Jump to content

terry1966

Anti-Spyware Brigade
  • Content Count

    9,289
  • Joined

  • Last visited

Everything posted by terry1966

  1. right removed spysweeper and had to remove f-secure to so i could make the changes to ie because even tho i switched off ie guard in f-secure it still wouldn't let me make the changes.. now what??
  2. followed that link jacee and it took me to ca spyware information centre but i couldn't find anything there explaining how to get rid of it, just info on what it is and pestpatrol by eTrust. followed 2 links under others by this group but both led me to same page Spyware encyclopedia. So what do I do now??
  3. 127.0.0.1 retaildirect.realmedia.com #SpySweeperCASS 127.0.0.1 rmads.msn.com #SpySweeperCASS 127.0.0.1 rmedia.boston.com #SpySweeperCASS 127.0.0.1 s0b.bluestreak.com #SpySweeperCASS 127.0.0.1 s2.focalink.com #SpySweeperCASS 127.0.0.1 sc.clicksupply.com #SpySweeperCASS 127.0.0.1 scand.adlink.de #SpySweeperCASS 127.0.0.1 secure.webconnect.net #SpySweeperCASS 127.0.0.1 servads.aip.org #SpySweeperCASS 127.0.0.1 serve.thisbanner.com #SpySweeperCASS 127.0.0.1 servedby.advertising.com #SpySweeperCASS 127.0.0.1 service.bfast.com #SpySweeperCASS 127.0.0.1 sfads.osdn.com #SpySweeperCASS 127.0.0.1 sg.yimg.com #SpySweeperCASS 127.0.0.1 sh4sure-images.adbureau.net #SpySweeperCASS 127.0.0.1 shop.kazaa.com #SpySweeperCASS 127.0.0.1 spd.atdmt.com #SpySweeperCASS 127.0.0.1 speed.pointroll.com #SpySweeperCASS 127.0.0.1 spin.spinbox.net #SpySweeperCASS 127.0.0.1 spinbox.maccentral.com #SpySweeperCASS 127.0.0.1 spinbox.techtracker.com #SpySweeperCASS 127.0.0.1 ss.mtree.com #SpySweeperCASS 127.0.0.1 static.admaximize.com #SpySweeperCASS 127.0.0.1 stats.adultrevenueservice.com #SpySweeperCASS 127.0.0.1 stats.superstats.com #SpySweeperCASS 127.0.0.1 suissa-ad.flycast.com #SpySweeperCASS 127.0.0.1 sview.avenuea.com #SpySweeperCASS 127.0.0.1 techreview-images.adbureau.net #SpySweeperCASS 127.0.0.1 thinknyc.eu-adcenter.net #SpySweeperCASS 127.0.0.1 ti.click2net.com #SpySweeperCASS 127.0.0.1 tmsads.tribune.com #SpySweeperCASS 127.0.0.1 toads.osdn.com #SpySweeperCASS 127.0.0.1 tracker.clicktrade.com #SpySweeperCASS 127.0.0.1 tsms-ad.tsms.com #SpySweeperCASS 127.0.0.1 ugo.eu-adcenter.net #SpySweeperCASS 127.0.0.1 us.a1.yimg.com #SpySweeperCASS 127.0.0.1 usbytecom.orbitcycle.com #SpySweeperCASS 127.0.0.1 utils.mediageneral.com #SpySweeperCASS 127.0.0.1 v0.extreme-dm.com #SpySweeperCASS 127.0.0.1 v1.extreme-dm.com #SpySweeperCASS 127.0.0.1 van.ads.link4ads.com #SpySweeperCASS 127.0.0.1 view.accendo.com #SpySweeperCASS 127.0.0.1 view.atdmt.com #SpySweeperCASS 127.0.0.1 view.avenuea.com #SpySweeperCASS 127.0.0.1 vnu.eu-adcenter.net #SpySweeperCASS 127.0.0.1 vpdc.ru4.com #SpySweeperCASS 127.0.0.1 w113.hitbox.com #SpySweeperCASS 127.0.0.1 w25.hitbox.com #SpySweeperCASS 127.0.0.1 wap.adlink.de #SpySweeperCASS 127.0.0.1 web2.deja.com #SpySweeperCASS 127.0.0.1 webad.ajeeb.com #SpySweeperCASS 127.0.0.1 webads.bizservers.com #SpySweeperCASS 127.0.0.1 webaffiliate.covad.com #SpySweeperCASS 127.0.0.1 west.adlink.de #SpySweeperCASS 127.0.0.1 wwa.hitbox.com #SpySweeperCASS 127.0.0.1 wwb.hitbox.com #SpySweeperCASS 127.0.0.1 www.24pm-affiliation.com #SpySweeperCASS 127.0.0.1 www.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www.ad4ex.com #SpySweeperCASS 127.0.0.1 www.ad-flow.com #SpySweeperCASS 127.0.0.1 www.adireland.com #SpySweeperCASS 127.0.0.1 www.admex.com #SpySweeperCASS 127.0.0.1 www.ad-up.com #SpySweeperCASS 127.0.0.1 www.alladvantage.com #SpySweeperCASS 127.0.0.1 www.avsads.com #SpySweeperCASS 127.0.0.1 www.b3d.com #SpySweeperCASS 127.0.0.1 www.banner2u.com #SpySweeperCASS 127.0.0.1 www.bannercampaign.com #SpySweeperCASS 127.0.0.1 www.banneroverdrive.com #SpySweeperCASS 127.0.0.1 www.blissnet.net #SpySweeperCASS 127.0.0.1 www.bonzi.com #SpySweeperCASS 127.0.0.1 www.brilliantdigital.com #SpySweeperCASS 127.0.0.1 www.burstnet.com #SpySweeperCASS 127.0.0.1 www.cibleclick.com #SpySweeperCASS 127.0.0.1 www.click-fr.com #SpySweeperCASS 127.0.0.1 www.commission-junction.com #SpySweeperCASS 127.0.0.1 www.consumerinfo.com #SpySweeperCASS 127.0.0.1 www.crisscross.com #SpySweeperCASS 127.0.0.1 www.cyberbounty.com #SpySweeperCASS 127.0.0.1 www.datais.com #SpySweeperCASS 127.0.0.1 www.digitalbettingcasinos.com #SpySweeperCASS 127.0.0.1 www.dnps.com #SpySweeperCASS 127.0.0.1 www.doubleclick.net #SpySweeperCASS 127.0.0.1 www.eads.com #SpySweeperCASS 127.0.0.1 www.exchange-it.com #SpySweeperCASS 127.0.0.1 www.fineclicks.com #SpySweeperCASS 127.0.0.1 www.freestats.com #SpySweeperCASS 127.0.0.1 www.imaginemedia.com #SpySweeperCASS 127.0.0.1 www.kaplanindex.com #SpySweeperCASS 127.0.0.1 www.linksynergy.com #SpySweeperCASS 127.0.0.1 www.nailitonline2.com #SpySweeperCASS 127.0.0.1 www.netdirect.nl #SpySweeperCASS 127.0.0.1 www.netflip.com #SpySweeperCASS 127.0.0.1 www.netsponsors.com #SpySweeperCASS 127.0.0.1 www.netvertising.be #SpySweeperCASS 127.0.0.1 www.nrsite.com #SpySweeperCASS 127.0.0.1 www.oneandonlynetwork.com #SpySweeperCASS 127.0.0.1 www.onresponse.com #SpySweeperCASS 127.0.0.1 www.postmasterbannernet.com #SpySweeperCASS 127.0.0.1 www.qksrv.net #SpySweeperCASS 127.0.0.1 www.speedyclick.com #SpySweeperCASS 127.0.0.1 www.targetshop.com #SpySweeperCASS 127.0.0.1 www.teknosurf2.com #SpySweeperCASS 127.0.0.1 www.teknosurf3.com #SpySweeperCASS 127.0.0.1 www.valueclick.com #SpySweeperCASS 127.0.0.1 www.webads.nl #SpySweeperCASS 127.0.0.1 www.websitefinancing.com #SpySweeperCASS 127.0.0.1 www10.valueclick.com #SpySweeperCASS 127.0.0.1 www15.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www2.burstnet.com #SpySweeperCASS 127.0.0.1 www2.newtopsites.com #SpySweeperCASS 127.0.0.1 www23.valueclick.com #SpySweeperCASS 127.0.0.1 www3.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www3.bannerspace.com #SpySweeperCASS 127.0.0.1 www3.pagecount.com #SpySweeperCASS 127.0.0.1 www4.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www4.trix.net #SpySweeperCASS 127.0.0.1 www6.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www75.valueclick.com #SpySweeperCASS 127.0.0.1 www8.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www80.valueclick.com #SpySweeperCASS 127.0.0.1 y.ibsys.com #SpySweeperCASS 127.0.0.1 z.extreme-dm.com #SpySweeperCASS 127.0.0.1 z0.extreme-dm.com #SpySweeperCASS 127.0.0.1 z1.adserver.com #SpySweeperCASS 127.0.0.1 z1.extreme-dm.com #SpySweeperCASS 127.0.0.1 zi.r.tv.com #SpySweeperCASS 127.0.0.1 zrap.zdnet.com.com #SpySweeperCASS 127.0.0.1 as.casalemedia.com #SpySweeperCASS
  4. old file:-# Copyright © 1993-1999 Microsoft Corp. # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # For example: # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost 127.0.0.1 1.httpdads.com #SpySweeperCASS 127.0.0.1 207-87-18-203.wsmg.digex.net #SpySweeperCASS 127.0.0.1 a.mktw.net #SpySweeperCASS 127.0.0.1 a.tribalfusion.com #SpySweeperCASS 127.0.0.1 a207.p.f.qz3.net #SpySweeperCASS 127.0.0.1 a3.suntimes.com #SpySweeperCASS 127.0.0.1 actionsplash.com #SpySweeperCASS 127.0.0.1 ad.abcnews.com #SpySweeperCASS 127.0.0.1 ad.adsmart.net #SpySweeperCASS 127.0.0.1 ad.adtraq.com #SpySweeperCASS 127.0.0.1 ad.atlas.cz #SpySweeperCASS 127.0.0.1 ad.au.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.be.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.blm.net #SpySweeperCASS 127.0.0.1 ad.ca.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.ch.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.de.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.dogpile.com #SpySweeperCASS 127.0.0.1 ad.doubleclick.com #SpySweeperCASS 127.0.0.1 ad.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.fr.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.harmony-central.com #SpySweeperCASS 127.0.0.1 ad.horvitznewspapers.net #SpySweeperCASS 127.0.0.1 ad.howstuffworks.com #SpySweeperCASS 127.0.0.1 ad.img.yahoo.co.kr #SpySweeperCASS 127.0.0.1 ad.infoseek.com #SpySweeperCASS 127.0.0.1 ad.iwin.com #SpySweeperCASS 127.0.0.1 ad.jp.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.kimo.com.tw #SpySweeperCASS 127.0.0.1 ad.linkexchange.com #SpySweeperCASS 127.0.0.1 ad.linksynergy.com #SpySweeperCASS 127.0.0.1 ad.moscowtimes.ru #SpySweeperCASS 127.0.0.1 ad.net-service.de #SpySweeperCASS 127.0.0.1 ad.nl.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.no.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.openfind.com.tw #SpySweeperCASS 127.0.0.1 ad.preferances.com #SpySweeperCASS 127.0.0.1 ad.preferences.com #SpySweeperCASS 127.0.0.1 ad.sales.olympics.com #SpySweeperCASS 127.0.0.1 ad.se.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.sg.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.sma.punto.net #SpySweeperCASS 127.0.0.1 ad.tomshardware.com #SpySweeperCASS 127.0.0.1 ad.trafficmp.com #SpySweeperCASS 127.0.0.1 ad.uk.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.usatoday.com #SpySweeperCASS 127.0.0.1 ad.vol.at #SpySweeperCASS 127.0.0.1 ad.washingtonpost.com #SpySweeperCASS 127.0.0.1 ad.webprovider.com #SpySweeperCASS 127.0.0.1 ad01.mediacorpsingapore.com #SpySweeperCASS 127.0.0.1 ad08.focalink.com #SpySweeperCASS 127.0.0.1 ad1.aaddzz.com #SpySweeperCASS 127.0.0.1 ad1.peel.comwww.xbn.ru #SpySweeperCASS 127.0.0.1 ad10.doubleclick.net #SpySweeperCASS 127.0.0.1 ad11.doubleclick.net #SpySweeperCASS 127.0.0.1 ad12.doubleclick.net #SpySweeperCASS 127.0.0.1 ad13.doubleclick.net #SpySweeperCASS 127.0.0.1 ad14.doubleclick.net #SpySweeperCASS 127.0.0.1 ad15.doubleclick.net #SpySweeperCASS 127.0.0.1 ad16.doubleclick.net #SpySweeperCASS 127.0.0.1 ad17.doubleclick.net #SpySweeperCASS 127.0.0.1 ad18.doubleclick.net #SpySweeperCASS 127.0.0.1 ad19.doubleclick.net #SpySweeperCASS 127.0.0.1 ad2.adcept.net #SpySweeperCASS 127.0.0.1 ad2.doubleclick.net #SpySweeperCASS 127.0.0.1 ad2.peel.com #SpySweeperCASS 127.0.0.1 ad20.doubleclick.net #SpySweeperCASS 127.0.0.1 ad3.doubleclick.net #SpySweeperCASS 127.0.0.1 ad3.peel.com #SpySweeperCASS 127.0.0.1 ad4.doubleclick.net #SpySweeperCASS 127.0.0.1 ad5.doubleclick.net #SpySweeperCASS 127.0.0.1 ad6.doubleclick.net #SpySweeperCASS 127.0.0.1 ad7.doubleclick.net #SpySweeperCASS 127.0.0.1 ad7.internetadserver.com #SpySweeperCASS 127.0.0.1 ad8.doubleclick.net #SpySweeperCASS 127.0.0.1 ad9.doubleclick.net #SpySweeperCASS 127.0.0.1 ad-adex3.flycast.com #SpySweeperCASS 127.0.0.1 adbanner.sweepsclub.com #SpySweeperCASS 127.0.0.1 adbot.com #SpySweeperCASS 127.0.0.1 adbureau.net #SpySweeperCASS 127.0.0.1 adcodes.bla-bla.com #SpySweeperCASS 127.0.0.1 adcontent.gamespy.com #SpySweeperCASS 127.0.0.1 adcontroller.unicast.com #SpySweeperCASS 127.0.0.1 adcount.hollywood.com #SpySweeperCASS 127.0.0.1 adcreative.tribuneinteractive.com #SpySweeperCASS 127.0.0.1 adcreatives.imaginemedia.com #SpySweeperCASS 127.0.0.1 add.yaho.com #SpySweeperCASS 127.0.0.1 adengine.theglobe.com #SpySweeperCASS 127.0.0.1 adex3.flycast.com #SpySweeperCASS 127.0.0.1 adfarm.mediaplex.com #SpySweeperCASS 127.0.0.1 adforce.ads.imgis.com #SpySweeperCASS 127.0.0.1 adforce.adtech.de #SpySweeperCASS 127.0.0.1 adforce.imgis.com #SpySweeperCASS 127.0.0.1 adfu.blockstackers.com #SpySweeperCASS 127.0.0.1 adi.mainichi.co.jp #SpySweeperCASS 127.0.0.1 adimage.asia1.com.sg #SpySweeperCASS 127.0.0.1 adimage.asiaone.com.sg #SpySweeperCASS 127.0.0.1 adimage.bankrate.com #SpySweeperCASS 127.0.0.1 adimage.blm.net #SpySweeperCASS 127.0.0.1 adimages.earthweb.com #SpySweeperCASS 127.0.0.1 adimages.go.com #SpySweeperCASS 127.0.0.1 adimg.com.com #SpySweeperCASS 127.0.0.1 adimg.egroups.com #SpySweeperCASS 127.0.0.1 adimg1.chosun.com #SpySweeperCASS 127.0.0.1 adlink.deh.de #SpySweeperCASS 127.0.0.1 adlog.com.com #SpySweeperCASS 127.0.0.1 adlui001.adlink.de #SpySweeperCASS 127.0.0.1 admedia.xoom.com #SpySweeperCASS 127.0.0.1 adng.ascii24.com #SpySweeperCASS 127.0.0.1 adpick.switchboard.com #SpySweeperCASS 127.0.0.1 adpop.theglobe.com #SpySweeperCASS 127.0.0.1 adpulse.ads.targetnet.com #SpySweeperCASS 127.0.0.1 adremote.pathfinder.com #SpySweeperCASS 127.0.0.1 ads*.focalink.com #SpySweeperCASS 127.0.0.1 ads.1for1.com #SpySweeperCASS 127.0.0.1 ads.adflight.com #SpySweeperCASS 127.0.0.1 ads.ad-flow.com #SpySweeperCASS 127.0.0.1 ads.admaximize.com #SpySweeperCASS 127.0.0.1 ads.admonitor.net #SpySweeperCASS 127.0.0.1 ads.adtegrity.net #SpySweeperCASS 127.0.0.1 ads.advance.net #SpySweeperCASS 127.0.0.1 ads.adviva.net #SpySweeperCASS 127.0.0.1 ads.amazingmedia.com #SpySweeperCASS 127.0.0.1 ads.as4x.tmcs.net #SpySweeperCASS 127.0.0.1 ads.astalavista.us #SpySweeperCASS 127.0.0.1 ads.belointeractive.com #SpySweeperCASS 127.0.0.1 ads.bfast.com #SpySweeperCASS 127.0.0.1 ads.bianca.com #SpySweeperCASS 127.0.0.1 ads.bigcitytools.com #SpySweeperCASS 127.0.0.1 ads.bitsonthewire.com #SpySweeperCASS 127.0.0.1 ads.bloomberg.com #SpySweeperCASS 127.0.0.1 ads.cashsurfers.com #SpySweeperCASS 127.0.0.1 ads.cbc.ca #SpySweeperCASS 127.0.0.1 ads.centralohio.com #SpySweeperCASS 127.0.0.1 ads.clearbluemedia.com #SpySweeperCASS 127.0.0.1 ads.clearchannel.com #SpySweeperCASS 127.0.0.1 ads.clickagents.com #SpySweeperCASS 127.0.0.1 ads.clickhouse.com #SpySweeperCASS 127.0.0.1 ads.colo.kiva.net #SpySweeperCASS 127.0.0.1 ads.columbian.com #SpySweeperCASS 127.0.0.1 ads.courierpostonline.com #SpySweeperCASS 127.0.0.1 ads.criticalmass.com #SpySweeperCASS 127.0.0.1 ads.csi.emcweb.com #SpySweeperCASS 127.0.0.1 ads.currantbun.com #SpySweeperCASS 127.0.0.1 ads.dai.net #SpySweeperCASS 127.0.0.1 ads.democratandchronicle.com #SpySweeperCASS 127.0.0.1 ads.desmoinesregister.com #SpySweeperCASS 127.0.0.1 ads.detelefoongids.nl #SpySweeperCASS 127.0.0.1 ads.developershed.com #SpySweeperCASS 127.0.0.1 ads.devx.com #SpySweeperCASS 127.0.0.1 ads.digitalmedianet.com #SpySweeperCASS 127.0.0.1 ads.discovery.com #SpySweeperCASS 127.0.0.1 ads.doubleclick.com #SpySweeperCASS 127.0.0.1 ads.doubleclick.net #SpySweeperCASS 127.0.0.1 ads.ecircles.com #SpySweeperCASS 127.0.0.1 ads.enliven.com #SpySweeperCASS 127.0.0.1 ads.erotism.com #SpySweeperCASS 127.0.0.1 ads.eu.msn.com #SpySweeperCASS 127.0.0.1 ads.exhedra.com #SpySweeperCASS 127.0.0.1 ads.fairfax.com.au #SpySweeperCASS 127.0.0.1 ads.filez.com #SpySweeperCASS 127.0.0.1 ads.floridatoday.com #SpySweeperCASS 127.0.0.1 ads.fool.com #SpySweeperCASS 127.0.0.1 ads.forbes.com #SpySweeperCASS 127.0.0.1 ads.forbes.net #SpySweeperCASS 127.0.0.1 ads.fortunecity.com #SpySweeperCASS 127.0.0.1 ads.fredericksburg.com #SpySweeperCASS 127.0.0.1 ads.freshmeat.net #SpySweeperCASS 127.0.0.1 ads.gameanswers.com #SpySweeperCASS 127.0.0.1 ads.gamespy.com #SpySweeperCASS 127.0.0.1 ads.globeandmail.com #SpySweeperCASS 127.0.0.1 ads.god.co.uk #SpySweeperCASS 127.0.0.1 ads.granadamedia.com #SpySweeperCASS 127.0.0.1 ads.greensboro.com #SpySweeperCASS 127.0.0.1 ads.guardian.co.uk #SpySweeperCASS 127.0.0.1 ads.guardianunlimited.co.uk #SpySweeperCASS 127.0.0.1 ads.hitcents.com #SpySweeperCASS 127.0.0.1 ads.hollywood.com #SpySweeperCASS 127.0.0.1 ads.hyperbanner.net #SpySweeperCASS 127.0.0.1 ads.i33.com #SpySweeperCASS 127.0.0.1 ads.iafrica.com #SpySweeperCASS 127.0.0.1 ads.iambic.com #SpySweeperCASS 127.0.0.1 ads.icq.com #SpySweeperCASS 127.0.0.1 ads.ign.com #SpySweeperCASS 127.0.0.1 ads.imagine-inc.com #SpySweeperCASS 127.0.0.1 ads.imdb.com #SpySweeperCASS 127.0.0.1 ads.infi.net #SpySweeperCASS 127.0.0.1 ads.infospace.com #SpySweeperCASS 127.0.0.1 ads.iwon.com #SpySweeperCASS 127.0.0.1 ads.jacksonsun.com #SpySweeperCASS 127.0.0.1 ads.jpost.com #SpySweeperCASS 127.0.0.1 ads.jwtt3.com #SpySweeperCASS 127.0.0.1 ads.link4ads.com #SpySweeperCASS 127.0.0.1 ads.list-universe.com #SpySweeperCASS 127.0.0.1 ads.live365.com #SpySweeperCASS 127.0.0.1 ads.lycos.com #SpySweeperCASS 127.0.0.1 ads.madison.com #SpySweeperCASS 127.0.0.1 ads.mcafee.com #SpySweeperCASS 127.0.0.1 ads.mdchoice.com #SpySweeperCASS 127.0.0.1 ads.mediadevil.com #SpySweeperCASS 127.0.0.1 ads.mediaodyssey.com #SpySweeperCASS 127.0.0.1 ads.mediaturf.net #SpySweeperCASS 127.0.0.1 ads.mh5.com #SpySweeperCASS 127.0.0.1 ads.mirrormedia.co.uk #SpySweeperCASS 127.0.0.1 ads.msn.com #SpySweeperCASS 127.0.0.1 ads.msn-ppe.com #SpySweeperCASS 127.0.0.1 ads.musiccity.com #SpySweeperCASS 127.0.0.1 ads.mysimon.com #SpySweeperCASS 127.0.0.1 ads.nandomedia.com #SpySweeperCASS 127.0.0.1 ads.narrowline.com #SpySweeperCASS 127.0.0.1 ads.nerve.com #SpySweeperCASS 127.0.0.1 ads.netmechanic.com #SpySweeperCASS 127.0.0.1 ads.newcity.com #SpySweeperCASS 127.0.0.1 ads.newcitynet.com #SpySweeperCASS 127.0.0.1 ads.newsdigital.net #SpySweeperCASS 127.0.0.1 ads.newsint.co.uk #SpySweeperCASS 127.0.0.1 ads.newsquest.co.uk #SpySweeperCASS 127.0.0.1 ads.newtimes.com #SpySweeperCASS 127.0.0.1 ads.ninemsn.com.au #SpySweeperCASS 127.0.0.1 ads.northjersey.com #SpySweeperCASS 127.0.0.1 ads.nwsource.com #SpySweeperCASS 127.0.0.1 ads.nyi.net #SpySweeperCASS 127.0.0.1 ads.nypost.com #SpySweeperCASS 127.0.0.1 ads.nytimes.com #SpySweeperCASS 127.0.0.1 ads.ole.com #SpySweeperCASS 127.0.0.1 ads.paxnet.co.kr #SpySweeperCASS 127.0.0.1 ads.paxnet.com #SpySweeperCASS 127.0.0.1 ads.peel.com #SpySweeperCASS 127.0.0.1 ads.pennyweb.com #SpySweeperCASS 127.0.0.1 ads.premiumnetwork.com #SpySweeperCASS 127.0.0.1 ads.realcities.com #SpySweeperCASS 127.0.0.1 ads.realmedia.com #SpySweeperCASS 127.0.0.1 ads.rottentomatoes.com #SpySweeperCASS 127.0.0.1 ads.scifi.com #SpySweeperCASS 127.0.0.1 ads.seattletimes.com #SpySweeperCASS 127.0.0.1 ads.smartclicks.com #SpySweeperCASS 127.0.0.1 ads.smartclicks.net #SpySweeperCASS 127.0.0.1 ads.snowball.com #SpySweeperCASS 127.0.0.1 ads.specificpop.com #SpySweeperCASS 127.0.0.1 ads.sptimes.com #SpySweeperCASS 127.0.0.1 ads.starnews.com #SpySweeperCASS 127.0.0.1 ads.statesmanjournal.com #SpySweeperCASS 127.0.0.1 ads.stileproject.com #SpySweeperCASS 127.0.0.1 ads.switchboard.com #SpySweeperCASS 127.0.0.1 ads.telegraph.co.uk #SpySweeperCASS 127.0.0.1 ads.themes.org #SpySweeperCASS 127.0.0.1 ads.theolympian.com #SpySweeperCASS 127.0.0.1 ads.thestar.com #SpySweeperCASS 127.0.0.1 ads.tmcs.net #SpySweeperCASS 127.0.0.1 ads.tripod.com #SpySweeperCASS 127.0.0.1 ads.tucows.com #SpySweeperCASS 127.0.0.1 ads.ugo.com #SpySweeperCASS 127.0.0.1 ads.usatoday.com #SpySweeperCASS 127.0.0.1 ads.viaarena.com #SpySweeperCASS 127.0.0.1 ads.videoaxs.com #SpySweeperCASS 127.0.0.1 ads.vnuemedia.com #SpySweeperCASS 127.0.0.1 ads.washingtonpost.com #SpySweeperCASS 127.0.0.1 ads.web.aol.com #SpySweeperCASS 127.0.0.1 ads.web.de #SpySweeperCASS 127.0.0.1 ads.web21.com #SpySweeperCASS 127.0.0.1 ads.webcash.nl #SpySweeperCASS 127.0.0.1 ads.wnd.com #SpySweeperCASS 127.0.0.1 ads.x10.com #SpySweeperCASS 127.0.0.1 ads.xtra.co.nz #SpySweeperCASS 127.0.0.1 ads.zdnet.com #SpySweeperCASS 127.0.0.1 ads01.focalink.com #SpySweeperCASS 127.0.0.1 ads02.focalink.com #SpySweeperCASS 127.0.0.1 ads03.focalink.com #SpySweeperCASS 127.0.0.1 ads-03.tor.focusin.ads.targetnet.com #SpySweeperCASS 127.0.0.1 ads04.focalink.com #SpySweeperCASS 127.0.0.1 ads05.focalink.com #SpySweeperCASS 127.0.0.1 ads06.focalink.com #SpySweeperCASS 127.0.0.1 ads08.focalink.com #SpySweeperCASS 127.0.0.1 ads09.focalink.com #SpySweeperCASS 127.0.0.1 ads1.activeagent.at #SpySweeperCASS 127.0.0.1 ads1.ad-flow.com #SpySweeperCASS 127.0.0.1 ads1.advance.net #SpySweeperCASS 127.0.0.1 ads1.condenet.com #SpySweeperCASS 127.0.0.1 ads1.intelliads.com #SpySweeperCASS 127.0.0.1 ads1.sptimes.com #SpySweeperCASS 127.0.0.1 ads10.focalink.com #SpySweeperCASS 127.0.0.1 ads11.focalink.com #SpySweeperCASS 127.0.0.1 ads12.focalink.com #SpySweeperCASS 127.0.0.1 ads13.focalink.com #SpySweeperCASS 127.0.0.1 ads14.focalink.com #SpySweeperCASS 127.0.0.1 ads15.focalink.com #SpySweeperCASS 127.0.0.1 ads16.focalink.com #SpySweeperCASS 127.0.0.1 ads17.focalink.com #SpySweeperCASS 127.0.0.1 ads18.bpath.com #SpySweeperCASS 127.0.0.1 ads18.focalink.com #SpySweeperCASS 127.0.0.1 ads19.focalink.com #SpySweeperCASS 127.0.0.1 ads2.advance.net #SpySweeperCASS 127.0.0.1 ads2.clearchannel.com #SpySweeperCASS 127.0.0.1 ads2.condenet.com #SpySweeperCASS 127.0.0.1 ads2.zdnet.com #SpySweeperCASS 127.0.0.1 ads20.focalink.com #SpySweeperCASS 127.0.0.1 ads21.focalink.com #SpySweeperCASS 127.0.0.1 ads22.focalink.com #SpySweeperCASS 127.0.0.1 ads23.focalink.com #SpySweeperCASS 127.0.0.1 ads24.focalink.com #SpySweeperCASS 127.0.0.1 ads25.focalink.com #SpySweeperCASS 127.0.0.1 ads3.advance.net #SpySweeperCASS 127.0.0.1 ads3.zdnet.com #SpySweeperCASS 127.0.0.1 ads4.advance.net #SpySweeperCASS 127.0.0.1 ads4.clearchannel.com #SpySweeperCASS 127.0.0.1 ads4.condenet.com #SpySweeperCASS 127.0.0.1 ads5.advance.net #SpySweeperCASS 127.0.0.1 ads5.canoe.ca #SpySweeperCASS 127.0.0.1 ads5.gamecity.net #SpySweeperCASS 127.0.0.1 ads7.advance.net #SpySweeperCASS 127.0.0.1 ads7.udc.advance.net #SpySweeperCASS 127.0.0.1 ads-b.focalink.com #SpySweeperCASS 127.0.0.1 adserv.iafrica.com #SpySweeperCASS 127.0.0.1 adserv.internetfuel.com #SpySweeperCASS 127.0.0.1 adserv.newcentury.net #SpySweeperCASS 127.0.0.1 adserv.quality-channel.de #SpySweeperCASS 127.0.0.1 adservant.guj.de #SpySweeperCASS 127.0.0.1 adservant.mediapoint.de #SpySweeperCASS 127.0.0.1 adserver.ads360.com #SpySweeperCASS 127.0.0.1 adserver.anm.co.uk #SpySweeperCASS 127.0.0.1 adserver.bizland-inc.net #SpySweeperCASS 127.0.0.1 adserver.colleges.com #SpySweeperCASS 127.0.0.1 adserver.dbusiness.com #SpySweeperCASS 127.0.0.1 adserver.digitalpartners.com #SpySweeperCASS 127.0.0.1 adserver.garden.com #SpySweeperCASS 127.0.0.1 adserver.hispavista.com #SpySweeperCASS 127.0.0.1 adserver.ign.com #SpySweeperCASS 127.0.0.1 adserver.janes.com #SpySweeperCASS 127.0.0.1 adserver.matchcraft.com #SpySweeperCASS 127.0.0.1 adserver.merc.com #SpySweeperCASS 127.0.0.1 adserver.monster.com #SpySweeperCASS 127.0.0.1 adserver.netcast.nl #SpySweeperCASS 127.0.0.1 adserver.news.com.au #SpySweeperCASS 127.0.0.1 adserver.nydailynews.com #SpySweeperCASS 127.0.0.1 adserver.phillyburbs.com #SpySweeperCASS 127.0.0.1 adserver.pollstar.com #SpySweeperCASS 127.0.0.1 adserver.securityfocus.com #SpySweeperCASS 127.0.0.1 adserver.snowball.com #SpySweeperCASS 127.0.0.1 adserver.track-star.com #SpySweeperCASS 127.0.0.1 adserver.trb.com #SpySweeperCASS 127.0.0.1 adserver.tribuneinteractive.com #SpySweeperCASS 127.0.0.1 adserver.ugo.com #SpySweeperCASS 127.0.0.1 adserver.ukplus.co.uk #SpySweeperCASS 127.0.0.1 adserver.webads.com #SpySweeperCASS 127.0.0.1 adserver.webads.nl #SpySweeperCASS 127.0.0.1 adserver1.ogilvy-interactive.de #SpySweeperCASS 127.0.0.1 adserver1.realtracker.com #SpySweeperCASS 127.0.0.1 adserver2.realtracker.com #SpySweeperCASS 127.0.0.1 adserver3.realtracker.com #SpySweeperCASS 127.0.0.1 adserver-espnet.sportszone.com #SpySweeperCASS 127.0.0.1 adsrv.bankrate.com #SpySweeperCASS 127.0.0.1 adsrv.iol.co.za #SpySweeperCASS 127.0.0.1 adsrv2.gainesvillesun.com #SpySweeperCASS 127.0.0.1 adtegrity.spinbox.net #SpySweeperCASS 127.0.0.1 adtegrity.thruport.com #SpySweeperCASS 127.0.0.1 adthru.com #SpySweeperCASS 127.0.0.1 ad-up.com #SpySweeperCASS 127.0.0.1 adverity.adverity.com #SpySweeperCASS 127.0.0.1 advert.bayarea.com #SpySweeperCASS 127.0.0.1 advert.heise.de #SpySweeperCASS 127.0.0.1 affiliate.doteasy.com #SpySweeperCASS 127.0.0.1 akaads-abc.starwave.com #SpySweeperCASS 127.0.0.1 altfarm.mediaplex.com #SpySweeperCASS 127.0.0.1 amch.questionmarket.com #SpySweeperCASS 127.0.0.1 amedia.techies.com #SpySweeperCASS 127.0.0.1 antfarm-ad.flycast.com #SpySweeperCASS 127.0.0.1 ar.atwola.com #SpySweeperCASS 127.0.0.1 arc1.msn.com #SpySweeperCASS 127.0.0.1 arc2.msn.com #SpySweeperCASS 127.0.0.1 arc3.msn.com #SpySweeperCASS 127.0.0.1 arc4.msn.com #SpySweeperCASS 127.0.0.1 arc5.msn.com #SpySweeperCASS 127.0.0.1 askmen.thruport.com #SpySweeperCASS 127.0.0.1 au.ads.link4ads.com #SpySweeperCASS 127.0.0.1 banner.adlink.de #SpySweeperCASS 127.0.0.1 banner.coza.com #SpySweeperCASS 127.0.0.1 banner.easyspace.com #SpySweeperCASS 127.0.0.1 banner.linkexchange.com #SpySweeperCASS 127.0.0.1 banner.media-system.de #SpySweeperCASS 127.0.0.1 banner.northsky.com #SpySweeperCASS 127.0.0.1 banner.orb.net #SpySweeperCASS 127.0.0.1 banner.relcom.ru #SpySweeperCASS 127.0.0.1 banner.rootsweb.com #SpySweeperCASS 127.0.0.1 banner1.adlink.de #SpySweeperCASS 127.0.0.1 bannerads.anytimenews.com #SpySweeperCASS 127.0.0.1 banners.adultfriendfinder.com #SpySweeperCASS 127.0.0.1 banners.affiliatefuel.com #SpySweeperCASS 127.0.0.1 banners.babylon-x.com #SpySweeperCASS 127.0.0.1 banners.chek.com #SpySweeperCASS 127.0.0.1 banners.easydns.com #SpySweeperCASS 127.0.0.1 banners.friendfinder.com #SpySweeperCASS 127.0.0.1 banners.internetextra.com #SpySweeperCASS 127.0.0.1 banners.looksmart.com #SpySweeperCASS 127.0.0.1 banners.moviegoods.com #SpySweeperCASS 127.0.0.1 banners.nextcard.com #SpySweeperCASS 127.0.0.1 banners.revenuelink.com #SpySweeperCASS 127.0.0.1 banners.valuead.com #SpySweeperCASS 127.0.0.1 banners.wunderground.com #SpySweeperCASS 127.0.0.1 bannerswap.com #SpySweeperCASS 127.0.0.1 barnesandnoble.bfast.com #SpySweeperCASS 127.0.0.1 beseenad.looksmart.com #SpySweeperCASS 127.0.0.1 bidclix.net #SpySweeperCASS 127.0.0.1 bizad.nikkeibp.co.jp #SpySweeperCASS 127.0.0.1 bn.bfast.com #SpySweeperCASS 127.0.0.1 c1.zedo.com #SpySweeperCASS 127.0.0.1 c3.xxxcounter.com #SpySweeperCASS 127.0.0.1 ca.fp.sandpiper.net #SpySweeperCASS 127.0.0.1 califia.imaginemedia.com #SpySweeperCASS 127.0.0.1 campaigns.f2.com.au #SpySweeperCASS 127.0.0.1 cb.icq.com #SpySweeperCASS 127.0.0.1 cds.mediaplex.com #SpySweeperCASS 127.0.0.1 cf.icq.com #SpySweeperCASS 127.0.0.1 cgi.declicnet.com #SpySweeperCASS 127.0.0.1 classic.adlink.de #SpySweeperCASS 127.0.0.1 click.adlink.de #SpySweeperCASS 127.0.0.1 click.avenuea.com #SpySweeperCASS 127.0.0.1 click.go2net.com #SpySweeperCASS 127.0.0.1 click.linksynergy.com #SpySweeperCASS 127.0.0.1 click.mp3.com #SpySweeperCASS 127.0.0.1 clickit.go2net.com #SpySweeperCASS 127.0.0.1 clickserve.cc-dt.com #SpySweeperCASS 127.0.0.1 commonwealth.riddler.com #SpySweeperCASS 127.0.0.1 comtrack.comclick.com #SpySweeperCASS 127.0.0.1 connect.247media.ads.link4ads.com #SpySweeperCASS 127.0.0.1 cookies.cmpnet.com #SpySweeperCASS 127.0.0.1 coreg.flashtrack.net #SpySweeperCASS 127.0.0.1 cornflakes.pathfinder.com #SpySweeperCASS 127.0.0.1 counter.hitbox.com #SpySweeperCASS 127.0.0.1 creative.whi.co.nz #SpySweeperCASS 127.0.0.1 crux.songline.com #SpySweeperCASS 127.0.0.1 delivery1.ads.telegraaf.nl #SpySweeperCASS 127.0.0.1 desktop.kazaa.com #SpySweeperCASS 127.0.0.1 di.image.eshop.msn.com #SpySweeperCASS 127.0.0.1 dino.mainz.ibm.de #SpySweeperCASS 127.0.0.1 direct.adlink.de #SpySweeperCASS 127.0.0.1 doubleclick.net #SpySweeperCASS 127.0.0.1 ds.eyeblaster.com #SpySweeperCASS 127.0.0.1 ehg-bestbuy.hitbox.com #SpySweeperCASS 127.0.0.1 ehg-dig.hitbox.com #SpySweeperCASS 127.0.0.1 ehg-espn.hitbox.com #SpySweeperCASS 127.0.0.1 ehg-intel.hitbox.com #SpySweeperCASS 127.0.0.1 ehg-macromedia.hitbox.com #SpySweeperCASS 127.0.0.1 engage.speedera.net #SpySweeperCASS 127.0.0.1 erie.smartage.com #SpySweeperCASS 127.0.0.1 etad.telegraph.co.uk #SpySweeperCASS 127.0.0.1 eur.yimg.com #SpySweeperCASS 127.0.0.1 fl01.ct2.comclick.com #SpySweeperCASS 127.0.0.1 focusin.ads.targetnet.com #SpySweeperCASS 127.0.0.1 fp.valueclick.com #SpySweeperCASS 127.0.0.1 ftp.nacorp.com #SpySweeperCASS 127.0.0.1 gadgeteer.pdamart.com #SpySweeperCASS 127.0.0.1 ganges.imagine-inc.com #SpySweeperCASS 127.0.0.1 garden.ngadcenter.net #SpySweeperCASS 127.0.0.1 geoads.osdn.com #SpySweeperCASS 127.0.0.1 global.msads.net #SpySweeperCASS 127.0.0.1 globaltrack.com #SpySweeperCASS 127.0.0.1 globaltrak.net #SpySweeperCASS 127.0.0.1 gm.preferences.com #SpySweeperCASS 127.0.0.1 gp.dejanews.com #SpySweeperCASS 127.0.0.1 hg1.hitbox.com #SpySweeperCASS 127.0.0.1 holland.hyperbanner.net #SpySweeperCASS 127.0.0.1 hurricane.adlink.de #SpySweeperCASS 127.0.0.1 i.timeinc.net #SpySweeperCASS 127.0.0.1 icover.realmedia.com #SpySweeperCASS 127.0.0.1 ieee-images.adbureau.net #SpySweeperCASS 127.0.0.1 im.800.com #SpySweeperCASS 127.0.0.1 image.click2net.com #SpySweeperCASS 127.0.0.1 image.eimg.com #SpySweeperCASS 127.0.0.1 image.imgfarm.com #SpySweeperCASS 127.0.0.1 images.ads.fairfax.com.au #SpySweeperCASS 127.0.0.1 images.bizrate.com #SpySweeperCASS 127.0.0.1 images.cybereps.com #SpySweeperCASS 127.0.0.1 images.fastclick.net #SpySweeperCASS 127.0.0.1 images.newsx.cc #SpySweeperCASS 127.0.0.1 images.scripps.com #SpySweeperCASS 127.0.0.1 images.trafficmp.com #SpySweeperCASS 127.0.0.1 images.webads.nl #SpySweeperCASS 127.0.0.1 images2.nytimes.com #SpySweeperCASS 127.0.0.1 imageserv.adtech.de #SpySweeperCASS 127.0.0.1 img.cmpnet.com #SpySweeperCASS 127.0.0.1 information.gopher.com #SpySweeperCASS 127.0.0.1 iv.doubleclick.net #SpySweeperCASS 127.0.0.1 java.yahoo.com #SpySweeperCASS 127.0.0.1 jobkeys.ngadcenter.net #SpySweeperCASS 127.0.0.1 js1.hitbox.com #SpySweeperCASS 127.0.0.1 k5ads.osdn.com #SpySweeperCASS 127.0.0.1 kansas.valueclick.com #SpySweeperCASS 127.0.0.1 kaplanindex.com #SpySweeperCASS 127.0.0.1 kr-adimage.lycos.co.kr #SpySweeperCASS 127.0.0.1 krd.realcities.com #SpySweeperCASS 127.0.0.1 leader.linkexchange.com #SpySweeperCASS 127.0.0.1 liquidad.narrowcastmedia.com #SpySweeperCASS 127.0.0.1 ln.doubleclick.net #SpySweeperCASS 127.0.0.1 m.doubleclick.net #SpySweeperCASS 127.0.0.1 m.tribalfusion.com #SpySweeperCASS 127.0.0.1 m2.doubleclick.net #SpySweeperCASS 127.0.0.1 macaddictads.snv.futurenet.com #SpySweeperCASS 127.0.0.1 marketing.nyi.net #SpySweeperCASS 127.0.0.1 maximumpcads.imaginemedia.com #SpySweeperCASS 127.0.0.1 mds.centrport.net #SpySweeperCASS 127.0.0.1 media.fastclick.net #SpySweeperCASS 127.0.0.1 media.popuptraffic.com #SpySweeperCASS 127.0.0.1 media.preferences.com #SpySweeperCASS 127.0.0.1 media13.fastclick.net #SpySweeperCASS 127.0.0.1 media15.fastclick.net #SpySweeperCASS 127.0.0.1 media17.fastclick.net #SpySweeperCASS 127.0.0.1 media19.fastclick.net #SpySweeperCASS 127.0.0.1 mediamgr.ugo.com #SpySweeperCASS 127.0.0.1 mercury.rmuk.co.uk #SpySweeperCASS 127.0.0.1 mjxads.internet.com #SpySweeperCASS 127.0.0.1 mojofarm.mediaplex.com #SpySweeperCASS 127.0.0.1 mojofarm.sjc.mediaplex.com #SpySweeperCASS 127.0.0.1 mt37.mtree.com #SpySweeperCASS 127.0.0.1 nbc.adbureau.net #SpySweeperCASS 127.0.0.1 neighborhood.standard.net #SpySweeperCASS 127.0.0.1 netcomm.spinbox.net #SpySweeperCASS 127.0.0.1 netshelter.adtrix.com #SpySweeperCASS 127.0.0.1 newads.cmpnet.com #SpySweeperCASS 127.0.0.1 ng3.ads.warnerbros.com #SpySweeperCASS 127.0.0.1 ngads.smartage.com #SpySweeperCASS 127.0.0.1 nrsite.com #SpySweeperCASS 127.0.0.1 nsads.hotwired.com #SpySweeperCASS 127.0.0.1 ntbanner.digitalriver.com #SpySweeperCASS 127.0.0.1 oas.dispatch.com #SpySweeperCASS 127.0.0.1 oas.lee.net #SpySweeperCASS 127.0.0.1 oas.mmd.ch #SpySweeperCASS 127.0.0.1 oas.uniontrib.com #SpySweeperCASS 127.0.0.1 oas.villagevoice.com #SpySweeperCASS 127.0.0.1 oasads.whitepages.com #SpySweeperCASS 127.0.0.1 ogilvy.ngadcenter.net #SpySweeperCASS 127.0.0.1 oz.valueclick.com #SpySweeperCASS 127.0.0.1 ph-ad05.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad06.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad07.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad16.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad17.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad18.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad19.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad21.focalink.com #SpySweeperCASS 127.0.0.1 phoenix-adrunner.mycomputer.com #SpySweeperCASS 127.0.0.1 phpads2.cnpapers.com #SpySweeperCASS 127.0.0.1 pluto1.iserver.net #SpySweeperCASS 127.0.0.1 primetime.ad.asap-asp.net #SpySweeperCASS 127.0.0.1 pub-g.ifrance.com #SpySweeperCASS 127.0.0.1 pubs.mgn.net #SpySweeperCASS 127.0.0.1 q.pni.com #SpySweeperCASS 127.0.0.1 rad.msn.com #SpySweeperCASS 127.0.0.1 rd1.hitbox.com #SpySweeperCASS 127.0.0.1 realads.realmedia.com #SpySweeperCASS 127.0.0.1 realmedia-a800.d4p.net #SpySweeperCASS 127.0.0.1 redherring.ngadcenter.net #SpySweeperCASS 127.0.0.1 redirect.click2net.com #SpySweeperCASS 127.0.0.1 regio.adlink.de #SpySweeperCASS 127.0.0.1 reply.mediatris.net #SpySweeperCASS 127.0.0.1 responsemedia-ad.flycast.com #SpySweeperCASS
  5. Yes that was the scan. OK. Thats done. Now what?? new file:-# Copyright © 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # 127.0.0.1 localhost
  6. just saw your reply am getting hoster now... P.S. your no fun!!! Think of what you could do with my pc by remote....
  7. Was just about to do a new scan with the prog we placed in c:\bases, But recieved a popup from windows antispyware saying:- AN INTERNET SECURITY ZONE CHANGE REQUIRES YOUR APPROVAL. Microsoft Antispyware has detected a change to your Internet security Zone "Internet".This zone contains all web sites you haven't placed in other zones. Warning:This change sets your zone below the minimum security level. Security settings should not be changed without.....sorry didn't get the rest but blocked it and said reset it in the next popup that appeared. Stopped messing with more scans now until I hear from you..ooops..
  8. ok. did that 3 times till showed nothing then rebooted pc. On start up ms antispyware said it allowed new host. as.casalemedia.com pointing to ip address edia.com 127.0.0.1 to be added to host file. didn't like that so ran it again 3 times till showed nothing again. then rebooted and did ewido scan, results below,and trend micro on line scan which acted funny,started scan and said was complete after 2 mins but didn't show results. I did nothing then it seemed to start scan again this time took 8 mins and said my pc was clean in results. but if you moved the pointer over top of browser there was a hourglass by the side of pointer.(firefox browser). Pc seems to work fine but I'm still not sure its clean because of tm.scan..What do you think?? pointer doesn't scroll across the screen often enough to say if thats fixed. what causes it to do that anyway?..while writing this noticed there was a line stuck where pointer was, even tho I moved pointer, until I scrolled the page up and back down. Don't know if that means anything. Think I AM GETTING PARANOID NOW!!!!! HELP have we cleaned it or not??? bet if I run that regseeker again it would find more to fix... :crash: :crash: :crash: Edit:-oops can't find ewido scan log. sorry. but it found 14 spyware cookies. you sure you won't use remote to check this pc??? Edit:-found it!! -------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 21:43:46, 27/12/2005 + Report-Checksum: 23BB4B5 + Scan result: :mozilla.9:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.20:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.21:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.22:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.23:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.24:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.30:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.31:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.33:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup :mozilla.37:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.38:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup :mozilla.41:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.42:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.7:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookiesnew.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup ::Report End
  9. Sorry jacee couldn't find them in the log to copy and paste so here is the options it scanned under and also what was in the virus log information that showed up in the scanner engine that I had to manually copy. Think its what we want anyway.... Sun Dec 25 21:16:13 2005 => Options Selected by User: Sun Dec 25 21:16:13 2005 => Memory Check: Enabled Sun Dec 25 21:16:13 2005 => Registry Check: Enabled Sun Dec 25 21:16:13 2005 => StartUp Folder Check: Enabled Sun Dec 25 21:16:13 2005 => System Folder Check: Enabled Sun Dec 25 21:16:13 2005 => System Area Check: Disabled Sun Dec 25 21:16:13 2005 => Services Check: Enabled Sun Dec 25 21:16:13 2005 => Drive Check: Disabled Sun Dec 25 21:16:13 2005 => All Drive Check :Enabled Sun Dec 25 21:16:13 2005 => Folder Check: Disable Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\Program Files\CA\SharedComponents\ScanEngine\arclib.dll".Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "blank".Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\faxctr.exe" refers to invalid object "blank".Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "blank".Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\zoom.Exe" refers to invalid object "blank".Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cfg".Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xyz".Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{99747F0D-D4F8-4877-9CA0-4AE96D963633}".Action Taken: No Action Taken. Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "D:\PROGRAM\32\mci32.ocx".Action Taken: No Action Taken. (Jacee not sure if CLSID or CLSlD) Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "D:\PROGRAM\32\mci32.ocx".Action Taken: No Action Taken. (Jacee not sure if CLSID or CLSlD) Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx".Action Taken: No Action Taken. (Jacee not sure if CLSID or CLSlD) Entry "HKCR\TypeLib\{A4CA8810-6E46-36FF-A048-B7FD5647A2F8}" refers to invalid object "Path".Action Taken: No Action Taken. Entry "HKCR\TypeLib\{C1A8AF28-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx".Action Taken: No Action Taken. Entry "HKCR\TypeLib\{CF34D2A7-C8C6-4B4E-8752-F63C2BDF1CF0}" refers to invalid object "blank".Action Taken: No Action Taken. Entry "HKCR\bwpfile\shell\open\command" refers to invalid object "C:\Program Files\F-Secure Internet Security\backweb\4476822\6.3.2.123-4476822L\Program\PrvCnt.exe"%1"".Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}".Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}".Action Taken: No Action Taken. Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "blank"Action Taken: No Action Taken. Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "blank"Action Taken: No Action Taken. Entry "HKCR\ppifile\shell\open\command" refers to invalid object "blank"Action Taken: No Action Taken. Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}"Action Taken: No Action Taken. Entry "HKCR\ZAMailSafe\shell\open\command" refers to invalid object "blank"Action Taken: No Action Taken. Well thats all of it.Don't think there's any typing errors. Hope you've had a nice day, AND this is what your looking for.. Terry.
  10. I can't make a folder called c:\bases. says a file name cannot contain : or \ ... Do I just call it bases??
  11. here's the new hjt log. Logfile of HijackThis v1.99.1 Scan saved at 00:18:45, on 25/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Documents and Settings\GA\Desktop\folding\FAH504-Console.exe C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE C:\WINDOWS\System32\snmp.exe C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Documents and Settings\GA\Desktop\folding\FahCore_78.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\DSLMON.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\GA\Desktop\hjt\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [PCEyeLic] C:\Program Files\PCEye2000\pceye2000.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: DSLMON.lnk = C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\DSLMON.exe O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134952283562 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134955094437 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: [email protected]:+Documents and Settings+GA+Desktop+folding+FAH504-Console.exe - Stanford University - C:\Documents and Settings\GA\Desktop\folding\FAH504-Console.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe p.s. glad its making someone else nuts too and I'm not paranoid and that there is something definetly on my pc altering things. Just to cheer you up do you want me to start a new thread for my other pc too?? Think I'll call it JUST for the woman in red...lol...:-)
  12. not good news I'm afraid. it showed no infections and wouldn't let me view results log said this is only available to subscribers. when I looked to see what sheilds were active there was a red cross against 3. IE tracking cookies sheild, Common Ad sites shield, and spy communications shield. pceye2000 was a prog. that came already installed on this pc. will post a new hjt log in a minute anyway. MERRY CHRISTMAS..already christmas day here..
  13. just curious jacee but have you figured out what's infected my pc?? Going to start it folding again. Have a nice Christmas. terry.
  14. -------------------------------------------------- Enumerating Windows NT/2000/XP services abp480n5: system32\DRIVERS\ABP480N5.SYS (system) Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system) General Purpose USB Driver (adildr.sys): System32\Drivers\adildr.sys (autostart) USB ADSL WAN Adapter: system32\DRIVERS\adiusbaw.sys (manual start) adpu160m: system32\DRIVERS\adpu160m.sys (system) Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start) AFD: \SystemRoot\System32\drivers\afd.sys (system) Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system) Compaq AGP Bus Filter: system32\DRIVERS\agpCPQ.sys (system) Aha154x: system32\DRIVERS\aha154x.sys (system) aic78u2: system32\DRIVERS\aic78u2.sys (system) aic78xx: system32\DRIVERS\aic78xx.sys (system) Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start) Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start) AliIde: system32\DRIVERS\aliide.sys (system) ALI AGP Bus Filter: system32\DRIVERS\alim1541.sys (system) AMD AGP Bus Filter Driver: system32\DRIVERS\amdagp.sys (system) amsint: system32\DRIVERS\amsint.sys (system) Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) asc: system32\DRIVERS\asc.sys (system) asc3350p: system32\DRIVERS\asc3350p.sys (system) asc3550: system32\DRIVERS\asc3550.sys (system) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start) RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start) Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system) Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (disabled) ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (disabled) ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start) ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start) F-Secure 2006: C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE (autostart) Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) cbidf: system32\DRIVERS\cbidf2k.sys (system) cd20xrnt: system32\DRIVERS\cd20xrnt.sys (system) CD-ROM Driver: system32\DRIVERS\cdrom.sys (system) Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start) ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled) .NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start) CmdIde: system32\DRIVERS\cmdide.sys (system) COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Cpqarray: system32\DRIVERS\cpqarray.sys (system) Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) dac2w2k: system32\DRIVERS\dac2w2k.sys (system) dac960nt: system32\DRIVERS\dac960nt.sys (system) DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Disk Driver: system32\DRIVERS\disk.sys (system) Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start) DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) dpti2o: system32\DRIVERS\dpti2o.sys (system) Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start) 3Com EtherLink XL 90XB/C Adapter Driver: system32\DRIVERS\el90xbc5.sys (manual start) Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Event Log: %SystemRoot%\system32\services.exe (autostart) COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start) ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart) ewido security suite driver: \??\C:\Program Files\ewido anti-malware\guard.sys (system) ewido security suite guard: C:\Program Files\ewido anti-malware\ewidoguard.exe (autostart) F-Secure File System Filter: \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys (autostart) F-Secure Gatekeeper: \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys (autostart) FSGKHS: "C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe" (autostart) F-Secure File System Recognizer: \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys (autostart) Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start) Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) fsbwsys: "C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe" (autostart) F-Secure Anti-Virus Firewall Daemon: "C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe" (manual start) F-Secure Firewall Driver: System32\drivers\fsdfw.sys (system) FSMA: "C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE" (autostart) Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system) Game Port Enumerator: system32\DRIVERS\gameenum.sys (manual start) GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start) Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start) Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start) hpn: system32\DRIVERS\hpn.sys (system) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) i2omp: system32\DRIVERS\i2omp.sys (system) i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system) CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system) IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start) ini910u: system32\DRIVERS\ini910u.sys (system) IntelIde: system32\DRIVERS\intelide.sys (system) IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start) IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start) IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start) IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start) iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start) IPSEC driver: system32\DRIVERS\ipsec.sys (system) IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start) PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system) Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system) Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start) Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (disabled) TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) lxby_device: C:\WINDOWS\system32\lxbycoms.exe -service (disabled) Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start) Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start) Mouse Class Driver: system32\DRIVERS\mouclass.sys (system) mraid35x: system32\DRIVERS\mraid35x.sys (system) WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start) MRXSMB: system32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start) Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start) Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start) Mtlmnt5: system32\DRIVERS\Mtlmnt5.sys (manual start) Mtlstrm: system32\DRIVERS\Mtlstrm.sys (manual start) Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start) NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start) Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start) NetBIOS Interface: system32\DRIVERS\netbios.sys (system) NetBios over Tcpip: system32\DRIVERS\netbt.sys (system) Network DDE: %SystemRoot%\system32\netdde.exe (disabled) Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled) Net Logon: %SystemRoot%\system32\lsass.exe (manual start) Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start) Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) nv: system32\DRIVERS\nv4_mini.sys (manual start) IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start) IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start) Parallel port driver: system32\DRIVERS\parport.sys (manual start) PCI Bus Driver: system32\DRIVERS\pci.sys (system) PCIIde: system32\DRIVERS\pciide.sys (system) perc2: system32\DRIVERS\perc2.sys (system) perc2hib: system32\DRIVERS\perc2hib.sys (system) Plug and Play: %SystemRoot%\system32\services.exe (autostart) IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart) WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start) Processor Driver: system32\DRIVERS\processr.sys (system) Protected Storage: %SystemRoot%\system32\lsass.exe (autostart) QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start) Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start) ql1080: system32\DRIVERS\ql1080.sys (system) Ql10wnt: system32\DRIVERS\ql10wnt.sys (system) ql12160: system32\DRIVERS\ql12160.sys (system) ql1240: system32\DRIVERS\ql1240.sys (system) ql1280: system32\DRIVERS\ql1280.sys (system) Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system) Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start) Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start) Direct Parallel: system32\DRIVERS\raspti.sys (manual start) Rdbss: system32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start) Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start) RecAgent: system32\DRIVERS\RecAgent.sys (system) Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system) Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver: system32\DRIVERS\Rtlnic51.sys (manual start) Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver: system32\DRIVERS\RTL8139.SYS (manual start) Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart) Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start) Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: system32\DRIVERS\secdrv.sys (manual start) Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start) Serial port driver: system32\DRIVERS\serial.sys (system) Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) ATI-437A Serial ATA Controller: system32\DRIVERS\SI3112r.sys (system) SATALink driver accelerator: system32\DRIVERS\SiWinAcc.sys (system) SIS AGP Bus Filter: system32\DRIVERS\sisagp.sys (system) SmartLink AMR_PCI Driver: system32\DRIVERS\slntamr.sys (manual start) SlNtHal: system32\DRIVERS\Slnthal.sys (manual start) SmartLinkService: slserv.exe (disabled) SlWdmSup: system32\DRIVERS\SlWdmSup.sys (manual start) SNMP Service: %SystemRoot%\System32\snmp.exe (autostart) SNMP Trap Service: %SystemRoot%\System32\snmptrap.exe (manual start) Sparrow: system32\DRIVERS\sparrow.sys (system) Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start) Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart) System Restore Filter Driver: system32\DRIVERS\sr.sys (system) System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Srv: system32\DRIVERS\srv.sys (manual start) SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) Software Bus Driver: system32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{FC78F291-6BA7-4551-B2E7-9DA8ED16E133} (manual start) symc810: system32\DRIVERS\symc810.sys (system) symc8xx: system32\DRIVERS\symc8xx.sys (system) sym_hi: system32\DRIVERS\sym_hi.sys (system) sym_u3: system32\DRIVERS\sym_u3.sys (system) Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start) Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start) Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system) Terminal Device Driver: system32\DRIVERS\termdd.sys (system) Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TosIde: system32\DRIVERS\toside.sys (system) Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) ultra: system32\DRIVERS\ultra.sys (system) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart) Microcode Update Driver: system32\DRIVERS\update.sys (manual start) Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start) Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start) Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start) Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start) Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start) USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start) USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start) Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start) VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system) VIA AGP Bus Filter: system32\DRIVERS\viaagp.sys (system) ViaIde: system32\DRIVERS\viaide.sys (system) vsdatant: System32\vsdatant.sys (manual start) Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start) Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start) Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Windows Media Connect Service: C:\Program Files\Windows Media Connect 2\wmccds.exe (manual start) Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start) Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled) Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 37,916 bytes Report generated in 0.094 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
  15. ok checked both boxes. Night jacee. HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registry Editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -------------------------------------------------- Enumerating Task Scheduler jobs: Scheduled scanning task.job -------------------------------------------------- Enumerating Download Program Files: [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [ewidoOnlineScan Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL CODEBASE = http://download.ewido.net/ewidoOnlineScan.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\system32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsupdate/...b?1134952283562 [MUWebControl Class] InProcServer32 = C:\WINDOWS\system32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdat...b?1134955094437 [Housecall ActiveX 6.5] InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll CODEBASE = http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab [WScanCtl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\webscan.dll CODEBASE = http://www3.ca.com/securityadvisor/virusinfo/webscan.cab [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...8704.7519675926 [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [Java Plug-in 1.5.0_06] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll --------------------------------------------------
  16. by the side of generate start up list log there are 2 tick boxes 1 for list also minor sections(full) and 1 for list empty sections(complete) do you want me to tick any of them??
  17. sorry never saw your reply. do it now before i go to bed.
  18. night Jacee. look in again tomorrow.
  19. HI Jacee, beginning to dream about women in red... well here's what you asked for:- --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 01:01:42, 23/12/2005 + Report-Checksum: 713BAC47 + Scan result: :mozilla.6:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.7:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.14:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.15:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.21:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.23:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup ::Report End Logfile of HijackThis v1.99.1 Scan saved at 01:04:54, on 23/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\DSLMON.exe C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ntvdm.exe C:\Documents and Settings\GA\Desktop\hjt\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [PCEyeLic] C:\Program Files\PCEye2000\pceye2000.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: DSLMON.lnk = C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\DSLMON.exe O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134952283562 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134955094437 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8DDEAB8D-8E03-4CA3-B2DE-AACB7ABFC65D}: NameServer = 213.40.130.126 213.40.130.33 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe not sure if this helps but I counted 50 running processes in windows task manager. hope you find it this time. good luck. Terry.
  20. sorry jacee I've been having probs. Lost about half a dozen icons from my desktop for some reason and blacklite was one of them and couldn't find them on my pc. IE wouldn't let me down load it again. Finally downloaded firefox and F-Secure 2006 then I could download blacklight, but same prob wouldn't run so ran xpfix and f-secure said it found broadcastpc data miner when xpfix was running so tried to quarantine it but it came up with an error saying "scan ended unexpectedly. there was an error reading an item". And blacklight still didn't run. :crash: :crash: Don't even think IE is IE anymore if that makes sense.. what ever is on my pc it doesn't show up on any scans..and I think it has made itself the administrator for my pc even tho I can change most things. Can't I just let you hijack my pc network and fix it for me??? PLEASE.... edit. p.s. just noticed on my windows updates that I should have downloaded 24 updates but when I go to add/remove programs they are not there. Hope that helps some how...you sure you won't kidnap my pc for me and fix it??? :-) P.P.S. now I have f-secure I've noticed that no matter what I do to my IE security settings they are always reset to low custom..and I know I have never set them below medium ever.
  21. I am sorry but it said scan was not completed due to an error. here is the log it made. 12/20/05 18:39:01 [info]: BlackLight Engine 1.0.30 initialized 12/20/05 18:39:01 [info]: OS: 5.1 build 2600 (Service Pack 2) 12/20/05 18:39:01 [Note]: 7019 4 12/20/05 18:39:01 [Note]: 7005 0 12/20/05 18:39:01 [Error]: 6001 0 12/20/05 18:39:11 [Note]: 7006 0 12/20/05 18:39:11 [Error]: 6005 0 12/20/05 18:39:11 [Error]: 6023 3 12/20/05 18:39:29 [Note]: 7006 0 12/20/05 18:39:29 [Error]: 6005 0 12/20/05 18:39:29 [Error]: 6023 3 Terry. p.s. yes that was all the silent runner scan. It might be short because I have not long ago done a complete new install. so not many progs on pc.
  22. Sorry didn't which scan to do so did both. "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "PCEyeLic" = "C:\Program Files\PCEye2000\pceye2000.exe" [" PCEye2000"] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string] "ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "RegistryMechanic" = "C:\Program Files\Registry Mechanic\RegMech.exe /QS" ["PC Tools Research Pty Ltd"] "gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS] "Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS] INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\GA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Startup items in "GA" & "All Users" startup folders: ---------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "DSLMON" -> shortcut to: "C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\DSLMON.exe" [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imslsp.dll ["Zone Labs, LLC"], 01 - 06, 26 C:\WINDOWS\system32\ZoneLabs\vetredir.dll ["Computer Associates International, Inc."], 07 - 09, 25 %SystemRoot%\system32\mswsock.dll [MS], 10 - 12, 15 - 24 %SystemRoot%\system32\rsvpsp.dll [MS], 13 - 14 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: START_PAGE_URL=http://www.iqon.ie Missing lines (compared with English-language version): [strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ CA ISafe, CAISafe, "C:\WINDOWS\system32\ZoneLabs\isafe.exe" ["Computer Associates International, Inc."] ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"] ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido anti-malware\ewidoguard.exe" ["ewido networks"] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] P910 Series Port\Driver = "lxbylmpm.DLL" ["Lexmark International, Inc."] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 88 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 28 seconds. ---------- (total run time: 183 seconds) "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "PCEyeLic" = "C:\Program Files\PCEye2000\pceye2000.exe" [" PCEye2000"] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string] "ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "RegistryMechanic" = "C:\Program Files\Registry Mechanic\RegMech.exe /QS" ["PC Tools Research Pty Ltd"] "gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS] "Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS] INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\GA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Startup items in "GA" & "All Users" startup folders: ---------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "DSLMON" -> shortcut to: "C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\DSLMON.exe" [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imslsp.dll ["Zone Labs, LLC"], 01 - 06, 26 C:\WINDOWS\system32\ZoneLabs\vetredir.dll ["Computer Associates International, Inc."], 07 - 09, 25 %SystemRoot%\system32\mswsock.dll [MS], 10 - 12, 15 - 24 %SystemRoot%\system32\rsvpsp.dll [MS], 13 - 14 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: START_PAGE_URL=http://www.iqon.ie Missing lines (compared with English-language version): [strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ CA ISafe, CAISafe, "C:\WINDOWS\system32\ZoneLabs\isafe.exe" ["Computer Associates International, Inc."] ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"] ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido anti-malware\ewidoguard.exe" ["ewido networks"] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] P910 Series Port\Driver = "lxbylmpm.DLL" ["Lexmark International, Inc."] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 119 seconds, including 18 seconds for message boxes) hope this helps. many thanks again terry. won't keep trying to fix it on my own anymore coz it just makes it harder for you when everything changes. :-)
  23. It is in my os I think some kind of trojon worm. It does things like freeze my browser, stops me visiting pages or pops up false warnings or instructions so I never know what to believe on screen. For example when i tried to download sp2 it popped up a notice saying download complete and to restart my browser when i ignored this and the download was really complete and installed another pop up appeared saying I needed to restart my pc so I did. But don't think sp2 got loaded because when the license agreement popped up it looked wrong with a white background.Think it pretends to be my programs like virus scanner and says my updates are completed but never installs them so I can't find it.It does lots of things like that.Like makes my pointer scroll across the screen for no reason.my hd never seems to stop writing.I might be paranoid and there's nothing there but I don't think so. tried stopping different processes to delete anyfiles and cookies manually but can never delete them all.Also some processes it won't let me stop says I need a password.and some cause a restart in 60 secs and some won't be stopped cause the system needs them.I think the last 2 might be genuine system processes I'm stopping but the ones that need a password??.I have administer rights and I never put any password in. haven't stopped trying diff. things to get rid of it but all I seem to be doing is going round in circles... many thanks again. Terry. P.S. I think i might have the same prob as matchiz. post :- Hijack This Test Results : Is There A Problem ?
  24. thanks for the response but I read it to late I have most of those on this pc. Winpatrol,adaware,spybot,etrust antivirus,za firewall. I am infected again or I never fully got rid of it. Used cleanup to find which files it couldn't delete then found out when trying to manually delete them than It puts programs into my temp files and cookies. i tried closing some processes to delete them but I never get all of them deleted before it makes new ones. its some kind of browser hijacker and worm. so very sorry but have to post a new hjt log. think i made the mistake of relying on za to protect this pc when I connected my other one to it to share the internet connection while I updated it and to do some scans. Very sorry for wasting your valuable time again. terry. Logfile of HijackThis v1.99.1 Scan saved at 17:44:21, on 17/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Documents and Settings\your.YOUR-192E5C24FC\Desktop\terry's\folding\FAH504-Console.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\your.YOUR-192E5C24FC\Desktop\terry's\folding\FahCore_78.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\your.YOUR-192E5C24FC\Desktop\terry's\downloads\hjt\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www3.ca.com/virusinfo O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - Global Startup: DSLMON.lnk = ? O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134636173515 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134640948718 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37480.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...650/mcfscan.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BD049B19-6B25-41F9-848E-7A37381E7463}: NameServer = 213.40.66.126 213.40.130.126 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: [email protected]:+Documents and Settings+your.YOUR-192E5C24FC+Desktop+folding+FAH504-Console.exe - Unknown owner - C:\Documents and Settings\your.YOUR-192E5C24FC\Desktop\folding\FAH504-Console.exe (file missing) O23 - Service: [email protected]:+Documents and Settings+your.YOUR-192E5C24FC+Desktop+terry's+folding+FAH504-Console.exe - Stanford University - C:\Documents and Settings\your.YOUR-192E5C24FC\Desktop\terry's\folding\FAH504-Console.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  25. this is my new log and that is a program for spying on anyone who uses this pc. I thank you for spending time looking at my log but I think I might of got rid of what ever was on my pc. I deleted every trusted item in my browser and made some other changes and was finally allowed to get 2 critical updates for windows and messenger and carry out on line scans. trendmicro made some repairs on the first scan and informed me about the 2 updates to stop my pc being controlled from outside. so I'm hoping everything is clean and safe now. fingers crossed.. :-) last few scans say so anyway but your second opinion will be gratefully recieved. now all I got to do is see if I can clean my other pc... merry christmas. thanks, Terry. Logfile of HijackThis v1.99.1 Scan saved at 23:17:32, on 15/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Documents and Settings\your.YOUR-192E5C24FC\Desktop\downloads\hjt\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.trendmicro-europe.com/housecall/v6.5/?us=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www3.ca.com/virusinfo O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - Global Startup: DSLMON.lnk = ? O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134636173515 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134640948718 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37480.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BD049B19-6B25-41F9-848E-7A37381E7463}: NameServer = 213.40.66.126 213.40.130.126 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe PS. I emailed 1 of the admins offering my help with these logs but I'd have to be taught how first tho.
×
×
  • Create New...