Jump to content

terry1966

Anti-Spyware Brigade
  • Content Count

    9,289
  • Joined

  • Last visited

Everything posted by terry1966

  1. Thanks for the reply jacee. I have 3 pc's that I want to network. 1 we've cleaned and this and 1 more but I want to make sure these 2 are clean before conecting them up again. You can close this topic and when I've completed what you've said on the 2 pc's I'll start a new topic asking for someone to look at thier hjt logs. Thanks again for all your help and congrats again on your award.
  2. Thx for the reply RAH I knew I couldn't do QMD's coz I remember asking that sometime ago. I won't be starting 2 cores for a while because I have some trojan probs. at mo.(got 3 cores now it downloads a new core for every wu and 3 wu's waiting to send,just lost 4 wu's too...lol) Do you know if by setting change advanced options to no that mem is set to max and interval is set to 30 mins?? I know it uses sse boost coz it shows that in log. By the way I use the beta as a service. 15% increase sounds good. Does 2 cores slow it down so you notice tho??
  3. Rah I have an amd4000+ with 1g mem and was wondering what the diff. is between saying yes or no where it says change advanced options. Coz I put no thinking it would be set up for max performance. And if poss can you or anyone else tell me would I get more points if I ran 2 cores at once or leave 1 core run before loading more work. In other words would 1 core finish 2 wu's in the same time as 2 cores running 1 wu each if all wu's were the same size??... :-)
  4. did you want me to start a new topic for this pc jacee?? or do you think I should know enough now to sort it out myself... :-)...lol...(are the smilies not working because of my firewall settings??) p.s. then I have 1 more pc thats old and slow and only going to be used for folding, but even that's infected by whatever's highjacking my browser. And before you say anything :-) they were all infected at the same time, so I haven't let anything back on the pc we just fixed...lol...and they only got infected coz I don't know enough about networking... ;-) Hope you had a good newyear. terry.
  5. You can blush all you like!!! It's praise you earn...lol...:-) Right that pc is looking good but now for this one..:-) (smilies not working for some reason) Trend micro scan said I had infections that can only be removed manually but refused to list them for some reason. Spyware doctor lists 9 Trojan.Proxy.BK files and 2 MediaMotor files and says it cleaned them but the Trojans keep coming back so here's my hjt log..:-) Logfile of HijackThis v1.99.1 Scan saved at 15:23:51, on 31/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\Terry\Desktop\folding\FAH504-Console.exe C:\Norman\Nvc\BIN\NPFSVICE.EXE C:\Norman\Bin\Zanda.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Documents and Settings\Terry\Desktop\folding\FahCore_82.exe C:\WINDOWS\system32\wdfmgr.exe C:\Norman\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Norman\bin\ZLH.EXE E:\Program Files\AVerTV DVB-T\QuickDVB-T.exe C:\WINDOWS\system32\carpserv.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe C:\Norman\Npf\BIN\npfmsg2.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\Norman\Nvc\bin\cclaw.exe C:\Documents and Settings\Terry\Desktop\hjt\HijackThis.exe O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [QuickDVBT] E:\Program Files\AVerTV DVB-T\QuickDVB-T.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: DSLMON.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135610984861 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...661/mcfscan.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{59B5350D-19A0-427F-8F2A-1DC549CC49E4}: NameServer = 213.40.130.126 213.40.130.33 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: FAH@C:+Documents and Settings+Terry+Desktop+folding+FAH504-Console.exe - Stanford University - C:\Documents and Settings\Terry\Desktop\folding\FAH504-Console.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Nvc\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe Wish you and your family all the best for New Year. Will look in again after I recover from the hang over I'm going to get tonight.. :-)
  6. I'm willing to host 2 running 24/7. Don't think I can afford to host more at moment. Sorry no parts to spare only my time if its needed.
  7. Just how many pc's have you got??? :-) very nice folding too...well done.
  8. Thanks Jacee. I haven't got round to running any scans on it yet but yes I think it might be clean again...lol. let you know how it performs when I get the time to test it. I'll also post a log for this pc, coz think this ones infected too. spyware doctor just found 8 trojans on it. Until my next post take care and thx for your help and patience. terry. p.s. you really are an angel.
  9. glad he's not jealous... here it is just 1 hiccup when I rebooted ms spyware restarted even tho I saved the changes you told me to make. Logfile of HijackThis v1.99.1 Scan saved at 17:24:42, on 28/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Documents and Settings\GA\Desktop\folding\FAH504-Console.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\snmp.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\GA\Desktop\folding\FahCore_78.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\GA\Desktop\hjt\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll O4 - HKLM\..\Run: [PCEyeLic] C:\Program Files\PCEye2000\pceye2000.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: DSLMON.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134952283562 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134955094437 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: FAH@C:+Documents and Settings+GA+Desktop+folding+FAH504-Console.exe - Stanford University - C:\Documents and Settings\GA\Desktop\folding\FAH504-Console.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  10. Just wondering with all those things we've done so far. Did we found anything that was wrong?? right here we go again did all those. and here's the log. must admit it seems like we've been here before. Logfile of HijackThis v1.99.1 Scan saved at 02:27:28, on 28/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Documents and Settings\GA\Desktop\folding\FAH504-Console.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Documents and Settings\GA\Desktop\folding\FahCore_78.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\alg.exe C:\Documents and Settings\GA\Desktop\hjt\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll O4 - HKLM\..\Run: [PCEyeLic] C:\Program Files\PCEye2000\pceye2000.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: DSLMON.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134952283562 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134955094437 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: FAH@C:+Documents and Settings+GA+Desktop+folding+FAH504-Console.exe - Stanford University - C:\Documents and Settings\GA\Desktop\folding\FAH504-Console.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Night Jacee. See you tomorrow. Your husband not the jealous type I hope...
  11. Do you know jacee, you might dress like the devil but your an angel really!!!!
  12. right removed spysweeper and had to remove f-secure to so i could make the changes to ie because even tho i switched off ie guard in f-secure it still wouldn't let me make the changes.. now what??
  13. followed that link jacee and it took me to ca spyware information centre but i couldn't find anything there explaining how to get rid of it, just info on what it is and pestpatrol by eTrust. followed 2 links under others by this group but both led me to same page Spyware encyclopedia. So what do I do now??
  14. 127.0.0.1 retaildirect.realmedia.com #SpySweeperCASS 127.0.0.1 rmads.msn.com #SpySweeperCASS 127.0.0.1 rmedia.boston.com #SpySweeperCASS 127.0.0.1 s0b.bluestreak.com #SpySweeperCASS 127.0.0.1 s2.focalink.com #SpySweeperCASS 127.0.0.1 sc.clicksupply.com #SpySweeperCASS 127.0.0.1 scand.adlink.de #SpySweeperCASS 127.0.0.1 secure.webconnect.net #SpySweeperCASS 127.0.0.1 servads.aip.org #SpySweeperCASS 127.0.0.1 serve.thisbanner.com #SpySweeperCASS 127.0.0.1 servedby.advertising.com #SpySweeperCASS 127.0.0.1 service.bfast.com #SpySweeperCASS 127.0.0.1 sfads.osdn.com #SpySweeperCASS 127.0.0.1 sg.yimg.com #SpySweeperCASS 127.0.0.1 sh4sure-images.adbureau.net #SpySweeperCASS 127.0.0.1 shop.kazaa.com #SpySweeperCASS 127.0.0.1 spd.atdmt.com #SpySweeperCASS 127.0.0.1 speed.pointroll.com #SpySweeperCASS 127.0.0.1 spin.spinbox.net #SpySweeperCASS 127.0.0.1 spinbox.maccentral.com #SpySweeperCASS 127.0.0.1 spinbox.techtracker.com #SpySweeperCASS 127.0.0.1 ss.mtree.com #SpySweeperCASS 127.0.0.1 static.admaximize.com #SpySweeperCASS 127.0.0.1 stats.adultrevenueservice.com #SpySweeperCASS 127.0.0.1 stats.superstats.com #SpySweeperCASS 127.0.0.1 suissa-ad.flycast.com #SpySweeperCASS 127.0.0.1 sview.avenuea.com #SpySweeperCASS 127.0.0.1 techreview-images.adbureau.net #SpySweeperCASS 127.0.0.1 thinknyc.eu-adcenter.net #SpySweeperCASS 127.0.0.1 ti.click2net.com #SpySweeperCASS 127.0.0.1 tmsads.tribune.com #SpySweeperCASS 127.0.0.1 toads.osdn.com #SpySweeperCASS 127.0.0.1 tracker.clicktrade.com #SpySweeperCASS 127.0.0.1 tsms-ad.tsms.com #SpySweeperCASS 127.0.0.1 ugo.eu-adcenter.net #SpySweeperCASS 127.0.0.1 us.a1.yimg.com #SpySweeperCASS 127.0.0.1 usbytecom.orbitcycle.com #SpySweeperCASS 127.0.0.1 utils.mediageneral.com #SpySweeperCASS 127.0.0.1 v0.extreme-dm.com #SpySweeperCASS 127.0.0.1 v1.extreme-dm.com #SpySweeperCASS 127.0.0.1 van.ads.link4ads.com #SpySweeperCASS 127.0.0.1 view.accendo.com #SpySweeperCASS 127.0.0.1 view.atdmt.com #SpySweeperCASS 127.0.0.1 view.avenuea.com #SpySweeperCASS 127.0.0.1 vnu.eu-adcenter.net #SpySweeperCASS 127.0.0.1 vpdc.ru4.com #SpySweeperCASS 127.0.0.1 w113.hitbox.com #SpySweeperCASS 127.0.0.1 w25.hitbox.com #SpySweeperCASS 127.0.0.1 wap.adlink.de #SpySweeperCASS 127.0.0.1 web2.deja.com #SpySweeperCASS 127.0.0.1 webad.ajeeb.com #SpySweeperCASS 127.0.0.1 webads.bizservers.com #SpySweeperCASS 127.0.0.1 webaffiliate.covad.com #SpySweeperCASS 127.0.0.1 west.adlink.de #SpySweeperCASS 127.0.0.1 wwa.hitbox.com #SpySweeperCASS 127.0.0.1 wwb.hitbox.com #SpySweeperCASS 127.0.0.1 www.24pm-affiliation.com #SpySweeperCASS 127.0.0.1 www.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www.ad4ex.com #SpySweeperCASS 127.0.0.1 www.ad-flow.com #SpySweeperCASS 127.0.0.1 www.adireland.com #SpySweeperCASS 127.0.0.1 www.admex.com #SpySweeperCASS 127.0.0.1 www.ad-up.com #SpySweeperCASS 127.0.0.1 www.alladvantage.com #SpySweeperCASS 127.0.0.1 www.avsads.com #SpySweeperCASS 127.0.0.1 www.b3d.com #SpySweeperCASS 127.0.0.1 www.banner2u.com #SpySweeperCASS 127.0.0.1 www.bannercampaign.com #SpySweeperCASS 127.0.0.1 www.banneroverdrive.com #SpySweeperCASS 127.0.0.1 www.blissnet.net #SpySweeperCASS 127.0.0.1 www.bonzi.com #SpySweeperCASS 127.0.0.1 www.brilliantdigital.com #SpySweeperCASS 127.0.0.1 www.burstnet.com #SpySweeperCASS 127.0.0.1 www.cibleclick.com #SpySweeperCASS 127.0.0.1 www.click-fr.com #SpySweeperCASS 127.0.0.1 www.commission-junction.com #SpySweeperCASS 127.0.0.1 www.consumerinfo.com #SpySweeperCASS 127.0.0.1 www.crisscross.com #SpySweeperCASS 127.0.0.1 www.cyberbounty.com #SpySweeperCASS 127.0.0.1 www.datais.com #SpySweeperCASS 127.0.0.1 www.digitalbettingcasinos.com #SpySweeperCASS 127.0.0.1 www.dnps.com #SpySweeperCASS 127.0.0.1 www.doubleclick.net #SpySweeperCASS 127.0.0.1 www.eads.com #SpySweeperCASS 127.0.0.1 www.exchange-it.com #SpySweeperCASS 127.0.0.1 www.fineclicks.com #SpySweeperCASS 127.0.0.1 www.freestats.com #SpySweeperCASS 127.0.0.1 www.imaginemedia.com #SpySweeperCASS 127.0.0.1 www.kaplanindex.com #SpySweeperCASS 127.0.0.1 www.linksynergy.com #SpySweeperCASS 127.0.0.1 www.nailitonline2.com #SpySweeperCASS 127.0.0.1 www.netdirect.nl #SpySweeperCASS 127.0.0.1 www.netflip.com #SpySweeperCASS 127.0.0.1 www.netsponsors.com #SpySweeperCASS 127.0.0.1 www.netvertising.be #SpySweeperCASS 127.0.0.1 www.nrsite.com #SpySweeperCASS 127.0.0.1 www.oneandonlynetwork.com #SpySweeperCASS 127.0.0.1 www.onresponse.com #SpySweeperCASS 127.0.0.1 www.postmasterbannernet.com #SpySweeperCASS 127.0.0.1 www.qksrv.net #SpySweeperCASS 127.0.0.1 www.speedyclick.com #SpySweeperCASS 127.0.0.1 www.targetshop.com #SpySweeperCASS 127.0.0.1 www.teknosurf2.com #SpySweeperCASS 127.0.0.1 www.teknosurf3.com #SpySweeperCASS 127.0.0.1 www.valueclick.com #SpySweeperCASS 127.0.0.1 www.webads.nl #SpySweeperCASS 127.0.0.1 www.websitefinancing.com #SpySweeperCASS 127.0.0.1 www10.valueclick.com #SpySweeperCASS 127.0.0.1 www15.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www2.burstnet.com #SpySweeperCASS 127.0.0.1 www2.newtopsites.com #SpySweeperCASS 127.0.0.1 www23.valueclick.com #SpySweeperCASS 127.0.0.1 www3.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www3.bannerspace.com #SpySweeperCASS 127.0.0.1 www3.pagecount.com #SpySweeperCASS 127.0.0.1 www4.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www4.trix.net #SpySweeperCASS 127.0.0.1 www6.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www75.valueclick.com #SpySweeperCASS 127.0.0.1 www8.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www80.valueclick.com #SpySweeperCASS 127.0.0.1 y.ibsys.com #SpySweeperCASS 127.0.0.1 z.extreme-dm.com #SpySweeperCASS 127.0.0.1 z0.extreme-dm.com #SpySweeperCASS 127.0.0.1 z1.adserver.com #SpySweeperCASS 127.0.0.1 z1.extreme-dm.com #SpySweeperCASS 127.0.0.1 zi.r.tv.com #SpySweeperCASS 127.0.0.1 zrap.zdnet.com.com #SpySweeperCASS 127.0.0.1 as.casalemedia.com #SpySweeperCASS
  15. old file:-# Copyright © 1993-1999 Microsoft Corp. # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # For example: # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost 127.0.0.1 1.httpdads.com #SpySweeperCASS 127.0.0.1 207-87-18-203.wsmg.digex.net #SpySweeperCASS 127.0.0.1 a.mktw.net #SpySweeperCASS 127.0.0.1 a.tribalfusion.com #SpySweeperCASS 127.0.0.1 a207.p.f.qz3.net #SpySweeperCASS 127.0.0.1 a3.suntimes.com #SpySweeperCASS 127.0.0.1 actionsplash.com #SpySweeperCASS 127.0.0.1 ad.abcnews.com #SpySweeperCASS 127.0.0.1 ad.adsmart.net #SpySweeperCASS 127.0.0.1 ad.adtraq.com #SpySweeperCASS 127.0.0.1 ad.atlas.cz #SpySweeperCASS 127.0.0.1 ad.au.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.be.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.blm.net #SpySweeperCASS 127.0.0.1 ad.ca.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.ch.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.de.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.dogpile.com #SpySweeperCASS 127.0.0.1 ad.doubleclick.com #SpySweeperCASS 127.0.0.1 ad.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.fr.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.harmony-central.com #SpySweeperCASS 127.0.0.1 ad.horvitznewspapers.net #SpySweeperCASS 127.0.0.1 ad.howstuffworks.com #SpySweeperCASS 127.0.0.1 ad.img.yahoo.co.kr #SpySweeperCASS 127.0.0.1 ad.infoseek.com #SpySweeperCASS 127.0.0.1 ad.iwin.com #SpySweeperCASS 127.0.0.1 ad.jp.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.kimo.com.tw #SpySweeperCASS 127.0.0.1 ad.linkexchange.com #SpySweeperCASS 127.0.0.1 ad.linksynergy.com #SpySweeperCASS 127.0.0.1 ad.moscowtimes.ru #SpySweeperCASS 127.0.0.1 ad.net-service.de #SpySweeperCASS 127.0.0.1 ad.nl.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.no.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.openfind.com.tw #SpySweeperCASS 127.0.0.1 ad.preferances.com #SpySweeperCASS 127.0.0.1 ad.preferences.com #SpySweeperCASS 127.0.0.1 ad.sales.olympics.com #SpySweeperCASS 127.0.0.1 ad.se.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.sg.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.sma.punto.net #SpySweeperCASS 127.0.0.1 ad.tomshardware.com #SpySweeperCASS 127.0.0.1 ad.trafficmp.com #SpySweeperCASS 127.0.0.1 ad.uk.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.usatoday.com #SpySweeperCASS 127.0.0.1 ad.vol.at #SpySweeperCASS 127.0.0.1 ad.washingtonpost.com #SpySweeperCASS 127.0.0.1 ad.webprovider.com #SpySweeperCASS 127.0.0.1 ad01.mediacorpsingapore.com #SpySweeperCASS 127.0.0.1 ad08.focalink.com #SpySweeperCASS 127.0.0.1 ad1.aaddzz.com #SpySweeperCASS 127.0.0.1 ad1.peel.comwww.xbn.ru #SpySweeperCASS 127.0.0.1 ad10.doubleclick.net #SpySweeperCASS 127.0.0.1 ad11.doubleclick.net #SpySweeperCASS 127.0.0.1 ad12.doubleclick.net #SpySweeperCASS 127.0.0.1 ad13.doubleclick.net #SpySweeperCASS 127.0.0.1 ad14.doubleclick.net #SpySweeperCASS 127.0.0.1 ad15.doubleclick.net #SpySweeperCASS 127.0.0.1 ad16.doubleclick.net #SpySweeperCASS 127.0.0.1 ad17.doubleclick.net #SpySweeperCASS 127.0.0.1 ad18.doubleclick.net #SpySweeperCASS 127.0.0.1 ad19.doubleclick.net #SpySweeperCASS 127.0.0.1 ad2.adcept.net #SpySweeperCASS 127.0.0.1 ad2.doubleclick.net #SpySweeperCASS 127.0.0.1 ad2.peel.com #SpySweeperCASS 127.0.0.1 ad20.doubleclick.net #SpySweeperCASS 127.0.0.1 ad3.doubleclick.net #SpySweeperCASS 127.0.0.1 ad3.peel.com #SpySweeperCASS 127.0.0.1 ad4.doubleclick.net #SpySweeperCASS 127.0.0.1 ad5.doubleclick.net #SpySweeperCASS 127.0.0.1 ad6.doubleclick.net #SpySweeperCASS 127.0.0.1 ad7.doubleclick.net #SpySweeperCASS 127.0.0.1 ad7.internetadserver.com #SpySweeperCASS 127.0.0.1 ad8.doubleclick.net #SpySweeperCASS 127.0.0.1 ad9.doubleclick.net #SpySweeperCASS 127.0.0.1 ad-adex3.flycast.com #SpySweeperCASS 127.0.0.1 adbanner.sweepsclub.com #SpySweeperCASS 127.0.0.1 adbot.com #SpySweeperCASS 127.0.0.1 adbureau.net #SpySweeperCASS 127.0.0.1 adcodes.bla-bla.com #SpySweeperCASS 127.0.0.1 adcontent.gamespy.com #SpySweeperCASS 127.0.0.1 adcontroller.unicast.com #SpySweeperCASS 127.0.0.1 adcount.hollywood.com #SpySweeperCASS 127.0.0.1 adcreative.tribuneinteractive.com #SpySweeperCASS 127.0.0.1 adcreatives.imaginemedia.com #SpySweeperCASS 127.0.0.1 add.yaho.com #SpySweeperCASS 127.0.0.1 adengine.theglobe.com #SpySweeperCASS 127.0.0.1 adex3.flycast.com #SpySweeperCASS 127.0.0.1 adfarm.mediaplex.com #SpySweeperCASS 127.0.0.1 adforce.ads.imgis.com #SpySweeperCASS 127.0.0.1 adforce.adtech.de #SpySweeperCASS 127.0.0.1 adforce.imgis.com #SpySweeperCASS 127.0.0.1 adfu.blockstackers.com #SpySweeperCASS 127.0.0.1 adi.mainichi.co.jp #SpySweeperCASS 127.0.0.1 adimage.asia1.com.sg #SpySweeperCASS 127.0.0.1 adimage.asiaone.com.sg #SpySweeperCASS 127.0.0.1 adimage.bankrate.com #SpySweeperCASS 127.0.0.1 adimage.blm.net #SpySweeperCASS 127.0.0.1 adimages.earthweb.com #SpySweeperCASS 127.0.0.1 adimages.go.com #SpySweeperCASS 127.0.0.1 adimg.com.com #SpySweeperCASS 127.0.0.1 adimg.egroups.com #SpySweeperCASS 127.0.0.1 adimg1.chosun.com #SpySweeperCASS 127.0.0.1 adlink.deh.de #SpySweeperCASS 127.0.0.1 adlog.com.com #SpySweeperCASS 127.0.0.1 adlui001.adlink.de #SpySweeperCASS 127.0.0.1 admedia.xoom.com #SpySweeperCASS 127.0.0.1 adng.ascii24.com #SpySweeperCASS 127.0.0.1 adpick.switchboard.com #SpySweeperCASS 127.0.0.1 adpop.theglobe.com #SpySweeperCASS 127.0.0.1 adpulse.ads.targetnet.com #SpySweeperCASS 127.0.0.1 adremote.pathfinder.com #SpySweeperCASS 127.0.0.1 ads*.focalink.com #SpySweeperCASS 127.0.0.1 ads.1for1.com #SpySweeperCASS 127.0.0.1 ads.adflight.com #SpySweeperCASS 127.0.0.1 ads.ad-flow.com #SpySweeperCASS 127.0.0.1 ads.admaximize.com #SpySweeperCASS 127.0.0.1 ads.admonitor.net #SpySweeperCASS 127.0.0.1 ads.adtegrity.net #SpySweeperCASS 127.0.0.1 ads.advance.net #SpySweeperCASS 127.0.0.1 ads.adviva.net #SpySweeperCASS 127.0.0.1 ads.amazingmedia.com #SpySweeperCASS 127.0.0.1 ads.as4x.tmcs.net #SpySweeperCASS 127.0.0.1 ads.astalavista.us #SpySweeperCASS 127.0.0.1 ads.belointeractive.com #SpySweeperCASS 127.0.0.1 ads.bfast.com #SpySweeperCASS 127.0.0.1 ads.bianca.com #SpySweeperCASS 127.0.0.1 ads.bigcitytools.com #SpySweeperCASS 127.0.0.1 ads.bitsonthewire.com #SpySweeperCASS 127.0.0.1 ads.bloomberg.com #SpySweeperCASS 127.0.0.1 ads.cashsurfers.com #SpySweeperCASS 127.0.0.1 ads.cbc.ca #SpySweeperCASS 127.0.0.1 ads.centralohio.com #SpySweeperCASS 127.0.0.1 ads.clearbluemedia.com #SpySweeperCASS 127.0.0.1 ads.clearchannel.com #SpySweeperCASS 127.0.0.1 ads.clickagents.com #SpySweeperCASS 127.0.0.1 ads.clickhouse.com #SpySweeperCASS 127.0.0.1 ads.colo.kiva.net #SpySweeperCASS 127.0.0.1 ads.columbian.com #SpySweeperCASS 127.0.0.1 ads.courierpostonline.com #SpySweeperCASS 127.0.0.1 ads.criticalmass.com #SpySweeperCASS 127.0.0.1 ads.csi.emcweb.com #SpySweeperCASS 127.0.0.1 ads.currantbun.com #SpySweeperCASS 127.0.0.1 ads.dai.net #SpySweeperCASS 127.0.0.1 ads.democratandchronicle.com #SpySweeperCASS 127.0.0.1 ads.desmoinesregister.com #SpySweeperCASS 127.0.0.1 ads.detelefoongids.nl #SpySweeperCASS 127.0.0.1 ads.developershed.com #SpySweeperCASS 127.0.0.1 ads.devx.com #SpySweeperCASS 127.0.0.1 ads.digitalmedianet.com #SpySweeperCASS 127.0.0.1 ads.discovery.com #SpySweeperCASS 127.0.0.1 ads.doubleclick.com #SpySweeperCASS 127.0.0.1 ads.doubleclick.net #SpySweeperCASS 127.0.0.1 ads.ecircles.com #SpySweeperCASS 127.0.0.1 ads.enliven.com #SpySweeperCASS 127.0.0.1 ads.erotism.com #SpySweeperCASS 127.0.0.1 ads.eu.msn.com #SpySweeperCASS 127.0.0.1 ads.exhedra.com #SpySweeperCASS 127.0.0.1 ads.fairfax.com.au #SpySweeperCASS 127.0.0.1 ads.filez.com #SpySweeperCASS 127.0.0.1 ads.floridatoday.com #SpySweeperCASS 127.0.0.1 ads.fool.com #SpySweeperCASS 127.0.0.1 ads.forbes.com #SpySweeperCASS 127.0.0.1 ads.forbes.net #SpySweeperCASS 127.0.0.1 ads.fortunecity.com #SpySweeperCASS 127.0.0.1 ads.fredericksburg.com #SpySweeperCASS 127.0.0.1 ads.freshmeat.net #SpySweeperCASS 127.0.0.1 ads.gameanswers.com #SpySweeperCASS 127.0.0.1 ads.gamespy.com #SpySweeperCASS 127.0.0.1 ads.globeandmail.com #SpySweeperCASS 127.0.0.1 ads.god.co.uk #SpySweeperCASS 127.0.0.1 ads.granadamedia.com #SpySweeperCASS 127.0.0.1 ads.greensboro.com #SpySweeperCASS 127.0.0.1 ads.guardian.co.uk #SpySweeperCASS 127.0.0.1 ads.guardianunlimited.co.uk #SpySweeperCASS 127.0.0.1 ads.hitcents.com #SpySweeperCASS 127.0.0.1 ads.hollywood.com #SpySweeperCASS 127.0.0.1 ads.hyperbanner.net #SpySweeperCASS 127.0.0.1 ads.i33.com #SpySweeperCASS 127.0.0.1 ads.iafrica.com #SpySweeperCASS 127.0.0.1 ads.iambic.com #SpySweeperCASS 127.0.0.1 ads.icq.com #SpySweeperCASS 127.0.0.1 ads.ign.com #SpySweeperCASS 127.0.0.1 ads.imagine-inc.com #SpySweeperCASS 127.0.0.1 ads.imdb.com #SpySweeperCASS 127.0.0.1 ads.infi.net #SpySweeperCASS 127.0.0.1 ads.infospace.com #SpySweeperCASS 127.0.0.1 ads.iwon.com #SpySweeperCASS 127.0.0.1 ads.jacksonsun.com #SpySweeperCASS 127.0.0.1 ads.jpost.com #SpySweeperCASS 127.0.0.1 ads.jwtt3.com #SpySweeperCASS 127.0.0.1 ads.link4ads.com #SpySweeperCASS 127.0.0.1 ads.list-universe.com #SpySweeperCASS 127.0.0.1 ads.live365.com #SpySweeperCASS 127.0.0.1 ads.lycos.com #SpySweeperCASS 127.0.0.1 ads.madison.com #SpySweeperCASS 127.0.0.1 ads.mcafee.com #SpySweeperCASS 127.0.0.1 ads.mdchoice.com #SpySweeperCASS 127.0.0.1 ads.mediadevil.com #SpySweeperCASS 127.0.0.1 ads.mediaodyssey.com #SpySweeperCASS 127.0.0.1 ads.mediaturf.net #SpySweeperCASS 127.0.0.1 ads.mh5.com #SpySweeperCASS 127.0.0.1 ads.mirrormedia.co.uk #SpySweeperCASS 127.0.0.1 ads.msn.com #SpySweeperCASS 127.0.0.1 ads.msn-ppe.com #SpySweeperCASS 127.0.0.1 ads.musiccity.com #SpySweeperCASS 127.0.0.1 ads.mysimon.com #SpySweeperCASS 127.0.0.1 ads.nandomedia.com #SpySweeperCASS 127.0.0.1 ads.narrowline.com #SpySweeperCASS 127.0.0.1 ads.nerve.com #SpySweeperCASS 127.0.0.1 ads.netmechanic.com #SpySweeperCASS 127.0.0.1 ads.newcity.com #SpySweeperCASS 127.0.0.1 ads.newcitynet.com #SpySweeperCASS 127.0.0.1 ads.newsdigital.net #SpySweeperCASS 127.0.0.1 ads.newsint.co.uk #SpySweeperCASS 127.0.0.1 ads.newsquest.co.uk #SpySweeperCASS 127.0.0.1 ads.newtimes.com #SpySweeperCASS 127.0.0.1 ads.ninemsn.com.au #SpySweeperCASS 127.0.0.1 ads.northjersey.com #SpySweeperCASS 127.0.0.1 ads.nwsource.com #SpySweeperCASS 127.0.0.1 ads.nyi.net #SpySweeperCASS 127.0.0.1 ads.nypost.com #SpySweeperCASS 127.0.0.1 ads.nytimes.com #SpySweeperCASS 127.0.0.1 ads.ole.com #SpySweeperCASS 127.0.0.1 ads.paxnet.co.kr #SpySweeperCASS 127.0.0.1 ads.paxnet.com #SpySweeperCASS 127.0.0.1 ads.peel.com #SpySweeperCASS 127.0.0.1 ads.pennyweb.com #SpySweeperCASS 127.0.0.1 ads.premiumnetwork.com #SpySweeperCASS 127.0.0.1 ads.realcities.com #SpySweeperCASS 127.0.0.1 ads.realmedia.com #SpySweeperCASS 127.0.0.1 ads.rottentomatoes.com #SpySweeperCASS 127.0.0.1 ads.scifi.com #SpySweeperCASS 127.0.0.1 ads.seattletimes.com #SpySweeperCASS 127.0.0.1 ads.smartclicks.com #SpySweeperCASS 127.0.0.1 ads.smartclicks.net #SpySweeperCASS 127.0.0.1 ads.snowball.com #SpySweeperCASS 127.0.0.1 ads.specificpop.com #SpySweeperCASS 127.0.0.1 ads.sptimes.com #SpySweeperCASS 127.0.0.1 ads.starnews.com #SpySweeperCASS 127.0.0.1 ads.statesmanjournal.com #SpySweeperCASS 127.0.0.1 ads.stileproject.com #SpySweeperCASS 127.0.0.1 ads.switchboard.com #SpySweeperCASS 127.0.0.1 ads.telegraph.co.uk #SpySweeperCASS 127.0.0.1 ads.themes.org #SpySweeperCASS 127.0.0.1 ads.theolympian.com #SpySweeperCASS 127.0.0.1 ads.thestar.com #SpySweeperCASS 127.0.0.1 ads.tmcs.net #SpySweeperCASS 127.0.0.1 ads.tripod.com #SpySweeperCASS 127.0.0.1 ads.tucows.com #SpySweeperCASS 127.0.0.1 ads.ugo.com #SpySweeperCASS 127.0.0.1 ads.usatoday.com #SpySweeperCASS 127.0.0.1 ads.viaarena.com #SpySweeperCASS 127.0.0.1 ads.videoaxs.com #SpySweeperCASS 127.0.0.1 ads.vnuemedia.com #SpySweeperCASS 127.0.0.1 ads.washingtonpost.com #SpySweeperCASS 127.0.0.1 ads.web.aol.com #SpySweeperCASS 127.0.0.1 ads.web.de #SpySweeperCASS 127.0.0.1 ads.web21.com #SpySweeperCASS 127.0.0.1 ads.webcash.nl #SpySweeperCASS 127.0.0.1 ads.wnd.com #SpySweeperCASS 127.0.0.1 ads.x10.com #SpySweeperCASS 127.0.0.1 ads.xtra.co.nz #SpySweeperCASS 127.0.0.1 ads.zdnet.com #SpySweeperCASS 127.0.0.1 ads01.focalink.com #SpySweeperCASS 127.0.0.1 ads02.focalink.com #SpySweeperCASS 127.0.0.1 ads03.focalink.com #SpySweeperCASS 127.0.0.1 ads-03.tor.focusin.ads.targetnet.com #SpySweeperCASS 127.0.0.1 ads04.focalink.com #SpySweeperCASS 127.0.0.1 ads05.focalink.com #SpySweeperCASS 127.0.0.1 ads06.focalink.com #SpySweeperCASS 127.0.0.1 ads08.focalink.com #SpySweeperCASS 127.0.0.1 ads09.focalink.com #SpySweeperCASS 127.0.0.1 ads1.activeagent.at #SpySweeperCASS 127.0.0.1 ads1.ad-flow.com #SpySweeperCASS 127.0.0.1 ads1.advance.net #SpySweeperCASS 127.0.0.1 ads1.condenet.com #SpySweeperCASS 127.0.0.1 ads1.intelliads.com #SpySweeperCASS 127.0.0.1 ads1.sptimes.com #SpySweeperCASS 127.0.0.1 ads10.focalink.com #SpySweeperCASS 127.0.0.1 ads11.focalink.com #SpySweeperCASS 127.0.0.1 ads12.focalink.com #SpySweeperCASS 127.0.0.1 ads13.focalink.com #SpySweeperCASS 127.0.0.1 ads14.focalink.com #SpySweeperCASS 127.0.0.1 ads15.focalink.com #SpySweeperCASS 127.0.0.1 ads16.focalink.com #SpySweeperCASS 127.0.0.1 ads17.focalink.com #SpySweeperCASS 127.0.0.1 ads18.bpath.com #SpySweeperCASS 127.0.0.1 ads18.focalink.com #SpySweeperCASS 127.0.0.1 ads19.focalink.com #SpySweeperCASS 127.0.0.1 ads2.advance.net #SpySweeperCASS 127.0.0.1 ads2.clearchannel.com #SpySweeperCASS 127.0.0.1 ads2.condenet.com #SpySweeperCASS 127.0.0.1 ads2.zdnet.com #SpySweeperCASS 127.0.0.1 ads20.focalink.com #SpySweeperCASS 127.0.0.1 ads21.focalink.com #SpySweeperCASS 127.0.0.1 ads22.focalink.com #SpySweeperCASS 127.0.0.1 ads23.focalink.com #SpySweeperCASS 127.0.0.1 ads24.focalink.com #SpySweeperCASS 127.0.0.1 ads25.focalink.com #SpySweeperCASS 127.0.0.1 ads3.advance.net #SpySweeperCASS 127.0.0.1 ads3.zdnet.com #SpySweeperCASS 127.0.0.1 ads4.advance.net #SpySweeperCASS 127.0.0.1 ads4.clearchannel.com #SpySweeperCASS 127.0.0.1 ads4.condenet.com #SpySweeperCASS 127.0.0.1 ads5.advance.net #SpySweeperCASS 127.0.0.1 ads5.canoe.ca #SpySweeperCASS 127.0.0.1 ads5.gamecity.net #SpySweeperCASS 127.0.0.1 ads7.advance.net #SpySweeperCASS 127.0.0.1 ads7.udc.advance.net #SpySweeperCASS 127.0.0.1 ads-b.focalink.com #SpySweeperCASS 127.0.0.1 adserv.iafrica.com #SpySweeperCASS 127.0.0.1 adserv.internetfuel.com #SpySweeperCASS 127.0.0.1 adserv.newcentury.net #SpySweeperCASS 127.0.0.1 adserv.quality-channel.de #SpySweeperCASS 127.0.0.1 adservant.guj.de #SpySweeperCASS 127.0.0.1 adservant.mediapoint.de #SpySweeperCASS 127.0.0.1 adserver.ads360.com #SpySweeperCASS 127.0.0.1 adserver.anm.co.uk #SpySweeperCASS 127.0.0.1 adserver.bizland-inc.net #SpySweeperCASS 127.0.0.1 adserver.colleges.com #SpySweeperCASS 127.0.0.1 adserver.dbusiness.com #SpySweeperCASS 127.0.0.1 adserver.digitalpartners.com #SpySweeperCASS 127.0.0.1 adserver.garden.com #SpySweeperCASS 127.0.0.1 adserver.hispavista.com #SpySweeperCASS 127.0.0.1 adserver.ign.com #SpySweeperCASS 127.0.0.1 adserver.janes.com #SpySweeperCASS 127.0.0.1 adserver.matchcraft.com #SpySweeperCASS 127.0.0.1 adserver.merc.com #SpySweeperCASS 127.0.0.1 adserver.monster.com #SpySweeperCASS 127.0.0.1 adserver.netcast.nl #SpySweeperCASS 127.0.0.1 adserver.news.com.au #SpySweeperCASS 127.0.0.1 adserver.nydailynews.com #SpySweeperCASS 127.0.0.1 adserver.phillyburbs.com #SpySweeperCASS 127.0.0.1 adserver.pollstar.com #SpySweeperCASS 127.0.0.1 adserver.securityfocus.com #SpySweeperCASS 127.0.0.1 adserver.snowball.com #SpySweeperCASS 127.0.0.1 adserver.track-star.com #SpySweeperCASS 127.0.0.1 adserver.trb.com #SpySweeperCASS 127.0.0.1 adserver.tribuneinteractive.com #SpySweeperCASS 127.0.0.1 adserver.ugo.com #SpySweeperCASS 127.0.0.1 adserver.ukplus.co.uk #SpySweeperCASS 127.0.0.1 adserver.webads.com #SpySweeperCASS 127.0.0.1 adserver.webads.nl #SpySweeperCASS 127.0.0.1 adserver1.ogilvy-interactive.de #SpySweeperCASS 127.0.0.1 adserver1.realtracker.com #SpySweeperCASS 127.0.0.1 adserver2.realtracker.com #SpySweeperCASS 127.0.0.1 adserver3.realtracker.com #SpySweeperCASS 127.0.0.1 adserver-espnet.sportszone.com #SpySweeperCASS 127.0.0.1 adsrv.bankrate.com #SpySweeperCASS 127.0.0.1 adsrv.iol.co.za #SpySweeperCASS 127.0.0.1 adsrv2.gainesvillesun.com #SpySweeperCASS 127.0.0.1 adtegrity.spinbox.net #SpySweeperCASS 127.0.0.1 adtegrity.thruport.com #SpySweeperCASS 127.0.0.1 adthru.com #SpySweeperCASS 127.0.0.1 ad-up.com #SpySweeperCASS 127.0.0.1 adverity.adverity.com #SpySweeperCASS 127.0.0.1 advert.bayarea.com #SpySweeperCASS 127.0.0.1 advert.heise.de #SpySweeperCASS 127.0.0.1 affiliate.doteasy.com #SpySweeperCASS 127.0.0.1 akaads-abc.starwave.com #SpySweeperCASS 127.0.0.1 altfarm.mediaplex.com #SpySweeperCASS 127.0.0.1 amch.questionmarket.com #SpySweeperCASS 127.0.0.1 amedia.techies.com #SpySweeperCASS 127.0.0.1 antfarm-ad.flycast.com #SpySweeperCASS 127.0.0.1 ar.atwola.com #SpySweeperCASS 127.0.0.1 arc1.msn.com #SpySweeperCASS 127.0.0.1 arc2.msn.com #SpySweeperCASS 127.0.0.1 arc3.msn.com #SpySweeperCASS 127.0.0.1 arc4.msn.com #SpySweeperCASS 127.0.0.1 arc5.msn.com #SpySweeperCASS 127.0.0.1 askmen.thruport.com #SpySweeperCASS 127.0.0.1 au.ads.link4ads.com #SpySweeperCASS 127.0.0.1 banner.adlink.de #SpySweeperCASS 127.0.0.1 banner.coza.com #SpySweeperCASS 127.0.0.1 banner.easyspace.com #SpySweeperCASS 127.0.0.1 banner.linkexchange.com #SpySweeperCASS 127.0.0.1 banner.media-system.de #SpySweeperCASS 127.0.0.1 banner.northsky.com #SpySweeperCASS 127.0.0.1 banner.orb.net #SpySweeperCASS 127.0.0.1 banner.relcom.ru #SpySweeperCASS 127.0.0.1 banner.rootsweb.com #SpySweeperCASS 127.0.0.1 banner1.adlink.de #SpySweeperCASS 127.0.0.1 bannerads.anytimenews.com #SpySweeperCASS 127.0.0.1 banners.adultfriendfinder.com #SpySweeperCASS 127.0.0.1 banners.affiliatefuel.com #SpySweeperCASS 127.0.0.1 banners.babylon-x.com #SpySweeperCASS 127.0.0.1 banners.chek.com #SpySweeperCASS 127.0.0.1 banners.easydns.com #SpySweeperCASS 127.0.0.1 banners.friendfinder.com #SpySweeperCASS 127.0.0.1 banners.internetextra.com #SpySweeperCASS 127.0.0.1 banners.looksmart.com #SpySweeperCASS 127.0.0.1 banners.moviegoods.com #SpySweeperCASS 127.0.0.1 banners.nextcard.com #SpySweeperCASS 127.0.0.1 banners.revenuelink.com #SpySweeperCASS 127.0.0.1 banners.valuead.com #SpySweeperCASS 127.0.0.1 banners.wunderground.com #SpySweeperCASS 127.0.0.1 bannerswap.com #SpySweeperCASS 127.0.0.1 barnesandnoble.bfast.com #SpySweeperCASS 127.0.0.1 beseenad.looksmart.com #SpySweeperCASS 127.0.0.1 bidclix.net #SpySweeperCASS 127.0.0.1 bizad.nikkeibp.co.jp #SpySweeperCASS 127.0.0.1 bn.bfast.com #SpySweeperCASS 127.0.0.1 c1.zedo.com #SpySweeperCASS 127.0.0.1 c3.xxxcounter.com #SpySweeperCASS 127.0.0.1 ca.fp.sandpiper.net #SpySweeperCASS 127.0.0.1 califia.imaginemedia.com #SpySweeperCASS 127.0.0.1 campaigns.f2.com.au #SpySweeperCASS 127.0.0.1 cb.icq.com #SpySweeperCASS 127.0.0.1 cds.mediaplex.com #SpySweeperCASS 127.0.0.1 cf.icq.com #SpySweeperCASS 127.0.0.1 cgi.declicnet.com #SpySweeperCASS 127.0.0.1 classic.adlink.de #SpySweeperCASS 127.0.0.1 click.adlink.de #SpySweeperCASS 127.0.0.1 click.avenuea.com #SpySweeperCASS 127.0.0.1 click.go2net.com #SpySweeperCASS 127.0.0.1 click.linksynergy.com #SpySweeperCASS 127.0.0.1 click.mp3.com #SpySweeperCASS 127.0.0.1 clickit.go2net.com #SpySweeperCASS 127.0.0.1 clickserve.cc-dt.com #SpySweeperCASS 127.0.0.1 commonwealth.riddler.com #SpySweeperCASS 127.0.0.1 comtrack.comclick.com #SpySweeperCASS 127.0.0.1 connect.247media.ads.link4ads.com #SpySweeperCASS 127.0.0.1 cookies.cmpnet.com #SpySweeperCASS 127.0.0.1 coreg.flashtrack.net #SpySweeperCASS 127.0.0.1 cornflakes.pathfinder.com #SpySweeperCASS 127.0.0.1 counter.hitbox.com #SpySweeperCASS 127.0.0.1 creative.whi.co.nz #SpySweeperCASS 127.0.0.1 crux.songline.com #SpySweeperCASS 127.0.0.1 delivery1.ads.telegraaf.nl #SpySweeperCASS 127.0.0.1 desktop.kazaa.com #SpySweeperCASS 127.0.0.1 di.image.eshop.msn.com #SpySweeperCASS 127.0.0.1 dino.mainz.ibm.de #SpySweeperCASS 127.0.0.1 direct.adlink.de #SpySweeperCASS 127.0.0.1 doubleclick.net #SpySweeperCASS 127.0.0.1 ds.eyeblaster.com #SpySweeperCASS 127.0.0.1 ehg-bestbuy.hitbox.com #SpySweeperCASS 127.0.0.1 ehg-dig.hitbox.com #SpySweeperCASS 127.0.0.1 ehg-espn.hitbox.com #SpySweeperCASS 127.0.0.1 ehg-intel.hitbox.com #SpySweeperCASS 127.0.0.1 ehg-macromedia.hitbox.com #SpySweeperCASS 127.0.0.1 engage.speedera.net #SpySweeperCASS 127.0.0.1 erie.smartage.com #SpySweeperCASS 127.0.0.1 etad.telegraph.co.uk #SpySweeperCASS 127.0.0.1 eur.yimg.com #SpySweeperCASS 127.0.0.1 fl01.ct2.comclick.com #SpySweeperCASS 127.0.0.1 focusin.ads.targetnet.com #SpySweeperCASS 127.0.0.1 fp.valueclick.com #SpySweeperCASS 127.0.0.1 ftp.nacorp.com #SpySweeperCASS 127.0.0.1 gadgeteer.pdamart.com #SpySweeperCASS 127.0.0.1 ganges.imagine-inc.com #SpySweeperCASS 127.0.0.1 garden.ngadcenter.net #SpySweeperCASS 127.0.0.1 geoads.osdn.com #SpySweeperCASS 127.0.0.1 global.msads.net #SpySweeperCASS 127.0.0.1 globaltrack.com #SpySweeperCASS 127.0.0.1 globaltrak.net #SpySweeperCASS 127.0.0.1 gm.preferences.com #SpySweeperCASS 127.0.0.1 gp.dejanews.com #SpySweeperCASS 127.0.0.1 hg1.hitbox.com #SpySweeperCASS 127.0.0.1 holland.hyperbanner.net #SpySweeperCASS 127.0.0.1 hurricane.adlink.de #SpySweeperCASS 127.0.0.1 i.timeinc.net #SpySweeperCASS 127.0.0.1 icover.realmedia.com #SpySweeperCASS 127.0.0.1 ieee-images.adbureau.net #SpySweeperCASS 127.0.0.1 im.800.com #SpySweeperCASS 127.0.0.1 image.click2net.com #SpySweeperCASS 127.0.0.1 image.eimg.com #SpySweeperCASS 127.0.0.1 image.imgfarm.com #SpySweeperCASS 127.0.0.1 images.ads.fairfax.com.au #SpySweeperCASS 127.0.0.1 images.bizrate.com #SpySweeperCASS 127.0.0.1 images.cybereps.com #SpySweeperCASS 127.0.0.1 images.fastclick.net #SpySweeperCASS 127.0.0.1 images.newsx.cc #SpySweeperCASS 127.0.0.1 images.scripps.com #SpySweeperCASS 127.0.0.1 images.trafficmp.com #SpySweeperCASS 127.0.0.1 images.webads.nl #SpySweeperCASS 127.0.0.1 images2.nytimes.com #SpySweeperCASS 127.0.0.1 imageserv.adtech.de #SpySweeperCASS 127.0.0.1 img.cmpnet.com #SpySweeperCASS 127.0.0.1 information.gopher.com #SpySweeperCASS 127.0.0.1 iv.doubleclick.net #SpySweeperCASS 127.0.0.1 java.yahoo.com #SpySweeperCASS 127.0.0.1 jobkeys.ngadcenter.net #SpySweeperCASS 127.0.0.1 js1.hitbox.com #SpySweeperCASS 127.0.0.1 k5ads.osdn.com #SpySweeperCASS 127.0.0.1 kansas.valueclick.com #SpySweeperCASS 127.0.0.1 kaplanindex.com #SpySweeperCASS 127.0.0.1 kr-adimage.lycos.co.kr #SpySweeperCASS 127.0.0.1 krd.realcities.com #SpySweeperCASS 127.0.0.1 leader.linkexchange.com #SpySweeperCASS 127.0.0.1 liquidad.narrowcastmedia.com #SpySweeperCASS 127.0.0.1 ln.doubleclick.net #SpySweeperCASS 127.0.0.1 m.doubleclick.net #SpySweeperCASS 127.0.0.1 m.tribalfusion.com #SpySweeperCASS 127.0.0.1 m2.doubleclick.net #SpySweeperCASS 127.0.0.1 macaddictads.snv.futurenet.com #SpySweeperCASS 127.0.0.1 marketing.nyi.net #SpySweeperCASS 127.0.0.1 maximumpcads.imaginemedia.com #SpySweeperCASS 127.0.0.1 mds.centrport.net #SpySweeperCASS 127.0.0.1 media.fastclick.net #SpySweeperCASS 127.0.0.1 media.popuptraffic.com #SpySweeperCASS 127.0.0.1 media.preferences.com #SpySweeperCASS 127.0.0.1 media13.fastclick.net #SpySweeperCASS 127.0.0.1 media15.fastclick.net #SpySweeperCASS 127.0.0.1 media17.fastclick.net #SpySweeperCASS 127.0.0.1 media19.fastclick.net #SpySweeperCASS 127.0.0.1 mediamgr.ugo.com #SpySweeperCASS 127.0.0.1 mercury.rmuk.co.uk #SpySweeperCASS 127.0.0.1 mjxads.internet.com #SpySweeperCASS 127.0.0.1 mojofarm.mediaplex.com #SpySweeperCASS 127.0.0.1 mojofarm.sjc.mediaplex.com #SpySweeperCASS 127.0.0.1 mt37.mtree.com #SpySweeperCASS 127.0.0.1 nbc.adbureau.net #SpySweeperCASS 127.0.0.1 neighborhood.standard.net #SpySweeperCASS 127.0.0.1 netcomm.spinbox.net #SpySweeperCASS 127.0.0.1 netshelter.adtrix.com #SpySweeperCASS 127.0.0.1 newads.cmpnet.com #SpySweeperCASS 127.0.0.1 ng3.ads.warnerbros.com #SpySweeperCASS 127.0.0.1 ngads.smartage.com #SpySweeperCASS 127.0.0.1 nrsite.com #SpySweeperCASS 127.0.0.1 nsads.hotwired.com #SpySweeperCASS 127.0.0.1 ntbanner.digitalriver.com #SpySweeperCASS 127.0.0.1 oas.dispatch.com #SpySweeperCASS 127.0.0.1 oas.lee.net #SpySweeperCASS 127.0.0.1 oas.mmd.ch #SpySweeperCASS 127.0.0.1 oas.uniontrib.com #SpySweeperCASS 127.0.0.1 oas.villagevoice.com #SpySweeperCASS 127.0.0.1 oasads.whitepages.com #SpySweeperCASS 127.0.0.1 ogilvy.ngadcenter.net #SpySweeperCASS 127.0.0.1 oz.valueclick.com #SpySweeperCASS 127.0.0.1 ph-ad05.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad06.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad07.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad16.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad17.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad18.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad19.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad21.focalink.com #SpySweeperCASS 127.0.0.1 phoenix-adrunner.mycomputer.com #SpySweeperCASS 127.0.0.1 phpads2.cnpapers.com #SpySweeperCASS 127.0.0.1 pluto1.iserver.net #SpySweeperCASS 127.0.0.1 primetime.ad.asap-asp.net #SpySweeperCASS 127.0.0.1 pub-g.ifrance.com #SpySweeperCASS 127.0.0.1 pubs.mgn.net #SpySweeperCASS 127.0.0.1 q.pni.com #SpySweeperCASS 127.0.0.1 rad.msn.com #SpySweeperCASS 127.0.0.1 rd1.hitbox.com #SpySweeperCASS 127.0.0.1 realads.realmedia.com #SpySweeperCASS 127.0.0.1 realmedia-a800.d4p.net #SpySweeperCASS 127.0.0.1 redherring.ngadcenter.net #SpySweeperCASS 127.0.0.1 redirect.click2net.com #SpySweeperCASS 127.0.0.1 regio.adlink.de #SpySweeperCASS 127.0.0.1 reply.mediatris.net #SpySweeperCASS 127.0.0.1 responsemedia-ad.flycast.com #SpySweeperCASS
  16. Yes that was the scan. OK. Thats done. Now what?? new file:-# Copyright © 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # 127.0.0.1 localhost
  17. just saw your reply am getting hoster now... P.S. your no fun!!! Think of what you could do with my pc by remote....
  18. Was just about to do a new scan with the prog we placed in c:\bases, But recieved a popup from windows antispyware saying:- AN INTERNET SECURITY ZONE CHANGE REQUIRES YOUR APPROVAL. Microsoft Antispyware has detected a change to your Internet security Zone "Internet".This zone contains all web sites you haven't placed in other zones. Warning:This change sets your zone below the minimum security level. Security settings should not be changed without.....sorry didn't get the rest but blocked it and said reset it in the next popup that appeared. Stopped messing with more scans now until I hear from you..ooops..
  19. ok. did that 3 times till showed nothing then rebooted pc. On start up ms antispyware said it allowed new host. as.casalemedia.com pointing to ip address edia.com 127.0.0.1 to be added to host file. didn't like that so ran it again 3 times till showed nothing again. then rebooted and did ewido scan, results below,and trend micro on line scan which acted funny,started scan and said was complete after 2 mins but didn't show results. I did nothing then it seemed to start scan again this time took 8 mins and said my pc was clean in results. but if you moved the pointer over top of browser there was a hourglass by the side of pointer.(firefox browser). Pc seems to work fine but I'm still not sure its clean because of tm.scan..What do you think?? pointer doesn't scroll across the screen often enough to say if thats fixed. what causes it to do that anyway?..while writing this noticed there was a line stuck where pointer was, even tho I moved pointer, until I scrolled the page up and back down. Don't know if that means anything. Think I AM GETTING PARANOID NOW!!!!! HELP have we cleaned it or not??? bet if I run that regseeker again it would find more to fix... :crash: :crash: :crash: Edit:-oops can't find ewido scan log. sorry. but it found 14 spyware cookies. you sure you won't use remote to check this pc??? Edit:-found it!! -------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 21:43:46, 27/12/2005 + Report-Checksum: 23BB4B5 + Scan result: :mozilla.9:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.20:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.21:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.22:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.23:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.24:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.30:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.31:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.33:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup :mozilla.37:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.38:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup :mozilla.41:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.42:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.7:C:\Documents and Settings\GA\Application Data\Mozilla\Firefox\Profiles\m3314217.default\cookiesnew.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup ::Report End
  20. Sorry jacee couldn't find them in the log to copy and paste so here is the options it scanned under and also what was in the virus log information that showed up in the scanner engine that I had to manually copy. Think its what we want anyway.... Sun Dec 25 21:16:13 2005 => Options Selected by User: Sun Dec 25 21:16:13 2005 => Memory Check: Enabled Sun Dec 25 21:16:13 2005 => Registry Check: Enabled Sun Dec 25 21:16:13 2005 => StartUp Folder Check: Enabled Sun Dec 25 21:16:13 2005 => System Folder Check: Enabled Sun Dec 25 21:16:13 2005 => System Area Check: Disabled Sun Dec 25 21:16:13 2005 => Services Check: Enabled Sun Dec 25 21:16:13 2005 => Drive Check: Disabled Sun Dec 25 21:16:13 2005 => All Drive Check :Enabled Sun Dec 25 21:16:13 2005 => Folder Check: Disable Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\Program Files\CA\SharedComponents\ScanEngine\arclib.dll".Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "blank".Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\faxctr.exe" refers to invalid object "blank".Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "blank".Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\zoom.Exe" refers to invalid object "blank".Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cfg".Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xyz".Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{99747F0D-D4F8-4877-9CA0-4AE96D963633}".Action Taken: No Action Taken. Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "D:\PROGRAM\32\mci32.ocx".Action Taken: No Action Taken. (Jacee not sure if CLSID or CLSlD) Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "D:\PROGRAM\32\mci32.ocx".Action Taken: No Action Taken. (Jacee not sure if CLSID or CLSlD) Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx".Action Taken: No Action Taken. (Jacee not sure if CLSID or CLSlD) Entry "HKCR\TypeLib\{A4CA8810-6E46-36FF-A048-B7FD5647A2F8}" refers to invalid object "Path".Action Taken: No Action Taken. Entry "HKCR\TypeLib\{C1A8AF28-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx".Action Taken: No Action Taken. Entry "HKCR\TypeLib\{CF34D2A7-C8C6-4B4E-8752-F63C2BDF1CF0}" refers to invalid object "blank".Action Taken: No Action Taken. Entry "HKCR\bwpfile\shell\open\command" refers to invalid object "C:\Program Files\F-Secure Internet Security\backweb\4476822\6.3.2.123-4476822L\Program\PrvCnt.exe"%1"".Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}".Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}".Action Taken: No Action Taken. Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "blank"Action Taken: No Action Taken. Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "blank"Action Taken: No Action Taken. Entry "HKCR\ppifile\shell\open\command" refers to invalid object "blank"Action Taken: No Action Taken. Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}"Action Taken: No Action Taken. Entry "HKCR\ZAMailSafe\shell\open\command" refers to invalid object "blank"Action Taken: No Action Taken. Well thats all of it.Don't think there's any typing errors. Hope you've had a nice day, AND this is what your looking for.. Terry.
  21. I can't make a folder called c:\bases. says a file name cannot contain : or \ ... Do I just call it bases??
  22. here's the new hjt log. Logfile of HijackThis v1.99.1 Scan saved at 00:18:45, on 25/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Documents and Settings\GA\Desktop\folding\FAH504-Console.exe C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE C:\WINDOWS\System32\snmp.exe C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Documents and Settings\GA\Desktop\folding\FahCore_78.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\DSLMON.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\GA\Desktop\hjt\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [PCEyeLic] C:\Program Files\PCEye2000\pceye2000.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: DSLMON.lnk = C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\DSLMON.exe O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134952283562 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134955094437 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: FAH@C:+Documents and Settings+GA+Desktop+folding+FAH504-Console.exe - Stanford University - C:\Documents and Settings\GA\Desktop\folding\FAH504-Console.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe p.s. glad its making someone else nuts too and I'm not paranoid and that there is something definetly on my pc altering things. Just to cheer you up do you want me to start a new thread for my other pc too?? Think I'll call it JUST for the woman in red...lol...:-)
  23. not good news I'm afraid. it showed no infections and wouldn't let me view results log said this is only available to subscribers. when I looked to see what sheilds were active there was a red cross against 3. IE tracking cookies sheild, Common Ad sites shield, and spy communications shield. pceye2000 was a prog. that came already installed on this pc. will post a new hjt log in a minute anyway. MERRY CHRISTMAS..already christmas day here..
  24. just curious jacee but have you figured out what's infected my pc?? Going to start it folding again. Have a nice Christmas. terry.
  25. -------------------------------------------------- Enumerating Windows NT/2000/XP services abp480n5: system32\DRIVERS\ABP480N5.SYS (system) Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system) General Purpose USB Driver (adildr.sys): System32\Drivers\adildr.sys (autostart) USB ADSL WAN Adapter: system32\DRIVERS\adiusbaw.sys (manual start) adpu160m: system32\DRIVERS\adpu160m.sys (system) Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start) AFD: \SystemRoot\System32\drivers\afd.sys (system) Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system) Compaq AGP Bus Filter: system32\DRIVERS\agpCPQ.sys (system) Aha154x: system32\DRIVERS\aha154x.sys (system) aic78u2: system32\DRIVERS\aic78u2.sys (system) aic78xx: system32\DRIVERS\aic78xx.sys (system) Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start) Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start) AliIde: system32\DRIVERS\aliide.sys (system) ALI AGP Bus Filter: system32\DRIVERS\alim1541.sys (system) AMD AGP Bus Filter Driver: system32\DRIVERS\amdagp.sys (system) amsint: system32\DRIVERS\amsint.sys (system) Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) asc: system32\DRIVERS\asc.sys (system) asc3350p: system32\DRIVERS\asc3350p.sys (system) asc3550: system32\DRIVERS\asc3550.sys (system) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start) RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start) Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system) Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (disabled) ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (disabled) ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start) ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start) F-Secure 2006: C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE (autostart) Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) cbidf: system32\DRIVERS\cbidf2k.sys (system) cd20xrnt: system32\DRIVERS\cd20xrnt.sys (system) CD-ROM Driver: system32\DRIVERS\cdrom.sys (system) Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start) ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled) .NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start) CmdIde: system32\DRIVERS\cmdide.sys (system) COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Cpqarray: system32\DRIVERS\cpqarray.sys (system) Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) dac2w2k: system32\DRIVERS\dac2w2k.sys (system) dac960nt: system32\DRIVERS\dac960nt.sys (system) DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Disk Driver: system32\DRIVERS\disk.sys (system) Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start) DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) dpti2o: system32\DRIVERS\dpti2o.sys (system) Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start) 3Com EtherLink XL 90XB/C Adapter Driver: system32\DRIVERS\el90xbc5.sys (manual start) Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Event Log: %SystemRoot%\system32\services.exe (autostart) COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start) ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart) ewido security suite driver: \??\C:\Program Files\ewido anti-malware\guard.sys (system) ewido security suite guard: C:\Program Files\ewido anti-malware\ewidoguard.exe (autostart) F-Secure File System Filter: \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys (autostart) F-Secure Gatekeeper: \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys (autostart) FSGKHS: "C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe" (autostart) F-Secure File System Recognizer: \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys (autostart) Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start) Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) fsbwsys: "C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe" (autostart) F-Secure Anti-Virus Firewall Daemon: "C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe" (manual start) F-Secure Firewall Driver: System32\drivers\fsdfw.sys (system) FSMA: "C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE" (autostart) Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system) Game Port Enumerator: system32\DRIVERS\gameenum.sys (manual start) GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start) Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start) Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start) hpn: system32\DRIVERS\hpn.sys (system) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) i2omp: system32\DRIVERS\i2omp.sys (system) i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system) CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system) IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start) ini910u: system32\DRIVERS\ini910u.sys (system) IntelIde: system32\DRIVERS\intelide.sys (system) IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start) IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start) IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start) IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start) iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start) IPSEC driver: system32\DRIVERS\ipsec.sys (system) IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start) PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system) Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system) Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start) Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (disabled) TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) lxby_device: C:\WINDOWS\system32\lxbycoms.exe -service (disabled) Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start) Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start) Mouse Class Driver: system32\DRIVERS\mouclass.sys (system) mraid35x: system32\DRIVERS\mraid35x.sys (system) WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start) MRXSMB: system32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start) Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start) Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start) Mtlmnt5: system32\DRIVERS\Mtlmnt5.sys (manual start) Mtlstrm: system32\DRIVERS\Mtlstrm.sys (manual start) Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start) NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start) Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start) NetBIOS Interface: system32\DRIVERS\netbios.sys (system) NetBios over Tcpip: system32\DRIVERS\netbt.sys (system) Network DDE: %SystemRoot%\system32\netdde.exe (disabled) Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled) Net Logon: %SystemRoot%\system32\lsass.exe (manual start) Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start) Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) nv: system32\DRIVERS\nv4_mini.sys (manual start) IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start) IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start) Parallel port driver: system32\DRIVERS\parport.sys (manual start) PCI Bus Driver: system32\DRIVERS\pci.sys (system) PCIIde: system32\DRIVERS\pciide.sys (system) perc2: system32\DRIVERS\perc2.sys (system) perc2hib: system32\DRIVERS\perc2hib.sys (system) Plug and Play: %SystemRoot%\system32\services.exe (autostart) IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart) WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start) Processor Driver: system32\DRIVERS\processr.sys (system) Protected Storage: %SystemRoot%\system32\lsass.exe (autostart) QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start) Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start) ql1080: system32\DRIVERS\ql1080.sys (system) Ql10wnt: system32\DRIVERS\ql10wnt.sys (system) ql12160: system32\DRIVERS\ql12160.sys (system) ql1240: system32\DRIVERS\ql1240.sys (system) ql1280: system32\DRIVERS\ql1280.sys (system) Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system) Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start) Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start) Direct Parallel: system32\DRIVERS\raspti.sys (manual start) Rdbss: system32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start) Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start) RecAgent: system32\DRIVERS\RecAgent.sys (system) Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system) Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver: system32\DRIVERS\Rtlnic51.sys (manual start) Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver: system32\DRIVERS\RTL8139.SYS (manual start) Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart) Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start) Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: system32\DRIVERS\secdrv.sys (manual start) Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start) Serial port driver: system32\DRIVERS\serial.sys (system) Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) ATI-437A Serial ATA Controller: system32\DRIVERS\SI3112r.sys (system) SATALink driver accelerator: system32\DRIVERS\SiWinAcc.sys (system) SIS AGP Bus Filter: system32\DRIVERS\sisagp.sys (system) SmartLink AMR_PCI Driver: system32\DRIVERS\slntamr.sys (manual start) SlNtHal: system32\DRIVERS\Slnthal.sys (manual start) SmartLinkService: slserv.exe (disabled) SlWdmSup: system32\DRIVERS\SlWdmSup.sys (manual start) SNMP Service: %SystemRoot%\System32\snmp.exe (autostart) SNMP Trap Service: %SystemRoot%\System32\snmptrap.exe (manual start) Sparrow: system32\DRIVERS\sparrow.sys (system) Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start) Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart) System Restore Filter Driver: system32\DRIVERS\sr.sys (system) System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Srv: system32\DRIVERS\srv.sys (manual start) SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) Software Bus Driver: system32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{FC78F291-6BA7-4551-B2E7-9DA8ED16E133} (manual start) symc810: system32\DRIVERS\symc810.sys (system) symc8xx: system32\DRIVERS\symc8xx.sys (system) sym_hi: system32\DRIVERS\sym_hi.sys (system) sym_u3: system32\DRIVERS\sym_u3.sys (system) Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start) Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start) Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system) Terminal Device Driver: system32\DRIVERS\termdd.sys (system) Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TosIde: system32\DRIVERS\toside.sys (system) Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) ultra: system32\DRIVERS\ultra.sys (system) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart) Microcode Update Driver: system32\DRIVERS\update.sys (manual start) Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start) Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start) Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start) Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start) Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start) USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start) USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start) Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start) VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system) VIA AGP Bus Filter: system32\DRIVERS\viaagp.sys (system) ViaIde: system32\DRIVERS\viaide.sys (system) vsdatant: System32\vsdatant.sys (manual start) Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start) Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start) Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Windows Media Connect Service: C:\Program Files\Windows Media Connect 2\wmccds.exe (manual start) Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start) Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled) Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 37,916 bytes Report generated in 0.094 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
×
×
  • Create New...