Some info and then the logs---
Trend Micro said congrats ona clean system
Ive posted the Panda scan below
Ewido, I had to reinstall, cause i couldnt figure how to get updates, so I removed it and downloaded it again...
when I tried to get updates the second time after new install, it said at the bottom that it couldnt find the site, so I did a manual download and , after a moment a bar came up at the bottom and told me that there are no downloads..so I assume it is updated.
I now have an ewido guard, is that okay to have with Norton too? Should i remove the guard?
Spybot found 2 things, and I dont think they were a big deal--they were about me disabling windows firewall (like u mentioned)..Cause I have norton internet security.
Ad aware only found an mru list which was negligible--i wasnt sure if i should delete, so i didnt.
Norton quarantine was empty, but the backup had stuff in it that Im not sure I can delete (but i did delete the recovery items on Spybot)
FYI--that last scan (mwti.net software) took 3 1/2 hours to scan...
Below are the Panda log, ewido, MW post and a new high jack scan
Incident Status Location
Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\SYSTEM32\exclean.exe
Adware:adware/keenvalue No disinfected C:\WINDOWS\BROWSERXTRAS\PN\remove.exe
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Spyware:spyware/new.net No disinfected C:\WINDOWS\NDNuninstall4_88.exe
Adware:adware/consumeralertsystemNo disinfected C:\PROGRAM FILES\CasStub
Adware:adware/myway No disinfected C:\PROGRAM FILES\MyWay
Adware:adware/p2pnetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking
Adware:adware/elitebar No disinfected C:\WINDOWS\etb
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\casino.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\dating.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\drugs.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\fav.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\virus.bmp
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall4_88.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall4_94.exe
Hacktool:Hacktool/Processor No disinfected C:\WINDOWS\system32\Process.exe ---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 2:12:01 PM, 8/11/2005
+ Report-Checksum: D9084B62
+ Scan result:
No infected objects found.
::Report End
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "myway Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "CWS.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ActiveX.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\iPIX-ImageWell-ipix.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ITDetector.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\OUTC.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ycomp5_1_5_0.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\yinsthelper.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\RMAgentOutput.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\XpBlock.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\RMAgentOutput.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7E752AAA-5A32-40AD-B150-4A2E85768E4D}" refers to invalid object "E:\bin\win32\omgdwrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\Program Files\Messenger\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{d715e738-0eae-4485-a520-6171d660aff2}" refers to invalid object "C:\WINDOWS\System32\isksr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D95DEB2F-4A47-467C-A78B-5D3038D089D5}" refers to invalid object "E:\bin\win32\omgdbp.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4BD1DE2-5102-6415-9C11-09CB23AF787E}" refers to invalid object "C:\WINDOWS\System32\dxmrtp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
File C:\WINDOWS\icont.exe tagged as "not-a-virus:AdWare.AdURL.c". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall4_88.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall4_94.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\system32\Process.exe tagged as not-a-virus:RiskTool.Win32.Processor.20. No Action Taken.
File C:\Program Files\Kazaa\My Shared Folder\download10890242331125342156.dat infected by "Trojan-Downloader.WMA.Wimad.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Kazaa\My Shared Folder\download10890242371125346093.dat infected by "Trojan-Downloader.WMA.Wimad.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\016333DB.asw tagged as "not-a-virus:AdWare.BrilliantDigital.e". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\07925EA3.exe tagged as "not-a-virus:AdWare.Gator.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0E785DF0.asw tagged as "not-a-virus:AdWare.Altnet.j". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\168A59EA.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\19E019E2.asw tagged as "not-a-virus:AdWare.BrilliantDigital.3563". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1A7419B6.asw tagged as "not-a-virus:AdWare.BrilliantDigital.3120". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1AA05280.asw tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DAA2BE6.asw infected by "Trojan.Win32.Krepper.y" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\26C94711.asw tagged as "not-a-virus:AdWare.BrilliantDigital.3566". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2DD30775.asw tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\32F13BA2.asw tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\363944A5.asw tagged as "not-a-virus:AdWare.Altnet.d". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\363944A5.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3ED56940.dll tagged as "not-a-virus:AdWare.BrilliantDigital.3120". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F1A3032.dll tagged as "not-a-virus:AdWare.Altnet.i". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41CA00A4.dll tagged as "not-a-virus:AdWare.Altnet.k". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41CA00A4.exe tagged as "not-a-virus:AdWare.BrilliantDigital.3022". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41DB2025.asw tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\45F53B3C.asw tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4D150D38.asw tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\551E06BA.asw tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\552130B7.asw tagged as "not-a-virus:AdWare.BrilliantDigital.3039". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55245AB3.asw tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\552704AF.asw tagged as "not-a-virus:AdWare.Perfnav.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\552704AF.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\552B2EAC.exe tagged as "not-a-virus:AdWare.BrilliantDigital.1100". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\552E58A8.dll tagged as "not-a-virus:AdWare.BrilliantDigital.3039". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\552E58A8.exe tagged as "not-a-virus:AdWare.BrilliantDigital.3022". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\553102A5.dll tagged as "not-a-virus:AdWare.BrilliantDigital.e". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\553102A5.exe tagged as "not-a-virus:AdWare.Altnet.i". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55342CA1.fil tagged as "not-a-virus:AdWare.Gator.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5538569D.exe tagged as "not-a-virus:AdWare.Gator.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\58137795.asw tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\63960A06.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6B605F83.asw tagged as "not-a-virus:AdWare.BrilliantDigital.3567". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6E404A93.dll tagged as "not-a-virus:AdWare.Altnet.j". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\75601C8F.asw tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7C0222A4.dll tagged as "not-a-virus:AdWare.BrilliantDigital.3039". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{E494405A-A007-4223-8570-60B192C0D901}\RP1012\A0117378.exe tagged as not-a-virus:RiskTool.Win32.Processor.20. No Action Taken.
File C:\WINDOWS\icont.exe tagged as "not-a-virus:AdWare.AdURL.c". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall4_88.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall4_94.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\system32\Process.exe tagged as not-a-virus:RiskTool.Win32.Processor.20. No Action Taken.
Logfile of HijackThis v1.99.1
Scan saved at 6:59:31 PM, on 8/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\COMMON~1\AOL\111075~1\EE\AOLHOS~1.EXE
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\COMMON~1\AOL\111075~1\EE\AOLServiceHost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hi Jack this JB\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.sony.com/vaiopeopleO2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1110758300\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Backgammon -
http://download.game...nts/y/at0_x.cabO16 - DPF: Yahoo! Chess -
http://download.game...nts/y/ct1_x.cabO16 - DPF: Yahoo! MLB StatTracker -
http://aud14.sports....mlbst8408_x.cabO16 - DPF: Yahoo! Pool 2 -
http://download.game...ts/y/potc_x.cabO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) -
http://esupport.aol....oach_core_1.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://appldnld.m7z....iTunesSetup.exeO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com...kup/qdiagcc.cabO16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
http://www.xblock.co...clean_micro.exeO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://207.188.7.150...ip/RdxIE601.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1123354168375O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.app.../ITDetector.cabO16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
http://us.dl1.yimg.c...ebio5_1_5_0.cabO16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} -
http://216.249.24.14...geWell-ipix.cabO23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Unknown owner - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe (file missing)