Unsolved
This post is more than 5 years old
50 Posts
0
452
Cleaning up PC. Help with Mwave scan and Hijack This log.
Took some time this weekend to check out my PC at home. Would like some help to look at the Mwave log and hijack this logs for each user to make sure they are clean.
This is a Dell Dimension running Windows XP Home. I am also running Nortons Security 2006 with antivirus, antispam and firewall.
We have five users on the PC - Steve, Mandy, Juliette, Rhian and Emily.
I have run the following;
Nortons full scan - shows all clear
Adaware for all users - the usual bits and pieces cleaned up
Trend Micro House Call - a couple of items cleaned up.
Spybot Search and Destroy for all users - had some queries but sorted thanks to Bugbatter.
Microworld MWave - The Mwave log is shown below. Some of the items could be safe as they look as if they are quarantined by Nortons?
Nortons full scan - shows all clear
Adaware for all users - the usual bits and pieces cleaned up
Trend Micro House Call - a couple of items cleaned up.
Spybot Search and Destroy for all users - had some queries but sorted thanks to Bugbatter.
Microworld MWave - The Mwave log is shown below. Some of the items could be safe as they look as if they are quarantined by Nortons?
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "perfwo Trojan" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "perfwo Trojan" found in File System! Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".brimble/Inbox/The%20final%20Agenda%20and%20The%20list%20of%20participants_xF8FF_%D0%9E%D0%BA%D0%BE%D0%BD%D1%87%D0%B0%D1%82%D0%B5%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9%20%D0%B2%D0%B0%D1%80%D0%B8%D0%B0%D0%BD%". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".doc?attach=1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02AE4281.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\036F6FAD.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06D0004B.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07285393.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\072F278C.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07464D73.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07634753.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07804132.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09642175.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09835ACD.exe//CryptFF tagged as "not-a-virus:AdWare.Win32.2Search.g". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AAA6DB7.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AD1658C.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AE2377A.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AEC4FC6.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AEF79C2.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B025B56.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B7B7F9B.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B825B20.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DB3092A.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E7B7785.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F6F161C.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11CB6D84.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15C61922.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D01A8E.exe//CryptFF tagged as "not-a-virus:AdWare.Win32.2Search.c". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A0136DF.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\317200BE.exe//CryptFF//main.exe tagged as "not-a-virus:AdWare.Win32.2Search.f". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31752ABA.dll//CryptFF tagged as "not-a-virus:AdWare.Win32.2Search.f". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31752ABA.exe//CryptFF tagged as "not-a-virus:AdWare.Win32.2Search.c". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\317854B6.exe//CryptFF tagged as "not-a-virus:AdWare.Win32.2Search.c". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\396E287A.exe//CryptFF tagged as "not-a-virus:AdWare.Win32.2Search.h". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\408320EC.htm//CryptFF infected by "Exploit.VBS.Phel" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44102C0D.exe//CryptFF infected by "Trojan-Downloader.Win32.Small.cca" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50446BA0.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53A90BE4.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\579D638A.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57BA5D6A.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5874369D.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68935B07.exe//CryptFF infected by "Trojan-Downloader.Win32.Small.cca" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69B249CB.exe//CryptFF infected by "Trojan-Downloader.Win32.Small.cca" Virus! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "perfwo Trojan" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "perfwo Trojan" found in File System! Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".brimble/Inbox/The%20final%20Agenda%20and%20The%20list%20of%20participants_xF8FF_%D0%9E%D0%BA%D0%BE%D0%BD%D1%87%D0%B0%D1%82%D0%B5%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9%20%D0%B2%D0%B0%D1%80%D0%B8%D0%B0%D0%BD%". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".doc?attach=1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02AE4281.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\036F6FAD.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06D0004B.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07285393.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\072F278C.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07464D73.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07634753.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07804132.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09642175.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09835ACD.exe//CryptFF tagged as "not-a-virus:AdWare.Win32.2Search.g". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AAA6DB7.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AD1658C.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AE2377A.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AEC4FC6.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AEF79C2.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B025B56.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B7B7F9B.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B825B20.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DB3092A.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E7B7785.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F6F161C.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11CB6D84.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15C61922.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D01A8E.exe//CryptFF tagged as "not-a-virus:AdWare.Win32.2Search.c". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A0136DF.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\317200BE.exe//CryptFF//main.exe tagged as "not-a-virus:AdWare.Win32.2Search.f". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31752ABA.dll//CryptFF tagged as "not-a-virus:AdWare.Win32.2Search.f". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31752ABA.exe//CryptFF tagged as "not-a-virus:AdWare.Win32.2Search.c". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\317854B6.exe//CryptFF tagged as "not-a-virus:AdWare.Win32.2Search.c". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\396E287A.exe//CryptFF tagged as "not-a-virus:AdWare.Win32.2Search.h". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\408320EC.htm//CryptFF infected by "Exploit.VBS.Phel" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44102C0D.exe//CryptFF infected by "Trojan-Downloader.Win32.Small.cca" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50446BA0.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53A90BE4.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\579D638A.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57BA5D6A.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5874369D.wma//CryptFF infected by "Trojan-Downloader.WMA.Wimad.d" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68935B07.exe//CryptFF infected by "Trojan-Downloader.Win32.Small.cca" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69B249CB.exe//CryptFF infected by "Trojan-Downloader.Win32.Small.cca" Virus! Action Taken: No Action Taken.
I will also post the first Hijack This log as a seperate message.
Thank you for any help given.
Regards
Steve
steeevb
50 Posts
0
June 3rd, 2007 14:00
Scan saved at 16:17:19, on 03/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128241223062
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE