Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I've got this on my computer "LSA" which when I looked it up is "WORM_MYTOB.C" , and this DyFuCA.Internet Optimizer, spybot can't get rid of them. Whats the easiest/quickest way of getting rid of them, or do I have to follow a guide to get rid of them from the registry. I dont really notice a change to the speed of my computer. Thanks
check the following out:
http://www.windowsecurity.com/trojanscan/
http://www.pandasoftware.com/products/activescan.htmhttp://www.kaspersky.com/virusscanner
http://www.pcflank.com/
http://www.ewido.net/en/
Ps:the last link has a free Online Spyware from Ewido just go 4 it
Bon Courage...
0 
Please download Ewido Security Suite it is a trial version of the program.(Don't use the beta version at the bottom left of the page)
Install ewido security suite
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update
Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net/en/download/updates/1 - Restart your computer Safe Mode, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you see the Boot Menu.
2 - When the Windows Advanced Options menu appears, select an option, and then press ENTER.
3 - When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.Once the updates are installed and you are in Safe Mode do the following:
Launch ewido again.
Click on scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.
Now close Ewido and reboot into normal mode.Then download and run ccleaner to clean out all your temp files. Make sure there is not anything in the recycle bin that you need as ccleaner will delete recycle bin items unless checked not to do so.
To finish the clean up you will most likely need to post a Hijack This log so that the files associated with the virus/malware can be identified and removed. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor.Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
0
cheers poweraid, i had a go with the panda one, that was better than my norton 2005 AVG, found a trojan, and a worm. Gonna try the rest now, still unable to get rid of the spyware.will probably follow jabucks methods if I can't get rid of them, 3 months on the p.c now though.
0
ewido is a great program, I got rid of the internet optimizer spyware, which has definately increase the performance of the p.c almost back to full health. I still have "LSA" on it though. I'll go into safe mode and try it again tomorrow.Thanks for the help. I think i'll be buying the full version of ewido when it comes out!
0
stu77, A Hijack This log would be really useful. Also this link may help Trindmicro Solution
0
I will do that jabuck, ive saved the report in Ewido,and I also used the kaspersky scan, which said it found 20 virus's,alot of backdoor trojans, etc. most coming from my Norton Files? I saved them as a text file, and will log them soon, on hijack this.I hope it can help out a few others. I use Norton Internet Security 2005, and in my opinion its useless, as it never finds anything on the AVG.
My problem at the moment is this worm LSA, I can't seem to find out what it really is, as theres lots of different worms linked to LSA. Who do I contact to find this out(symantec?) cheers.
0
jabuck, yep I got that description,but I might have made a mistake, it could well be that worm, but I've also done other search's and found about 10 worms with the LSA definition? not sure which it is.
0
stu77,If you'll post your HT log we may see the files you need to remove to get rid of it and the ewido log would help too.Otherwise it is just a guess as to how to help you.
0
Does anyone know anything about the WORM_MYTCB.LL? It's affecting my Outlook and my Internet Explorer.
Thanks
0
Katie,Start a new thread so that we can easily follow you post and others can see you request for help.
It is requested by the forum that you first request to post a Hijack This log (one of the best ways to identify a virus/malwae or spyware).
To be prepared to post your HT logdo this.Download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor.Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
0
I will do that jabuck thanks.I Havent signed up for it yet, but i will do it later this evening. cheers
0
Logfile of HijackThis v1.99.1
Scan saved at 01:32:44, on 10/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.exeC:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\mary\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exeR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [Zone X Application] ZoneX.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] svmhost.exe
O4 - HKLM\..\RunServices: [OFFICEXP] OFFICEXP.exe
O4 - HKLM\..\RunServices: [snapple] snapple.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131493796404
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131495011452
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: Microsoft Windows Update (Microsoft Update) - Unknown owner - C:\WINDOWS\System32\svmhost.exe" -netsvcs (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
0
In Norton's Quarantined objects,for these worms
dxdllsvc.exe
sygate 32.exe
msnmssgr.exeIt gives a registry side effect for each one. What do I do to correct them. Stu77.
0
Run a HT scan,close all windows and browsers except HT, then place a check to the left of these items then press "fix checked":
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O4 - HKLM\..\RunServices: [Microsoft Windows Update] svmhost.exe
O4 - HKLM\..\RunServices: [OFFICEXP] OFFICEXP.exe
O4 - HKLM\..\RunServices: [snapple] snapple.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: Microsoft Windows Update (Microsoft Update) - Unknown owner - C:\WINDOWS\System32\svmhost.exe" -netsvcs (file missing)
Reboot into Safe Mode then set the computer up to view hidden files and folders. Go to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders">apply>ok.
Navigate to these files and if found right click on them, then press delete:
C:\WINDOWS\System32\svmhost
C:\WINDOWS\System32\officexp.exe
C:\WINDOWS\System32\snapple.exe
Next if you do not have windows messenger disabled then you need to do so,it is a portal for disaster for now.Go to start>control panel>administrative tools>services>scroll down to messenger and double click on it>in the properties box to the right of "startup type" click the drop down arrow and select disable by clicking on it>apply>ok.
As for the items Norton's has quarantined just leave them there for a week or two and if you have no problems then delete them.
Once you complete this run ewido from safe mode and post that log and post another HT log.
0
jabuck, thanks for the response. This is what happened.Ran the scan, and deleted or fixed the entries you advised.
I couldnt find these files.
C:\WINDOWS\System32\svmhost
C:\WINDOWS\system32\officeexp.exe
C:\WINDOWS\system32\snapple.exe
Also in control panel, admin tools, couldnt find messenger.
I ran ewido in Safe Mode, it found about 2200 problems. I could quarantine them, but can't copy, or log them for some reason. 4 malware, the rest cookies, mostly from Firefox.(Alot)
ok heres the new HiJackThis Log, thanks for the help. Stu77.
0
Maybe this? when i go into msconfig, on the start up tab, ive disabled everything, is this maybe why I can't find the files to delete? because I see the programs in there. I'm a bit sceptical about zonex.exe I know its to do with the clock and time, but I think I read it could be a virus program.
msdirectx.sys (2 entry's) this must be the LSA I cannot get rid of. I contacted Symantec, and they told me to update from rapid update folder. I did, but to no avail, they are still in Quarantine, unable to be fixed. Was told they are a Hack tool. Stu77.
0
stuff77, If ZoneX.exe is not a program you installed then remove it with HT the search in sfae mode for C:\WINDOWS\System32\zonex.exe and delete it if found.
Check all the items in msconfig and repost you HT log.
Run Ewido in safe mode again.Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report
Save the report to your desktop
Exit EwidoPost the Ewido log.
0
Ewido Log
I had to type these out myself, as it wouldn't let me log a report.HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt
0
Logfile of HijackThis v1.99.1
Scan saved at 17:52:13, on 10/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\DOCUME~1\mary\LOCALS~1\Temp\Rar$EX00.938\HijackThis.exeF2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone X Application] ZoneX.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Sygate32 Firewall] Sygate32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [snapple] snapple.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM32\sistray.exe
O4 - HKLM\..\Run: [runs] run.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OFFICEXP] OFFICEXP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] svmhost.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Zone X Application] ZoneX.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM32\sistray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131493796404
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131495011452
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: Microsoft Windows Update (Microsoft Update) - Unknown owner - C:\WINDOWS\System32\svmhost.exe" -netsvcs (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
0
Stu77, Part of the problem is that tea timer by Spybot has to be disabled untill you get clean. To do this:
Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.
Make a note to restart it once your computer is clean.
Reboot again into Safe Mode ,make sure ewido is set up this way Ewido Setup Instructions
When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop so we will have it later.
Next run HT again,close all windows and browser except HT, place a check beside these items and press "fix checked":
O4 - HKLM\..\Run: [Zone X Application] ZoneX.exe
O4 - HKLM\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 - HKLM\..\Run: [Sygate32 Firewall] Sygate32.exe
O4 - HKLM\..\Run: [snapple] snapple.exe
O4 - HKLM\..\Run: [runs] run.exe
O4 - HKLM\..\Run: [OFFICEXP] OFFICEXP.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] svmhost.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\RunServices: [Zone X Application] ZoneX.exe
O23 - Service: Microsoft Windows Update (Microsoft Update) - Unknown owner - C:\WINDOWS\System32\svmhost.exe" -netsvcs (file missing)
Set up to view hidden files. Go to start>control panel>folder options>view tab>tick the circle/box beside these:
show hidden files and folders
Hide extensions of know file types
Hide protected operating system files
apply>ok.
Then navigate to and delete these files if found:
C:\WINDOWS\System32\ZoneX.exe
C:\WINDOWS\System32\msnmssgr.exe
C:\WINDOWS\System32\Sygate32.exe
C:\WINDOWS\System32\snapple.exe
C:\WINDOWS\System32\run.exe
C:\WINDOWS\System32\OFFICEXP.exe
C:\WINDOWS\System32\svmhost.exe
C:\WINDOWS\System32\internat.exe
Reboot to normal mode and post a HT and Ewido log if possible
You may not have msconfig running in normal mode.
0
Logfile of HijackThis v1.99.1
Scan saved at 00:03:16, on 11/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\mary\LOCALS~1\Temp\Rar$EX00.563\HijackThis.exeF2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM32\sistray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131493796404
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131495011452
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: Microsoft Windows Update (Microsoft Update) - Unknown owner - C:\WINDOWS\System32\svmhost.exe" -netsvcs (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
0
ewido security suite - Scan report
+ Created on: 23:45:14, 10/11/2005
+ Report-Checksum: A3950DC2+ Scan result:
:mozilla.13:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.14:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.15:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.16:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.17:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.19:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.20:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.21:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.22:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.23:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.24:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00015255.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00015255.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.15:C:\RECYCLED\NPROTECT\00015255.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.16:C:\RECYCLED\NPROTECT\00015255.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.17:C:\RECYCLED\NPROTECT\00015255.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\RECYCLED\NPROTECT\00015255.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.19:C:\RECYCLED\NPROTECT\00015255.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.20:C:\RECYCLED\NPROTECT\00015255.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.21:C:\RECYCLED\NPROTECT\00015255.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.22:C:\RECYCLED\NPROTECT\00015255.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.23:C:\RECYCLED\NPROTECT\00015255.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.24:C:\RECYCLED\NPROTECT\00015255.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00015256.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00015256.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.15:C:\RECYCLED\NPROTECT\00015256.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.16:C:\RECYCLED\NPROTECT\00015256.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.17:C:\RECYCLED\NPROTECT\00015256.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\RECYCLED\NPROTECT\00015256.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.19:C:\RECYCLED\NPROTECT\00015256.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.20:C:\RECYCLED\NPROTECT\00015256.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.21:C:\RECYCLED\NPROTECT\00015256.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.22:C:\RECYCLED\NPROTECT\00015256.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.23:C:\RECYCLED\NPROTECT\00015256.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.24:C:\RECYCLED\NPROTECT\00015256.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00015278.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.15:C:\RECYCLED\NPROTECT\00015278.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.16:C:\RECYCLED\NPROTECT\00015278.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.17:C:\RECYCLED\NPROTECT\00015278.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\RECYCLED\NPROTECT\00015278.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.19:C:\RECYCLED\NPROTECT\00015278.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.20:C:\RECYCLED\NPROTECT\00015278.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.21:C:\RECYCLED\NPROTECT\00015278.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.22:C:\RECYCLED\NPROTECT\00015278.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.23:C:\RECYCLED\NPROTECT\00015278.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.24:C:\RECYCLED\NPROTECT\00015278.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.25:C:\RECYCLED\NPROTECT\00015278.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.6:C:\RECYCLED\NPROTECT\00014743.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.7:C:\RECYCLED\NPROTECT\00014743.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00014744.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00014744.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.15:C:\RECYCLED\NPROTECT\00014744.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.16:C:\RECYCLED\NPROTECT\00014744.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.17:C:\RECYCLED\NPROTECT\00014744.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\RECYCLED\NPROTECT\00014744.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.19:C:\RECYCLED\NPROTECT\00014744.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.20:C:\RECYCLED\NPROTECT\00014744.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.21:C:\RECYCLED\NPROTECT\00014744.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00014788.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00014788.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.15:C:\RECYCLED\NPROTECT\00014788.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.16:C:\RECYCLED\NPROTECT\00014788.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.17:C:\RECYCLED\NPROTECT\00014788.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\RECYCLED\NPROTECT\00014788.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.19:C:\RECYCLED\NPROTECT\00014788.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.20:C:\RECYCLED\NPROTECT\00014788.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.21:C:\RECYCLED\NPROTECT\00014788.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.6:C:\RECYCLED\NPROTECT\00014789.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.7:C:\RECYCLED\NPROTECT\00014789.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.8:C:\RECYCLED\NPROTECT\00014789.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.9:C:\RECYCLED\NPROTECT\00014789.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.10:C:\RECYCLED\NPROTECT\00014789.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.11:C:\RECYCLED\NPROTECT\00014789.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.12:C:\RECYCLED\NPROTECT\00014789.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00014789.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00014789.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.24:C:\RECYCLED\NPROTECT\00014789.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.25:C:\RECYCLED\NPROTECT\00014789.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.26:C:\RECYCLED\NPROTECT\00014789.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.27:C:\RECYCLED\NPROTECT\00014789.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.28:C:\RECYCLED\NPROTECT\00014789.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.29:C:\RECYCLED\NPROTECT\00014789.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.30:C:\RECYCLED\NPROTECT\00014789.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.6:C:\RECYCLED\NPROTECT\00014791.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.7:C:\RECYCLED\NPROTECT\00014791.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.8:C:\RECYCLED\NPROTECT\00014791.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.9:C:\RECYCLED\NPROTECT\00014791.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.10:C:\RECYCLED\NPROTECT\00014791.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.11:C:\RECYCLED\NPROTECT\00014791.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.12:C:\RECYCLED\NPROTECT\00014791.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00014791.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00014791.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.24:C:\RECYCLED\NPROTECT\00014791.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.25:C:\RECYCLED\NPROTECT\00014791.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.26:C:\RECYCLED\NPROTECT\00014791.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.27:C:\RECYCLED\NPROTECT\00014791.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.28:C:\RECYCLED\NPROTECT\00014791.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.29:C:\RECYCLED\NPROTECT\00014791.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.30:C:\RECYCLED\NPROTECT\00014791.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.6:C:\RECYCLED\NPROTECT\00014852.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.7:C:\RECYCLED\NPROTECT\00014852.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.8:C:\RECYCLED\NPROTECT\00014852.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.9:C:\RECYCLED\NPROTECT\00014852.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.10:C:\RECYCLED\NPROTECT\00014852.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.11:C:\RECYCLED\NPROTECT\00014852.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.12:C:\RECYCLED\NPROTECT\00014852.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00014852.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00014852.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.24:C:\RECYCLED\NPROTECT\00014852.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.25:C:\RECYCLED\NPROTECT\00014852.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.26:C:\RECYCLED\NPROTECT\00014852.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.27:C:\RECYCLED\NPROTECT\00014852.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.28:C:\RECYCLED\NPROTECT\00014852.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.29:C:\RECYCLED\NPROTECT\00014852.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.30:C:\RECYCLED\NPROTECT\00014852.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00014868.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00014868.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.15:C:\RECYCLED\NPROTECT\00014868.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.16:C:\RECYCLED\NPROTECT\00014868.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.17:C:\RECYCLED\NPROTECT\00014868.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.18:C:\RECYCLED\NPROTECT\00014868.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.19:C:\RECYCLED\NPROTECT\00014868.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.20:C:\RECYCLED\NPROTECT\00014868.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.21:C:\RECYCLED\NPROTECT\00014868.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.22:C:\RECYCLED\NPROTECT\00014868.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.23:C:\RECYCLED\NPROTECT\00014868.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.24:C:\RECYCLED\NPROTECT\00014868.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.25:C:\RECYCLED\NPROTECT\00014868.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.6:C:\RECYCLED\NPROTECT\00014869.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00014869.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.15:C:\RECYCLED\NPROTECT\00014869.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.16:C:\RECYCLED\NPROTECT\00014869.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.17:C:\RECYCLED\NPROTECT\00014869.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\RECYCLED\NPROTECT\00014869.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.19:C:\RECYCLED\NPROTECT\00014869.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.20:C:\RECYCLED\NPROTECT\00014869.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.21:C:\RECYCLED\NPROTECT\00014869.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.22:C:\RECYCLED\NPROTECT\00014869.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00014871.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00014871.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.15:C:\RECYCLED\NPROTECT\00014871.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.16:C:\RECYCLED\NPROTECT\00014871.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.17:C:\RECYCLED\NPROTECT\00014871.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\RECYCLED\NPROTECT\00014871.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.19:C:\RECYCLED\NPROTECT\00014871.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.20:C:\RECYCLED\NPROTECT\00014871.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.21:C:\RECYCLED\NPROTECT\00014871.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.22:C:\RECYCLED\NPROTECT\00014871.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.23:C:\RECYCLED\NPROTECT\00014871.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.24:C:\RECYCLED\NPROTECT\00014871.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00014994.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00014994.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.15:C:\RECYCLED\NPROTECT\00014994.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.16:C:\RECYCLED\NPROTECT\00014994.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.17:C:\RECYCLED\NPROTECT\00014994.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\RECYCLED\NPROTECT\00014994.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.19:C:\RECYCLED\NPROTECT\00014994.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.20:C:\RECYCLED\NPROTECT\00014994.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.21:C:\RECYCLED\NPROTECT\00014994.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.22:C:\RECYCLED\NPROTECT\00014994.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.23:C:\RECYCLED\NPROTECT\00014994.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.24:C:\RECYCLED\NPROTECT\00014994.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
::Repor
0
fewww,there they are. Thanks for all your help, its been great. I couldn't find any of the files to delete, just says cannot find server.
msconfig still works, should I deselect all the start up items now or leave them. I get an annoying symantec pop up, from an old version.
ok cheers, Stu in the U.K.
0
Stu77, Good job.Looks clean to me.
Yes, set msconfig ever how you like it.
I'm gonna make some more suggestions which will help your system.
Download ccleaner at this link ccleaner and install it.Configure and run as follows:
Open CCleaner.
Place a check-mark next to:
Everything in the Applications tab.
Place a check-mark next to:
Internet Explorer
Windows explorer and
System, in the Windows tab.
Hit Run CCleaner
Reboot to remove index.dat files.Next purge system restore by turning it off then back on. Directions at this link System Restore
Then create a new restore point.To create a new restore point go Start>Run>type "msconfig" without the quotes>ok>Launch System Restore>Tick the circle beside "create a restore point">next>name it anything you wish>Create>home>restart the computer.
And I wouls suggestthat you install this free spyware preventer Spywareblaster update it then click on enable all protection. It's a real good tool.
Lastly don't forget to reset the Spybot tea timer.
0
Hooray! cheers for the help, when you say reset the tea timer, i check it to run in spybot tools? and the 2 LSA entries I should forget about (msdirectx-hacktool)? blimey what a journey. Stu77.
0
stu77, If you are talking about the items quarantined by symantec you can delete those. Ewido should remove that so it probably only remains in symantec's quarantine folder. I see no evidence of it in ewido/HT.
0
ok, ive done all the stuff now. Its great because my system restore never worked, it does now. The 2 entrys LSA, appear as msdirectx.sys, in Norton. LSA in Spybot(2 entry's)for 3 months now, must be the above. Should i just ignore them from both, and delete them from Norton then?
0
Delete them in Norton's and if they show up in spybot after that see if you can finds it path(should be in spybot). I'm thinking registry orphan and we'd need the path to delete it.You might also run ewido in safe mode once more and post that log if anything is found.
0
I ran spybot LSA still there, after I deleted from Norton(just checked they are not in quarantine.) Everything is great but when i start up in Safe Mode on the admin page it says 2 messages for me, is that just outlook express? i dont use it coz of spyware. I messed up on logging a Ewido report, but it found 8 cookies, so nothing really. I updated of your link and installed, but in the update window in Ewido it say's, last update-never version of database #1506.
0
stuff, Sounds like windows messenger to me. Go to start>control panel>double click administrative tools>double click services>scroll down to messenger and double click on it>in the properties box to the right of "startup type" click the drop down arrow and select disable by clicking on it>apply>ok.
0
no messenger in the list? got a program i want rid of ulead vid studio trial edition, cant delete it from the program list, but the LSA was on before i installed that program. I'm gonna try disabling the system restore,and run another check in safe mode.
0
ok, well I went into Norton Program control, and found something or someone had changed the ewido sec to block. I then ran a check on Ewido the results are below. first entry is msn portal, sounds like as you said messenger. I then went into Norton prog and blocked messenger, and deleted it in the con pan add/re. Dam i liked the messenger, but sometimes i would give out my messenger address to girls i'd meet in chat rooms, stupid.
0
ewido security suite - Scan report
+ Created on: 00:45:04, 12/11/2005
+ Report-Checksum: 1388E2F5+ Scan result:
C:\Documents and Settings\mary\Cookies\mary@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\mary\Cookies\mary@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\mary\Cookies\mary@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\mary\Cookies\mary@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\mary\Cookies\mary@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\mary\Cookies\mary@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\mary\Cookies\mary@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\mary\Cookies\mary@e-2dj6wfkighajigp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\mary\Cookies\mary@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\mary\Cookies\mary@hg1.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\mary\Cookies\mary@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\mary\Cookies\mary@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\mary\Cookies\mary@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.6:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.12:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.13:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.14:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.15:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.16:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.17:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.22:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.23:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.24:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.25:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.26:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.27:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.32:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.33:C:\Documents and Settings\mary\Application Data\Mozilla\Firefox\Profiles\54se3ndy.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.6:C:\RECYCLED\NPROTECT\00015501.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.7:C:\RECYCLED\NPROTECT\00015501.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00015670.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00015670.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00015693.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00015693.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00015694.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00015694.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00015713.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00015713.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00015836.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00015836.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.6:C:\RECYCLED\NPROTECT\00015845.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.7:C:\RECYCLED\NPROTECT\00015845.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.8:C:\RECYCLED\NPROTECT\00015845.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.9:C:\RECYCLED\NPROTECT\00015845.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.10:C:\RECYCLED\NPROTECT\00015845.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00015846.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00015846.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.15:C:\RECYCLED\NPROTECT\00015846.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.16:C:\RECYCLED\NPROTECT\00015846.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.17:C:\RECYCLED\NPROTECT\00015846.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00015862.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00015862.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.15:C:\RECYCLED\NPROTECT\00015862.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.16:C:\RECYCLED\NPROTECT\00015862.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.17:C:\RECYCLED\NPROTECT\00015862.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.15:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.16:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.17:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.19:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.20:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.21:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.22:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.23:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.24:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.25:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.26:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.27:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.28:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.29:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.30:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.31:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.32:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.33:C:\RECYCLED\NPROTECT\00015934.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.6:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.7:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.8:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.9:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.10:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.11:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.12:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.20:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.21:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.22:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.23:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.24:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.25:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.26:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.27:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.28:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.29:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.30:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.31:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.32:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.33:C:\RECYCLED\NPROTECT\00015945.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.15:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.16:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.17:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.19:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.20:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.21:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.22:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.23:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.24:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.25:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.26:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.27:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.28:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.29:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.30:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.31:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.32:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.33:C:\RECYCLED\NPROTECT\00015946.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.13:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.15:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.16:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.17:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.19:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.20:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.21:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.22:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.23:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.24:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.25:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.26:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.27:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.28:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.29:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.30:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.31:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.32:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.33:C:\RECYCLED\NPROTECT\00015948.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.8:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.14:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.15:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.16:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.17:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.19:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.20:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.21:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.22:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.23:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.24:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.25:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.26:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.27:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.28:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.29:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.30:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.31:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.32:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.33:C:\RECYCLED\NPROTECT\00015950.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
::Report End
0
stu77, Looks clean to me. You can reinstall msn messenger it does not pose a threat as windows messenger does.
0
Dude soz, but I just wrote a big message on the forum, but when i went to submit it said sign in first, and then disapeared im pee'd of a bit. I still dont think the computer is running to full capacity, its sluggish sometimes (the actual operating system) click on the menu's sometimes theyre fast, sometimes quite slow. I did the free panda scan again, and it froze up at system32\HPzipm12.exe, ive been looking around people just say its a HP driver, but there's people out there with sluggish type probs and have quoted this above, some think a Trojan. I tryed to install a HP printer a few months back an all in one, i had to take it back, couldnt get it to run. I was on the phone for 2 days (as you know i can be a pain) but this is fxxxx me off. Is my computer the best its gonna be? odd things occur on it though like one entry in the history list,mad. Anyway take care.
0
HPzipm12.exe, maybe a driver compatability problem with the Microsoft O.S? causing it to slow down. Time to hit the hay.
0
Sometime you can go to the manufactures site (HP in you case),enter your computers serial number, they will analyze it and direct you to the free driver updates.Usually includes all the instructions to download and install.
That is a printer driver that caused you the problem.
Good virus scan at these links:
0
WORM_WOOTBOT.HE, found on house call, comes in under officexp.exe, i deleted it but it still shows up under spybot as:
HKEY_USERS\s-1-5-18\SYSTEM\CurrentControlSEt\
HKEY_USERS\DEFAULT\SYSTEM\CurrentControlSet
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
