Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

very odd virus/worm 3

Status
Not open for further replies.
j0ckser

j0ckser

Technical User
Jan 4, 2004
302
CA
computer=dell latidude 600
o/s=win2k build 2195 sp4

The problem ONLY occurs with one website and only with this computer (I have checked this issue with another computer - no problem):

- when I enter my username and p/w I get a popup warning:
header=Microsoft Internet Explorer
text=[yellow triangle warning] "Please make sure the 'Languages...' setting for your internet explorer is not empty."

If this would go away or could be closed I would put up with it for a while, but it doesn't. I can close it, but it pops right back...again...ad nauseum.

I admit to erring:
1. I was away from the internet for some time and didn't update my virus definitions prior to logging in to my email.
2. I did update my def's (AntiVir) and ran a scan after which identified the critter, and removed it, but I did not catch the name. I also ran Ad-Aware SE and X-Cleaner for extra precaution.
3. Was I in the clear? NO. It's still there, although subsequent scans by Ad-Aware, X-Cleaner and AntiVir "say" I'm clear (i.e., don't show any issue).

Attached is my Hijack log.

I have seen this affecting NO OTHER area of my surfing travels, and no other use of my computer; ODD behaviour to say the least.

Code: 
Logfile of HijackThis v1.98.2
Scan saved at 13:17:58, on 05/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\S24EvMon.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\basfipm.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\1XConfig.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\system32\DSentry.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINNT\system32\DrvMon.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\program files downloaded\HijackThis1982.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [URL unfurl="true"]http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html[/URL]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [URL unfurl="true"]http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com[/URL]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [URL unfurl="true"]http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com[/URL]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.54.27.103:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: 100% Free Spades Toolbar Helper - {3EBD3651-4CCA-4656-9F98-BAB4B72C6031} - C:\Program Files\100% Free Spades Toolbar\v2.0.0.2\100%_Free_Spades_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 100% Free Spades Toolbar - {00490D79-3A7F-4c8a-9E04-2BC1D89676F1} - C:\Program Files\100% Free Spades Toolbar\v2.0.0.2\100%_Free_Spades_Toolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LimeShop] wjview /cp:p "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop"
O4 - HKLM\..\Run: [DVDSentry] C:\WINNT\system32\DSentry.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [print sharing] C:\winnt\system32\msinfo\drivers\stuff\secure.bat
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Microsoft DirectX] wuamgrd.exe
O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKCU\..\Run: [X-Cleaner Freeware] "C:\PROGRA~1\X-CLEA~1\XCLEAN~3.EXE" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINNT\system32\DrvMon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: [URL unfurl="true"]http://www.allmusic.com[/URL]
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [URL unfurl="true"]http://support.dell.com/systemprofiler/SysPro.CAB[/URL]
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - [URL unfurl="true"]http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cab[/URL]
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - [URL unfurl="true"]http://chat.msn.com/controls/msnchat45.cab[/URL]
Naturally, any help would be appreciated. I will not have internet access after 7-Mar @ 10h00 EST (GMT-5) for several days and would like to fix this prior to that.

..ttfn..

per ardua ad astra
 
Sort by date Sort by votes
kudos to you satrow!

hit the nail on the head...at least for now. i did as directed by the solution: found wuamgrd in the registry and deleted. i will do an un/reinstall of AntiVir.

i will, however, await the thoughts of others before i pat you on the back!

..ttfn..

per ardua ad astra
 
Upvote 0 Downvote
Update:
Un/reinstalled AntiVir, did a scan, checked registry, (both "clean") but problem still persists.

per ardua ad astra
 
Upvote 0 Downvote
the version of hijack this you have is outdated, download a newer
version from below.


Make a new folder in C:\ and call it Hijack this, and Save hijack this to
this folder so that it runs properly and can make back ups. Click scan,
then save the log and post it here so we can take a look at it for you.





I'd also get rid of this one too!


C:\WINNT\System32\basfipm.exe



Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
What is this?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.54.27.103:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

Is this really your proxy server? It appears to be in Poland. Which could be related to why gmail sees something wrong with the language.

Steve
 
Upvote 0 Downvote
thanks steve. i put that in at one point, but forgot about it. i noticed it in the report, but didn't know how to interpret.

thanks pechenges for the advice. doing it.

per ardua ad astra
 
Upvote 0 Downvote
cannot remove basfipm.exe
proxie stuff gone.
new log
Code: 
Logfile of HijackThis v1.99.1
Scan saved at 19:41:27, on 05/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\S24EvMon.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\basfipm.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\system32\1XConfig.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\system32\DSentry.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\system32\DrvMon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [URL unfurl="true"]http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html[/URL]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [URL unfurl="true"]http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com[/URL]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [URL unfurl="true"]http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com[/URL]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: 100% Free Spades Toolbar Helper - {3EBD3651-4CCA-4656-9F98-BAB4B72C6031} - C:\Program Files\100% Free Spades Toolbar\v2.0.0.2\100%_Free_Spades_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 100% Free Spades Toolbar - {00490D79-3A7F-4c8a-9E04-2BC1D89676F1} - C:\Program Files\100% Free Spades Toolbar\v2.0.0.2\100%_Free_Spades_Toolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LimeShop] wjview /cp:p "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop"
O4 - HKLM\..\Run: [DVDSentry] C:\WINNT\system32\DSentry.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [print sharing] C:\winnt\system32\msinfo\drivers\stuff\secure.bat
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKCU\..\Run: [X-Cleaner Freeware] "C:\PROGRA~1\X-CLEA~1\XCLEAN~3.EXE" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINNT\system32\DrvMon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: [URL unfurl="true"]http://www.allmusic.com[/URL]
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [URL unfurl="true"]http://support.dell.com/systemprofiler/SysPro.CAB[/URL]
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - [URL unfurl="true"]http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cab[/URL]
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - [URL unfurl="true"]http://chat.msn.com/controls/msnchat45.cab[/URL]
O20 - Winlogon Notify: Sebring - C:\WINNT\system32\LgNotify.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINNT\System32\basfipm.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINNT\system32\S24EvMon.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\WINNT\system32\msinfo\drivers\stuff\symprsvc.exe

per ardua ad astra
 
Upvote 0 Downvote
Download the pocket killbox





Double-click on Killbox.exe to run it. Now put a tick by Delete on
Reboot. In the "Full Path of File to Delete" box, copy and paste each
of the following lines one at a time then click on the button that has
the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file on next reboot. Click
Yes. It will then ask if you want to reboot now. Click No. Continue
with that same procedure until you have copied and pasted all of
these in the "Paste Full Path of File to Delete" box.Then click yes
to reboot after you entered the last one.


Note: It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files. Be sure you
don't miss any.


C:\WINNT\System32\basfipm.exe

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
basfipm.exe gone. thanks for the tip pechenegs.

BUT

popup still there!

checked registry and no wuamgrd.



per ardua ad astra
 
Upvote 0 Downvote
thanks erik

tried spysweeper; found a few cookies and 1 ad, but problem still persists.

per ardua ad astra
 
Upvote 0 Downvote
Could you paste up the contents of this batch file please? O4 - HKLM\..\Run: [print sharing] C:\winnt\system32\msinfo\drivers\stuff\secure.bat
 
Upvote 0 Downvote
Are you running an ftp server or is this a backdoor? O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\WINNT\system32\msinfo\drivers\stuff\symprsvc.exe

Looks like Ewido is needed here
 
Upvote 0 Downvote
If Satrow is right and it looks like it, you'll have to fix that 04 entry and put it thrugh the killbox as well!


Click Start > Run > and type in:

services.msc

Click OK.

In the services window find Broadcom ASF IP monitoring service v3.0.1
Right click and choose "Properties". On the "General" tab under "Service
Status" click the "Stop" button to stop the service. Beside "Startup Type"
in the dropdown menu select "Disabled". Click Apply then OK. Exit the
Services utility.


Note: You may get an error here when trying to access the properties of the
service. If you do get an error, just select the service and look there in
the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.


Also do the same for this!


Serv-U FTP Server


have hijack this fix these!


O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINNT\System32\basfipm.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\WINNT\system32\msinfo\drivers\stuff\symprsvc.exe



put this one through the killbox like the other one!


C:\WINNT\system32\msinfo\drivers\stuff\symprsvc.exe



Try this as well, you might have apropos!


Create a Startup List

* Open HiJackThis
* Click on the "Config..." button on the bottom right
* Click on the tab "Misc Tools"
* Check off the 2 boxes next to the Box that says "Generate StartupList log"
* Click on the button "Generate StartupList log"
* Copy and past the StartupList from the notepad into your next post


post the hijack this add/remoce list!



Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
there are several, but it's like reading greek: i can read the words, but what they mean is quite another matter. perhaps you can decipher it:
Code: 
C:\System Volume Information\catalog.wci\00010002.ci | 3/6/2006 15:43 | 76.00 KB | Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\catalog.wci\00010002.dir | 3/6/2006 15:43 | 912 bytes | Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\catalog.wci\00010003.ci | 3/6/2006 16:00 | 392.00 KB | Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010003.dir | 3/6/2006 16:00 | 3.33 KB | Hidden from Windows API.
C:\System Volume Information\catalog.wci\CiFLfffc.000 | 3/6/2006 15:43 | 240 bytes | Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\catalog.wci\CiFLfffc.001 | 3/6/2006 15:43 | 64.00 KB | Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\catalog.wci\CiFLfffc.002 | 3/6/2006 15:43 | 64.00 KB | Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\catalog.wci\CiFLfffd.000 | 3/6/2006 16:00 | 240 bytes | Hidden from Windows API.
C:\System Volume Information\catalog.wci\CiFLfffd.001 | 3/6/2006 16:00 | 64.00 KB | Hidden from Windows API.
C:\System Volume Information\catalog.wci\CiFLfffd.002 | 3/6/2006 16:00 | 64.00 KB | Hidden from Windows API.


per ardua ad astra
 
Upvote 0 Downvote
Is that the whole of the log? Ytha log is clean, we're looking for dlls and exes here and nothingis in there!

Did you do the rest, post another hijack this log so we can see what's happening!





Run an online antivirus check from


choose extended database for the scan!




Run ActiveScan online virus scan here


When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!



Can you also post a hijack this add/remove list?


Create a Startup List

* Open HiJackThis
* Click on the "Config..." button on the bottom right
* Click on the tab "Misc Tools"
* Check off the 2 boxes next to the Box that says "Generate StartupList log"
* Click on the button "Generate StartupList log"
* Copy and past the StartupList from the notepad into your next post


post another hijack this log, and active scan logs



Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
i have had another opportunity to go to my gmail account from yet another computer, and had no difficulty accessing my account. to expand on the issue sightly, it is only after i enter my u/n and p/w and enter my account that i run into problems. AND this happens to all (3) of my gmail accounts, but as far as i know there are no emails common to all 3 that could trigger the popup on this computer; there must be something else and it cannot be IE or the scripts that surround the general browser 'cause this would happen with every browser opening.

kaspersky found one virus overnight, but the 'report' said skipped, and i didn't get the name or location. antivir did not find any.

here is the panda scan report. the only removals were the viruses and were done by the program; i left the others just in case they were legitimate (limewire is ok).
Code: 
Adware:adware/limeshop	Not disinfected	Windows Registry
Potentially unwanted tool:Application/PrcView.A	Not disinfected	C:\windows\java\Libparse.exe
Potentially unwanted tool:Application/HideWindow.A	Not disinfected	C:\windows\java\mscmd.exe
Virus:Bck/Zcrew.O	Disinfected	C:\windows\java\nickz.dbx
Virus:Bck/Zcrew.O	Disinfected	C:\windows\java\rconnect.conf
Potentially unwanted tool:Application/HideExec.A	Not disinfected	C:\WINNT\$NtUninstallKB824173$\spuninst\spuninst\msuninst.exe
Potentially unwanted tool:Application/ServUBased.A	Not disinfected	C:\WINNT\system32\msinfo\drivers\stuff\filter.dll
Potentially unwanted tool:Application/Pskill.A	Not disinfected	C:\WINNT\system32\msinfo\drivers\stuff\pskvc.exe
Potentially unwanted tool:Application/ServUBased.A	Not disinfected	C:\WINNT\system32\msinfo\drivers\stuff\symprsvc.exe
Potentially unwanted tool:Application/Hideout.C	Not disinfected	C:\WINNT\system32\msinfo\drivers\stuff\yeh.exe
Potentially unwanted tool:Application/KillApp.B	Not disinfected	C:\WINNT\system32\setoff.exe

Spyware:Cookie/24/7 Realmedia
Spyware:Cookie/2o7.net
Spyware:Cookie/PointRoll
Spyware:Cookie/Adtech
Spyware:Cookie/Advertising
Spyware:Cookie/Atlas DMT
Spyware:Cookie/Bfast
Spyware:Cookie/Bluestreak
Spyware:Cookie/cs.sexcounter
Spyware:Cookie/Doubleclick
Spyware:Cookie/Hitbox
Spyware:Cookie/Hitbox
Spyware:Cookie/Mediaplex
Spyware:Cookie/Overture
Spyware:Cookie/PayCounter
Spyware:Cookie/Hitbox
Spyware:Cookie/RealMedia
Spyware:Cookie/Searchportal
Spyware:Cookie/24/7 Realmedia
Spyware:Cookie/2o7.net
Spyware:Cookie/PointRoll
Spyware:Cookie/Adtech
Spyware:Cookie/Advertising
Spyware:Cookie/Atlas DMT
Spyware:Cookie/Bfast
Spyware:Cookie/Bluestreak
Spyware:Cookie/cs.sexcounter
Spyware:Cookie/Doubleclick
Spyware:Cookie/Hitbox
Spyware:Cookie/Hitbox
Spyware:Cookie/Mediaplex
Spyware:Cookie/Overture
Spyware:Cookie/PayCounter
Spyware:Cookie/Hitbox
Spyware:Cookie/RealMedia
Spyware:Cookie/Searchportal

here is the startuplist report
Code: 
StartupList report, 11/03/2006, 10:21:52
StartupList version: 1.52.2
Started from : C:\hijack this\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\S24EvMon.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\system32\1XConfig.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\system32\DSentry.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\system32\DrvMon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\hijack this\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\John Howard\Start Menu\Programs\Startup]
HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Apoint = C:\Program Files\Apoint\Apoint.exe
ATIModeChange = Ati2mdxx.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
LimeShop = wjview /cp:p "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop"
DVDSentry = C:\WINNT\system32\DSentry.exe
PRONoMgr.exe = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
print sharing = C:\winnt\system32\msinfo\drivers\stuff\secure.bat
Synchronization Manager = mobsync.exe /logon
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
avgnt = "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
AdwareAlert = C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

X-Cleaner Freeware = "C:\PROGRA~1\X-CLEA~1\XCLEAN~3.EXE" -turbo -autostart -NOREBOOT
DrvMon.exe = C:\WINNT\system32\DrvMon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINNT\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINNT\System32\setup\wmpocm.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{6A5110B5-E14B-4268-A065-EF89FF33C325}] *
StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserRemove

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINNT\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINNT\system32\ssstars.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINNT\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINNT\Explorer\Explorer.exe: not present
C:\WINNT\System\Explorer.exe: not present
C:\WINNT\System32\Explorer.exe: not present
C:\WINNT\Command\Explorer.exe: not present
C:\WINNT\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINNT
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\100% Free Spades Toolbar\v2.0.0.2\100%_Free_Spades_Toolbar.dll - {3EBD3651-4CCA-4656-9F98-BAB4B72C6031}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINNT\Java\classes\dajava.cab
OSD = C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINNT\Java\classes\xmldso.cab
OSD = C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd

[SysProWmi Class]
InProcServer32 = C:\WINNT\system32\Dell\SystemProfiler\SysPro.ocx
CODEBASE = [URL unfurl="true"]http://support.dell.com/systemprofiler/SysPro.CAB[/URL]

[CKAVWebScan Object]
InProcServer32 = C:\WINNT\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll
CODEBASE = [URL unfurl="true"]http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab[/URL]

[Shockwave ActiveX Control]
InProcServer32 = C:\WINNT\system32\Macromed\Director\SwDir.dll
CODEBASE = [URL unfurl="true"]http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[/URL]

[{41564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = [URL unfurl="true"]http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab[/URL]

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = [URL unfurl="true"]http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[/URL]

[ActiveScan Installer Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\asinst.dll
CODEBASE = [URL unfurl="true"]http://acs.pandasoftware.com/activescan/as5free/asinst.cab[/URL]

[HPObjectInstaller Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\HPCommunication.dll
CODEBASE = [URL unfurl="true"]http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cab[/URL]

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = [URL unfurl="true"]http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab[/URL]

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = [URL unfurl="true"]http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[/URL]

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = [URL unfurl="true"]http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[/URL]

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash8.ocx
CODEBASE = [URL unfurl="true"]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/URL]

[MSN Chat Control 4.5]
InProcServer32 = C:\WINNT\Downloaded Program Files\MSNChat45.ocx
CODEBASE = [URL unfurl="true"]http://chat.msn.com/controls/msnchat45.cab[/URL]

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINNT\System32\rnr20.dll
NameSpace #2: C:\WINNT\System32\winrnr.dll
Protocol #1: C:\WINNT\system32\msafd.dll
Protocol #2: C:\WINNT\system32\msafd.dll
Protocol #3: C:\WINNT\system32\msafd.dll
Protocol #4: C:\WINNT\system32\rsvpsp.dll
Protocol #5: C:\WINNT\system32\rsvpsp.dll
Protocol #6: C:\WINNT\system32\msafd.dll
Protocol #7: C:\WINNT\system32\msafd.dll
Protocol #8: C:\WINNT\system32\msafd.dll
Protocol #9: C:\WINNT\system32\msafd.dll
Protocol #10: C:\WINNT\system32\msafd.dll
Protocol #11: C:\WINNT\system32\msafd.dll
Protocol #12: C:\WINNT\system32\msafd.dll
Protocol #13: C:\WINNT\system32\msafd.dll
Protocol #14: C:\WINNT\system32\msafd.dll
Protocol #15: C:\WINNT\system32\msafd.dll
Protocol #16: C:\WINNT\system32\msafd.dll
Protocol #17: C:\WINNT\system32\msafd.dll
Protocol #18: C:\WINNT\system32\msafd.dll
Protocol #19: C:\WINNT\system32\msafd.dll
Protocol #20: C:\WINNT\system32\msafd.dll
Protocol #21: C:\WINNT\system32\msafd.dll
Protocol #22: C:\WINNT\system32\msafd.dll
Protocol #23: C:\WINNT\system32\msafd.dll
Protocol #24: C:\WINNT\system32\msafd.dll
Protocol #25: C:\WINNT\system32\msafd.dll
Protocol #26: C:\WINNT\system32\msafd.dll
Protocol #27: C:\WINNT\system32\msafd.dll
Protocol #28: C:\WINNT\system32\msafd.dll
Protocol #29: C:\WINNT\system32\msafd.dll
Protocol #30: C:\WINNT\system32\msafd.dll
Protocol #31: C:\WINNT\system32\msafd.dll
Protocol #32: C:\WINNT\system32\msafd.dll
Protocol #33: C:\WINNT\system32\msafd.dll
Protocol #34: C:\WINNT\system32\msafd.dll
Protocol #35: C:\WINNT\system32\msafd.dll
Protocol #36: C:\WINNT\system32\msafd.dll
Protocol #37: C:\WINNT\system32\msafd.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\services.exe (manual start)
AntiVir PersonalEdition Classic Scheduler: C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (autostart)
AntiVir PersonalEdition Classic Guard: C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (autostart)
Alps Touch Pad Filter Driver for Windows 2000/XP: System32\DRIVERS\Apfiltr.sys (manual start)
Application Management: %SystemRoot%\system32\services.exe (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
avgntdd: SYSTEM32\DRIVERS\avgntdd.sys (system)
avgntmgr: SYSTEM32\drivers\avgntmgr.sys (system)
Broadcom 570x Gigabit Integrated Controller: System32\DRIVERS\b57w2k.sys (manual start)
Broadcom ASF IP monitoring service v3.0.1: C:\WINNT\System32\basfipm.exe (autostart)
BASFND: \??\C:\WINNT\system32\Drivers\BASFND.sys (autostart)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k BITSgroup (manual start)
Computer Browser: %SystemRoot%\System32\services.exe (autostart)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (autostart)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
Microsoft ACPI Control Method Battery Driver: System32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: System32\DRIVERS\compbatt.sys (system)
Team MFP Comm Driver: System32\Drivers\DgiVecp.sys (autostart)
DHCP Client: %SystemRoot%\System32\services.exe (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\DRIVERS\dmio.sys (system)
Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart)
Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\services.exe (autostart)
ENIMSR: \??\C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\ENIMSR.SYS (manual start)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINNT\System32\svchost.exe -k netsvcs (manual start)
Fax Service: %systemroot%\system32\faxsvc.exe (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
HID Input Service: %SystemRoot%\system32\hidserv.exe (autostart)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (autostart)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HSFHWICH: System32\DRIVERS\HSFHWICH.sys (manual start)
HSF_DP: System32\DRIVERS\HSF_DP.sys (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (manual start)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: System32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\services.exe (autostart)
Workstation: %SystemRoot%\System32\services.exe (autostart)
LexBce Server: C:\WINNT\system32\LEXBCES.EXE (autostart)
TCP/IP NetBIOS Helper Service: %SystemRoot%\System32\services.exe (autostart)
AEGIS Protocol (IEEE 802.1x) v2.2.1.0: system32\DRIVERS\mdc8021x.sys (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\System32\services.exe (disabled)
Intel Adapter Switching Driver: System32\DRIVERS\mipmn2k.sys (manual start)
NetMeeting Remote Desktop Sharing: C:\WINNT\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
BDA MPE Filter: system32\DRIVERS\MPE.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINNT\System32\msdtc.exe (manual start)
Windows Installer: C:\WINNT\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
MSSQLServer: C:\MSSQL7\binn\sqlservr.exe (autostart)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Mup: system32\drivers\mup.sys (system)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Nal Service : \??\C:\WINNT\system32\Drivers\iqvw32.sys (manual start)
NetBEUI Protocol: System32\DRIVERS\nbf.sys (autostart)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel NCS NetService: C:\Program Files\Intel\NCS\Sync\NetSvc.exe (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Efficient Networks Enternet P.P.P.o.E LAN  Miniport Driver: System32\DRIVERS\ntspppoe.sys (manual start)
NTSTAP1: \??\C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\NTSTAP1.SYS (manual start)
NTSTAP2: \??\C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\NTSTAP2.SYS (manual start)
NTSTPL1: \??\C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\NTSTPL1.SYS (manual start)
NTSTPL2: \??\C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\NTSTPL2.SYS (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
O2Micro SmartCardBus Reader: System32\DRIVERS\ozscr.sys (manual start)
OMCI WDM Device Driver: system32\DRIVERS\omci.sys (system)
Parallel class driver: System32\DRIVERS\parallel.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (system)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Pcmcia: System32\DRIVERS\pcmcia.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINNT\system32\HPZipm12.exe (manual start)
IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart)
PPPoE Service: C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\services.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
RAWESR: \??\C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\RAWESR.SYS (manual start)
Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
RegSrvc: C:\WINNT\system32\RegSrvc.exe (autostart)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry Service: %SystemRoot%\system32\regsvc.exe (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start)
Spectrum24 Event Monitor: C:\WINNT\system32\S24EvMon.exe (autostart)
WLAN Transport: System32\DRIVERS\s24trans.sys (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (autostart)
Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart)
RunAs Service: %SystemRoot%\system32\services.exe (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Serv-U FTP Server: C:\WINNT\system32\msinfo\drivers\stuff\symprsvc.exe (autostart)
High-Capacity Floppy Disk Drive: System32\DRIVERS\sfloppy.sys (manual start)
Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
SQLServerAgent: C:\MSSQL7\binn\sqlagent.exe (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
Audio Driver (WDM) - SigmaTel CODEC: system32\drivers\STAC97.sys (manual start)
Still Image Service: %systemroot%\system32\stisvc.exe (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
TAPBIND: \??\C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\TAPBIND1.SYS (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Telnet: %SystemRoot%\system32\tlntsvr.exe (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (autostart)
Microsoft USB Universal Host Controller Driver: System32\DRIVERS\uhcd.sys (manual start)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
USB 2.0 Root Hub Support: System32\DRIVERS\usbhub20.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Windows Time: %SystemRoot%\System32\services.exe (manual start)
Intel(R) PRO/Wireless 7100 Adapter Driver: System32\DRIVERS\w70n5.sys (manual start)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
winachsf: System32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)
WMDM PMSP Service: C:\WINNT\system32\mspmspsv.exe (autostart)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (manual start)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)
Wireless Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Documents and Settings\John Howard\Local Settings\Temporary Internet Files\Content.IE5\index.dat||C:\Documents and Settings\John Howard\Local Settings\Temporary Internet Files\Content.IE5\index.dat||C:\Documents and Settings\John Howard\Local Settings\Temporary Internet Files\Content.IE5\index.dat||C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_44111d13\UPDENGVDFTEST||C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_4412e807\UPDENGVDFTEST


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\system32\webcheck.dll
SysTray: stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 35,294 bytes
Report generated in 0.471 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only

per ardua ad astra
 
Upvote 0 Downvote
The entire contents of the C:\WINNT\system32\msinfo\drivers\stuff folder needs to be deleted, as does (I think) the file C:\WINNT\system32\setoff.exe. This can be attempted from Safe Mode - You'll probably need to unhide all files to see them. Failing that, use the Killbox method.

Is Adwarealert the latest version? "Note on AdwareAlert: AdwareAlert was listed on this page because of concerns with false positives and the lack of information about the company and its privacy practices. In late fall of 2005, a new version of AdwareAlert was released, followed by new definitions. Testing with this new version indicates that the problems with earlier versions have been satisfactorily resolved. Thus, we can no longer consider AdwareAlert to be "rogue/suspect" anti-spyware. Note: other domains associated with AdwareAlert include: hijack-this.net" from Spyware Warrior.

There's probably more - I've gone snowblind ;)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
287
Oorde
Oorde
andyv2011
  • Locked
  • Question
Looking at Virus Actions
Replies
0
Views
122
andyv2011
andyv2011
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
182
goombawaho
goombawaho
kharrison70
  • Locked
  • Question
Meskisift Visaal Studie Virus? 6
Replies
6
Views
180
goombawaho
goombawaho
CCX008
  • Locked
  • Question
Barowwsoe2save , how can I remove this stubborn virus !! 3
Replies
10
Views
249
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top