 |  |  |  |  |  |  |  |
help with pcOrion spyware scanner
 |
I installed pcOrion and when I ran a scan it found several problems and fixed them,however. Now when I run a scan it finds the same 23 coookies everytime and even though i tell the program to fix them, on the next scan the cookies are still there. I have contacted pcOrion for help but they are very slow in responding. They instructed me to run a diagnostic which they have had a copy of for several days without responding to solutions to fix the problem. I don't know if I have trojans/virus or if it is a bug in their program. Anyway here is the diagnostic file:
==================================== System Diagnostic Log File ====================================
- DTV: 1.0.7.1
- Report Date: 12/27/2004 16:58:41
- EN CurrentVersion: n/a
- SWN CurrentVersion: n/a
- SWN UpdateVersion: 0
- SWN Previous Version: n/a
- OS version: Windows 2000 5.0.2195 [Service Pack 4]
- Web Browser Version: IE:5.00.3700.1000;NS:7.1b1 (en);
======================================= IE Browser Defaults ========================================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
"Default_Page_URL"="http://www.msn.com"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Enable_Disk_Cache"="yes"
"Cache_Percent_of_Disk"="hex:0A,00,00,00"
"Delete_Temp_Files_On_Exit"="yes"
"Local Page"="%SystemRoot%\system32\blank.htm"
"Anchor_Visitation_Horizon"="hex:01,00,00,00"
"Use_Async_DNS"="yes"
"Placeholder_Width"="hex:1A,00,00,00"
"Placeholder_Height"="hex:1A,00,00,00"
"Wizard_Version"="5.00.2920.0000"
"FullScreen"="no"
"NoUpdateCheck"="1"
"Search Bar"=""
"Update_Check_Page"="http://www.searchalot.com"
"Update_Check_Interval"="dword:365"
"CompanyName"="Microsoft Corporation"
"Custom_Key"="MICROSO"
"Use_DlgBox_Colors"="yes"
"Check_Associations"="no"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"="dword:2"
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Start Page"="http://www.wrpi.org/realaudio/index.html"
"Use_DlgBox_Colors"="yes"
"FullScreen"="no"
"Window_Placement"="hex:2C,00,00,00,00,00,00,00,01,00,00,00,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,09,00,00,00,0F,01,00,00,15,03,00,00,48,03,00,00"
"LastCheckedHi"="dword:29681798"
"NotifyDownloadComplete"="yes"
"Use FormSuggest"="yes"
"AddToFavoritesExpanded"="dword:1"
"Error Dlg Details Pane Open"="no"
"HistoryViewType"="hex:00,00"
"FormSuggest PW Ask"="no"
"NoUpdateCheck"="dword:0"
"FormSuggest Passwords"="yes"
"SmoothScroll"="dword:1"
"Page_Transitions"="dword:1"
"ShowGoButton"="yes"
"Friendly http errors"="yes"
"Enable_MyPics_Hoverbar"="yes"
"Enable AutoImageResize"="yes"
"Play_Animations"="yes"
"Display Inline Videos"="yes"
"Play_Background_Sounds"="yes"
"Show image placeholders"="dword:0"
"Print_Background"="no"
"AutoSearch"="dword:3"
"Use Custom Search URL"="dword:1"
"ChannelsFirstURL"="res://ie4tour.dll/channels.htm"
ie4tour.dll
File not found
"Show_ChannelBand"="No"
"Expand Alt Text"="no"
"Move System Caret"="no"
"NscSingleExpand"="dword:1"
"NoJITSetup"="dword:0"
"FavIntelliMenus"="yes"
"AllowWindowReuse"="dword:1"
"Enable Browser Extensions"="yes"
"Use Search Asst"="no"
"Q261272"="yes"
"ShowedCheckBrowser"="Yes"
"Check_Associations"="no"
"Window Title"=""
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
====================================== Browser Helper Objects ======================================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
[HKEY_CLASSES_ROOT\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}\InprocServer32\]
"ThreadingModel"="Apartment"
Apartment
File not found
"(Default)"="C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll"
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
File Size: 112248 bytes
$AE7FE3FD
CompanyName: Symantec Corporation
FileDescription: Norton AntiVirusNAVShellExt Module
FileVersion: 9.00.67
InternalName: NAVShellExt
LegalCopyright: Norton AntiVirus 2003 for Windows 98/ME/2000/XP Copyright (c) 2002 Symantec Corporation. All rights reserved.
OriginalFileName: NAVShExt.dll
ProductName: Norton AntiVirus
ProductVersion: 9.00.67
[HKEY_CLASSES_ROOT\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}\ProgID\]
"(Default)"="Navbho.CNavExtBho.1"
Navbho.CNavExtBho.1
File not found
===================================== Downloaded Program Files =====================================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation]
"CODEBASE"="file://C:\WINDOWS\SYSTEM\dajava.cab"
C:\WINDOWS\SYSTEM\dajava.cab
File not found
"OSD"="C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd"
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
File not found
[HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation]
"CODEBASE"="file://C:\WINDOWS\Java\classes\xmldso.cab"
C:\WINDOWS\Java\classes\xmldso.cab
File not found
"OSD"="C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd"
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
File Size: 1162 bytes
$BA51EAF5
No version information found
========================================= Autorun Entries ==========================================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\]
"Synchronization Manager"="mobsync.exe /logon"
C:\WINDOWS\system32\mobsync.exe
File Size: 111376 bytes
$4E1271C0
CompanyName: Microsoft Corporation
FileDescription: Microsoft Synchronization Manager
FileVersion: 5.00.2195.6627
InternalName: mobsync.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: mobsync.exe
ProductName: Microsoft Synchronization Manager
ProductVersion: 5.00.2195.6627
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe"
C:\Program Files\Microsoft Works\WkDetect.exe
File Size: 28739 bytes
$26FD438D
CompanyName: Microsoft® Corporation
FileDescription: Microsoft® Works Update Detection
FileVersion: 6.00.1828.1
InternalName: WKDETECT
LegalCopyright: Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFileName: WkDetect.exe
ProductName: Microsoft® Works 6.0
ProductVersion: 6.00.1828.1
"TkBellExe"=""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot"
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
File Size: 180269 bytes
$7ABE8726
CompanyName: RealNetworks, Inc.
FileDescription: RealNetworks Scheduler
FileVersion: 0.1.0.3034
InternalName: schedapp
LegalCopyright: Copyright © RealNetworks, Inc. 1995-2004
LegalTradeMarks: RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFileName: realsched.exe
ProductName: RealPlayer (32-bit)
ProductVersion: 0.1.0.3034
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe"
C:\Program Files\Microsoft Works\wkfud.exe
File Size: 24576 bytes
$719E7A2C
CompanyName: Microsoft® Corporation
FileDescription: Microsoft® Works Marketing Feature
FileVersion: 6.00.1828.1
InternalName: WKFUD
LegalCopyright: Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFileName: wkfud.exe
ProductName: Microsoft® Works 6.0
ProductVersion: 6.00.1828.1
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe /AllUsers"
C:\Program Files\Microsoft Works\WksSb.exe
File Size: 311350 bytes
$39DB062C
CompanyName: Microsoft® Corporation
FileDescription: Microsoft® Works PortFolio
FileVersion: 6.00.1902.0
InternalName: WKSPF
LegalCopyright: Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFileName: WksSb.exe
ProductName: Microsoft® Works 6.0
ProductVersion: 6.00.1902.0
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
File Size: 50880 bytes
$D80742BA
CompanyName: Symantec Corporation
FileDescription: Common Client CC App
FileVersion: 1.00.104
InternalName: ccApp
LegalCopyright: Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFileName: ccApp.exe
ProductName: Common Client
ProductVersion: 1.00.104
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
File Size: 34504 bytes
$DADD2282
CompanyName: Symantec Corporation
FileDescription: Common Client Registry Integrity Verifier
FileVersion: 1.00.104
InternalName: CCREGVRY
LegalCopyright: Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFileName: CCREGVFY.EXE
ProductName: Common Client
ProductVersion: 1.00.104
"GhostStartTrayApp"="C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe"
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
File Size: 94208 bytes
$2F6490A6
CompanyName: Symantec Corporation
FileDescription: Norton Ghost Start
FileVersion: 2003.775
InternalName: GhostStartTrayApp
LegalCopyright: Copyright (C) 1998-2002 Symantec Corp. All rights reserved.
OriginalFileName: GhostStartTrayApp.exe
ProductName: Norton Ghost Start
ProductVersion: 2003.775
"SymTray - Norton SystemWorks"="C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg"
C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
File not found
"PCDRealtime"="C:\WINDOWS\realtime.exe"
C:\WINDOWS\realtime.exe
File Size: 91648 bytes
$203945DC
FileVersion: 1.00
InternalName: realtime
OriginalFileName: realtime.exe
ProductName: realtime
ProductVersion: 1.00
"Zone Labs Client"=""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe""
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
File Size: 902432 bytes
$58026174
CompanyName: Zone Labs Inc.
FileDescription: Zone Labs Client
FileVersion: 5.5.062.004
InternalName: zlclient
LegalCopyright: Copyright © 1998-2004, Zone Labs Inc.
OriginalFileName: zlclient.exe
ProductName: Zone Labs Client
ProductVersion: 5.5.062.004
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP"
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
File Size: 340480 bytes
$9C3C606F
CompanyName: GRISOFT, s.r.o.
FileDescription: AVG Control Center
FileVersion: 7,1,0,295
InternalName: AvgCC
LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
OriginalFileName: AvgCC.EXE
ProductName: AVG Anti-Virus System
ProductVersion: 7.1.0.295
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
File Size: 269312 bytes
$1646EFAF
CompanyName: GRISOFT, s.r.o.
FileDescription: AVG E-Mail Scanner
FileVersion: 7,1,0,298
InternalName: avgemc
LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
LegalTradeMarks:
OriginalFileName: avgemc.exe
ProductName: AVG Anti-Virus System
ProductVersion: 7.1.0.298
Comments:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\]
"SymTray - Norton SystemWorks"="C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe"
C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
File Size: 36864 bytes
$BDC9364B
No version information found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\]
"SymKeepAlive"="C:\Program Files\Norton SystemWorks\CKA.exe"
C:\Program Files\Norton SystemWorks\CKA.exe
File Size: 225280 bytes
$4F83FC07
CompanyName: Symantec Corporation
FileDescription: Connection Keep Alive
FileVersion: 2003.6.50
InternalName: CKA
LegalCopyright: Copyright (c) 1997-2002 Symantec Corporation
OriginalFileName: CKA.exe
ProductName: Norton SystemWorks
ProductVersion: 2003.6.50
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
C:\Program Files\Spybot
File not found
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\]
================================= Autorun Services - Local Machine =================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\]
================================= Autorun Services - Current User ==================================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\]
============================== Autorun Services - Local Machine Once ===============================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\]
=============================== Autorun Services - Current User Once ===============================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\]
===================================== Common Startup Processes =====================================
======================================== Windows User Init =========================================
[HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
[Userinit]C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
File Size: 17680 bytes
$53C3D624
CompanyName: Microsoft Corporation
FileDescription: Userinit Logon Application
FileVersion: 5.00.2195.6612
InternalName: userinit
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: USERINIT.EXE
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6612
=========================================== Windows Load ===========================================
========================================== Windows Notify ==========================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain\]
"DllName"="crypt32.dll"
C:\WINDOWS\system32\crypt32.dll
File Size: 543504 bytes
$3E39505B
CompanyName: Microsoft Corporation
FileDescription: Crypto API32
FileVersion: 5.131.2195.6824
InternalName: CRYPT32.DLL
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: CRYPT32.DLL
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.131.2195.6824
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet\]
"DllName"="cryptnet.dll"
C:\WINDOWS\system32\cryptnet.dll
File Size: 61200 bytes
$E2FC018A
CompanyName: Microsoft Corporation
FileDescription: Crypto Network Related API
FileVersion: 5.131.2195.6824
InternalName: CRYPTNET.DLL
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: CRYPTNET.DLL
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.131.2195.6824
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll\]
"DllName"="cscdll.dll"
C:\WINDOWS\system32\cscdll.dll
File Size: 101136 bytes
$61DCAE7C
CompanyName: Microsoft Corporation
FileDescription: Offline Network Agent
FileVersion: 5.00.2195.6713
InternalName: CSCDLL
LegalCopyright: Copyright (C) Microsoft Corp.
OriginalFileName: CSCDLL.DLL
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6713
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy\]
"DllName"="sclgntfy.dll"
C:\WINDOWS\system32\sclgntfy.dll
File Size: 20752 bytes
$7F75627C
CompanyName: Microsoft Corporation
FileDescription: Secondary Logon Service Notification DLL
FileVersion: 5.00.2195.6608
InternalName: SCLGNTFY.DLL
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: SCLGNTFY.DLL
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6608
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn\]
"DllName"="WlNotify.dll"
C:\WINDOWS\system32\WlNotify.dll
File Size: 57616 bytes
$E00B76E8
CompanyName: Microsoft Corporation
FileDescription: Common DLL to receive Winlogon notifications
FileVersion: 5.00.2195.6706
InternalName: WlNotify.dll
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: WlNotify.dll
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6706
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif\]
"DllName"="wzcdlg.dll"
C:\WINDOWS\system32\wzcdlg.dll
File Size: 52496 bytes
$CA84BF55
CompanyName: Microsoft Corporation
FileDescription: Wireless Zero Configuration Service UI
FileVersion: 5.00.2195.6604
InternalName: wzcdlg.dll
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: wzcdlg.dll
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6604
======================================= Windows AppInit_DLLs =======================================
=============================== Windows ShellServiceObjectDelayLoad ================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
=================================== Windows SharedTaskScheduler ====================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
=================================== Currently Running Processes ====================================
smss.exe
C:\WINDOWS\system32\smss.exe
File Size: 45840 bytes
$B8EB12B4
CompanyName: Microsoft Corporation
FileDescription: Windows NT Session Manager
FileVersion: 5.00.2195.6601
InternalName: smss.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: smss.exe
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6601
winlogon.exe
C:\WINDOWS\system32\winlogon.exe
File Size: 182544 bytes
$6B1F8435
CompanyName: Microsoft Corporation
FileDescription: Windows NT Logon Application
FileVersion: 5.00.2195.6970
InternalName: winlogon
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: WINLOGON.EXE
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6970
services.exe
C:\WINDOWS\system32\services.exe
File Size: 89360 bytes
$7637C35D
CompanyName: Microsoft Corporation
FileDescription: Services and Controller app
FileVersion: 5.00.2195.6700
InternalName: services.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: services.exe
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6700
lsass.exe
C:\WINDOWS\system32\lsass.exe
File Size: 33552 bytes
$3F71808B
CompanyName: Microsoft Corporation
FileDescription: LSA Executable and Server DLL (Export Version)
FileVersion: 5.00.2195.6902
InternalName: lsasrv.dll and lsass.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: lsasrv.dll and lsass.exe
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6902
svchost.exe
C:\WINDOWS\system32\svchost.exe
File Size: 7952 bytes
$36207D3F
CompanyName: Microsoft Corporation
FileDescription: Generic Host Process for Win32 Services
FileVersion: 5.00.2134.1
InternalName: svchost.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: svchost.exe
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2134.1
ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
File Size: 308936 bytes
$72959A55
CompanyName: Symantec Corporation
FileDescription: Event Manager Service
FileVersion: 1.00.37
InternalName: ccEvtMgr
LegalCopyright: Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFileName: ccEvtMgr.exe
ProductName: Event Manager
ProductVersion: 1.00.37
spoolsv.exe
C:\WINDOWS\system32\spoolsv.exe
File Size: 45328 bytes
$E8D11518
CompanyName: Microsoft Corporation
FileDescription: Spooler SubSystem App
FileVersion: 5.00.2195.6659
InternalName: spoolss.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: spoolss.exe
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6659
avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
File Size: 318976 bytes
$28DDCF71
CompanyName: GRISOFT, s.r.o.
FileDescription: AVG Alert Manager
FileVersion: 7,1,0,285
InternalName: avgamsvr
LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
LegalTradeMarks:
OriginalFileName: avgamsvr.EXE
ProductName: AVG Anti-Virus System
ProductVersion: 7.1.0.285
Comments:
avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
File Size: 70144 bytes
$FC95500D
CompanyName: GRISOFT, s.r.o.
FileDescription: AVG Update Service
FileVersion: 7,1,0,285
InternalName: avgupsvc
LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
LegalTradeMarks:
OriginalFileName: avgupdsvc.EXE
ProductName: AVG 7.0 Anti-Virus System
ProductVersion: 7.1.0.285
Comments:
svchost.exe
C:\WINDOWS\system32\svchost.exe
File Size: 7952 bytes
$36207D3F
CompanyName: Microsoft Corporation
FileDescription: Generic Host Process for Win32 Services
FileVersion: 5.00.2134.1
InternalName: svchost.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: svchost.exe
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2134.1
GhostStartService.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
File Size: 200704 bytes
$032D1A36
CompanyName: Symantec Corporation
FileDescription: Norton Ghost Start
FileVersion: 2003.775
InternalName: GhostStartService
LegalCopyright: Copyright (C) 1998-2002 Symantec Corp. All rights reserved.
OriginalFileName: GhostStartService.exe
ProductName: Norton Ghost Start Service
ProductVersion: 2003.775
navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
File Size: 116336 bytes
$ED460DF4
CompanyName: Symantec Corporation
FileDescription: Norton AntiVirus Auto-Protect Service
FileVersion: 9.00.1104
InternalName: NAVAPSVC
LegalCopyright: Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFileName: NAVAPSVC.EXE
ProductName: Norton AntiVirus
ProductVersion: 9.00.1104
NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
File Size: 135168 bytes
$EF942A18
CompanyName: Symantec Corporation
FileDescription: Norton Protection Status
FileVersion: 16.00.0.22
InternalName: NPROTECT
LegalCopyright: Copyright (C) 2003 Symantec Corporation
LegalTradeMarks: Norton Utilities
OriginalFileName: NPROTECT.EXE
ProductName: Norton Utilities
ProductVersion: 16.00.0.22
regsvc.exe
C:\WINDOWS\system32\regsvc.exe
File Size: 68368 bytes
$3F5A6551
CompanyName: Microsoft Corporation
FileDescription: Remote Registry Service
FileVersion: 5.00.2195.6701
InternalName: regsvc
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: REGSVC.EXE
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6701
MSTask.exe
C:\WINDOWS\system32\MSTask.exe
File Size: 119568 bytes
$214AEAF4
CompanyName: Microsoft Corporation
FileDescription: Task Scheduler Engine
FileVersion: 4.71.2195.6920
InternalName: TaskScheduler
LegalCopyright: Copyright (C) Microsoft Corp. 1997
OriginalFileName: mstask.exe
ProductName: Microsoft® Windows® Task Scheduler
ProductVersion: 4.71.2195.6920
nopdb.exe
C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
C:\Program Files\Norton SystemWorks\Speed Disk\nopdb.exe
File Size: 172065 bytes
$08AB59FE
CompanyName: Symantec Corporation
FileDescription: NOPDB
FileVersion: 7.00.0.24
InternalName: NOPDB
LegalCopyright: Copyright (C) 2002
OriginalFileName: NOPDB.dll
ProductName: Norton Speed Disk
ProductVersion: 7.00.0.24
vsmon.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
File Size: 1213720 bytes
$E2D12376
CompanyName: Zone Labs Inc.
FileDescription: TrueVector Service
FileVersion: 5.5.062.004
InternalName: vsmon
LegalCopyright: Copyright © 1998-2004, Zone Labs Inc.
OriginalFileName: vsmon.exe
ProductName: TrueVector Service
ProductVersion: 5.5.062.004
WinMgmt.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
File Size: 196706 bytes
$A9DC6739
CompanyName: Microsoft Corporation
FileDescription: Windows Management Instrumentation
FileVersion: 1.50.1085.0100
InternalName: WINMGMT
LegalCopyright: Copyright (C) Microsoft Corp. 1995-1999
OriginalFileName:
ProductName: Windows Management Instrumentation
ProductVersion: 1.50.1085.0100
svchost.exe
C:\WINDOWS\system32\svchost.exe
File Size: 7952 bytes
$36207D3F
CompanyName: Microsoft Corporation
FileDescription: Generic Host Process for Win32 Services
FileVersion: 5.00.2134.1
InternalName: svchost.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: svchost.exe
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2134.1
Explorer.EXE
C:\WINDOWS\Explorer.EXE
File Size: 243472 bytes
$DA96361B
CompanyName: Microsoft Corporation
FileDescription: Windows Explorer
FileVersion: 5.00.3700.6690
InternalName: explorer
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: EXPLORER.EXE
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.3700.6690
SymTray.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
File Size: 86096 bytes
$749A490D
CompanyName: Symantec Corporation
FileDescription: Norton SystemWorks SymTray
FileVersion: 2003.6.50
InternalName: SymTray.exe
LegalCopyright: Copyright (c) 1997-2002 Symantec Corporation
OriginalFileName: SymTray.exe
ProductName: Norton SystemWorks
ProductVersion: 2003.6.50
realsched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
File Size: 180269 bytes
$7ABE8726
CompanyName: RealNetworks, Inc.
FileDescription: RealNetworks Scheduler
FileVersion: 0.1.0.3034
InternalName: schedapp
LegalCopyright: Copyright © RealNetworks, Inc. 1995-2004
LegalTradeMarks: RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFileName: realsched.exe
ProductName: RealPlayer (32-bit)
ProductVersion: 0.1.0.3034
ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
File Size: 50880 bytes
$D80742BA
CompanyName: Symantec Corporation
FileDescription: Common Client CC App
FileVersion: 1.00.104
InternalName: ccApp
LegalCopyright: Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFileName: ccApp.exe
ProductName: Common Client
ProductVersion: 1.00.104
GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
File Size: 94208 bytes
$2F6490A6
CompanyName: Symantec Corporation
FileDescription: Norton Ghost Start
FileVersion: 2003.775
InternalName: GhostStartTrayApp
LegalCopyright: Copyright (C) 1998-2002 Symantec Corp. All rights reserved.
OriginalFileName: GhostStartTrayApp.exe
ProductName: Norton Ghost Start
ProductVersion: 2003.775
zlclient.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
File Size: 902432 bytes
$58026174
CompanyName: Zone Labs Inc.
FileDescription: Zone Labs Client
FileVersion: 5.5.062.004
InternalName: zlclient
LegalCopyright: Copyright © 1998-2004, Zone Labs Inc.
OriginalFileName: zlclient.exe
ProductName: Zone Labs Client
ProductVersion: 5.5.062.004
avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
File Size: 340480 bytes
$9C3C606F
CompanyName: GRISOFT, s.r.o.
FileDescription: AVG Control Center
FileVersion: 7,1,0,295
InternalName: AvgCC
LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
OriginalFileName: AvgCC.EXE
ProductName: AVG Anti-Virus System
ProductVersion: 7.1.0.295
avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
File Size: 269312 bytes
$1646EFAF
CompanyName: GRISOFT, s.r.o.
FileDescription: AVG E-Mail Scanner
FileVersion: 7,1,0,298
InternalName: avgemc
LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
LegalTradeMarks:
OriginalFileName: avgemc.exe
ProductName: AVG Anti-Virus System
ProductVersion: 7.1.0.298
Comments:
CKA.exe
C:\Program Files\Norton SystemWorks\CKA.exe
File Size: 225280 bytes
$4F83FC07
CompanyName: Symantec Corporation
FileDescription: Connection Keep Alive
FileVersion: 2003.6.50
InternalName: CKA
LegalCopyright: Copyright (c) 1997-2002 Symantec Corporation
OriginalFileName: CKA.exe
ProductName: Norton SystemWorks
ProductVersion: 2003.6.50
TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
File Size: 1038336 bytes
$A4A82878
CompanyName: Safer Networking Limited
FileDescription: System settings protector
FileVersion: 1, 3, 0, 12
InternalName: TeaTimer
LegalCopyright: © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTradeMarks: "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFileName: TeaTimer.exe
ProductName: Spybot - Search & Destroy
ProductVersion: 1, 3, 0, 12
Comments: Schützt Systemeinstellungen vor ungewollten Änderungen.
iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
File Size: 60688 bytes
$098C2ABF
CompanyName: Microsoft Corporation
FileDescription: Internet Explorer
FileVersion: 5.00.2920.0000
InternalName: iexplore
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: IEXPLORE.EXE
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2920.0000
Diagnostic.exe
C:\Documents and Settings\default\Desktop\Virus Programs\Diagnostic.exe
File Size: 520192 bytes
$9C54BF32
CompanyName: Trek Blue, Inc
FileDescription: System Diagnostic
FileVersion: 1.0.7.1
InternalName: Diagnostic.exe
LegalCopyright: (c) Trek Blue, Inc All rights reserved.
LegalTradeMarks: (c) Trek Blue, Inc All rights reserved.
OriginalFileName: Diagnostic.exe
ProductName: System Diagnostic Tool
ProductVersion: 1.0.0.1
============================================ Host File =============================================
C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
Does anyone havve any ideas about this? Thanks everyone.
==================================== System Diagnostic Log File ====================================
- DTV: 1.0.7.1
- Report Date: 12/27/2004 16:58:41
- EN CurrentVersion: n/a
- SWN CurrentVersion: n/a
- SWN UpdateVersion: 0
- SWN Previous Version: n/a
- OS version: Windows 2000 5.0.2195 [Service Pack 4]
- Web Browser Version: IE:5.00.3700.1000;NS:7.1b1 (en);
======================================= IE Browser Defaults ========================================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
"Default_Page_URL"="http://www.msn.com"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Enable_Disk_Cache"="yes"
"Cache_Percent_of_Disk"="hex:0A,00,00,00"
"Delete_Temp_Files_On_Exit"="yes"
"Local Page"="%SystemRoot%\system32\blank.htm"
"Anchor_Visitation_Horizon"="hex:01,00,00,00"
"Use_Async_DNS"="yes"
"Placeholder_Width"="hex:1A,00,00,00"
"Placeholder_Height"="hex:1A,00,00,00"
"Wizard_Version"="5.00.2920.0000"
"FullScreen"="no"
"NoUpdateCheck"="1"
"Search Bar"=""
"Update_Check_Page"="http://www.searchalot.com"
"Update_Check_Interval"="dword:365"
"CompanyName"="Microsoft Corporation"
"Custom_Key"="MICROSO"
"Use_DlgBox_Colors"="yes"
"Check_Associations"="no"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"="dword:2"
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Start Page"="http://www.wrpi.org/realaudio/index.html"
"Use_DlgBox_Colors"="yes"
"FullScreen"="no"
"Window_Placement"="hex:2C,00,00,00,00,00,00,00,01,00,00,00,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,09,00,00,00,0F,01,00,00,15,03,00,00,48,03,00,00"
"LastCheckedHi"="dword:29681798"
"NotifyDownloadComplete"="yes"
"Use FormSuggest"="yes"
"AddToFavoritesExpanded"="dword:1"
"Error Dlg Details Pane Open"="no"
"HistoryViewType"="hex:00,00"
"FormSuggest PW Ask"="no"
"NoUpdateCheck"="dword:0"
"FormSuggest Passwords"="yes"
"SmoothScroll"="dword:1"
"Page_Transitions"="dword:1"
"ShowGoButton"="yes"
"Friendly http errors"="yes"
"Enable_MyPics_Hoverbar"="yes"
"Enable AutoImageResize"="yes"
"Play_Animations"="yes"
"Display Inline Videos"="yes"
"Play_Background_Sounds"="yes"
"Show image placeholders"="dword:0"
"Print_Background"="no"
"AutoSearch"="dword:3"
"Use Custom Search URL"="dword:1"
"ChannelsFirstURL"="res://ie4tour.dll/channels.htm"
ie4tour.dll
File not found
"Show_ChannelBand"="No"
"Expand Alt Text"="no"
"Move System Caret"="no"
"NscSingleExpand"="dword:1"
"NoJITSetup"="dword:0"
"FavIntelliMenus"="yes"
"AllowWindowReuse"="dword:1"
"Enable Browser Extensions"="yes"
"Use Search Asst"="no"
"Q261272"="yes"
"ShowedCheckBrowser"="Yes"
"Check_Associations"="no"
"Window Title"=""
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
====================================== Browser Helper Objects ======================================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
[HKEY_CLASSES_ROOT\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}\InprocServer32\]
"ThreadingModel"="Apartment"
Apartment
File not found
"(Default)"="C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll"
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
File Size: 112248 bytes
$AE7FE3FD
CompanyName: Symantec Corporation
FileDescription: Norton AntiVirusNAVShellExt Module
FileVersion: 9.00.67
InternalName: NAVShellExt
LegalCopyright: Norton AntiVirus 2003 for Windows 98/ME/2000/XP Copyright (c) 2002 Symantec Corporation. All rights reserved.
OriginalFileName: NAVShExt.dll
ProductName: Norton AntiVirus
ProductVersion: 9.00.67
[HKEY_CLASSES_ROOT\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}\ProgID\]
"(Default)"="Navbho.CNavExtBho.1"
Navbho.CNavExtBho.1
File not found
===================================== Downloaded Program Files =====================================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation]
"CODEBASE"="file://C:\WINDOWS\SYSTEM\dajava.cab"
C:\WINDOWS\SYSTEM\dajava.cab
File not found
"OSD"="C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd"
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
File not found
[HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation]
"CODEBASE"="file://C:\WINDOWS\Java\classes\xmldso.cab"
C:\WINDOWS\Java\classes\xmldso.cab
File not found
"OSD"="C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd"
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
File Size: 1162 bytes
$BA51EAF5
No version information found
========================================= Autorun Entries ==========================================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\]
"Synchronization Manager"="mobsync.exe /logon"
C:\WINDOWS\system32\mobsync.exe
File Size: 111376 bytes
$4E1271C0
CompanyName: Microsoft Corporation
FileDescription: Microsoft Synchronization Manager
FileVersion: 5.00.2195.6627
InternalName: mobsync.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: mobsync.exe
ProductName: Microsoft Synchronization Manager
ProductVersion: 5.00.2195.6627
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe"
C:\Program Files\Microsoft Works\WkDetect.exe
File Size: 28739 bytes
$26FD438D
CompanyName: Microsoft® Corporation
FileDescription: Microsoft® Works Update Detection
FileVersion: 6.00.1828.1
InternalName: WKDETECT
LegalCopyright: Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFileName: WkDetect.exe
ProductName: Microsoft® Works 6.0
ProductVersion: 6.00.1828.1
"TkBellExe"=""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot"
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
File Size: 180269 bytes
$7ABE8726
CompanyName: RealNetworks, Inc.
FileDescription: RealNetworks Scheduler
FileVersion: 0.1.0.3034
InternalName: schedapp
LegalCopyright: Copyright © RealNetworks, Inc. 1995-2004
LegalTradeMarks: RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFileName: realsched.exe
ProductName: RealPlayer (32-bit)
ProductVersion: 0.1.0.3034
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe"
C:\Program Files\Microsoft Works\wkfud.exe
File Size: 24576 bytes
$719E7A2C
CompanyName: Microsoft® Corporation
FileDescription: Microsoft® Works Marketing Feature
FileVersion: 6.00.1828.1
InternalName: WKFUD
LegalCopyright: Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFileName: wkfud.exe
ProductName: Microsoft® Works 6.0
ProductVersion: 6.00.1828.1
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe /AllUsers"
C:\Program Files\Microsoft Works\WksSb.exe
File Size: 311350 bytes
$39DB062C
CompanyName: Microsoft® Corporation
FileDescription: Microsoft® Works PortFolio
FileVersion: 6.00.1902.0
InternalName: WKSPF
LegalCopyright: Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFileName: WksSb.exe
ProductName: Microsoft® Works 6.0
ProductVersion: 6.00.1902.0
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
File Size: 50880 bytes
$D80742BA
CompanyName: Symantec Corporation
FileDescription: Common Client CC App
FileVersion: 1.00.104
InternalName: ccApp
LegalCopyright: Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFileName: ccApp.exe
ProductName: Common Client
ProductVersion: 1.00.104
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
File Size: 34504 bytes
$DADD2282
CompanyName: Symantec Corporation
FileDescription: Common Client Registry Integrity Verifier
FileVersion: 1.00.104
InternalName: CCREGVRY
LegalCopyright: Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFileName: CCREGVFY.EXE
ProductName: Common Client
ProductVersion: 1.00.104
"GhostStartTrayApp"="C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe"
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
File Size: 94208 bytes
$2F6490A6
CompanyName: Symantec Corporation
FileDescription: Norton Ghost Start
FileVersion: 2003.775
InternalName: GhostStartTrayApp
LegalCopyright: Copyright (C) 1998-2002 Symantec Corp. All rights reserved.
OriginalFileName: GhostStartTrayApp.exe
ProductName: Norton Ghost Start
ProductVersion: 2003.775
"SymTray - Norton SystemWorks"="C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg"
C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
File not found
"PCDRealtime"="C:\WINDOWS\realtime.exe"
C:\WINDOWS\realtime.exe
File Size: 91648 bytes
$203945DC
FileVersion: 1.00
InternalName: realtime
OriginalFileName: realtime.exe
ProductName: realtime
ProductVersion: 1.00
"Zone Labs Client"=""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe""
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
File Size: 902432 bytes
$58026174
CompanyName: Zone Labs Inc.
FileDescription: Zone Labs Client
FileVersion: 5.5.062.004
InternalName: zlclient
LegalCopyright: Copyright © 1998-2004, Zone Labs Inc.
OriginalFileName: zlclient.exe
ProductName: Zone Labs Client
ProductVersion: 5.5.062.004
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP"
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
File Size: 340480 bytes
$9C3C606F
CompanyName: GRISOFT, s.r.o.
FileDescription: AVG Control Center
FileVersion: 7,1,0,295
InternalName: AvgCC
LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
OriginalFileName: AvgCC.EXE
ProductName: AVG Anti-Virus System
ProductVersion: 7.1.0.295
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
File Size: 269312 bytes
$1646EFAF
CompanyName: GRISOFT, s.r.o.
FileDescription: AVG E-Mail Scanner
FileVersion: 7,1,0,298
InternalName: avgemc
LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
LegalTradeMarks:
OriginalFileName: avgemc.exe
ProductName: AVG Anti-Virus System
ProductVersion: 7.1.0.298
Comments:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\]
"SymTray - Norton SystemWorks"="C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe"
C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
File Size: 36864 bytes
$BDC9364B
No version information found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\]
"SymKeepAlive"="C:\Program Files\Norton SystemWorks\CKA.exe"
C:\Program Files\Norton SystemWorks\CKA.exe
File Size: 225280 bytes
$4F83FC07
CompanyName: Symantec Corporation
FileDescription: Connection Keep Alive
FileVersion: 2003.6.50
InternalName: CKA
LegalCopyright: Copyright (c) 1997-2002 Symantec Corporation
OriginalFileName: CKA.exe
ProductName: Norton SystemWorks
ProductVersion: 2003.6.50
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
C:\Program Files\Spybot
File not found
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\]
================================= Autorun Services - Local Machine =================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\]
================================= Autorun Services - Current User ==================================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\]
============================== Autorun Services - Local Machine Once ===============================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\]
=============================== Autorun Services - Current User Once ===============================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\]
===================================== Common Startup Processes =====================================
======================================== Windows User Init =========================================
[HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
[Userinit]C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
File Size: 17680 bytes
$53C3D624
CompanyName: Microsoft Corporation
FileDescription: Userinit Logon Application
FileVersion: 5.00.2195.6612
InternalName: userinit
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: USERINIT.EXE
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6612
=========================================== Windows Load ===========================================
========================================== Windows Notify ==========================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain\]
"DllName"="crypt32.dll"
C:\WINDOWS\system32\crypt32.dll
File Size: 543504 bytes
$3E39505B
CompanyName: Microsoft Corporation
FileDescription: Crypto API32
FileVersion: 5.131.2195.6824
InternalName: CRYPT32.DLL
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: CRYPT32.DLL
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.131.2195.6824
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet\]
"DllName"="cryptnet.dll"
C:\WINDOWS\system32\cryptnet.dll
File Size: 61200 bytes
$E2FC018A
CompanyName: Microsoft Corporation
FileDescription: Crypto Network Related API
FileVersion: 5.131.2195.6824
InternalName: CRYPTNET.DLL
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: CRYPTNET.DLL
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.131.2195.6824
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll\]
"DllName"="cscdll.dll"
C:\WINDOWS\system32\cscdll.dll
File Size: 101136 bytes
$61DCAE7C
CompanyName: Microsoft Corporation
FileDescription: Offline Network Agent
FileVersion: 5.00.2195.6713
InternalName: CSCDLL
LegalCopyright: Copyright (C) Microsoft Corp.
OriginalFileName: CSCDLL.DLL
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6713
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy\]
"DllName"="sclgntfy.dll"
C:\WINDOWS\system32\sclgntfy.dll
File Size: 20752 bytes
$7F75627C
CompanyName: Microsoft Corporation
FileDescription: Secondary Logon Service Notification DLL
FileVersion: 5.00.2195.6608
InternalName: SCLGNTFY.DLL
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: SCLGNTFY.DLL
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6608
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn\]
"DllName"="WlNotify.dll"
C:\WINDOWS\system32\WlNotify.dll
File Size: 57616 bytes
$E00B76E8
CompanyName: Microsoft Corporation
FileDescription: Common DLL to receive Winlogon notifications
FileVersion: 5.00.2195.6706
InternalName: WlNotify.dll
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: WlNotify.dll
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6706
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif\]
"DllName"="wzcdlg.dll"
C:\WINDOWS\system32\wzcdlg.dll
File Size: 52496 bytes
$CA84BF55
CompanyName: Microsoft Corporation
FileDescription: Wireless Zero Configuration Service UI
FileVersion: 5.00.2195.6604
InternalName: wzcdlg.dll
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: wzcdlg.dll
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6604
======================================= Windows AppInit_DLLs =======================================
=============================== Windows ShellServiceObjectDelayLoad ================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
=================================== Windows SharedTaskScheduler ====================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
=================================== Currently Running Processes ====================================
smss.exe
C:\WINDOWS\system32\smss.exe
File Size: 45840 bytes
$B8EB12B4
CompanyName: Microsoft Corporation
FileDescription: Windows NT Session Manager
FileVersion: 5.00.2195.6601
InternalName: smss.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: smss.exe
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6601
winlogon.exe
C:\WINDOWS\system32\winlogon.exe
File Size: 182544 bytes
$6B1F8435
CompanyName: Microsoft Corporation
FileDescription: Windows NT Logon Application
FileVersion: 5.00.2195.6970
InternalName: winlogon
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: WINLOGON.EXE
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6970
services.exe
C:\WINDOWS\system32\services.exe
File Size: 89360 bytes
$7637C35D
CompanyName: Microsoft Corporation
FileDescription: Services and Controller app
FileVersion: 5.00.2195.6700
InternalName: services.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: services.exe
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6700
lsass.exe
C:\WINDOWS\system32\lsass.exe
File Size: 33552 bytes
$3F71808B
CompanyName: Microsoft Corporation
FileDescription: LSA Executable and Server DLL (Export Version)
FileVersion: 5.00.2195.6902
InternalName: lsasrv.dll and lsass.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: lsasrv.dll and lsass.exe
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6902
svchost.exe
C:\WINDOWS\system32\svchost.exe
File Size: 7952 bytes
$36207D3F
CompanyName: Microsoft Corporation
FileDescription: Generic Host Process for Win32 Services
FileVersion: 5.00.2134.1
InternalName: svchost.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: svchost.exe
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2134.1
ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
File Size: 308936 bytes
$72959A55
CompanyName: Symantec Corporation
FileDescription: Event Manager Service
FileVersion: 1.00.37
InternalName: ccEvtMgr
LegalCopyright: Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFileName: ccEvtMgr.exe
ProductName: Event Manager
ProductVersion: 1.00.37
spoolsv.exe
C:\WINDOWS\system32\spoolsv.exe
File Size: 45328 bytes
$E8D11518
CompanyName: Microsoft Corporation
FileDescription: Spooler SubSystem App
FileVersion: 5.00.2195.6659
InternalName: spoolss.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: spoolss.exe
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6659
avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
File Size: 318976 bytes
$28DDCF71
CompanyName: GRISOFT, s.r.o.
FileDescription: AVG Alert Manager
FileVersion: 7,1,0,285
InternalName: avgamsvr
LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
LegalTradeMarks:
OriginalFileName: avgamsvr.EXE
ProductName: AVG Anti-Virus System
ProductVersion: 7.1.0.285
Comments:
avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
File Size: 70144 bytes
$FC95500D
CompanyName: GRISOFT, s.r.o.
FileDescription: AVG Update Service
FileVersion: 7,1,0,285
InternalName: avgupsvc
LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
LegalTradeMarks:
OriginalFileName: avgupdsvc.EXE
ProductName: AVG 7.0 Anti-Virus System
ProductVersion: 7.1.0.285
Comments:
svchost.exe
C:\WINDOWS\system32\svchost.exe
File Size: 7952 bytes
$36207D3F
CompanyName: Microsoft Corporation
FileDescription: Generic Host Process for Win32 Services
FileVersion: 5.00.2134.1
InternalName: svchost.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: svchost.exe
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2134.1
GhostStartService.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
File Size: 200704 bytes
$032D1A36
CompanyName: Symantec Corporation
FileDescription: Norton Ghost Start
FileVersion: 2003.775
InternalName: GhostStartService
LegalCopyright: Copyright (C) 1998-2002 Symantec Corp. All rights reserved.
OriginalFileName: GhostStartService.exe
ProductName: Norton Ghost Start Service
ProductVersion: 2003.775
navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
File Size: 116336 bytes
$ED460DF4
CompanyName: Symantec Corporation
FileDescription: Norton AntiVirus Auto-Protect Service
FileVersion: 9.00.1104
InternalName: NAVAPSVC
LegalCopyright: Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFileName: NAVAPSVC.EXE
ProductName: Norton AntiVirus
ProductVersion: 9.00.1104
NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
File Size: 135168 bytes
$EF942A18
CompanyName: Symantec Corporation
FileDescription: Norton Protection Status
FileVersion: 16.00.0.22
InternalName: NPROTECT
LegalCopyright: Copyright (C) 2003 Symantec Corporation
LegalTradeMarks: Norton Utilities
OriginalFileName: NPROTECT.EXE
ProductName: Norton Utilities
ProductVersion: 16.00.0.22
regsvc.exe
C:\WINDOWS\system32\regsvc.exe
File Size: 68368 bytes
$3F5A6551
CompanyName: Microsoft Corporation
FileDescription: Remote Registry Service
FileVersion: 5.00.2195.6701
InternalName: regsvc
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: REGSVC.EXE
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2195.6701
MSTask.exe
C:\WINDOWS\system32\MSTask.exe
File Size: 119568 bytes
$214AEAF4
CompanyName: Microsoft Corporation
FileDescription: Task Scheduler Engine
FileVersion: 4.71.2195.6920
InternalName: TaskScheduler
LegalCopyright: Copyright (C) Microsoft Corp. 1997
OriginalFileName: mstask.exe
ProductName: Microsoft® Windows® Task Scheduler
ProductVersion: 4.71.2195.6920
nopdb.exe
C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
C:\Program Files\Norton SystemWorks\Speed Disk\nopdb.exe
File Size: 172065 bytes
$08AB59FE
CompanyName: Symantec Corporation
FileDescription: NOPDB
FileVersion: 7.00.0.24
InternalName: NOPDB
LegalCopyright: Copyright (C) 2002
OriginalFileName: NOPDB.dll
ProductName: Norton Speed Disk
ProductVersion: 7.00.0.24
vsmon.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
File Size: 1213720 bytes
$E2D12376
CompanyName: Zone Labs Inc.
FileDescription: TrueVector Service
FileVersion: 5.5.062.004
InternalName: vsmon
LegalCopyright: Copyright © 1998-2004, Zone Labs Inc.
OriginalFileName: vsmon.exe
ProductName: TrueVector Service
ProductVersion: 5.5.062.004
WinMgmt.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
File Size: 196706 bytes
$A9DC6739
CompanyName: Microsoft Corporation
FileDescription: Windows Management Instrumentation
FileVersion: 1.50.1085.0100
InternalName: WINMGMT
LegalCopyright: Copyright (C) Microsoft Corp. 1995-1999
OriginalFileName:
ProductName: Windows Management Instrumentation
ProductVersion: 1.50.1085.0100
svchost.exe
C:\WINDOWS\system32\svchost.exe
File Size: 7952 bytes
$36207D3F
CompanyName: Microsoft Corporation
FileDescription: Generic Host Process for Win32 Services
FileVersion: 5.00.2134.1
InternalName: svchost.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: svchost.exe
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2134.1
Explorer.EXE
C:\WINDOWS\Explorer.EXE
File Size: 243472 bytes
$DA96361B
CompanyName: Microsoft Corporation
FileDescription: Windows Explorer
FileVersion: 5.00.3700.6690
InternalName: explorer
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: EXPLORER.EXE
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.3700.6690
SymTray.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
File Size: 86096 bytes
$749A490D
CompanyName: Symantec Corporation
FileDescription: Norton SystemWorks SymTray
FileVersion: 2003.6.50
InternalName: SymTray.exe
LegalCopyright: Copyright (c) 1997-2002 Symantec Corporation
OriginalFileName: SymTray.exe
ProductName: Norton SystemWorks
ProductVersion: 2003.6.50
realsched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
File Size: 180269 bytes
$7ABE8726
CompanyName: RealNetworks, Inc.
FileDescription: RealNetworks Scheduler
FileVersion: 0.1.0.3034
InternalName: schedapp
LegalCopyright: Copyright © RealNetworks, Inc. 1995-2004
LegalTradeMarks: RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFileName: realsched.exe
ProductName: RealPlayer (32-bit)
ProductVersion: 0.1.0.3034
ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
File Size: 50880 bytes
$D80742BA
CompanyName: Symantec Corporation
FileDescription: Common Client CC App
FileVersion: 1.00.104
InternalName: ccApp
LegalCopyright: Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFileName: ccApp.exe
ProductName: Common Client
ProductVersion: 1.00.104
GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
File Size: 94208 bytes
$2F6490A6
CompanyName: Symantec Corporation
FileDescription: Norton Ghost Start
FileVersion: 2003.775
InternalName: GhostStartTrayApp
LegalCopyright: Copyright (C) 1998-2002 Symantec Corp. All rights reserved.
OriginalFileName: GhostStartTrayApp.exe
ProductName: Norton Ghost Start
ProductVersion: 2003.775
zlclient.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
File Size: 902432 bytes
$58026174
CompanyName: Zone Labs Inc.
FileDescription: Zone Labs Client
FileVersion: 5.5.062.004
InternalName: zlclient
LegalCopyright: Copyright © 1998-2004, Zone Labs Inc.
OriginalFileName: zlclient.exe
ProductName: Zone Labs Client
ProductVersion: 5.5.062.004
avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
File Size: 340480 bytes
$9C3C606F
CompanyName: GRISOFT, s.r.o.
FileDescription: AVG Control Center
FileVersion: 7,1,0,295
InternalName: AvgCC
LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
OriginalFileName: AvgCC.EXE
ProductName: AVG Anti-Virus System
ProductVersion: 7.1.0.295
avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
File Size: 269312 bytes
$1646EFAF
CompanyName: GRISOFT, s.r.o.
FileDescription: AVG E-Mail Scanner
FileVersion: 7,1,0,298
InternalName: avgemc
LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
LegalTradeMarks:
OriginalFileName: avgemc.exe
ProductName: AVG Anti-Virus System
ProductVersion: 7.1.0.298
Comments:
CKA.exe
C:\Program Files\Norton SystemWorks\CKA.exe
File Size: 225280 bytes
$4F83FC07
CompanyName: Symantec Corporation
FileDescription: Connection Keep Alive
FileVersion: 2003.6.50
InternalName: CKA
LegalCopyright: Copyright (c) 1997-2002 Symantec Corporation
OriginalFileName: CKA.exe
ProductName: Norton SystemWorks
ProductVersion: 2003.6.50
TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
File Size: 1038336 bytes
$A4A82878
CompanyName: Safer Networking Limited
FileDescription: System settings protector
FileVersion: 1, 3, 0, 12
InternalName: TeaTimer
LegalCopyright: © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTradeMarks: "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFileName: TeaTimer.exe
ProductName: Spybot - Search & Destroy
ProductVersion: 1, 3, 0, 12
Comments: Schützt Systemeinstellungen vor ungewollten Änderungen.
iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
File Size: 60688 bytes
$098C2ABF
CompanyName: Microsoft Corporation
FileDescription: Internet Explorer
FileVersion: 5.00.2920.0000
InternalName: iexplore
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFileName: IEXPLORE.EXE
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2920.0000
Diagnostic.exe
C:\Documents and Settings\default\Desktop\Virus Programs\Diagnostic.exe
File Size: 520192 bytes
$9C54BF32
CompanyName: Trek Blue, Inc
FileDescription: System Diagnostic
FileVersion: 1.0.7.1
InternalName: Diagnostic.exe
LegalCopyright: (c) Trek Blue, Inc All rights reserved.
LegalTradeMarks: (c) Trek Blue, Inc All rights reserved.
OriginalFileName: Diagnostic.exe
ProductName: System Diagnostic Tool
ProductVersion: 1.0.0.1
============================================ Host File =============================================
C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
Does anyone havve any ideas about this? Thanks everyone.
•
•
Join Date: Aug 2003
Posts: 9,567
Reputation: 
Solved Threads: 493
Not Familur with Oninon ,But we are familur with these programs if you wish to use them and then post a hijackthis log foe Viewing .Thanks .
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Please do this.
Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".
Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!
1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.
2. Copy and paste HijackThis.exe to the new folder.
3. Close ALL windows except HJT
4. SCAN with HJT
5. POST the new log in this thread using 'Add Reply'
DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH
Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.
Do a virus scan here.
If you get report of files that can’t be cleaned / deleted please write down the filenames and locations and post that in your reply.
Then please do this since it’s better to use automated tools to get rid of the bad stuff use these 2 programs first before doing the final cleaning with HJT
First use Spybot S&D. (Version 1.3)
Spybot
Unzip, and update. Install the updates and run. Delete all that it marks in red.
Reboot
Then it’s time for Ad-Aware
Ad-Aware
Install and update by using the globe icon. Restart your computer and run Ad-Aware.
Press scan now and select drives and/or partitions to be scanned. When done select all and click next. Remove all checked items and then reboot your computer.
Please go to this page and read the instructions for how to configure Spybot S&D & Ad-Aware
How To Setup Spybot SD and Ad-Aware
Then post a HJT log as a reply to this topic.
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Please do this.
Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".
Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!
1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.
2. Copy and paste HijackThis.exe to the new folder.
3. Close ALL windows except HJT
4. SCAN with HJT
5. POST the new log in this thread using 'Add Reply'
DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH
Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.
Do a virus scan here.
If you get report of files that can’t be cleaned / deleted please write down the filenames and locations and post that in your reply.
Then please do this since it’s better to use automated tools to get rid of the bad stuff use these 2 programs first before doing the final cleaning with HJT
First use Spybot S&D. (Version 1.3)
Spybot
Unzip, and update. Install the updates and run. Delete all that it marks in red.
Reboot
Then it’s time for Ad-Aware
Ad-Aware
Install and update by using the globe icon. Restart your computer and run Ad-Aware.
Press scan now and select drives and/or partitions to be scanned. When done select all and click next. Remove all checked items and then reboot your computer.
Please go to this page and read the instructions for how to configure Spybot S&D & Ad-Aware
How To Setup Spybot SD and Ad-Aware
Then post a HJT log as a reply to this topic.
Linux boot cd http://www.knopper.net/knoppix/index-en.html
links to Free MS software and online services
http://lexusbluetooth.letstalk.com/p...iew=1&model=LS
links to Free MS software and online services
http://lexusbluetooth.letstalk.com/p...iew=1&model=LS
Although pcOrion has reportedly cleaned up it's act, I would still trust the programs caperjack recommened over it. You can find out more about pcOrion here:
http://www.spywarewarrior.com/rogue_...e.htm#swn_note
http://www.spywarewarrior.com/rogue_...e.htm#swn_note
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Unfortunately I had purchased PCorion before I found out about spywarewarrior and their ratings of the program. The good news is that although the techs at Pcoriion said they cannot fix the problem, they have given me a refund. At this point I am not sure I have any spyware on the computer but I went a head and ran hijack this and here is the log file:
Logfile of HijackThis v1.99.0
Scan saved at 3:19:39 PM, on 12/31/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Norton SystemWorks\CKA.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Documents and Settings\default\Desktop\Virus Programs\HijackThis-1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wrpi.org/realaudio/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.searchalot.com"); (C:\Program Files\Netscape\Users\pkw\prefs.js)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [SymKeepAlive] C:\Program Files\Norton SystemWorks\CKA.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellepro.com/corporate (file missing) (HKCU)
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Adware and spybot keep finding the same "registry dso" exploits and fixing it and spybot also finds the same items after I have been on the internet so something is happening. Anyway thanks very much for the help.
Logfile of HijackThis v1.99.0
Scan saved at 3:19:39 PM, on 12/31/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Norton SystemWorks\CKA.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Documents and Settings\default\Desktop\Virus Programs\HijackThis-1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wrpi.org/realaudio/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.searchalot.com"); (C:\Program Files\Netscape\Users\pkw\prefs.js)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [SymKeepAlive] C:\Program Files\Norton SystemWorks\CKA.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellepro.com/corporate (file missing) (HKCU)
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Adware and spybot keep finding the same "registry dso" exploits and fixing it and spybot also finds the same items after I have been on the internet so something is happening. Anyway thanks very much for the help.
•
•
Join Date: Aug 2003
Posts: 9,567
Reputation:
Solved Threads: 493
First thing the DSO in a bug in the spybot program not to worry as long as you have all the latest windows updates .
I will have a look at you log as soon as i get a few minutes!
Log looks ok only thing to fix is this and its not a problem anyway .
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
I will have a look at you log as soon as i get a few minutes!
Log looks ok only thing to fix is this and its not a problem anyway .
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
Linux boot cd http://www.knopper.net/knoppix/index-en.html
links to Free MS software and online services
http://lexusbluetooth.letstalk.com/p...iew=1&model=LS
links to Free MS software and online services
http://lexusbluetooth.letstalk.com/p...iew=1&model=LS
•
•
Join Date: Aug 2003
Posts: 9,567
Reputation:
Solved Threads: 493
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
You already use spybot ,and ad-aware ,to clean spyware ,so try the spyware prevention programs listed below.
Follow this list and your potential for being infected again will reduce dramatically.
Glad I was able to help.
You already use spybot ,and ad-aware ,to clean spyware ,so try the spyware prevention programs listed below.
- Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources
- Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
- Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
- Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
- Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
- Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
- Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Glad I was able to help.
Linux boot cd http://www.knopper.net/knoppix/index-en.html
links to Free MS software and online services
http://lexusbluetooth.letstalk.com/p...iew=1&model=LS
links to Free MS software and online services
http://lexusbluetooth.letstalk.com/p...iew=1&model=LS
Thanks Caperjack, good advice which I am mostly following already but I will review it closely to make sure.
•
•
•
•
Originally Posted by Persephone
Unfortunately I had purchased PCorion before I found out about spywarewarrior and their ratings of the program. The good news is that although the techs at Pcoriion said they cannot fix the problem, they have given me a refund.
And the fact that their techs even replied to you is noteworthy. Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
|
Similar Threads
- need a free virus spyware scanner (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Pop up at beginning of Internet use ...
- Next Thread: 'c:\windows\explorer.exe is attempting to change internet protection settings'!
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting report research risk rogueantivirus samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
