0

I installed pcOrion and when I ran a scan it found several problems and fixed them,however. Now when I run a scan it finds the same 23 coookies everytime and even though i tell the program to fix them, on the next scan the cookies are still there. I have contacted pcOrion for help but they are very slow in responding. They instructed me to run a diagnostic which they have had a copy of for several days without responding to solutions to fix the problem. I don't know if I have trojans/virus or if it is a bug in their program. Anyway here is the diagnostic file:

==================================== System Diagnostic Log File ====================================
- DTV: 1.0.7.1
- Report Date: 12/27/2004 16:58:41 
- EN CurrentVersion: n/a
- SWN CurrentVersion: n/a
- SWN UpdateVersion: 0
- SWN Previous Version: n/a
- OS version: Windows 2000 5.0.2195 [Service Pack 4]
- Web Browser Version: IE:5.00.3700.1000;NS:7.1b1 (en);

======================================= IE Browser Defaults ========================================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
"Default_Page_URL"="http://www.msn.com"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Enable_Disk_Cache"="yes"
"Cache_Percent_of_Disk"="hex:0A,00,00,00"
"Delete_Temp_Files_On_Exit"="yes"
"Local Page"="%SystemRoot%\system32\blank.htm"
"Anchor_Visitation_Horizon"="hex:01,00,00,00"
"Use_Async_DNS"="yes"
"Placeholder_Width"="hex:1A,00,00,00"
"Placeholder_Height"="hex:1A,00,00,00"
"Wizard_Version"="5.00.2920.0000"
"FullScreen"="no"
"NoUpdateCheck"="1"
"Search Bar"=""
"Update_Check_Page"="http://www.searchalot.com"
"Update_Check_Interval"="dword:365"
"CompanyName"="Microsoft Corporation"
"Custom_Key"="MICROSO"
"Use_DlgBox_Colors"="yes"
"Check_Associations"="no"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"="dword:2"
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Start Page"="http://www.wrpi.org/realaudio/index.html"
"Use_DlgBox_Colors"="yes"
"FullScreen"="no"
"Window_Placement"="hex:2C,00,00,00,00,00,00,00,01,00,00,00,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,09,00,00,00,0F,01,00,00,15,03,00,00,48,03,00,00"
"LastCheckedHi"="dword:29681798"
"NotifyDownloadComplete"="yes"
"Use FormSuggest"="yes"
"AddToFavoritesExpanded"="dword:1"
"Error Dlg Details Pane Open"="no"
"HistoryViewType"="hex:00,00"
"FormSuggest PW Ask"="no"
"NoUpdateCheck"="dword:0"
"FormSuggest Passwords"="yes"
"SmoothScroll"="dword:1"
"Page_Transitions"="dword:1"
"ShowGoButton"="yes"
"Friendly http errors"="yes"
"Enable_MyPics_Hoverbar"="yes"
"Enable AutoImageResize"="yes"
"Play_Animations"="yes"
"Display Inline Videos"="yes"
"Play_Background_Sounds"="yes"
"Show image placeholders"="dword:0"
"Print_Background"="no"
"AutoSearch"="dword:3"
"Use Custom Search URL"="dword:1"
"ChannelsFirstURL"="res://ie4tour.dll/channels.htm"
    ie4tour.dll
    File not found
"Show_ChannelBand"="No"
"Expand Alt Text"="no"
"Move System Caret"="no"
"NscSingleExpand"="dword:1"
"NoJITSetup"="dword:0"
"FavIntelliMenus"="yes"
"AllowWindowReuse"="dword:1"
"Enable Browser Extensions"="yes"
"Use Search Asst"="no"
"Q261272"="yes"
"ShowedCheckBrowser"="Yes"
"Check_Associations"="no"
"Window Title"=""
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

====================================== Browser Helper Objects ======================================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
[HKEY_CLASSES_ROOT\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}\InprocServer32\]
"ThreadingModel"="Apartment"
    Apartment
    File not found
"(Default)"="C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll"
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    File Size: 112248 bytes
    $AE7FE3FD
    CompanyName: Symantec Corporation
    FileDescription: Norton AntiVirusNAVShellExt Module
    FileVersion: 9.00.67
    InternalName: NAVShellExt
    LegalCopyright: Norton AntiVirus 2003 for Windows 98/ME/2000/XP Copyright (c) 2002 Symantec Corporation. All rights reserved.
    OriginalFileName: NAVShExt.dll
    ProductName: Norton AntiVirus
    ProductVersion: 9.00.67
[HKEY_CLASSES_ROOT\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}\ProgID\]
"(Default)"="Navbho.CNavExtBho.1"
    Navbho.CNavExtBho.1
    File not found

===================================== Downloaded Program Files =====================================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation]
"CODEBASE"="file://C:\WINDOWS\SYSTEM\dajava.cab"
    C:\WINDOWS\SYSTEM\dajava.cab
    File not found
"OSD"="C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd"
    C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
    File not found

[HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation]
"CODEBASE"="file://C:\WINDOWS\Java\classes\xmldso.cab"
    C:\WINDOWS\Java\classes\xmldso.cab
    File not found
"OSD"="C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd"
    C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
    File Size: 1162 bytes
    $BA51EAF5
    No version information found

========================================= Autorun Entries ==========================================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\]
"Synchronization Manager"="mobsync.exe /logon"
    C:\WINDOWS\system32\mobsync.exe
    File Size: 111376 bytes
    $4E1271C0
    CompanyName: Microsoft Corporation
    FileDescription: Microsoft Synchronization Manager
    FileVersion: 5.00.2195.6627
    InternalName: mobsync.exe
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: mobsync.exe
    ProductName: Microsoft Synchronization Manager
    ProductVersion: 5.00.2195.6627
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe"
    C:\Program Files\Microsoft Works\WkDetect.exe
    File Size: 28739 bytes
    $26FD438D
    CompanyName: Microsoft® Corporation
    FileDescription: Microsoft® Works Update Detection
    FileVersion: 6.00.1828.1
    InternalName: WKDETECT
    LegalCopyright: Copyright © Microsoft Corporation 1987-2000. All rights reserved.
    OriginalFileName: WkDetect.exe
    ProductName: Microsoft® Works 6.0
    ProductVersion: 6.00.1828.1 
"TkBellExe"=""C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot"
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    File Size: 180269 bytes
    $7ABE8726
    CompanyName: RealNetworks, Inc.
    FileDescription: RealNetworks Scheduler
    FileVersion: 0.1.0.3034
    InternalName: schedapp
    LegalCopyright: Copyright © RealNetworks, Inc. 1995-2004
    LegalTradeMarks: RealAudio(tm) is a trademark of RealNetworks, Inc.
    OriginalFileName: realsched.exe
    ProductName: RealPlayer (32-bit) 
    ProductVersion: 0.1.0.3034
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe"
    C:\Program Files\Microsoft Works\wkfud.exe
    File Size: 24576 bytes
    $719E7A2C
    CompanyName: Microsoft® Corporation
    FileDescription: Microsoft® Works Marketing Feature
    FileVersion: 6.00.1828.1
    InternalName: WKFUD
    LegalCopyright: Copyright © Microsoft Corporation 1987-2000. All rights reserved.
    OriginalFileName: wkfud.exe
    ProductName: Microsoft® Works 6.0
    ProductVersion: 6.00.1828.1 
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe /AllUsers"
    C:\Program Files\Microsoft Works\WksSb.exe
    File Size: 311350 bytes
    $39DB062C
    CompanyName: Microsoft® Corporation
    FileDescription: Microsoft® Works PortFolio
    FileVersion: 6.00.1902.0
    InternalName: WKSPF
    LegalCopyright: Copyright © Microsoft Corporation 1987-2000. All rights reserved.
    OriginalFileName: WksSb.exe
    ProductName: Microsoft® Works 6.0
    ProductVersion: 6.00.1902.0 
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    File Size: 50880 bytes
    $D80742BA
    CompanyName: Symantec Corporation
    FileDescription: Common Client CC App
    FileVersion: 1.00.104
    InternalName: ccApp
    LegalCopyright: Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    OriginalFileName: ccApp.exe
    ProductName: Common Client
    ProductVersion: 1.00.104
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    File Size: 34504 bytes
    $DADD2282
    CompanyName: Symantec Corporation
    FileDescription: Common Client Registry Integrity Verifier
    FileVersion: 1.00.104
    InternalName: CCREGVRY
    LegalCopyright: Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    OriginalFileName: CCREGVFY.EXE
    ProductName: Common Client
    ProductVersion: 1.00.104
"GhostStartTrayApp"="C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe"
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    File Size: 94208 bytes
    $2F6490A6
    CompanyName: Symantec Corporation
    FileDescription: Norton Ghost Start
    FileVersion: 2003.775
    InternalName: GhostStartTrayApp
    LegalCopyright: Copyright (C) 1998-2002 Symantec Corp. All rights reserved.
    OriginalFileName: GhostStartTrayApp.exe
    ProductName: Norton Ghost Start
    ProductVersion: 2003.775
"SymTray - Norton SystemWorks"="C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg"
    C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
    File not found
"PCDRealtime"="C:\WINDOWS\realtime.exe"
    C:\WINDOWS\realtime.exe
    File Size: 91648 bytes
    $203945DC
    FileVersion: 1.00
    InternalName: realtime
    OriginalFileName: realtime.exe
    ProductName: realtime
    ProductVersion: 1.00
"Zone Labs Client"=""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe""
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    File Size: 902432 bytes
    $58026174
    CompanyName: Zone Labs Inc.
    FileDescription: Zone Labs Client
    FileVersion: 5.5.062.004
    InternalName: zlclient
    LegalCopyright: Copyright © 1998-2004, Zone Labs Inc.
    OriginalFileName: zlclient.exe
    ProductName: Zone Labs Client
    ProductVersion: 5.5.062.004
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP"
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    File Size: 340480 bytes
    $9C3C606F
    CompanyName: GRISOFT, s.r.o.
    FileDescription: AVG Control Center
    FileVersion: 7,1,0,295
    InternalName: AvgCC
    LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
    OriginalFileName: AvgCC.EXE
    ProductName: AVG Anti-Virus System
    ProductVersion: 7.1.0.295
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Grisoft\AVG Free\avgemc.exe
    File Size: 269312 bytes
    $1646EFAF
    CompanyName: GRISOFT, s.r.o.
    FileDescription: AVG E-Mail Scanner
    FileVersion: 7,1,0,298
    InternalName: avgemc
    LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
    LegalTradeMarks: 
    OriginalFileName: avgemc.exe
    ProductName: AVG Anti-Virus System
    ProductVersion: 7.1.0.298
    Comments: 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\]
"SymTray - Norton SystemWorks"="C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe"
    C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
    File Size: 36864 bytes
    $BDC9364B
    No version information found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\]
"SymKeepAlive"="C:\Program Files\Norton SystemWorks\CKA.exe"
    C:\Program Files\Norton SystemWorks\CKA.exe
    File Size: 225280 bytes
    $4F83FC07
    CompanyName: Symantec Corporation
    FileDescription: Connection Keep Alive
    FileVersion: 2003.6.50
    InternalName: CKA
    LegalCopyright: Copyright (c) 1997-2002 Symantec Corporation
    OriginalFileName: CKA.exe
    ProductName: Norton SystemWorks
    ProductVersion: 2003.6.50
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    C:\Program Files\Spybot
    File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\]
================================= Autorun Services - Local Machine =================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\]
================================= Autorun Services - Current User ==================================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\]
============================== Autorun Services - Local Machine Once ===============================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\]
=============================== Autorun Services - Current User Once ===============================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\]
===================================== Common Startup Processes =====================================
======================================== Windows User Init =========================================
[HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
[Userinit]C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\userinit.exe
    File Size: 17680 bytes
    $53C3D624
    CompanyName: Microsoft Corporation
    FileDescription: Userinit Logon Application
    FileVersion: 5.00.2195.6612
    InternalName: userinit
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: USERINIT.EXE
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.00.2195.6612
=========================================== Windows Load ===========================================

========================================== Windows Notify ==========================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain\]
"DllName"="crypt32.dll"
    C:\WINDOWS\system32\crypt32.dll
    File Size: 543504 bytes
    $3E39505B
    CompanyName: Microsoft Corporation
    FileDescription: Crypto API32
    FileVersion: 5.131.2195.6824
    InternalName: CRYPT32.DLL
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: CRYPT32.DLL
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.131.2195.6824

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet\]
"DllName"="cryptnet.dll"
    C:\WINDOWS\system32\cryptnet.dll
    File Size: 61200 bytes
    $E2FC018A
    CompanyName: Microsoft Corporation
    FileDescription: Crypto Network Related API
    FileVersion: 5.131.2195.6824
    InternalName: CRYPTNET.DLL
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: CRYPTNET.DLL
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.131.2195.6824

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll\]
"DllName"="cscdll.dll"
    C:\WINDOWS\system32\cscdll.dll
    File Size: 101136 bytes
    $61DCAE7C
    CompanyName: Microsoft Corporation
    FileDescription: Offline Network Agent
    FileVersion: 5.00.2195.6713
    InternalName: CSCDLL
    LegalCopyright: Copyright (C) Microsoft Corp. 
    OriginalFileName: CSCDLL.DLL
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.00.2195.6713

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy\]
"DllName"="sclgntfy.dll"
    C:\WINDOWS\system32\sclgntfy.dll
    File Size: 20752 bytes
    $7F75627C
    CompanyName: Microsoft Corporation
    FileDescription: Secondary Logon Service Notification DLL
    FileVersion: 5.00.2195.6608
    InternalName: SCLGNTFY.DLL
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: SCLGNTFY.DLL
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.00.2195.6608

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn\]
"DllName"="WlNotify.dll"
    C:\WINDOWS\system32\WlNotify.dll
    File Size: 57616 bytes
    $E00B76E8
    CompanyName: Microsoft Corporation
    FileDescription: Common DLL to receive Winlogon notifications
    FileVersion: 5.00.2195.6706
    InternalName: WlNotify.dll
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: WlNotify.dll
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.00.2195.6706

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif\]
"DllName"="wzcdlg.dll"
    C:\WINDOWS\system32\wzcdlg.dll
    File Size: 52496 bytes
    $CA84BF55
    CompanyName: Microsoft Corporation
    FileDescription: Wireless Zero Configuration Service UI
    FileVersion: 5.00.2195.6604
    InternalName: wzcdlg.dll
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: wzcdlg.dll
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.00.2195.6604

======================================= Windows AppInit_DLLs =======================================

=============================== Windows ShellServiceObjectDelayLoad ================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

=================================== Windows SharedTaskScheduler ====================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

=================================== Currently Running Processes ====================================

smss.exe
    C:\WINDOWS\system32\smss.exe
    File Size: 45840 bytes
    $B8EB12B4
    CompanyName: Microsoft Corporation
    FileDescription: Windows NT Session Manager
    FileVersion: 5.00.2195.6601
    InternalName: smss.exe
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: smss.exe
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.00.2195.6601

winlogon.exe
    C:\WINDOWS\system32\winlogon.exe
    File Size: 182544 bytes
    $6B1F8435
    CompanyName: Microsoft Corporation
    FileDescription: Windows NT Logon Application
    FileVersion: 5.00.2195.6970
    InternalName: winlogon
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: WINLOGON.EXE
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.00.2195.6970

services.exe
    C:\WINDOWS\system32\services.exe
    File Size: 89360 bytes
    $7637C35D
    CompanyName: Microsoft Corporation
    FileDescription: Services and Controller app
    FileVersion: 5.00.2195.6700
    InternalName: services.exe
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: services.exe
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.00.2195.6700

lsass.exe
    C:\WINDOWS\system32\lsass.exe
    File Size: 33552 bytes
    $3F71808B
    CompanyName: Microsoft Corporation
    FileDescription: LSA Executable and Server DLL (Export Version)
    FileVersion: 5.00.2195.6902
    InternalName: lsasrv.dll and lsass.exe
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: lsasrv.dll and lsass.exe
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.00.2195.6902

svchost.exe
    C:\WINDOWS\system32\svchost.exe
    File Size: 7952 bytes
    $36207D3F
    CompanyName: Microsoft Corporation
    FileDescription: Generic Host Process for Win32 Services
    FileVersion: 5.00.2134.1
    InternalName: svchost.exe
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: svchost.exe
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.00.2134.1

ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    File Size: 308936 bytes
    $72959A55
    CompanyName: Symantec Corporation
    FileDescription: Event Manager Service
    FileVersion: 1.00.37
    InternalName: ccEvtMgr
    LegalCopyright: Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    OriginalFileName: ccEvtMgr.exe
    ProductName: Event Manager
    ProductVersion: 1.00.37

spoolsv.exe
    C:\WINDOWS\system32\spoolsv.exe
    File Size: 45328 bytes
    $E8D11518
    CompanyName: Microsoft Corporation
    FileDescription: Spooler SubSystem App
    FileVersion: 5.00.2195.6659
    InternalName: spoolss.exe
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: spoolss.exe
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.00.2195.6659

avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
    File Size: 318976 bytes
    $28DDCF71
    CompanyName: GRISOFT, s.r.o.
    FileDescription: AVG Alert Manager
    FileVersion: 7,1,0,285
    InternalName: avgamsvr
    LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
    LegalTradeMarks: 
    OriginalFileName: avgamsvr.EXE
    ProductName: AVG Anti-Virus System
    ProductVersion: 7.1.0.285
    Comments: 

avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
    File Size: 70144 bytes
    $FC95500D
    CompanyName: GRISOFT, s.r.o.
    FileDescription: AVG Update Service
    FileVersion: 7,1,0,285
    InternalName: avgupsvc
    LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
    LegalTradeMarks: 
    OriginalFileName: avgupdsvc.EXE
    ProductName: AVG 7.0 Anti-Virus System
    ProductVersion: 7.1.0.285
    Comments: 

svchost.exe
    C:\WINDOWS\system32\svchost.exe
    File Size: 7952 bytes
    $36207D3F
    CompanyName: Microsoft Corporation
    FileDescription: Generic Host Process for Win32 Services
    FileVersion: 5.00.2134.1
    InternalName: svchost.exe
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: svchost.exe
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.00.2134.1

GhostStartService.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
    File Size: 200704 bytes
    $032D1A36
    CompanyName: Symantec Corporation
    FileDescription: Norton Ghost Start
    FileVersion: 2003.775
    InternalName: GhostStartService
    LegalCopyright: Copyright (C) 1998-2002 Symantec Corp. All rights reserved.
    OriginalFileName: GhostStartService.exe
    ProductName: Norton Ghost Start Service
    ProductVersion: 2003.775

navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    File Size: 116336 bytes
    $ED460DF4
    CompanyName: Symantec Corporation
    FileDescription: Norton AntiVirus Auto-Protect Service
    FileVersion: 9.00.1104
    InternalName: NAVAPSVC
    LegalCopyright: Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    OriginalFileName: NAVAPSVC.EXE
    ProductName: Norton AntiVirus
    ProductVersion: 9.00.1104

NPROTECT.EXE
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    File Size: 135168 bytes
    $EF942A18
    CompanyName: Symantec Corporation
    FileDescription: Norton Protection Status
    FileVersion: 16.00.0.22
    InternalName: NPROTECT
    LegalCopyright: Copyright (C) 2003 Symantec Corporation
    LegalTradeMarks: Norton Utilities
    OriginalFileName: NPROTECT.EXE
    ProductName: Norton Utilities
    ProductVersion: 16.00.0.22

regsvc.exe
    C:\WINDOWS\system32\regsvc.exe
    File Size: 68368 bytes
    $3F5A6551
    CompanyName: Microsoft Corporation
    FileDescription: Remote Registry Service
    FileVersion: 5.00.2195.6701
    InternalName: regsvc
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: REGSVC.EXE
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.00.2195.6701

MSTask.exe
    C:\WINDOWS\system32\MSTask.exe
    File Size: 119568 bytes
    $214AEAF4
    CompanyName: Microsoft Corporation
    FileDescription: Task Scheduler Engine
    FileVersion: 4.71.2195.6920
    InternalName: TaskScheduler
    LegalCopyright: Copyright (C) Microsoft Corp. 1997
    OriginalFileName: mstask.exe
    ProductName: Microsoft® Windows® Task Scheduler
    ProductVersion: 4.71.2195.6920

nopdb.exe
    C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
    C:\Program Files\Norton SystemWorks\Speed Disk\nopdb.exe
    File Size: 172065 bytes
    $08AB59FE
    CompanyName: Symantec Corporation
    FileDescription: NOPDB
    FileVersion: 7.00.0.24
    InternalName: NOPDB
    LegalCopyright: Copyright (C) 2002
    OriginalFileName: NOPDB.dll
    ProductName: Norton Speed Disk
    ProductVersion: 7.00.0.24

vsmon.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    File Size: 1213720 bytes
    $E2D12376
    CompanyName: Zone Labs Inc.
    FileDescription: TrueVector Service
    FileVersion: 5.5.062.004
    InternalName: vsmon
    LegalCopyright: Copyright © 1998-2004, Zone Labs Inc.
    OriginalFileName: vsmon.exe
    ProductName: TrueVector Service
    ProductVersion: 5.5.062.004

WinMgmt.exe
    C:\WINDOWS\System32\WBEM\WinMgmt.exe
    File Size: 196706 bytes
    $A9DC6739
    CompanyName: Microsoft Corporation
    FileDescription: Windows Management Instrumentation
    FileVersion: 1.50.1085.0100
    InternalName: WINMGMT
    LegalCopyright: Copyright (C) Microsoft Corp. 1995-1999
    OriginalFileName: 
    ProductName: Windows Management Instrumentation
    ProductVersion: 1.50.1085.0100

svchost.exe
    C:\WINDOWS\system32\svchost.exe
    File Size: 7952 bytes
    $36207D3F
    CompanyName: Microsoft Corporation
    FileDescription: Generic Host Process for Win32 Services
    FileVersion: 5.00.2134.1
    InternalName: svchost.exe
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: svchost.exe
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.00.2134.1

Explorer.EXE
    C:\WINDOWS\Explorer.EXE
    File Size: 243472 bytes
    $DA96361B
    CompanyName: Microsoft Corporation
    FileDescription: Windows Explorer
    FileVersion: 5.00.3700.6690
    InternalName: explorer
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: EXPLORER.EXE
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.00.3700.6690

SymTray.exe
    C:\Program Files\Common Files\Symantec Shared\SymTray.exe
    File Size: 86096 bytes
    $749A490D
    CompanyName: Symantec Corporation
    FileDescription: Norton SystemWorks SymTray
    FileVersion: 2003.6.50
    InternalName: SymTray.exe
    LegalCopyright: Copyright (c) 1997-2002 Symantec Corporation
    OriginalFileName: SymTray.exe
    ProductName: Norton SystemWorks
    ProductVersion: 2003.6.50

realsched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    File Size: 180269 bytes
    $7ABE8726
    CompanyName: RealNetworks, Inc.
    FileDescription: RealNetworks Scheduler
    FileVersion: 0.1.0.3034
    InternalName: schedapp
    LegalCopyright: Copyright © RealNetworks, Inc. 1995-2004
    LegalTradeMarks: RealAudio(tm) is a trademark of RealNetworks, Inc.
    OriginalFileName: realsched.exe
    ProductName: RealPlayer (32-bit) 
    ProductVersion: 0.1.0.3034

ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    File Size: 50880 bytes
    $D80742BA
    CompanyName: Symantec Corporation
    FileDescription: Common Client CC App
    FileVersion: 1.00.104
    InternalName: ccApp
    LegalCopyright: Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    OriginalFileName: ccApp.exe
    ProductName: Common Client
    ProductVersion: 1.00.104

GhostStartTrayApp.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    File Size: 94208 bytes
    $2F6490A6
    CompanyName: Symantec Corporation
    FileDescription: Norton Ghost Start
    FileVersion: 2003.775
    InternalName: GhostStartTrayApp
    LegalCopyright: Copyright (C) 1998-2002 Symantec Corp. All rights reserved.
    OriginalFileName: GhostStartTrayApp.exe
    ProductName: Norton Ghost Start
    ProductVersion: 2003.775

zlclient.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    File Size: 902432 bytes
    $58026174
    CompanyName: Zone Labs Inc.
    FileDescription: Zone Labs Client
    FileVersion: 5.5.062.004
    InternalName: zlclient
    LegalCopyright: Copyright © 1998-2004, Zone Labs Inc.
    OriginalFileName: zlclient.exe
    ProductName: Zone Labs Client
    ProductVersion: 5.5.062.004

avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    File Size: 340480 bytes
    $9C3C606F
    CompanyName: GRISOFT, s.r.o.
    FileDescription: AVG Control Center
    FileVersion: 7,1,0,295
    InternalName: AvgCC
    LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
    OriginalFileName: AvgCC.EXE
    ProductName: AVG Anti-Virus System
    ProductVersion: 7.1.0.295

avgemc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Grisoft\AVG Free\avgemc.exe
    File Size: 269312 bytes
    $1646EFAF
    CompanyName: GRISOFT, s.r.o.
    FileDescription: AVG E-Mail Scanner
    FileVersion: 7,1,0,298
    InternalName: avgemc
    LegalCopyright: Copyright © 2004, GRISOFT, s.r.o.
    LegalTradeMarks: 
    OriginalFileName: avgemc.exe
    ProductName: AVG Anti-Virus System
    ProductVersion: 7.1.0.298
    Comments: 

CKA.exe
    C:\Program Files\Norton SystemWorks\CKA.exe
    File Size: 225280 bytes
    $4F83FC07
    CompanyName: Symantec Corporation
    FileDescription: Connection Keep Alive
    FileVersion: 2003.6.50
    InternalName: CKA
    LegalCopyright: Copyright (c) 1997-2002 Symantec Corporation
    OriginalFileName: CKA.exe
    ProductName: Norton SystemWorks
    ProductVersion: 2003.6.50

TeaTimer.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    File Size: 1038336 bytes
    $A4A82878
    CompanyName: Safer Networking Limited
    FileDescription: System settings protector
    FileVersion: 1, 3, 0, 12
    InternalName: TeaTimer
    LegalCopyright: © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
    LegalTradeMarks: "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
    OriginalFileName: TeaTimer.exe
    ProductName: Spybot - Search & Destroy
    ProductVersion: 1, 3, 0, 12
    Comments: Schützt Systemeinstellungen vor ungewollten Änderungen.

iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    File Size: 60688 bytes
    $098C2ABF
    CompanyName: Microsoft Corporation
    FileDescription: Internet Explorer
    FileVersion: 5.00.2920.0000
    InternalName: iexplore
    LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
    OriginalFileName: IEXPLORE.EXE
    ProductName: Microsoft(R) Windows (R) 2000 Operating System
    ProductVersion: 5.00.2920.0000

Diagnostic.exe
    C:\Documents and Settings\default\Desktop\Virus Programs\Diagnostic.exe
    File Size: 520192 bytes
    $9C54BF32
    CompanyName: Trek Blue, Inc
    FileDescription: System Diagnostic 
    FileVersion: 1.0.7.1
    InternalName: Diagnostic.exe
    LegalCopyright: (c) Trek Blue, Inc  All rights reserved.
    LegalTradeMarks: (c) Trek Blue, Inc  All rights reserved.
    OriginalFileName: Diagnostic.exe
    ProductName: System Diagnostic Tool
    ProductVersion: 1.0.0.1


============================================ Host File =============================================
C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost

Does anyone havve any ideas about this? Thanks everyone.

Edited by Reverend Jim: Fixed formatting

3
Contributors
7
Replies
8
Views
12 Years
Discussion Span
Last Post by dlh6213
0

Not Familur with Oninon ,But we are familur with these programs if you wish to use them and then post a hijackthis log foe Viewing .Thanks .
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Please do this.
Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!


1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.

2. Copy and paste HijackThis.exe to the new folder.

3. Close ALL windows except HJT

4. SCAN with HJT

5. POST the new log in this thread using 'Add Reply'

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Do a virus scan here.
If you get report of files that can’t be cleaned / deleted please write down the filenames and locations and post that in your reply.

Then please do this since it’s better to use automated tools to get rid of the bad stuff use these 2 programs first before doing the final cleaning with HJT

First use Spybot S&D. (Version 1.3)
Spybot
Unzip, and update. Install the updates and run. Delete all that it marks in red.
Reboot

Then it’s time for Ad-Aware
Ad-Aware
Install and update by using the globe icon. Restart your computer and run Ad-Aware.
Press scan now and select drives and/or partitions to be scanned. When done select all and click next. Remove all checked items and then reboot your computer.

Please go to this page and read the instructions for how to configure Spybot S&D & Ad-Aware
How To Setup Spybot SD and Ad-Aware

Then post a HJT log as a reply to this topic.

0

Unfortunately I had purchased PCorion before I found out about spywarewarrior and their ratings of the program. The good news is that although the techs at Pcoriion said they cannot fix the problem, they have given me a refund. At this point I am not sure I have any spyware on the computer but I went a head and ran hijack this and here is the log file:
Logfile of HijackThis v1.99.0
Scan saved at 3:19:39 PM, on 12/31/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Norton SystemWorks\CKA.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Documents and Settings\default\Desktop\Virus Programs\HijackThis-1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wrpi.org/realaudio/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.searchalot.com"); (C:\Program Files\Netscape\Users\pkw\prefs.js)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [SymKeepAlive] C:\Program Files\Norton SystemWorks\CKA.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellepro.com/corporate (file missing) (HKCU)
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Adware and spybot keep finding the same "registry dso" exploits and fixing it and spybot also finds the same items after I have been on the internet so something is happening. Anyway thanks very much for the help.

0

First thing the DSO in a bug in the spybot program not to worry as long as you have all the latest windows updates .
I will have a look at you log as soon as i get a few minutes!

Log looks ok only thing to fix is this and its not a problem anyway .
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

0

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
You already use spybot ,and ad-aware ,to clean spyware ,so try the spyware prevention programs listed below.

  1. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  2. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  3. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  4. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  5. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  6. Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  7. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  8. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

0

Thanks Caperjack, good advice which I am mostly following already but I will review it closely to make sure.

0

Unfortunately I had purchased PCorion before I found out about spywarewarrior and their ratings of the program. The good news is that although the techs at Pcoriion said they cannot fix the problem, they have given me a refund.

Well, that's a good sign -- if they gave you a refund, maybe they actually have cleaned-up their act. :) And the fact that their techs even replied to you is noteworthy.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.