Hi guys...need some help and advice...
It all started when my Sygate personal firewall as working stopped working these few days. The file is still there but the firewall doesnt start up. Even if I click on its .exe file also didnt help. And I also tried to reinstall it and got the same problem.

If I connect my PC to the internet then the whole system or PC slowed down until its ridiculous.....but when its disconnected from the internet I can still use other applications like normal.

I initially wondered if its got to do with other problems...cos when I tried to click on my spyware doctor, another spyware removal program...it said "error while creating the log.Class not register"....and I also cannot open my ms dos....like I click on Run...Command.....then the ms dos window pop up for a while b4 it disappear.

So I suspect that I gotten a virus but when I try to click on my norton systemworks....the window pop up for 1 second and then disappear!!!!??Geez...how to I detect the virus when even my antivirus cant start up.

I have printscreened my task manager processes list and hope that someone can tell me if I have gotten a virus or worm and how do I solved it. Thanks.

http://img203.exs.cx/my.php?loc=img203&image=task15vq.jpg
http://img239.exs.cx/my.php?loc=img239&image=task22nl.jpg
http://img228.exs.cx/my.php?loc=img228&image=task38qj.jpg

You must follow the directions here
or you ain't gettin' none (feeling hip hoppish)
http://forum.gladiator-antivirus.com/index...showtopic=10517

Hi toadbee....I did follow the instructions....

I also used spyware and it only manage to fix a few and 51 infections were left unfixed.

When I used the adware....while scanning C:\windows\system32\win32usb.exe...it just freezes there and stops scanning....

Regarding the log file using hijackthis....when I click on it the window pop for for only 1 second b4 it disappeared...same as what happen to my norton antivirus...hence I suspect its a virus....and I got no choice but to open up the Task Manager->Process and printscreen the log...or is there other alternatives to show u guys the log...

I am at my wits end...

Download *Hijack This!* (current version is 199.0)
http://www.computercops.biz/downloads-file-328.html
http://www.tomcoyote.org/hjt/

Unzip to a folder other than your Desktop or the Temp folder. Then, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that and copy & paste its contents here.

Most of what it lists will be harmless or even essential, don't fix anything yet. Someone will be along to tell you what steps to take after you post the contents of the scan results.

No I think u have misunderstood my reply....I already did as instructed but the thing is everytime I click on the .exe file the application just open up for a split sceond b4 it disappears...I suspect the virus is causing this to happen...so what I am gonna do now is try to use the above instructions in SAFE mode...be right back

Ok I managed to create the logfile in SAFE Mode...this is the logfile...

Logfile of HijackThis v1.99.0
Scan saved at 2:26:44 PM, on 2/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\jijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.sirsearch.com/companion/default.cfm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://rohprhebmgdjapynxas.info/NC6CdJ0DuIfNF0ViVff__8DDoKUKrA3Stj43nJPAnKA.cgi"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\fo2larsi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\fo2larsi.slt\prefs.js)
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SirSearch Companion - {364B4D52-3B9B-11D3-B8DC-00C04FA3471E} - (no file)
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {AC05DC87-BD91-0D0F-E3E3-028FC762DCC2} - C:\DOCUME~1\user\APPLIC~1\BEEPME~1\this slow.exe
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WindowsRegKey update] qkqxcevmlc.exe
O4 - HKLM\..\Run: [Windows System Client] winvsc.exe
O4 - HKLM\..\Run: [Sysino] lsess.exe
O4 - HKLM\..\Run: [Microsoft Server Applacations] qsosrv.exe
O4 - HKLM\..\Run: [Win32 Network Driver] crss.exe
O4 - HKLM\..\Run: [Sys32Xp Updater] sys32xp.exe
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\Run: [USB Device] win32usb.exe
O4 - HKLM\..\Run: [Microsoft Services] C:\WINDOWS\System32\bsc32.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\Run: [Microsoft Intrenet Explorer] winadh.exe
O4 - HKLM\..\Run: [M1cr0s0ft S3rcurity] systemconfig.exe
O4 - HKLM\..\Run: [] hw32.exe /n /fh /r wupd32.exe
O4 - HKLM\..\Run: [microsoft sbaedr update] sbaedr.exe
O4 - HKLM\..\Run: [Win32 Secure Updates] smrss.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\system32\defragfatx.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\windns.exe
O4 - HKLM\..\Run: [dead dart safe 01] C:\Documents and Settings\All Users\Application Data\SAVE BIRD DEAD DART\chicstyle.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [Win32 USB Drivers] navwp32.exe
O4 - HKLM\..\Run: [Remote Procedure Calls] mswinrpc.exe
O4 - HKLM\..\Run: [ntfsmonitorpro] ntfs64.exe
O4 - HKLM\..\Run: [Win32 USB2] serves32.exe
O4 - HKLM\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\Run: [Windows32 Messenger Service] msmsgv.exe
O4 - HKLM\..\Run: [Windows Messenger Service] winsmsgr.exe
O4 - HKLM\..\Run: [Device] C:\sock.exe
O4 - HKLM\..\Run: [DarKNesS LsasS] LsasS23.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] qkqxcevmlc.exe
O4 - HKLM\..\RunServices: [Windows System Client] winvsc.exe
O4 - HKLM\..\RunServices: [Sysino] lsess.exe
O4 - HKLM\..\RunServices: [Microsoft Server Applacations] qsosrv.exe
O4 - HKLM\..\RunServices: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunServices: [Sys32Xp Updater] sys32xp.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunServices: [USB Device] win32usb.exe
O4 - HKLM\..\RunServices: [Microsoft Services] C:\WINDOWS\System32\bsc32.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Microsoft Intrenet Explorer] winadh.exe
O4 - HKLM\..\RunServices: [M1cr0s0ft S3rcurity] systemconfig.exe
O4 - HKLM\..\RunServices: [] hw32.exe /n /fh /r wupd32.exe
O4 - HKLM\..\RunServices: [microsoft sbaedr update] sbaedr.exe
O4 - HKLM\..\RunServices: [Win32 Secure Updates] smrss.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\RunServices: [Win32 USB Drivers] navwp32.exe
O4 - HKLM\..\RunServices: [Remote Procedure Calls] mswinrpc.exe
O4 - HKLM\..\RunServices: [ntfsmonitorpro] ntfs64.exe
O4 - HKLM\..\RunServices: [Win32 USB2] serves32.exe
O4 - HKLM\..\RunServices: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\RunServices: [Windows32 Messenger Service] msmsgv.exe
O4 - HKLM\..\RunServices: [Windows Messenger Service] winsmsgr.exe
O4 - HKLM\..\RunServices: [DarKNesS LsasS] LsasS23.exe
O4 - HKLM\..\RunOnce: [Sysino] lsess.exe
O4 - HKLM\..\RunOnce: [Win32 Secure Updates] smrss.exe
O4 - HKLM\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunOnce: [USB Device] win32usb.exe
O4 - HKLM\..\RunOnce: [Win32 USB Drivers] navwp32.exe
O4 - HKLM\..\RunOnce: [ntfsmonitorpro] ntfs64.exe
O4 - HKLM\..\RunOnce: [Win32 USB2] serves32.exe
O4 - HKLM\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\Run: [Yahoo! Pager] E:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Windows System Client] winvsc.exe
O4 - HKCU\..\Run: [WindowsRegKey update] qkqxcevmlc.exe
O4 - HKCU\..\Run: [Sysino] lsess.exe
O4 - HKCU\..\Run: [StoreBall] C:\DOCUME~1\user\APPLIC~1\OneIdle\defaultplan.exe
O4 - HKCU\..\Run: [Win32 Network Driver] crss.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] qsosrv.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [USB Device] win32usb.exe
O4 - HKCU\..\Run: [Sys32Xp Updater] sys32xp.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Win32 Secure Updates] smrss.exe
O4 - HKCU\..\Run: [Win32 USB Drivers] navwp32.exe
O4 - HKCU\..\Run: [ntfsmonitorpro] ntfs64.exe
O4 - HKCU\..\Run: [Win32 USB2] serves32.exe
O4 - HKCU\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\Run: [Remote Procedure Calls] mswinrpc.exe
O4 - HKCU\..\Run: [Windows32 Messenger Service] msmsgv.exe
O4 - HKCU\..\RunServices: [Remote Procedure Calls] mswinrpc.exe
O4 - HKCU\..\RunOnce: [Win32 USB Drivers] navwp32.exe
O4 - HKCU\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - HKCU\..\RunOnce: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\RunOnce: [ntfsmonitorpro] ntfs64.exe
O4 - HKCU\..\RunOnce: [Win32 USB2] serves32.exe
O4 - HKCU\..\RunOnce: [Sysino] lsess.exe
O4 - HKCU\..\RunOnce: [Win32 Secure Updates] smrss.exe
O4 - HKCU\..\RunOnce: [USB Device] win32usb.exe
O4 - HKCU\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: EPSON Background Monitor.lnk = E:\ESM2\STMS.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = E:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: SirSearch - {3239E4EB-C9A5-11D1-A743-00C04F68D537} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - E:\ESM2\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown - E:\ESM2\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - E:\ESM2\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NT login service - Unknown - C:\WINDOWS\System32\libsysmgr.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe

Before we begin, please be sure that HiJackThis is in its own folder. This will allow us to use backups to restore entries if necessary. Please do not put HiJackThis in a temporary folder, or on the Desktop. I suggest using 'c:\program files\hijackthis\' or C:\HiJackThis\, but any name you choose is fine.

Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT

Check the following items in HijackThis.
(note: If any R* items do not appear in Safe Mode, re-run HiJackThis in Normal Mode and remove them after you finish removing these items.)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.sirsearch.com/companion/default.cfm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: (no name) - {AC05DC87-BD91-0D0F-E3E3-028FC762DCC2} - C:\DOCUME~1\user\APPLIC~1\BEEPME~1\this slow.exe
O2 - BHO: SirSearch Companion - {364B4D52-3B9B-11D3-B8DC-00C04FA3471E} - (no file)

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O4 - HKLM\..\Run: [WindowsRegKey update] qkqxcevmlc.exe
O4 - HKLM\..\Run: [Windows System Client] winvsc.exe
O4 - HKLM\..\Run: [Sysino] lsess.exe
O4 - HKLM\..\Run: [Microsoft Server Applacations] qsosrv.exe
O4 - HKLM\..\Run: [Win32 Network Driver] crss.exe
O4 - HKLM\..\Run: [Sys32Xp Updater] sys32xp.exe
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\Run: [USB Device] win32usb.exe
O4 - HKLM\..\Run: [Microsoft Services] C:\WINDOWS\System32\bsc32.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\Run: [Microsoft Intrenet Explorer] winadh.exe
O4 - HKLM\..\Run: [M1cr0s0ft S3rcurity] systemconfig.exe
O4 - HKLM\..\Run: [] hw32.exe /n /fh /r wupd32.exe
O4 - HKLM\..\Run: [microsoft sbaedr update] sbaedr.exe
O4 - HKLM\..\Run: [Win32 Secure Updates] smrss.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\system32\defragfatx.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\windns.exe
O4 - HKLM\..\Run: [dead dart safe 01] C:\Documents and Settings\All Users\Application Data\SAVE BIRD DEAD DART\chicstyle.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [Win32 USB Drivers] navwp32.exe
O4 - HKLM\..\Run: [Remote Procedure Calls] mswinrpc.exe
O4 - HKLM\..\Run: [ntfsmonitorpro] ntfs64.exe
O4 - HKLM\..\Run: [Win32 USB2] serves32.exe
O4 - HKLM\..\Run: [Windows32 Messenger Service] msmsgv.exe
O4 - HKLM\..\Run: [Windows Messenger Service] winsmsgr.exe
O4 - HKLM\..\Run: [Device] C:\sock.exe
O4 - HKLM\..\Run: [DarKNesS LsasS] LsasS23.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] qkqxcevmlc.exe
O4 - HKLM\..\RunServices: [Windows System Client] winvsc.exe
O4 - HKLM\..\RunServices: [Sysino] lsess.exe
O4 - HKLM\..\RunServices: [Microsoft Server Applacations] qsosrv.exe
O4 - HKLM\..\RunServices: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunServices: [Sys32Xp Updater] sys32xp.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunServices: [USB Device] win32usb.exe
O4 - HKLM\..\RunServices: [Microsoft Services] C:\WINDOWS\System32\bsc32.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Microsoft Intrenet Explorer] winadh.exe
O4 - HKLM\..\RunServices: [M1cr0s0ft S3rcurity] systemconfig.exe
O4 - HKLM\..\RunServices: [] hw32.exe /n /fh /r wupd32.exe
O4 - HKLM\..\RunServices: [microsoft sbaedr update] sbaedr.exe
O4 - HKLM\..\RunServices: [Win32 Secure Updates] smrss.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\RunServices: [Win32 USB Drivers] navwp32.exe
O4 - HKLM\..\RunServices: [Remote Procedure Calls] mswinrpc.exe
O4 - HKLM\..\RunServices: [ntfsmonitorpro] ntfs64.exe
O4 - HKLM\..\RunServices: [Win32 USB2] serves32.exe
O4 - HKLM\..\RunServices: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\RunServices: [Windows32 Messenger Service] msmsgv.exe
O4 - HKLM\..\RunServices: [Windows Messenger Service] winsmsgr.exe
O4 - HKLM\..\RunServices: [DarKNesS LsasS] LsasS23.exe
O4 - HKLM\..\RunOnce: [Sysino] lsess.exe
O4 - HKLM\..\RunOnce: [Win32 Secure Updates] smrss.exe
O4 - HKLM\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunOnce: [USB Device] win32usb.exe
O4 - HKLM\..\RunOnce: [Win32 USB Drivers] navwp32.exe
O4 - HKLM\..\RunOnce: [ntfsmonitorpro] ntfs64.exe
O4 - HKLM\..\RunOnce: [Win32 USB2] serves32.exe
O4 - HKCU\..\Run: [Windows System Client] winvsc.exe
O4 - HKCU\..\Run: [WindowsRegKey update] qkqxcevmlc.exe
O4 - HKCU\..\Run: [Sysino] lsess.exe
O4 - HKCU\..\Run: [StoreBall] C:\DOCUME~1\user\APPLIC~1\OneIdle\defaultplan.exe
O4 - HKCU\..\Run: [Win32 Network Driver] crss.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] qsosrv.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [USB Device] win32usb.exe
O4 - HKCU\..\Run: [Sys32Xp Updater] sys32xp.exe
O4 - HKCU\..\Run: [Win32 Secure Updates] smrss.exe
O4 - HKCU\..\Run: [Win32 USB Drivers] navwp32.exe
O4 - HKCU\..\Run: [ntfsmonitorpro] ntfs64.exe
O4 - HKCU\..\Run: [Win32 USB2] serves32.exe
O4 - HKCU\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\Run: [Remote Procedure Calls] mswinrpc.exe
O4 - HKCU\..\Run: [Windows32 Messenger Service] msmsgv.exe
O4 - HKCU\..\RunServices: [Remote Procedure Calls] mswinrpc.exe
O4 - HKCU\..\RunOnce: [Win32 USB Drivers] navwp32.exe
O4 - HKCU\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - HKCU\..\RunOnce: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\RunOnce: [ntfsmonitorpro] ntfs64.exe
O4 - HKCU\..\RunOnce: [Win32 USB2] serves32.exe
O4 - HKCU\..\RunOnce: [Sysino] lsess.exe
O4 - HKCU\..\RunOnce: [Win32 Secure Updates] smrss.exe
O4 - HKCU\..\RunOnce: [USB Device] win32usb.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML

O9 - Extra button: SirSearch - {3239E4EB-C9A5-11D1-A743-00C04F68D537} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O23 - Service: NT login service - Unknown - C:\WINDOWS\System32\libsysmgr.exe


Close all windows except HijackThis and click Fix checked.

While still in Safe Mode*, delete the following: (you may need to show hidden files**)
Note: for files listed without a full path, you shouldbe able to find them, if present, in either C:\Windows\System32\ or C:\Windows\
qkqxcevmlc.exe
winvsc.exe
lsess.exe
qsosrv.exe
crss.exe
sys32xp.exe
scvhosting.exe
csdata32.exe
win32usb.exe
C:\WINDOWS\System32\bsc32.exe
crsss.exe
winadh.exe
systemconfig.exe
wupd32.exe
sbaedr.exe
smrss.exe
C:\WINDOWS\system32\defragfatx.exe
C:\WINDOWS\system32\windns.exe
C:\Documents and Settings\All Users\Application Data\SAVE BIRD DEAD DART\chicstyle.exe
libsysmgr.exe
syslog32.exe
navwp32.exe
mswinrpc.exe
ntfs64.exe
serves32.exe
msmsgv.exe
winsmsgr.exe
C:\sock.exe
LsasS23.exe
qkqxcevmlc.exe
winvsc.exe
C:\DOCUME~1\user\APPLIC~1\OneIdle\defaultplan.exe

*How to Boot into Safe mode: http://service1.symantec.com/SUPPORT/tsgen...001052409420406
**Show Hidden and System files and folders: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot in normal mode.

HiJackThis version 199.0 is now available.
If you do not already have it installed, download it from here:
http://www.computercops.biz/downloads-file-328.html
http://tomcoyote.org/hjt/

Run HiJackThis again and post a new log in this thread.

Ok I did the above and this is what I got in normal mode...

Logfile of HijackThis v1.99.0
Scan saved at 5:11:21 PM, on 2/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\ansyslmd.exe
E:\ESM2\eEBSVC.exe
E:\ESM2\SAgent2.exe
C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\HP_DeskJet_500.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ICQ\ICQNet.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\devldr32.exe
E:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
E:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\jijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://rohprhebmgdjapynxas.info/NC6CdJ0DuIfNF0ViVff__8DDoKUKrA3Stj43nJPAnKA.cgi"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\fo2larsi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\fo2larsi.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\RunServices: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\Run: [Yahoo! Pager] E:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: EPSON Background Monitor.lnk = E:\ESM2\STMS.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = E:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - E:\ESM2\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown - E:\ESM2\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - E:\ESM2\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe

Erm....is my log ok now? As in nothings wrong with the one generated in normal mode?

At last, your system is clean and free of spyware! Want to keep it that way?

Here are some simple steps you can take to reduce the chance of infection in the future.

1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and Internet Explorer. The first defense against infection is a properly patched Operating System.
a. Windows Update: http://v5.windowsupdate.microsoft.com/en/default.asp

2. Adjust your security settings for ActiveX:]
Go to Internet Options/Security/Internet, press 'default level', then OK. Now press "Custom Level."
In the ActiveX section:
Set the first option, 'Download signed controls', to 'Prompt.
Set the second option, 'Download unsigned controls', to 'Disable'.
Finally, set 'Initialize and Script ActiveX controls not marked as safe to 'Disable'.

3. Download and install the following free programs
a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
b. IE/Spyad: https://netfiles.uiuc.edu/ehowes/www/resource.htm
c. BHODemon: http://www.definitivesolutions.com/bhodemon.htm
d. Bugoff: http://tools.zerosrealm.com/bugoff.zip

4. Install Spyware Detection and Removal Programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
a. AdAware: http://www.lavasoft.de/]http://www.lavasoft.de/
b. Spybot S&D: http://security.kolla.de/index.php?lang=en&page=download

If you use, or plan on using, additional spyware/malware detection and/or removal programs, please check Items 8 and 9.

5. Install 'Spoofstick"
Spoofstick is a simple browser extension that helps users detect spoofed (fake) websites. This extension is free and installs in Internet Explorer and Mozilla Firefox.
a. http://www.corestreet.com/spoofstick

6. Reset System Restore
If you are using Windows ME or Windows XP, please reset your System Restore. See Windows help for information.

7. Clean Temporary Files and Folders
Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the bottom of the fly out window. On the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.

Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin

Click OK and Disk Cleanup will delete those files for you.

8. Rogue/Suspect Anti-Spyware
Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link: http://www.spywarewarrior.com/rogue_anti-spyware.htm

9. Anti-Spyware Programs Compared
Want to know just how effective your anti-spyware program is? Wonder how well any of the "rogue" programs listed above work? Check this link for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm

10. Alternate Browser
Consider using an alternate browser as your default. I recommend and use Firefox as my primary browser. It is still necessary to keep Internet Explorer current and protected in order to use Windows Update.


For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link: http://forum.gladiator-antivirus.com/index...?showtopic=9857

"It is your responsibility to read and adhere to the End User Licensing Agreement (EULA) of all software and services mentioned."

Good luck, and thanks for coming to our forums for help with your security and malware issues.

Hey guys, thanks for the help. Besides being cleared of spyware, is my system also cleared of any viruses or worms? Cos I still cant open up my sygate personal firewall although my norton now works in normal mode...

Nothing showing in your log.

You might want to do an Online AV scan to double check for virus/trojans that do not show in the log, if any.

Please go here and do an AV scan at one (preferably two) of the following:
Panda's Active Scan
http://www.pandasoftware.com/activescan/co...n_principal.htm

Trend Micro (PC-cillin) - Free on-line Scan
http://housecall.antivirus.com


eTrust AV web scanner (Computer Associates)
http://www3.ca.com/virusinfo/virusscan.aspx

Ah LPP, thanks for your reply....just 2 things...

if I connect to my internet b4 I use the online AV scan will I be hot by more spyware etc?

And which free firewall would you recommend I download and install...if I should in the first place...

For ease of use and protection, use ZoneALarm free firewall.

As long as you have your AV and associated programs running, you can connect to the internet before running an online scan,.