Done!
Spy Sweeper removed alot of stuff.
after reboot I ran it again to be sure, and when it opened, the log say:
13:08: Warning: Failed to check file "c:\windows\system32\hclean32.exe". Cannot open file "c:\windows\system32\hclean32.exe". tkomst nekad
"tkomst nekad" is "access denied"
The scan found nothing though.
FireFox still crash on start and Norton says there is a trojan virus in that file.
I tried to find that file myself, and discovered that it can't be seen.
I made a small experiment trying to rename an empty txt file to hclean32.exe, and it dissappears... Littrary it can't be found, neither as .exe or .txt as original name was.
Thought I'd mention this in case it has some importance.
(btw, I CAN see hidden system files etc)
Running Spy Sweeper after this found even more stuff, specifically:
C:\WINDOWS\system32\rdsndin.exe
I have a suspicion that something is attacking my "primary" web browser, as I did have lot of problems with IE at first. After installing FireFox, and setting that as primary browserm, the problems kind of moved over to there. IE now works, FF doesn't.
Spy Sweeper log:
-----------------------------------------------------------------------------------------------
********
13:08: | Start of Session, den 14 september 2005 |
13:08: Spy Sweeper started
13:08: Sweep initiated using definitions version 533
13:09: Starting Memory Sweep
13:10: Found Trojan Horse: trojan-secdrop
13:10: Detected running threat: C:\WINDOWS\system32\rdsndin.exe (ID = 81237)
13:10: Found Trojan Horse: trojan-downloader-ruin
13:10: Detected running threat: C:\WINDOWS\system32\ntfsnlpa.exe (ID = 125496)
13:10: Memory Sweep Complete, Elapsed Time: 00:01:43
13:10: Starting Registry Sweep
13:10: Found Adware: cws-aboutblank
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1006\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115923)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115923)
13:10: Found Adware: cws obfuscated bho hijack
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1006\software\microsoft\internet explorer\main\ || search bar (ID = 116786)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\main\ || search bar (ID = 116786)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1006\software\microsoft\internet explorer\main\ || search page (ID = 116787)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\main\ || search page (ID = 116787)
13:10: Found Adware: cws_cassandra
13:10: HKLM\software\microsoft\internet explorer\urls\ ||
http://69.50.161.11/woinst.exe (ID = 117062)
13:10: Found Adware: dapsol dialer
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\main\ || conc (ID = 124673)
13:10: Found Adware: freshbar
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {06abaa2d-34ab-4902-a326-409bd9b9a7a5} (ID = 126698)
13:10: Found Adware: clearsurfing hijack
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\ (259 subtraces) (ID = 126710)
13:10: Found Adware: searchtoolbar
13:10: HKU\S-1-5-21-4149289120-3723271197-3242847100-1005\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 139177)
13:10: Found Adware: quicklink search toolbar
13:10: HKU\S-1-5-21-4149289120-3723271197-3242847100-1005\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 139177)
13:10: HKU\S-1-5-21-4149289120-3723271197-3242847100-1005\software\searchtoolbar\ (5 subtraces) (ID = 141343)
13:10: HKLM\software\searchtoolbar\ (3 subtraces) (ID = 141346)
13:10: Found Trojan Horse: trojan-dnschanger
13:10: HKLM\software\microsoft\windows\currentversion\run\ || yaemu.exe (ID = 144229)
13:10: Found Trojan Horse: trojan-downloader-alureonb
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\windows\currentversion\run\ || dtours (ID = 144311)
13:10: Found Trojan Horse: trojan-downloader-hidd
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\ || emandislc (ID = 144627)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\main\ || starter page (ID = 144628)
13:10: HKLM\software\microsoft\windows\currentversion\ || emandislc (ID = 144629)
13:10: HKLM\software\microsoft\windows\currentversion\ || emanelif (ID = 144630)
13:10: HKLM\software\microsoft\windows\currentversion\ || emanexe (ID = 144631)
13:10: HKLM\software\microsoft\windows\currentversion\ || emanger (ID = 144632)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\windows\currentversion\nur\ (12 subtraces) (ID = 144689)
13:10: Found Trojan Horse: trojan-downloader-wareout
13:10: HKU\S-1-5-21-4149289120-3723271197-3242847100-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {bf69df00-2734-477f-8257-27cd04f88779} (ID = 144839)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\extensions\cmdmapping\ || {bf69df00-2734-477f-8257-27cd04f88779} (ID = 144839)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\extensions\{bf69df00-2734-477f-8257-27cd04f88779}\ (8 subtraces) (ID = 144840)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\windows\currentversion\run\ || lpt (ID = 144850)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\windows\currentversion\run\ || wareout (ID = 144859)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\wareout\ (6 subtraces) (ID = 144878)
13:10: HKLM\software\microsoft\windows\currentversion\run\ || hclean32.exe (ID = 595890)
13:10: HKLM\software\microsoft\windows\currentversion\urls\ (16 subtraces) (ID = 605127)
13:10: HKLM\software\microsoft\windows\currentversion\ruins\ (169 subtraces) (ID = 605128)
13:10: Registry Sweep Complete, Elapsed Time:00:00:13
13:10: Starting Cookie Sweep
13:11: Found Spy Cookie: customer cookie
13:11: compaq@customer[1].txt (ID = 2481)
13:11: Cookie Sweep Complete, Elapsed Time: 00:00:01
13:11: Starting File Sweep
13:11: Found Adware: powerstrip
13:11: c:\program\powerstrip (11 subtraces) (ID = -2147476660)
13:11: run_dos.dll (ID = 80551)
13:11: ntfsnlpa.exe (ID = 125496)
13:11: rdsndin.exe (ID = 81237)
13:12: loadctr32.exe (ID = 125495)
13:14: File Sweep Complete, Elapsed Time: 00:03:02
13:14: Full Sweep has completed. Elapsed time 00:05:03
13:14: Traces Found: 529
13:28: Removal process initiated
13:28: Quarantining All Traces: trojan-secdrop
13:28: Quarantining All Traces: trojan-downloader-ruin
13:28: Quarantining All Traces: cws-aboutblank
13:28: Quarantining All Traces: cws obfuscated bho hijack
13:28: Quarantining All Traces: cws_cassandra
13:28: Quarantining All Traces: dapsol dialer
13:28: Quarantining All Traces: freshbar
13:28: Quarantining All Traces: clearsurfing hijack
13:28: Quarantining All Traces: searchtoolbar
13:28: Quarantining All Traces: quicklink search toolbar
13:28: Quarantining All Traces: trojan-dnschanger
13:28: Quarantining All Traces: trojan-downloader-alureonb
13:28: Quarantining All Traces: trojan-downloader-hidd
13:28: Quarantining All Traces: trojan-downloader-wareout
13:28: Quarantining All Traces: customer cookie
13:28: Quarantining All Traces: powerstrip
13:29: Removal process completed. Elapsed time 00:01:08
********
13:06: | Start of Session, den 14 september 2005 |
13:06: Spy Sweeper started
13:07: Messenger service has been disabled.
13:08: Warning: Failed to check file "c:\windows\system32\hclean32.exe". Cannot open file "c:\windows\system32\hclean32.exe". tkomst nekad
13:08: Updating spyware definitions
13:08: Your definitions are up to date.
13:08: | End of Session, den 14 september 2005 |
-----------------------------------------------------------------------------------------------
Second run after starting FireFox.
-----------------------------------------------------------------------------------------------
13:08: | Start of Session, den 14 september 2005 |
13:08: Spy Sweeper started
13:08: Sweep initiated using definitions version 533
13:09: Starting Memory Sweep
13:10: Found Trojan Horse: trojan-secdrop
13:10: Detected running threat: C:\WINDOWS\system32\rdsndin.exe (ID = 81237)
13:10: Found Trojan Horse: trojan-downloader-ruin
13:10: Detected running threat: C:\WINDOWS\system32\ntfsnlpa.exe (ID = 125496)
13:10: Memory Sweep Complete, Elapsed Time: 00:01:43
13:10: Starting Registry Sweep
13:10: Found Adware: cws-aboutblank
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1006\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115923)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115923)
13:10: Found Adware: cws obfuscated bho hijack
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1006\software\microsoft\internet explorer\main\ || search bar (ID = 116786)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\main\ || search bar (ID = 116786)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1006\software\microsoft\internet explorer\main\ || search page (ID = 116787)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\main\ || search page (ID = 116787)
13:10: Found Adware: cws_cassandra
13:10: HKLM\software\microsoft\internet explorer\urls\ ||
http://69.50.161.11/woinst.exe (ID = 117062)
13:10: Found Adware: dapsol dialer
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\main\ || conc (ID = 124673)
13:10: Found Adware: freshbar
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {06abaa2d-34ab-4902-a326-409bd9b9a7a5} (ID = 126698)
13:10: Found Adware: clearsurfing hijack
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\ (259 subtraces) (ID = 126710)
13:10: Found Adware: searchtoolbar
13:10: HKU\S-1-5-21-4149289120-3723271197-3242847100-1005\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 139177)
13:10: Found Adware: quicklink search toolbar
13:10: HKU\S-1-5-21-4149289120-3723271197-3242847100-1005\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 139177)
13:10: HKU\S-1-5-21-4149289120-3723271197-3242847100-1005\software\searchtoolbar\ (5 subtraces) (ID = 141343)
13:10: HKLM\software\searchtoolbar\ (3 subtraces) (ID = 141346)
13:10: Found Trojan Horse: trojan-dnschanger
13:10: HKLM\software\microsoft\windows\currentversion\run\ || yaemu.exe (ID = 144229)
13:10: Found Trojan Horse: trojan-downloader-alureonb
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\windows\currentversion\run\ || dtours (ID = 144311)
13:10: Found Trojan Horse: trojan-downloader-hidd
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\ || emandislc (ID = 144627)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\main\ || starter page (ID = 144628)
13:10: HKLM\software\microsoft\windows\currentversion\ || emandislc (ID = 144629)
13:10: HKLM\software\microsoft\windows\currentversion\ || emanelif (ID = 144630)
13:10: HKLM\software\microsoft\windows\currentversion\ || emanexe (ID = 144631)
13:10: HKLM\software\microsoft\windows\currentversion\ || emanger (ID = 144632)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\windows\currentversion\nur\ (12 subtraces) (ID = 144689)
13:10: Found Trojan Horse: trojan-downloader-wareout
13:10: HKU\S-1-5-21-4149289120-3723271197-3242847100-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {bf69df00-2734-477f-8257-27cd04f88779} (ID = 144839)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\extensions\cmdmapping\ || {bf69df00-2734-477f-8257-27cd04f88779} (ID = 144839)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\internet explorer\extensions\{bf69df00-2734-477f-8257-27cd04f88779}\ (8 subtraces) (ID = 144840)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\windows\currentversion\run\ || lpt (ID = 144850)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\microsoft\windows\currentversion\run\ || wareout (ID = 144859)
13:10: HKU\WRSS_Profile_S-1-5-21-4149289120-3723271197-3242847100-1007\software\wareout\ (6 subtraces) (ID = 144878)
13:10: HKLM\software\microsoft\windows\currentversion\run\ || hclean32.exe (ID = 595890)
13:10: HKLM\software\microsoft\windows\currentversion\urls\ (16 subtraces) (ID = 605127)
13:10: HKLM\software\microsoft\windows\currentversion\ruins\ (169 subtraces) (ID = 605128)
13:10: Registry Sweep Complete, Elapsed Time:00:00:13
13:10: Starting Cookie Sweep
13:11: Found Spy Cookie: customer cookie
13:11: compaq@customer[1].txt (ID = 2481)
13:11: Cookie Sweep Complete, Elapsed Time: 00:00:01
13:11: Starting File Sweep
13:11: Found Adware: powerstrip
13:11: c:\program\powerstrip (11 subtraces) (ID = -2147476660)
13:11: run_dos.dll (ID = 80551)
13:11: ntfsnlpa.exe (ID = 125496)
13:11: rdsndin.exe (ID = 81237)
13:12: loadctr32.exe (ID = 125495)
13:14: File Sweep Complete, Elapsed Time: 00:03:02
13:14: Full Sweep has completed. Elapsed time 00:05:03
13:14: Traces Found: 529
13:28: Removal process initiated
13:28: Quarantining All Traces: trojan-secdrop
13:28: Quarantining All Traces: trojan-downloader-ruin
13:28: Quarantining All Traces: cws-aboutblank
13:28: Quarantining All Traces: cws obfuscated bho hijack
13:28: Quarantining All Traces: cws_cassandra
13:28: Quarantining All Traces: dapsol dialer
13:28: Quarantining All Traces: freshbar
13:28: Quarantining All Traces: clearsurfing hijack
13:28: Quarantining All Traces: searchtoolbar
13:28: Quarantining All Traces: quicklink search toolbar
13:28: Quarantining All Traces: trojan-dnschanger
13:28: Quarantining All Traces: trojan-downloader-alureonb
13:28: Quarantining All Traces: trojan-downloader-hidd
13:28: Quarantining All Traces: trojan-downloader-wareout
13:28: Quarantining All Traces: customer cookie
13:28: Quarantining All Traces: powerstrip
13:29: Removal process completed. Elapsed time 00:01:08
********
-----------------------------------------------------------------------------------------------
HJT log:
-----------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 13:40:01, on 2005-09-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\NORTON~1\navapw32.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program\Delade filer\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\alg.exe
C:\Program\ewido\security suite\ewidoctrl.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Compaq\Skrivbord\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://desktop.presa...1c02&lc=041dR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://windowsupdate.microsoft.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lnkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab28578.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} -
http://www.wildtange...ave/Install.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zon...MineSweeper.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1124367060000O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...StatsClient.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) -
http://download.zone...ctor/WebAAS.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zon...ireShowdown.cabO23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Hope this helps...
Edited by Topen, 14 September 2005 - 06:42 AM.