help....
seasons greetings and happy holidays to you, hope you have a good one!!
Many thanks for getting me out of this mess!!!
I will take one of norton/mcafee down 2ite....and have taken note re java....and will do it asap.
I would also like to tap into your expertise once more....what is the best all-in-one product out there as a firewall/pop-up blocker/anti-virus that you recommend, as my sibscriptions are all due to expire in the coming weeks and would gladly welcome your recommendations!!
and what is better (security wise) out of explorer and mozilla?
once again thanks for all your help....
seasons greetings and happy holidays to you, hope you have a good one!!
You're welcome. Can you get on the internet now?
Many people think that Kaspersky is the gold standard in Anti Virus.
As of now Mozilla is better than Internet Explorer. But it is being targetted by Malware writers as more and more people use it.
Opera is another alternative Browser.
Happy Holidays to you too.
Many people think that Kaspersky is the gold standard in Anti Virus.
As of now Mozilla is better than Internet Explorer. But it is being targetted by Malware writers as more and more people use it.
Opera is another alternative Browser.
Happy Holidays to you too.
yes i can get on the net now!!
i ran spysweeper....and it found spysheriff and i have quarintined it.....im not sure if this is a remnant buried somwhere or its regenerating itself.....
i guess time will tell
or at least when i do another scan....
i ran spysweeper....and it found spysheriff and i have quarintined it.....im not sure if this is a remnant buried somwhere or its regenerating itself.....
i guess time will tell
or at least when i do another scan....
I am hoping that was just a leftover. Possibly inyour system restore points.
Once you have rebooted a time or two, be sure everything is in working order. It is time to flush your system restore points. Once you do that you will not be able to correct any problems you may have now by going back to a point before today.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn off System restore.
Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.
----------------------------
Also here is an excellent source for tips to tighten security. Follow the advice and get the free downloads to help avoid some of these problems in the future.
http://www.computercops.biz/postt7736.html
Once you have rebooted a time or two, be sure everything is in working order. It is time to flush your system restore points. Once you do that you will not be able to correct any problems you may have now by going back to a point before today.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn off System restore.
Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.
----------------------------
Also here is an excellent source for tips to tighten security. Follow the advice and get the free downloads to help avoid some of these problems in the future.
http://www.computercops.biz/postt7736.html
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.