Hi Excal,
Here are the four reports:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 7:46:01 PM, 08/11/2005
+ Report-Checksum: E5FD8F00
+ Scan result:
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rtut.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Common Files\system32.dll/Catcher.dll -> Spyware.Maxifiles : Error during cleaning
C:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Error during cleaning
C:\Program Files\DNS\Catcher.dll -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\DNS\gui.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Program Files\E2G\IeBHOs.dll -> Spyware.E2Give : Cleaned with backup
C:\Program Files\eZula -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.dst -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.kwd -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.pu -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.rst -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\CHCON.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\eabh.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\GenLy.ez -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\genun.ez -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\arrow1.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\arrow2.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\button_small.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\corner_expand.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Corner_LL.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Corner_LR.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Corner_UL.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Corner_UL_2.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Corner_UL_NoFollow.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Corner_UR.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Corner_UR_2.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Corner_UR_NoFollow.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\icon.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Layer_Bottom.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Layer_Center.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Layer_Top.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\new.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_divider.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_Left.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_Off.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_On.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_Right.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Top.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Top_Bottom.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Side_B.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Side_L.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Side_R.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Side_Top.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\spacer.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\INSTALL.LOG -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\legend.lgn -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\mmod.exe -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\param.ez -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\rwds.rst -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\search.src -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\seng.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\ttupt.exe -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\UNWISE.EXE -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\upgrade.vrn -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\version.vrn -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\wndbannn.src -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\apev.exe -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\basisp.dst -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\basisp.kwd -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\basisp.pu -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\basisp.rst -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\CHPON.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\eapbh.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\gendis.ez -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\INSTALL.LOG -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\paramp.ez -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\rwdsp.rst -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\sepng.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\UNWISE.EXE -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\upgradep.vrn -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\versionp.vrn -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\wndbannnp.src -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\wo.exe -> Adware.eZula : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe -> Spyware.Pacer : Cleaned with backup
C:\WINNT\AuroraHandler.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\Downloaded Program Files\ActiveX.ocx -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\Downloaded Program Files\CONFLICT.1\installer_MARKETING61.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINNT\Downloaded Program Files\installer_MARKETING48.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINNT\Downloaded Program Files\installer_MARKETING61.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINNT\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINNT\etb\pokapoka62.exe -> Spyware.EliteBar : Cleaned with backup
C:\WINNT\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINNT\huipwpbv.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINNT\sftuehrsjv.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\system\iflspo.exe -> TrojanDownloader.Small.ayh : Cleaned with backup
C:\WINNT\system\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\AUNPS2.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINNT\system32\auto_update_uninstall.exe -> Spyware.AproposMedia : Cleaned with backup
C:\WINNT\system32\bxowseui.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\cbrtmgr.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\conres.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINNT\system32\datadx.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINNT\system32\dist001.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\WINNT\system32\dlrgsnap.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\dovmgr.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\doxodrx.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINNT\system32\dqcapi.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\dqdskmgr.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\dxdfg32.exe -> Spyware.Apropos : Cleaned with backup
C:\WINNT\system32\dxskmon.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\e6f1873b.dll -> TrojanDownloader.Braidupdate.d : Cleaned with backup
C:\WINNT\system32\ebrbe.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINNT\system32\EDowST3.exe -> TrojanDownloader.QDown.z : Cleaned with backup
C:\WINNT\system32\exp -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINNT\system32\exp.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINNT\system32\ezPopStub.exe -> Adware.eZula : Cleaned with backup
C:\WINNT\system32\gfkcsp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\hhsfw32.exe -> TrojanDownloader.Agent.ro : Cleaned with backup
C:\WINNT\system32\HSL.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\iaetres.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\iahlpapi.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\idseng.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\igxwan.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\intel32.exe -> Trojan.Small.eu : Cleaned with backup
C:\WINNT\system32\iPsads.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\kcduk.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\kldir.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\knddv.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\kvdpo.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\lafax80n.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\lanbrup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINNT\system32\LKAVI80N.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\lnkrn80n.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mccms.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mewsock.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mforcl32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mgl_qic.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mIpistub.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mivcrt.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mli.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mojet35.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mrc40.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mtxml3a.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mwnetobj.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mzvcrt40.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\ncevtmsg.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\nedsxds.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\nhtrap.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\nsvA5.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINNT\system32\nTrrhook.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\nvdsbsrv.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\oleadm.dll -> Trojan.Agent.ff : Cleaned with backup
C:\WINNT\system32\oudbse32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\pi1_60.exe -> TrojanDownloader.Small.aal : Cleaned with backup
C:\WINNT\system32\pop.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINNT\system32\PopOops.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINNT\system32\PopOops2.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINNT\system32\psfmgr.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\pvd.dll -> Spyware.PurityScan : Cleaned with backup
C:\WINNT\system32\qndit.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\rdcss.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\reabase.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\rgcrt4.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\rnlnmydf.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINNT\system32\rQsppp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\rTsrad.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\rTstls.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\skytown.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\srbapiU.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINNT\system32\stlb2.dll -> TrojanDownloader.Braidupdate.d : Cleaned with backup
C:\WINNT\system32\sufolder.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINNT\system32\SWLAD1.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINNT\system32\SWLAD2.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINNT\system32\szdll.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\szorage.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\tEpi3.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\tfapaeu.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\system32\thin-138-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\system32\tsbmse.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\uci.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINNT\system32\ullmon.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup
C:\WINNT\system32\wintask.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINNT\system32\wvgvw.dat -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINNT\system32\wvnmp32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\wwicore.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\аѕsembly\msconfig.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINNT\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\WINNT\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\WINNT\uninstIU.exe -> Trojan.Agent.ff : Cleaned with backup
C:\WINNT\wupdt.exe -> Spyware.Imiserverieplugin : Cleaned with backup
C:\WINNT\wzderwy.exe -> Adware.BetterInternet : Cleaned with backup
::Report End
**************************************************************
Incident Status Location
Spyware:spyware/surfsidekick No disinfected C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\Sskcwrd.dll
Adware:adware/maxifiles No disinfected C:\PROGRAM FILES\COMMON FILES\services.exe
Adware:adware/funweb No disinfected C:\WINNT\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.8-2.inf
Adware:adware/apropos No disinfected C:\WINNT\SYSTEM32\auto_update_uninstall.log
Adware:adware/wupd No disinfected C:\WINNT\SYSTEM32\ide21201.vxd
Adware:adware/powersearch No disinfected C:\WINNT\SYSTEM32\stlb2.xml
Adware:adware/sqwire No disinfected C:\WINNT\SYSTEM32\tsuninst.exe
Adware:adware/ezula No disinfected C:\WINNT\eZinstall.exe
Spyware:spyware/betterinet No disinfected C:\WINNT\INF\banner.inf
Adware:adware/consumeralertsystemNo disinfected C:\PROGRAM FILES\CasStub
Adware:adware/mywebsearch No disinfected C:\PROGRAM FILES\MyWebSearch
Adware:adware program No disinfected C:\WINNT\SYSTEM32\cache32dsrf4535dfs
Adware:adware/elitebar No disinfected C:\WINNT\etb
Adware:adware/addestroyer No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AdDestroyer
Adware:adware/virtualbouncer No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\VBouncer
Adware:adware/e2give No disinfected Windows Registry
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\All Users\Desktop\nailfix\Process.exe
Virus:Trj/Downloader.MO Disinfected C:\Hijack This\backups\backup-20050811-200535-626.inf
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\ProxyStub.dll
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\services.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[Catcher.dll]
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[gui.exe]
Adware:Adware/FunWeb No disinfected C:\WINNT\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
Spyware:Spyware/BargainBuddy No disinfected C:\WINNT\etb\xml\images\casino.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINNT\etb\xml\images\dating.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINNT\etb\xml\images\drugs.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINNT\etb\xml\images\fav.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINNT\etb\xml\images\virus.bmp
Spyware:Spyware/BetterInet No disinfected C:\WINNT\inf\banner.inf
Virus:W32/Smitfraud.C Disinfected C:\WINNT\system32\oleadm32.dll
Adware:Adware/PurityScan No disinfected C:\WINNT\system32\Shex.exe
Adware:Adware/Imibar No disinfected C:\WINNT\ttext.dll
************************************************************
"Silent Runners.vbs", revision 39,
http://www.silentrunners.org/Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"iflspo.exe" = "C:\WINNT\system\iflspo.exe" [file not found]
"tsbmse" = "C:\WINNT\System32\tsbmse.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"WinampAgent" = ""C:\Program Files\Winamp\Winampa.exe"" [null data]
"ShStatEXE" = ""C:\Program Files\Network Associates\NetShield NT\SHSTAT.EXE" /STANDALONE" ["Network Associates Inc."]
"EssSpkPhone" = "essspk.exe" [file not found]
"RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
"Lexmark X1100 Series" = ""C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"" ["Lexmark International, Inc."]
"Ulead AutoDetector" = "C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" ["Ulead Systems, Inc."]
"AOLDialer" = "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" ["America Online"]
"AOL Spyware Protection" = ""C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"" [null data]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Pure Networks Port Magic" = ""C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run" ["Pure Networks, Inc."]
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express Access"
\StubPath = ""C:\WINNT\System32\shmgrate.exe" OCInstallUserConfigOE" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
"{30682A19-DEC7-45C5-A3F9-3B1C86DBD2C0}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\mrc40.dll" [file not found]
"{A833AB67-7368-457E-B8BF-249CCD8DDD14}" = "Date Bar"
-> {CLSID}\InProcServer32\(Default) = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dbar.dll" [file not found]
"{AD6F2259-3631-4241-A7D2-5A093D21AB3A}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\mzvcrt40.dll" [file not found]
"{EECB117F-91E7-4B1E-998C-AC0B7D5245F9}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\guard.tmp" [file not found]
"{AEA19CC1-A95A-40A4-BFDC-E9A7713F95C1}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\lafax80n.dll" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "load" = "load=load= essspk.exe essspk.exe" [file not found], [file not found], [file not found]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/html\CLSID = "{8293D547-38DD-4325-B35A-F1817EDFA5FC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Cas\Client\casmf.dll" [file not found]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
mqsqmtss\(Default) = "{a9af349c-f680-4268-b44a-113d128bc427}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\ebrbe.dll" [file not found]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"SCRNSAVE.EXE" = "C:\WINNT\system32\logon.scr" [MS]
Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
"Webshots" -> shortcut to: "C:\Program Files\Webshots\WebshotsTray.exe" ["The Webshots Corporation"]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"America Online 9.0 Tray Icon" -> shortcut to: "C:\Program Files\America Online 9.0h\aoltray.exe -check" ["America Online, Inc."]
Enabled Scheduled Tasks:
------------------------
"RUTASK" -> launches: "C:\WINNT\ru.exe" [file not found]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{4982D40A-C53B-4615-B15B-B5B5E98D167C}\
"ButtonText" = "AOL Toolbar"
"MenuText" = "AOL Toolbar"
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
Miscellaneous IE Hijack Points
------------------------------
C:\WINNT\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.aol.com
Missing lines (compared with English-language version):
[Strings]: 1 line
HOSTS file
----------
C:\WINNT\System32\drivers\etc\HOSTS
maps: 232 domain names to IP addresses,
231 of the IP addresses are *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["America Online"]
LexBce Server, LexBceS, "C:\WINNT\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Network Associates Alert Manager, AlertManager, "C:\PROGRA~1\NETWOR~1\NETSHI~1\AMGRSRVC.EXE" ["Network Associates, Inc."]
Network Associates McShield, McShield, ""C:\Program Files\Network Associates\NetShield NT\MCSHIELD.EXE"" ["Network Associates, Inc."]
Network Associates Task Manager, McTaskManager, "C:\PROGRA~1\NETWOR~1\NETSHI~1\VSTSKMGR.EXE" ["Network Associates, Inc."]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "Yes" at the first message box.
---------- (total run time: 55 seconds, including 18 seconds for message boxes)
***************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 10:44:19 PM, on 08/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NETWOR~1\NETSHI~1\AMGRSRVC.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\NetShield NT\MCSHIELD.EXE
C:\PROGRA~1\NETWOR~1\NETSHI~1\VSTSKMGR.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Network Associates\NetShield NT\SHSTAT.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\America Online 9.0h\aoltray.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.geocities.../kaabzuag_xyoojR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
F3 - REG:win.ini: load=load=load= essspk.exe essspk.exe
O1 - Hosts: 69.31.81.22 www.google.ae
O1 - Hosts: 69.31.81.22 www.google.am
O1 - Hosts: 69.31.81.22 www.google.as
O1 - Hosts: 69.31.81.22 www.google.at
O1 - Hosts: 69.31.81.22 www.google.az
O1 - Hosts: 69.31.81.22 www.google.be
O1 - Hosts: 69.31.81.22 www.google.bi
O1 - Hosts: 69.31.81.22 www.google.ca
O1 - Hosts: 69.31.81.22 www.google.cd
O1 - Hosts: 69.31.81.22 www.google.cg
O1 - Hosts: 69.31.81.22 www.google.ch
O1 - Hosts: 69.31.81.22 www.google.ci
O1 - Hosts: 69.31.81.22 www.google.cl
O1 - Hosts: 69.31.81.22 www.google.co.cr
O1 - Hosts: 69.31.81.22 www.google.co.hu
O1 - Hosts: 69.31.81.22 www.google.co.il
O1 - Hosts: 69.31.81.22 www.google.co.in
O1 - Hosts: 69.31.81.22 www.google.co.je
O1 - Hosts: 69.31.81.22 www.google.co.jp
O1 - Hosts: 69.31.81.22 www.google.co.ke
O1 - Hosts: 69.31.81.22 www.google.co.kr
O1 - Hosts: 69.31.81.22 www.google.co.ls
O1 - Hosts: 69.31.81.22 www.google.co.nz
O1 - Hosts: 69.31.81.22 www.google.co.th
O1 - Hosts: 69.31.81.22 www.google.co.ug
O1 - Hosts: 69.31.81.22 www.google.co.uk
O1 - Hosts: 69.31.81.22 www.google.co.ve
O1 - Hosts: 69.31.81.22 www.google.com
O1 - Hosts: 69.31.81.22 www.google.com.ag
O1 - Hosts: 69.31.81.22 www.google.com.ar
O1 - Hosts: 69.31.81.22 www.google.com.au
O1 - Hosts: 69.31.81.22 www.google.com.br
O1 - Hosts: 69.31.81.22 www.google.com.co
O1 - Hosts: 69.31.81.22 www.google.com.cu
O1 - Hosts: 69.31.81.22 www.google.com.do
O1 - Hosts: 69.31.81.22 www.google.com.ec
O1 - Hosts: 69.31.81.22 www.google.com.fj
O1 - Hosts: 69.31.81.22 www.google.com.gi
O1 - Hosts: 69.31.81.22 www.google.com.gr
O1 - Hosts: 69.31.81.22 www.google.com.gt
O1 - Hosts: 69.31.81.22 www.google.com.hk
O1 - Hosts: 69.31.81.22 www.google.com.ly
O1 - Hosts: 69.31.81.22 www.google.com.mt
O1 - Hosts: 69.31.81.22 www.google.com.mx
O1 - Hosts: 69.31.81.22 www.google.com.my
O1 - Hosts: 69.31.81.22 www.google.com.na
O1 - Hosts: 69.31.81.22 www.google.com.nf
O1 - Hosts: 69.31.81.22 www.google.com.ni
O1 - Hosts: 69.31.81.22 www.google.com.np
O1 - Hosts: 69.31.81.22 www.google.com.pa
O1 - Hosts: 69.31.81.22 www.google.com.pe
O1 - Hosts: 69.31.81.22 www.google.com.ph
O1 - Hosts: 69.31.81.22 www.google.com.pk
O1 - Hosts: 69.31.81.22 www.google.com.pr
O1 - Hosts: 69.31.81.22 www.google.com.py
O1 - Hosts: 69.31.81.22 www.google.com.sa
O1 - Hosts: 69.31.81.22 www.google.com.sg
O1 - Hosts: 69.31.81.22 www.google.com.sv
O1 - Hosts: 69.31.81.22 www.google.com.tr
O1 - Hosts: 69.31.81.22 www.google.com.tw
O1 - Hosts: 69.31.81.22 www.google.com.ua
O1 - Hosts: 69.31.81.22 www.google.com.uy
O1 - Hosts: 69.31.81.22 www.google.com.vc
O1 - Hosts: 69.31.81.22 www.google.com.vn
O1 - Hosts: 69.31.81.22 www.google.de
O1 - Hosts: 69.31.81.22 www.google.dj
O1 - Hosts: 69.31.81.22 www.google.dk
O1 - Hosts: 69.31.81.22 www.google.es
O1 - Hosts: 69.31.81.22 www.google.fi
O1 - Hosts: 69.31.81.22 www.google.fm
O1 - Hosts: 69.31.81.22 www.google.fr
O1 - Hosts: 69.31.81.22 www.google.gg
O1 - Hosts: 69.31.81.22 www.google.gl
O1 - Hosts: 69.31.81.22 www.google.gm
O1 - Hosts: 69.31.81.22 www.google.hn
O1 - Hosts: 69.31.81.22 www.google.ie
O1 - Hosts: 69.31.81.22 www.google.it
O1 - Hosts: 69.31.81.22 www.google.kz
O1 - Hosts: 69.31.81.22 www.google.li
O1 - Hosts: 69.31.81.22 www.google.lt
O1 - Hosts: 69.31.81.22 www.google.lu
O1 - Hosts: 69.31.81.22 www.google.lv
O1 - Hosts: 69.31.81.22 www.google.mn
O1 - Hosts: 69.31.81.22 www.google.ms
O1 - Hosts: 69.31.81.22 www.google.mu
O1 - Hosts: 69.31.81.22 www.google.mw
O1 - Hosts: 69.31.81.22 www.google.nl
O1 - Hosts: 69.31.81.22 www.google.no
O1 - Hosts: 69.31.81.22 www.google.off.ai
O1 - Hosts: 69.31.81.22 www.google.pl
O1 - Hosts: 69.31.81.22 www.google.pn
O1 - Hosts: 69.31.81.22 www.google.pt
O1 - Hosts: 69.31.81.22 www.google.ro
O1 - Hosts: 69.31.81.22 www.google.ru
O1 - Hosts: 69.31.81.22 www.google.rw
O1 - Hosts: 69.31.81.22 www.google.se
O1 - Hosts: 69.31.81.22 www.google.sh
O1 - Hosts: 69.31.81.22 www.google.sk
O1 - Hosts: 69.31.81.22 www.google.sm
O1 - Hosts: 69.31.81.22 www.google.td
O1 - Hosts: 69.31.81.22 www.google.tm
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\NetShield NT\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0h\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -
http://us.chat1.yimg...v45/yacscom.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com...kup/qdiagcc.cabO16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
http://download.spys...rCabInstall.cabO18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O23 - Service: Network Associates Alert Manager (AlertManager) - Network Associates, Inc. - C:\PROGRA~1\NETWOR~1\NETSHI~1\AMGRSRVC.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\NetShield NT\MCSHIELD.EXE
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\PROGRA~1\NETWOR~1\NETSHI~1\VSTSKMGR.EXE
***********************************************************
Rebooting the computer is going fine now. There is a pop up that says:
"C:\Program Files\Common Files\ system32.dll/Catcher.dll" cannot be removed because it is embedded in the archive "C:\Program Files\Common Files\system32.dll." Do you want to remove the whole archive?
Another pop up says:
Cannot delete cfgmgr32: This specified file is being used by Windows.
When the computer is turned onto the destop, two pop ups says that 'load=load=' cannot be found; and 'essspk.exe' cannot be found.
Maivsawmyx