I have so new things happen to my computer after spybot s&d the wallpapper does not show up any morebut i am unable to run firefox ?
Full Member
I have so new things happen to my computer after spybot s&d the wallpapper does not show up any more
Senior Member (Canada)
Looking much better!
Go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Website -> Uncheck "any entries that are checked." if present.
Please download WebRoot SpySweeper from HERE (It's a 14 day trial):
http://www.webroot.com/shoppingcart/...php?bjpc=64011
- Click the Free Trial link to download the program.
- Double-click the file to install it as follows:
- Click "Next", read the agreement, Click "Next"
- Choose "Custom" click "Next".
- Leave the default installation directory as it is, then click "Next".
- UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
- On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
- Finally, click "Install"
- Once the program is installed, it will open.
- It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:
- Sweep Memory
- Sweep Registry
- Sweep Cookies
- Sweep All User Accounts
- Enable Direct Disk Sweeping
- Sweep Contents of Compressed Files
- Sweep for Rootkits
- Please UNCHECK Do not Sweep System Restore Folder.
Disable SpySweeper Shields
- Click Shields on the left.
- Click Internet Explorer and uncheck all items.
- Click Windows System and uncheck all items.
- Click Startup Programs and uncheck all items.
- Once the definitions are installed and shields disabled, click Sweep Now on the left side.
- Click the Start button.
- When it's done scanning, click the Next button.
- Make sure everything has a check next to it, then click the Next button.
- It will remove all of the items found.
- Click Session Log in the upper right corner, copy everything in that window.
- Click the Summary tab and click Finish.
- Paste the contents of the session log you copied into your next reply.
Re-run Ewido to verify that it runs clean. There had been a couple of errors showing in the previous scan conducted.
Post the SpySweeper session log here . Provide any available EXACT messages or details regarding firefox or other remaining issues.
Full Member
when i start firefox i can't click on anything it like freezes eg. can't click on file,favorites , url box ?
********
4:03 PM: | Start of Session, Thursday, 16 March 2006 |
4:03 PM: Spy Sweeper started
4:03 PM: Sweep initiated using definitions version 634
4:03 PM: Starting Memory Sweep
4:10 PM: Memory Sweep Complete, Elapsed Time: 00:06:32
4:10 PM: Starting Registry Sweep
4:10 PM: Found Adware: coolwebsearch (cws)
4:10 PM: HKCR\replace.hbo.1\ (3 subtraces) (ID = 108410)
4:10 PM: HKCR\replace.hbo\ (5 subtraces) (ID = 108411)
4:10 PM: HKLM\software\classes\replace.hbo\ (5 subtraces) (ID = 109788)
4:10 PM: Found Adware: energy plugin
4:10 PM: HKCR\dial\ (8 subtraces) (ID = 125805)
4:10 PM: HKLM\software\classes\dial\ (8 subtraces) (ID = 125806)
4:10 PM: Found Adware: ist istbar
4:10 PM: HKLM\software\microsoft\windows\currentversion\sha reddlls\ || c:\windows\downloaded program files\conflict.1\istactivex.dll (ID = 129171)
4:10 PM: Found Adware: screensavers
4:10 PM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (14 subtraces) (ID = 140550)
4:10 PM: HKCR\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (8 subtraces) (ID = 140552)
4:10 PM: HKCR\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (8 subtraces) (ID = 140553)
4:10 PM: HKCR\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (8 subtraces) (ID = 140554)
4:10 PM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (14 subtraces) (ID = 140555)
4:10 PM: HKLM\software\classes\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (8 subtraces) (ID = 140557)
4:10 PM: HKLM\software\classes\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (8 subtraces) (ID = 140558)
4:10 PM: HKLM\software\classes\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (8 subtraces) (ID = 140559)
4:10 PM: HKLM\software\screensavers.com\ (16 subtraces) (ID = 140569)
4:10 PM: Found Adware: wurldmedia
4:10 PM: HKCR\appid\sostatatl.exe\ (1 subtraces) (ID = 147535)
4:10 PM: HKCR\appid\{dee5d795-a276-43b5-a04a-511149a354f0}\ (1 subtraces) (ID = 147536)
4:10 PM: HKCR\interface\{9603a736-05b9-4d78-bdd5-bdcb0914e522}\ (8 subtraces) (ID = 147565)
4:10 PM: HKCR\interface\{bc12b055-c9f5-407d-9b66-1851973f32af}\ (8 subtraces) (ID = 147569)
4:10 PM: Found Adware: ist yoursitebar
4:10 PM: HKLM\software\microsoft\windows\currentversion\sha reddlls\ || c:\windows\downloaded program files\conflict.1\ysbactivex.dll (ID = 762453)
4:10 PM: Found Adware: winad
4:10 PM: HKLM\software\microsoft\windows\currentversion\sha reddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
4:10 PM: Found Adware: 7adpower
4:10 PM: HKCR\progetto1.int_ver32\ (3 subtraces) (ID = 831501)
4:10 PM: HKCR\typelib\{391f0ac2-2cfc-4d56-a0e5-c7beb14f26e6}\ (9 subtraces) (ID = 831589)
4:10 PM: HKLM\software\classes\progetto1.int_ver32\ (3 subtraces) (ID = 831690)
4:10 PM: HKLM\software\classes\typelib\{391f0ac2-2cfc-4d56-a0e5-c7beb14f26e6}\ (9 subtraces) (ID = 831778)
4:10 PM: Found Adware: systemprocess
4:10 PM: HKLM\software\system process\ (10 subtraces) (ID = 860391)
4:10 PM: HKLM\software\system process\ || modid (ID = 860392)
4:10 PM: HKLM\software\system process\ || started (ID = 860395)
4:10 PM: HKLM\software\system process\ || installed (ID = 860396)
4:10 PM: HKLM\software\system process\ || dllver (ID = 860397)
4:10 PM: HKLM\software\system process\ || lastupdatetime (ID = 860398)
4:10 PM: HKLM\software\system process\files\ (4 subtraces) (ID = 860399)
4:10 PM: HKLM\software\system process\files\ || system.dat (ID = 860400)
4:10 PM: HKLM\software\system process\files\ || navshext.dll (ID = 860401)
4:10 PM: HKLM\software\system process\files\ || ustart.exe (ID = 860402)
4:10 PM: HKLM\software\system process\files\ || p.dat (ID = 860403)
4:10 PM: HKLM\software\microsoft\windows\currentversion\uni nstall\startup\ (2 subtraces) (ID = 860412)
4:10 PM: Found System Monitor: exploreanywhere software
4:10 PM: HKLM\software\exploreanywhere\ (ID = 995799)
4:10 PM: HKU\WRSS_Profile_S-1-5-21-181486688-3301028022-890924152-1007\software\microsoft\internet explorer\keywords\ (23 subtraces) (ID = 109820)
4:10 PM: Found Adware: starware toolbar
4:10 PM: HKU\WRSS_Profile_S-1-5-21-181486688-3301028022-890924152-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
4:10 PM: HKU\WRSS_Profile_S-1-5-21-181486688-3301028022-890924152-1007\software\system process\ (1 subtraces) (ID = 860389)
4:10 PM: HKU\WRSS_Profile_S-1-5-21-181486688-3301028022-890924152-1007\software\system process\ || lastptime (ID = 860390)
4:10 PM: HKU\WRSS_Profile_S-1-5-21-181486688-3301028022-890924152-1007\software\microsoft\windows nt\currentversion\windows\ || run (ID = 1062376)
4:10 PM: Found Trojan Horse: trojan-backdoor-back12319239.com
4:10 PM: HKU\WRSS_Profile_S-1-5-21-181486688-3301028022-890924152-1007\software\microsoft\windows\currentversion\run \ || order_shell (ID = 1155918)
4:10 PM: Found Adware: bravesentry fakealert
4:10 PM: HKU\WRSS_Profile_S-1-5-21-181486688-3301028022-890924152-1007\software\microsoft\windows\currentversion\run \ || windows update loader (ID = 1198438)
4:10 PM: HKU\S-1-5-21-181486688-3301028022-890924152-1003\software\microsoft\internet explorer\explorer bars\{2d51d869-c36b-42bd-ae68-0a81bc771fa5}\ (ID = 142855)
4:10 PM: HKU\S-1-5-21-181486688-3301028022-890924152-1003\software\microsoft\internet explorer\explorer bars\{7bed0340-176b-44bc-915e-c21c1dd6f617}\ (1 subtraces) (ID = 142856)
4:10 PM: HKU\S-1-5-21-181486688-3301028022-890924152-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
4:10 PM: HKU\S-1-5-21-181486688-3301028022-890924152-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {7bed0340-176b-44bc-915e-c21c1dd6f617} (ID = 142861)
4:10 PM: HKU\S-1-5-21-181486688-3301028022-890924152-1003\software\system process\ (1 subtraces) (ID = 860389)
4:10 PM: HKU\S-1-5-21-181486688-3301028022-890924152-1003\software\system process\ || lastptime (ID = 860390)
4:10 PM: Found Adware: webrebates
4:10 PM: HKU\S-1-5-21-181486688-3301028022-890924152-1003\software\microsoft\internet explorer\menuext\web rebates.\ (2 subtraces) (ID = 866137)
4:10 PM: HKU\S-1-5-21-181486688-3301028022-890924152-1003\software\exploreanywhere\ (ID = 995796)
4:10 PM: Found Adware: bravesentry
4:10 PM: HKU\S-1-5-21-181486688-3301028022-890924152-1003\software\bravesentry\ (ID = 1198479)
4:10 PM: Registry Sweep Complete, Elapsed Time:00:00:50
4:11 PM: Starting Cookie Sweep
4:11 PM: Found Spy Cookie: 2o7.net cookie
4:11 PM: owner@msnportal.112.2o7[1].txt (ID = 1958)
4:11 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
4:11 PM: Starting File Sweep
4:11 PM: Found Adware: limeshop
4:11 PM: c:\program files\limeshop (15 subtraces) (ID = -2147480733)
4:11 PM: c:\program files\screensavers.com (10 subtraces) (ID = -2147480365)
4:11 PM: Found System Monitor: spybuddy
4:11 PM: c:\documents and settings\all users\application data\winsyscfg (14 subtraces) (ID = -2147480269)
4:11 PM: c:\program files\bravesentry (1 subtraces) (ID = -2147454218)
4:12 PM: 2.qtdfmp (ID = 259302)
4:14 PM: shopping.dls (ID = 65540)
4:15 PM: Found Trojan Horse: trojan-downloader-asdbiz.biz
4:15 PM: 1.qtdfmp (ID = 80237)
4:17 PM: backup-20060314-153415-835.inf (ID = 156464)
4:18 PM: ustart.exe (ID = 242836)
4:23 PM: Found Adware: spysheriff fakealert
4:23 PM: secure32.html (ID = 184319)
4:27 PM: swpstart.exe (ID = 74759)
4:29 PM: loader.dls (ID = 65535)
4:30 PM: siuninst.exe (ID = 74757)
4:30 PM: personality.dls (ID = 65538)
7:10 PM: secure32.html (ID = 184319)
7:10 PM: Found Adware: winantispyware 2005
7:10 PM: setup.exe (ID = 122245)
7:10 PM: setup.exe (ID = 162517)
7:13 PM: xpupdate.exe (ID = 259302)
7:13 PM: HKU\WRSS_Profile_S-1-5-21-181486688-3301028022-890924152-1007\Software\Microsoft\Windows\CurrentVersion\Run || Windows update loader (ID = 0)
7:17 PM: backup-20060314-153416-876.inf (ID = 91034)
7:17 PM: backup-20060314-153416-149.inf (ID = 74756)
7:23 PM: Found System Monitor: potentially rootkit-masked files
7:23 PM: x1pxzz39wv--_feryd29l0z7let9fzpmw10v7oakabftqgrnn-jtmjzicpxo22gjmz45uwypmlgn0j_7gi01ifvk_58qlxsauo3y mdiv4hwwoh6qhw0uyfuhniw7geuh7mgqbd12uoodcg.gif (ID = 0)
7:23 PM: x1padjo0uco2h3qx0_biaun7fpjtcn7xsirc5x08pk-g6ggig5xbw0ab1uxj3kqz7llutwof_mom8fm2wwalrzrxlztm1 j1fi8oo7vk4i_y_0ixfulbm0xdoxhm-ofo-n2g7ajnlokjcpdenr5fnjbn5a.jpg (ID = 0)
7:23 PM: x1padjo0uco2h3qx0_biaun7fpjtcn7xsirc5x08pk-g6esazvlgix7kbp6hveg11p0czuecmfe-rhzuxfmt7gw1qeash9b3vozhgjrxnquvxhayyfsm2z0lxzbmh6 mxwwxfb0uq3dqfrwv03s5p0cjlw.jpg (ID = 0)
7:23 PM: x1padjo0uco2h3qx0_biaun7fpjtcn7xsirc5x08pk-g6edwzt5ihohielo2j-rokcliqhoxyd1kzdp0xxjmuezkspv6zj3r4wiabvvlbjapi8ub go4tar2h4gocsop1eed8olpeixhylvxmpnvnepieg.jpg (ID = 0)
7:23 PM: caught up.wav (ID = 0)
7:23 PM: Warning: Invalid file - not a PKZip file
7:23 PM: Warning: Invalid file - not a PKZip file
7:24 PM: Warning: Invalid Stream
7:24 PM: Warning: Unable to sweep compressed file: System Error. Code: 8.
Not enough storage is available to process this command
7:49 PM: Warning: Invalid file - not a PKZip file
7:49 PM: Warning: Invalid file - not a PKZip file
7:49 PM: Warning: Invalid file - not a PKZip file
7:49 PM: Warning: Invalid file - not a PKZip file
7:49 PM: Warning: Invalid file - not a PKZip file
7:49 PM: Warning: Invalid Stream
7:49 PM: File Sweep Complete, Elapsed Time: 03:38:31
7:49 PM: Full Sweep has completed. Elapsed time 01:20:33
7:49 PM: Traces Found: 328
7:55 PM: Removal process initiated
7:55 PM: Quarantining All Traces: exploreanywhere software
7:55 PM: Quarantining All Traces: ist istbar
7:55 PM: Quarantining All Traces: potentially rootkit-masked files
7:55 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
7:55 PM: x1pxzz39wv--_feryd29l0z7let9fzpmw10v7oakabftqgrnn-jtmjzicpxo22gjmz45uwypmlgn0j_7gi01ifvk_58qlxsauo3y mdiv4hwwoh6qhw0uyfuhniw7geuh7mgqbd12uoodcg.gif is in use. It will be removed on reboot.
7:55 PM: x1padjo0uco2h3qx0_biaun7fpjtcn7xsirc5x08pk-g6ggig5xbw0ab1uxj3kqz7llutwof_mom8fm2wwalrzrxlztm1 j1fi8oo7vk4i_y_0ixfulbm0xdoxhm-ofo-n2g7ajnlokjcpdenr5fnjbn5a.jpg is in use. It will be removed on reboot.
7:55 PM: x1padjo0uco2h3qx0_biaun7fpjtcn7xsirc5x08pk-g6esazvlgix7kbp6hveg11p0czuecmfe-rhzuxfmt7gw1qeash9b3vozhgjrxnquvxhayyfsm2z0lxzbmh6 mxwwxfb0uq3dqfrwv03s5p0cjlw.jpg is in use. It will be removed on reboot.
7:55 PM: x1padjo0uco2h3qx0_biaun7fpjtcn7xsirc5x08pk-g6edwzt5ihohielo2j-rokcliqhoxyd1kzdp0xxjmuezkspv6zj3r4wiabvvlbjapi8ub go4tar2h4gocsop1eed8olpeixhylvxmpnvnepieg.jpg is in use. It will be removed on reboot.
7:55 PM: caught up.wav is in use. It will be removed on reboot.
7:55 PM: Quarantining All Traces: spybuddy
7:55 PM: Quarantining All Traces: spysheriff fakealert
7:55 PM: Quarantining All Traces: bravesentry fakealert
7:55 PM: Quarantining All Traces: bravesentry
7:55 PM: Quarantining All Traces: coolwebsearch (cws)
7:55 PM: Quarantining All Traces: energy plugin
7:55 PM: Quarantining All Traces: starware toolbar
7:55 PM: Quarantining All Traces: trojan-backdoor-back12319239.com
7:55 PM: Quarantining All Traces: trojan-downloader-asdbiz.biz
7:55 PM: Quarantining All Traces: winad
7:55 PM: Quarantining All Traces: 7adpower
7:55 PM: Quarantining All Traces: ist yoursitebar
7:55 PM: Quarantining All Traces: limeshop
7:55 PM: Quarantining All Traces: screensavers
7:55 PM: Quarantining All Traces: systemprocess
7:56 PM: Quarantining All Traces: webrebates
7:56 PM: Quarantining All Traces: wurldmedia
7:56 PM: Quarantining All Traces: 2o7.net cookie
7:56 PM: Quarantining All Traces: winantispyware 2005
7:56 PM: Preparing to restart your computer. Please wait...
7:56 PM: Removal process completed. Elapsed time 00:01:21
********
3:59 PM: | Start of Session, Thursday, 16 March 2006 |
3:59 PM: Spy Sweeper started
4:00 PM: Your spyware definitions have been updated.
4:03 PM: | End of Session, Thursday, 16 March 2006 |
Senior Member (Canada)
I presume that Ewido is running clean. Please re-run and report the latest SpySweeper scan - some items were to have been removed after reboot.
Post your latest HijackThis log. Is firefox your only remaining apparant issue?
For your issues with firefox, please address that in our Internet Browser Issues and Questions forum.
Full Member
no i am unable to change users. when i log onto the main user i am unable to change user unless i log off then log onto the other user , i am only able to log onto one user at a time?.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 3:40:13 PM, 17/03/2006
+ Report-Checksum: 1DBA8631
+ Scan result:
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 4:54:49 PM, on 17/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\DOCUME~1\K-SPAR~1\LOCALS~1\Temp\vsp9enus.tmp\setup.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Aws\WeatherBug\weatherbug.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\WINPENJR\Win32\acremchk.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\LimeWire\3.3.5\LimeWire.exe
C:\DOCUME~1\K-SPAR~1\LOCALS~1\Temp\vsp9enus.tmp\mcappins.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet Cable
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [VSProSetup] C:\DOCUME~1\K-SPAR~1\LOCALS~1\Temp\vsp9enus.tmp\setup.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AMonitor] C:\Program Files\Tiny Firewall Pro\amon.exe
O4 - HKCU\..\Run: [WeatherBug] C:\Program Files\Aws\WeatherBug\weatherbug.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\3.3.5\LimeWire.exe
O4 - Startup: Mpk.lnk = C:\Program Files\MiniPopupKiller\mpk.exe
O4 - Startup: MSNP13 Downgrader.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: PenPower Email Touchpad.lnk = ?
O4 - Global Startup: PenPower PenKeyboard.lnk = C:\WINPENJR\win32\penkeybd.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www
O16 - DPF: ConferenceRoom Java Client - http://chat.bigpond.com/java/cr.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.shizmoo.com/activex/web665.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: gdimxp - C:\WINDOWS\SYSTEM32\gdimxp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Last edited by k-sparky-k; 17-03-2006 at 06:57 AM.
Senior Member (Canada)
Need your latest logs from SpySweeper and Hijackthis.
Please also run the following scans:
Please do an online scan (scan only tool) with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)- Scan Options:
- Scan Archives
- Scan Mail Bases- Click OK
- Now under select a target to scan:
- Select My Computer
- This program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
Place a shortcut to Panda ActiveScan on your desktop.
Run the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post a Panda log back here, if anything is reported.
Full Member
SpySweeper did not pick anything up and I cant run Kaspersky Online Scanner every time i download the updates and press install it freezes?. When Panda ActiveScan was downloading , avast had a pop up and siad "a virus was found "?????and the software was Panda ActiveScan . should i just download it? also i just uninstalled firefox and download a new one but when i press on the setup nothing comes up ? internet expore is unable to load some site for some reason it just says done when it hasnt even loaded the page ?
Logfile of HijackThis v1.99.1
Scan saved at 4:54:49 PM, on 17/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\DOCUME~1\K-SPAR~1\LOCALS~1\Temp\vsp9enus.tmp\setup.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Aws\WeatherBug\weatherbug.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\WINPENJR\Win32\acremchk.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\LimeWire\3.3.5\LimeWire.exe
C:\DOCUME~1\K-SPAR~1\LOCALS~1\Temp\vsp9enus.tmp\mcappins.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet Cable
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [VSProSetup] C:\DOCUME~1\K-SPAR~1\LOCALS~1\Temp\vsp9enus.tmp\setup.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AMonitor] C:\Program Files\Tiny Firewall Pro\amon.exe
O4 - HKCU\..\Run: [WeatherBug] C:\Program Files\Aws\WeatherBug\weatherbug.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\3.3.5\LimeWire.exe
O4 - Startup: Mpk.lnk = C:\Program Files\MiniPopupKiller\mpk.exe
O4 - Startup: MSNP13 Downgrader.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: PenPower Email Touchpad.lnk = ?
O4 - Global Startup: PenPower PenKeyboard.lnk = C:\WINPENJR\win32\penkeybd.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www
O16 - DPF: ConferenceRoom Java Client - http://chat.bigpond.com/java/cr.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.shizmoo.com/activex/web665.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: gdimxp - C:\WINDOWS\SYSTEM32\gdimxp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Panda ActiveScan
Incident Status Location
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt[]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Profiles\default\9kk6ku4i.slt\cookies .txt[]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\k-sparky-k\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav ainstaller.jar-5aa0b436-3e8fb9ea.zip[InstallerApplet.class]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\k-sparky-k\Cookies\k-sparky-k@ad.yieldmanager[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\k-sparky-k\Cookies\k-sparky-k@microsofteup.112.2o7[1].txt
Dialerialer.DPC Not disinfected C:\Documents and Settings\k-sparky-k\Local Settings\Temp\ephhnhmk.exe
Adware:Adware/Tibs Not disinfected C:\Documents and Settings\k-sparky-k\Local Settings\Temp\icahikdi.exe
Virus:Bck/Haxdoor.IQ Disinfected C:\Documents and Settings\k-sparky-k\Local Settings\Temp\noecngge.exe
Dialer
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt[]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav ainstaller.jar-5aa0b436-3aa36b6d.zip[InstallerApplet.class]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[2].txt
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050826184911.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050827232128.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050831033802.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050901075703.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050902094639.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050903163609.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050903200341.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050907173541.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050907181458.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050909231311.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051009133543.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051009134032.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051009152723.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051009153944.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051009162222.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051009162232.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051009162254.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051009164950.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051009165008.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051010161459.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051010172015.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051010184120.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051010185852.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051011160201.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051011170901.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051011184335.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051011190710.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051012174952.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051012181904.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051012203107.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051013164839.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051013172106.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051013173732.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051013174043.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051013185055.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051014170516.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051014170744.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051015141947.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051015154554.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051015192509.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051015211734.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051015223721.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051016101045.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051016130147.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051017164925.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051017214118.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051018202245.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051019151001.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051019154235.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051019185302.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051020185457.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051021162513.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051021215225.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051022004651.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051022004729.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051022010912.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051022220040.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051022235935.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051023000344.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051023130019.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051023132416.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051023134641.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051023134920.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051023135706.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051023171425.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051024165530.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051024180921.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051024182222.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051025164842.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051026090606.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051026160820.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051026170127.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051026213942.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051027160623.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051027160918.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051027171320.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051028160937.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051028180244.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051028203415.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051028210007.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051028213724.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051029184209.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051030133755.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051031181357.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051102195640.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051103180003.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051103200917.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051104180828.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051104180857.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051104183726.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051104184519.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051104194931.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051104231545.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051105102925.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051202072646.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051203102622.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051204085919.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051205154901.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051206072456.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051207135751.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051208142643.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051209154936.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051210093928.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051211092647.zip[hosts]
Virus:Trj/Qhost.BB Disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20051212090524.zip[hosts]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPMySrch.dll
Dialer
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20060315-185630.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20060315-185631.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20060315-185632.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20060315-185633.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20060315-185634.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20060315-185635.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20060315-185636.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.msn
Virus:Bck/Haxdoor.IQ Disinfected C:\WINDOWS\system32\gdimxp.dll
Virus:Bck/VB.HF Disinfected C:\WINDOWS\system32\jongzop\cupdate.exe
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\uniq
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\winsnde.ini
Last edited by k-sparky-k; 17-03-2006 at 12:31 PM.
Senior Member (Canada)
