Dear cryptopsy,

I want to try to get the SilentRunners application to run. I will give you a couple of steps to follow, however, if you don't get it to run, don't worry about it, because I have more important stuff for you to do in future posts.

I want you to search for two files on your computer, they are "scrrun.dll" and "wshom.ocx", they should be located in the "C:\windows\system" directory. If you find these files, I want you to "register" these two files. To register these files, go To Start -> Run and then type in the following for each file:



if you can get both files to be registered, then try running the "SlientRunners" application to see if works. See the following link on how to register and unregister a .dll and ocx file: http://cuinl.tripod.com/Tips/ocxtip.htm.

The following article is similiar to the problems you are facing when running the SlientRunners application: http://www.msusenet.com/archive/index.php/t-2346708.html.

Note: Remember just run through the above steps, if it doesn't work, don't worry about it because you have most of the important anti-spyware applications running correctly.

Let me know in detail, if the the above steps worked in getting the SlientRunners application to function properly.

rambro

Dear cryptopsy

On second thought, don't execute the last post I gave you. Just reply back to me that you received this e-mail.

rambro

I have read your last two pasts and not executed any of the steps you outlined.

I was looking in my c drive and noticed the folder !submit. I then went into the folder and noticed the same 10 files sitting in there as you specified to delete in post 15 of:

NDNuninstall4_88.exe
NDNuninstall4_34.exe
NDNuninstall4_94.exe
NDNuninstall5_20.exe
NDNuninstall5_40.exe
NDNuninstall5_48.exe
NDNuninstall6_10.exe
NDNuninstall6_22.exe
NDNuninstall6_38.exe
FSG.exe

When you told me to delete these files in post 15 using killbox i did so and they disappeared. However this was from the location C:\Windows. I searched my C: drive for these files using the find files or folders function, and the only location it came up with was C:\!Submit as i found.

Should i delete these files the same way as in post 15 using safe mode and killbox?

Dear cryptopsy,

I would like you to do a further cleanup on your computer. But first I would like you to save a copy of your present registry to your desktop in case of any problems that might occur. Here is how it is done:

Back up your current registry

1) Click on the Start button.

2) From the menu that appears, choose Run.

3) In the window that appears, there is a text area labeled Open. In that area, type "regedit" (without the quotation marks").

4) Click the OK button (or hit the Enter or Return key on your keyboard).

5) The Registry Editor window should open.

6) If My Computer is not highlighted, click on it once so that it is highlighted.

7) On the menu bar, click on Registry and then click on Export Registry File.

8) The Export Registry File window will appear. In the Save In drop-down box at the top, choose Desktop.

9) In the File Name box at the bottom, type "backup" (without the quotation marks), then click the Save button.

10) A backup copy of the entire registry will now be saved to your desktop in case something goes wrong.

Notes:

* To restore the registry from the backup file you made, follow the same steps as above, but in step 2 choose Import Registry File instead of Export Registry File. Or, alternatively, you could double-click on the backup file on the desktop and answer Yes when it asks if you want to import the information into the registry.
* Once you've made changes to the registry and you are sure that you no longer need the backup file you made, simply delete it from the desktop.

See the following link: http://helpdesk.umd.edu/topics/troubleshoo...ndows_2000/555/. Pay attention to the following sections: Starting the Registry Editor and Backing Up the Registry.
****************************

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

• Click the "Free Trial" link on the right - next to "SpySweeper for Home Computers" to download the program.
• Double-click the file to install it as follows:
  • Click "Next", read the agreement, Click "Next"
  • Choose "Custom" click "Next".
  • Leave the default installation directoy as it is, then click "Next".
  • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
  • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
  • Finally, click "Install"
• Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click "Yes".
• Once the definitions are installed, click "Sweep Now" on the left side.
• Click the "Start" button.
• When it's done scanning, click the "Next" button.
• Make sure everything has a check next to it, then click the "Next" button.
• It will remove all of the items found.
• Click "Session Log" in the upper right corner, copy everything in that window.
• Click the Summary tab and click "Finish".
• Paste the contents of the session log you copied into your next reply.

Plus also do this:

To disable SpySweeper Shields

• Click "Shields" on the left.
• Click "Internet Explorer" and uncheck all items.
• Click "Windows System" and uncheck all items.
• Click "Startup Programs" and uncheck all items.
• Exit Spysweeper.

See the following link: http://www.geekstogo.com/forum/WebRoot_Spy...er-t43688.html#

Please restart your computer and then post a new HijackThis log, along with the log from the SpySweeper application.

In addition, let me know in detail how your computer system is running after performing the above steps.

Had trouble posting the last post.

This post has been edited by rambro: Jul 27 2005, 06:04 AM

Had trouble posting the last post.

This post has been edited by rambro: Jul 27 2005, 06:05 AM

My computer is still running fine. After using spysweeper i noticed the file fsg.exe under C:\!Submit had been deleted but the nine NDNuninstall files i specified in my last post are still there.


Here is my spysweeper log:

********
16:12: |··· Start of Session, Thursday, 28 July 2005 ···|
16:12: Spy Sweeper started
16:12: Sweep initiated using definitions version 506
16:12: Starting Memory Sweep
16:12: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MSGSRV32.EXE
16:12: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MMTASK.TSK
16:14: Warning: Failed to load image: C:\WINDOWS\RUNDLL.EXE
16:15: Memory Sweep Complete, Elapsed Time: 00:03:13
16:15: Starting Registry Sweep
16:15: Found Adware: altnet
16:15: HKLM\altnet\ (2 subtraces) (ID = 103447)
16:16: Found Adware: gozilla
16:16: HKCR\clsid\{7486d4f4-8fbd-11d2-bbbe-00609419f467}\ (5 subtraces) (ID = 126956)
16:16: HKCR\clsid\{8a9aefe1-924a-11d1-91bf-bc1505c10000}\ (5 subtraces) (ID = 126957)
16:16: Found Adware: keenvalue/perfectnav
16:16: HKLM\software\perfectnav\ (1 subtraces) (ID = 129516)
16:16: Found Adware: locators toolbar
16:16: HKU\.DEFAULT\software\microsoft\internet explorer\toolbar\webbrowser\ || {8e718888-423f-11d2-876e-00a0c9082467} (ID = 129809)
16:16: HKU\WRSS_Profile_family\software\microsoft\internet explorer\toolbar\webbrowser\ || {8e718888-423f-11d2-876e-00a0c9082467} (ID = 129809)
16:16: Found Adware: psguard desktop hijacker
16:16: HKLM\software\microsoft\windows\currentversion\uninstall\internet update\ (2 subtraces) (ID = 136964)
16:16: Found Adware: tubby toolbar
16:16: HKU\.default\software\mtc mtc\ (2 subtraces) (ID = 145205)
16:16: HKU\.DEFAULT\software\mtc mtc\ (2 subtraces) (ID = 145274)
16:16: Found Adware: winad
16:16: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadservx.dll\ (2 subtraces) (ID = 147195)
16:16: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\winadservx.dll (ID = 147224)
16:16: Registry Sweep Complete, Elapsed Time:00:01:25
16:16: Starting Cookie Sweep
16:16: Found Spy Cookie: paypal cookie
16:16: family@www.paypal[2].txt (ID = 3118)
16:16: Found Spy Cookie: com.com cookie
16:16: family@ffxcam.fairfax.com[2].txt (ID = 2446)
16:16: family@ffxcam.smh.com[2].txt (ID = 2446)
16:16: Found Spy Cookie: 2o7.net cookie
16:16: family@112.2o7[2].txt (ID = 1958)
16:16: family@campaigns.f2.com[2].txt (ID = 2446)
16:16: Found Spy Cookie: go.com cookie
16:16: family@go[1].txt (ID = 2728)
16:16: family@ad2.pamedia.com[1].txt (ID = 2446)
16:16: Found Spy Cookie: screensavers.com cookie
16:16: family@www.screensavers[1].txt (ID = 3298)
16:16: family@i.screensavers[2].txt (ID = 3298)
16:16: family@soccernet.espn.go[2].txt (ID = 2729)
16:16: Cookie Sweep Complete, Elapsed Time: 00:00:02
16:16: Starting File Sweep
16:17: Warning: Failed to open file "c:\win386.swp". The process cannot access the file because
it is being used by another process
16:30: Found Adware: bonzi buddy
16:30: bbshortcut.ico (ID = 51620)
16:30: mtc.ini (ID = 81586)
16:31: Found System Monitor: onflow
16:31: ieonflow.dll (ID = 71512)
16:31: nponflow.dll (ID = 71513)
16:31: onflowplayer0.dll (ID = 71515)
16:31: onflowreport.exe (ID = 71516)
16:31: winadservx.dll.tcf (ID = 90459)
16:34: Warning: Failed to open file "c:\program files\kazaa\my shared folder\download11056230433105299.". The system cannot find the file specified
16:38: Warning: Failed to open file "c:\geoff\geoff's games\millennium games\marcador\espa_a.bmp". The system cannot find the file specified
16:38: Found Adware: diamond deal casino
16:38: replacer.exe (ID = 59030)
16:38: gdigraphdriver.dll (ID = 59022)
16:38: wavesounddriver.dll (ID = 59043)
16:38: directsounddriver.dll (ID = 59020)
16:38: common.dll (ID = 59016)
16:38: mblackjack.dll (ID = 59028)
16:38: slotmachines.dll (ID = 59031)
16:38: back.z (ID = 58992)
16:38: card_1.3d (ID = 58994)
16:38: card_1b.3d (ID = 58995)
16:39: slots3reel_reel0.slt (ID = 59033)
16:39: slots3reel_reel1.slt (ID = 59034)
16:39: slots3reel_reel2.slt (ID = 59035)
16:39: slots5reel-reel0.slt (ID = 59036)
16:39: slots5reel-reel1.slt (ID = 59037)
16:39: slots5reel-reel2.slt (ID = 59038)
16:39: slots5reel-reel3.slt (ID = 59039)
16:39: slots5reel-reel4.slt (ID = 59040)
16:39: card_away_center.ani (ID = 58996)
16:39: card_away_dealer.ani (ID = 58997)
16:39: card_away_left.ani (ID = 58998)
16:39: card_away_right.ani (ID = 58999)
16:39: card_draw_center.ani (ID = 59000)
16:39: card_draw_dealer.ani (ID = 59001)
16:39: card_draw_dealer_face_down.ani (ID = 59002)
16:39: Found Adware: gain-supported software
16:39: fsg.exe (ID = 61353)
16:39: card_draw_left.ani (ID = 59003)
16:39: card_draw_right.ani (ID = 59004)
16:39: card_flip.ani (ID = 59005)
16:39: card_peek_dealer_down.ani (ID = 59006)
16:39: card_peek_dealer_up.ani (ID = 59007)
16:39: card_stand_center.ani (ID = 59008)
16:39: card_stand_dealer.ani (ID = 59009)
16:39: card_stand_left.ani (ID = 59010)
16:39: card_stand_right.ani (ID = 59011)
16:39: reel.wav (ID = 59029)
16:39: File Sweep Complete, Elapsed Time: 00:22:31
16:39: Full Sweep has completed. Elapsed time 00:27:14
16:39: Traces Found: 85
16:43: Removal process initiated
16:43: Quarantining All Traces: altnet
16:43: Quarantining All Traces: gozilla
16:43: Quarantining All Traces: keenvalue/perfectnav
16:43: Quarantining All Traces: locators toolbar
16:43: Quarantining All Traces: psguard desktop hijacker
16:43: Quarantining All Traces: tubby toolbar
16:43: Quarantining All Traces: winad
16:43: Quarantining All Traces: paypal cookie
16:43: Quarantining All Traces: com.com cookie
16:43: Quarantining All Traces: 2o7.net cookie
16:43: Quarantining All Traces: go.com cookie
16:43: Quarantining All Traces: screensavers.com cookie
16:43: Quarantining All Traces: bonzi buddy
16:43: Quarantining All Traces: onflow
16:43: Quarantining All Traces: diamond deal casino
16:43: Quarantining All Traces: gain-supported software
16:44: Removal process completed. Elapsed time 00:01:05
********
15:58: |··· Start of Session, Thursday, 28 July 2005 ···|
15:58: Spy Sweeper started
16:03: Your spyware definitions have been updated.
16:12: |··· End of Session, Thursday, 28 July 2005 ···|



Here is my hijackthis log:

ogfile of HijackThis v1.99.1
Scan saved at 16:52:57, on 28/07/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MOUSE\AMOUMAIN.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\GEOFF\FIXING COMPUTER\PROGRAMMES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NInit] C:\Program Files\Norton SystemWorks\Norton Uninstall\NINIT.EXE
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [DLF_00001000] C:\WINDOWS\SYSTEM\Vcdlf.exe /c
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TVWatch] C:\WINDOWS\SYSTEM\TVWatch.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.yahoo.com/v/yacscom.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.fhm.com/girls/zoomify/download/zoomify138.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Dear cryptopsy,

Please rerun the MWAV antivirus tool. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window in a reply to this post.

Please restart your computer and then post a new HijackThis log, along with the log from the MWAV antivirus tool application.

In addition, let me know in detail how your computer system is running after performing the above steps.

My computer is running fine. Here is my mwav log:

Object "altnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "isearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\scrrun.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MusicMatch\MusicMatch Jukebox\ATL.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{32DA2B15-CFED-11D1-B747-00C04FC2B085}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0CF774D0-F077-11D1-B1BC-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0CF774D1-F077-11D1-B1BC-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{85131630-480C-11D2-B1F9-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{85131631-480C-11D2-B1F9-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DB40C160-09A1-11D3-BAF2-000000000000}" refers to invalid object "C:\Program Files\ICQ\IExplorerMime.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{f802f260-519b-11d1-bb5d-0060974c6013}" refers to invalid object "C:\Program Files\ICQ\ICQShell.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EDDC2226-92A4-11D2-88F2-00104B3E670E}" refers to invalid object "C:\PROGRA~1\ICQ\AGENT\ICQWEB~1.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{19A34456-852D-11D2-88E8-00104B3E670E}" refers to invalid object "C:\PROGRA~1\ICQ\AGENT\ICQWEB~1.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BC55995C-D9F9-11D2-8A45-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQFTLIB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BC55995F-D9F9-11D2-8A45-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQFTLIB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ABA40B01-DDD6-11D1-B674-006097E1E294}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQSMLIB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A25884D1-CFF7-11D2-8A42-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQSMLIB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7392459A-C4AC-11D2-BF33-00104B2794E7}" refers to invalid object "C:\PROGRA~1\ICQ\MCTICKER.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{73924599-C4AC-11D2-BF33-00104B2794E7}" refers to invalid object "C:\PROGRA~1\ICQ\MCTICKER.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D116A2F3-8380-11D2-A147-00104B9B4C0E}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQP3C.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5D28581-CA46-11d2-A150-00104B9B4C0E}" refers to invalid object "C:\PROGRAM FILES\ICQ\POP3.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D26BB11A-2890-11D3-AF1A-0090270D8D35}" refers to invalid object "C:\PROGRA~1\ICQ\STREAM~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{483BE501-E42A-11D1-B679-006097E1E294}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C116523-3028-11D2-8A05-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C116522-3028-11D2-8A05-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FEA9C971-B6B6-11D2-8A38-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0659DDD1-FAC8-11D2-ACB6-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{31D6F701-0B27-11D3-ACB8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{30C8A6E1-351E-11D2-8A0B-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{302B93B5-9014-11D2-ACA5-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E37C97F1-904F-11D2-ACA5-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6E8A9A21-BE9A-11D2-ACAE-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C031D0D1-312C-11D2-8A09-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9C457A31-C68D-11D2-8A3C-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{980556F1-3128-11D2-8A09-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{08D781E1-3129-11D2-8A09-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E9AF8C17-BB5B-11D2-ACAE-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36C1F411-ABB1-11D2-ACA8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36C1F412-ABB1-11D2-ACA8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36C1F413-ABB1-11D2-ACA8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{25516251-CFE3-11D2-ACB0-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{25516252-CFE3-11D2-ACB0-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E9AF8C14-BB5B-11D2-ACAE-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CC772B71-2F0C-11D3-AF13-0090270D89AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CC772B72-2F0C-11D3-AF13-0090270D89AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB5122E3-2F91-11D3-AF14-0090270D89AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3D4E5C2-4990-11D3-ADDF-0090271A8BEA}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\ICQMAIL\ICQMAIL.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{104DD9C3-402D-11D3-AF32-0090271A8BEA}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\ICQMAIL\ICQMAIL.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{104DD9C5-402D-11D3-AF32-0090271A8BEA}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\ICQMAIL\ICQMAIL.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99B4815C-2008-11d3-AF17-0090270D6DEC}" refers to invalid object "C:\PROGRA~1\ICQ\ALAGENT.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\WINDOWS\SYSTEM\MFC42.1". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\WINDOWS\SYSTEM\MFC42.1". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\WINDOWS\SYSTEM\MFC42.1". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DCB06047-D907-11D1-9DF0-006097E09FDB}" refers to invalid object "C:\PROGRA~1\CASINO~1\CHIPCTRL.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DCB06046-D907-11D1-9DF0-006097E09FDB}" refers to invalid object "C:\PROGRA~1\CASINO~1\CHIPCTRL.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{43D94B25-2B3C-4635-93DE-3240327DC9CD}" refers to invalid object "C:\PROGRA~1\MESSEN~1\MCMESS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0B76AB44-9926-48b3-8738-D864D8E1BE5F}" refers to invalid object "C:\PROGRA~1\MESSEN~1\MCMESS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A1491A15-2BFE-4094-B631-2871FCD35B3B}" refers to invalid object "C:\PROGRA~1\MESSEN~1\MCMESS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2482B240-E979-11D9-9A77-4445726C1340}" refers to invalid object "C:\WINDOWS\SYSTEM\KFFA.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.



Here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 14:50:34, on 29/07/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MOUSE\AMOUMAIN.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\GEOFF\FIXING COMPUTER\PROGRAMMES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NInit] C:\Program Files\Norton SystemWorks\Norton Uninstall\NINIT.EXE
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [DLF_00001000] C:\WINDOWS\SYSTEM\Vcdlf.exe /c
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TVWatch] C:\WINDOWS\SYSTEM\TVWatch.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.yahoo.com/v/yacscom.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.fhm.com/girls/zoomify/download/zoomify138.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Dear cryptopsy,

I would like you to download a registry cleaner to do a further cleanup on your computer. However, I would like you to save a copy of your present registry to your desktop in case of any problems that might occur. Repeat the steps I gave you for saving your registry to your desktop, however in "Step 9", type in "backup1", so that you do not delete the previous version of your registry that you saved to your desktop (i.e. backup.reg).

Download and run RegSupreme version 1.1 from the following link: http://www.webmasterfree.com/regcleaner.html. Let it run the "normal scan" and then select the registry values you want to delete.

Next, please rerun the MWAV antivirus tool. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window in a reply to this post.

Please restart your computer and then post a new HijackThis log, along with the log from the MWAV antivirus tool application.

In addition, let me know in detail how your computer system is running after performing the above steps.

My computer is running fine. Here is my mwav log:

Object "altnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "isearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\scrrun.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MusicMatch\MusicMatch Jukebox\ATL.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{32DA2B15-CFED-11D1-B747-00C04FC2B085}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0CF774D0-F077-11D1-B1BC-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0CF774D1-F077-11D1-B1BC-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{85131630-480C-11D2-B1F9-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{85131631-480C-11D2-B1F9-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DB40C160-09A1-11D3-BAF2-000000000000}" refers to invalid object "C:\Program Files\ICQ\IExplorerMime.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{f802f260-519b-11d1-bb5d-0060974c6013}" refers to invalid object "C:\Program Files\ICQ\ICQShell.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EDDC2226-92A4-11D2-88F2-00104B3E670E}" refers to invalid object "C:\PROGRA~1\ICQ\AGENT\ICQWEB~1.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{19A34456-852D-11D2-88E8-00104B3E670E}" refers to invalid object "C:\PROGRA~1\ICQ\AGENT\ICQWEB~1.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BC55995C-D9F9-11D2-8A45-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQFTLIB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BC55995F-D9F9-11D2-8A45-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQFTLIB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ABA40B01-DDD6-11D1-B674-006097E1E294}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQSMLIB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A25884D1-CFF7-11D2-8A42-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQSMLIB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7392459A-C4AC-11D2-BF33-00104B2794E7}" refers to invalid object "C:\PROGRA~1\ICQ\MCTICKER.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{73924599-C4AC-11D2-BF33-00104B2794E7}" refers to invalid object "C:\PROGRA~1\ICQ\MCTICKER.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D116A2F3-8380-11D2-A147-00104B9B4C0E}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQP3C.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5D28581-CA46-11d2-A150-00104B9B4C0E}" refers to invalid object "C:\PROGRAM FILES\ICQ\POP3.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D26BB11A-2890-11D3-AF1A-0090270D8D35}" refers to invalid object "C:\PROGRA~1\ICQ\STREAM~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{483BE501-E42A-11D1-B679-006097E1E294}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C116523-3028-11D2-8A05-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C116522-3028-11D2-8A05-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FEA9C971-B6B6-11D2-8A38-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0659DDD1-FAC8-11D2-ACB6-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{31D6F701-0B27-11D3-ACB8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{30C8A6E1-351E-11D2-8A0B-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{302B93B5-9014-11D2-ACA5-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E37C97F1-904F-11D2-ACA5-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6E8A9A21-BE9A-11D2-ACAE-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C031D0D1-312C-11D2-8A09-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9C457A31-C68D-11D2-8A3C-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{980556F1-3128-11D2-8A09-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{08D781E1-3129-11D2-8A09-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E9AF8C17-BB5B-11D2-ACAE-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36C1F411-ABB1-11D2-ACA8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36C1F412-ABB1-11D2-ACA8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36C1F413-ABB1-11D2-ACA8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{25516251-CFE3-11D2-ACB0-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{25516252-CFE3-11D2-ACB0-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E9AF8C14-BB5B-11D2-ACAE-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CC772B71-2F0C-11D3-AF13-0090270D89AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CC772B72-2F0C-11D3-AF13-0090270D89AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB5122E3-2F91-11D3-AF14-0090270D89AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3D4E5C2-4990-11D3-ADDF-0090271A8BEA}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\ICQMAIL\ICQMAIL.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{104DD9C3-402D-11D3-AF32-0090271A8BEA}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\ICQMAIL\ICQMAIL.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{104DD9C5-402D-11D3-AF32-0090271A8BEA}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\ICQMAIL\ICQMAIL.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99B4815C-2008-11d3-AF17-0090270D6DEC}" refers to invalid object "C:\PROGRA~1\ICQ\ALAGENT.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\WINDOWS\SYSTEM\MFC42.1". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\WINDOWS\SYSTEM\MFC42.1". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\WINDOWS\SYSTEM\MFC42.1". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DCB06047-D907-11D1-9DF0-006097E09FDB}" refers to invalid object "C:\PROGRA~1\CASINO~1\CHIPCTRL.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DCB06046-D907-11D1-9DF0-006097E09FDB}" refers to invalid object "C:\PROGRA~1\CASINO~1\CHIPCTRL.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{43D94B25-2B3C-4635-93DE-3240327DC9CD}" refers to invalid object "C:\PROGRA~1\MESSEN~1\MCMESS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0B76AB44-9926-48b3-8738-D864D8E1BE5F}" refers to invalid object "C:\PROGRA~1\MESSEN~1\MCMESS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A1491A15-2BFE-4094-B631-2871FCD35B3B}" refers to invalid object "C:\PROGRA~1\MESSEN~1\MCMESS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2482B240-E979-11D9-9A77-4445726C1340}" refers to invalid object "C:\WINDOWS\SYSTEM\KFFA.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
File C:\!Submit\NDNuninstall4_88.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\!Submit\NDNuninstall4_34.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\!Submit\NDNuninstall4_94.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\!Submit\NDNuninstall5_20.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\!Submit\NDNuninstall5_40.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\!Submit\NDNuninstall5_48.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\!Submit\NDNuninstall6_10.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\!Submit\NDNuninstall6_22.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\!Submit\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.



Here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 16:34:35, on 31/07/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MOUSE\AMOUMAIN.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\GEOFF\FIXING COMPUTER\PROGRAMMES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NInit] C:\Program Files\Norton SystemWorks\Norton Uninstall\NINIT.EXE
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [DLF_00001000] C:\WINDOWS\SYSTEM\Vcdlf.exe /c
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TVWatch] C:\WINDOWS\SYSTEM\TVWatch.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.yahoo.com/v/yacscom.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.fhm.com/girls/zoomify/download/zoomify138.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Dear cryptopsy,

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

Please reboot your computer into Safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). For additional help in booting into Safe Mode, see the following site: http://www.pchell.com/support/safemode.shtml
*****************************************************

1) Once in Safe Mode, please run Killbox.

2)In the main screen of Pocket KillBox, go to Tools in the top menu bar, and select: Delete Temp Files.

3) Select "Delete on Reboot".

4) Copy the file names below to the clipboard by highlighting them and pressing Control-C:


C:\!Submit\NDNuninstall4_88.exe
C:\!Submit\NDNuninstall4_34.exe
C:\!Submit\NDNuninstall4_94.exe
C:\!Submit\NDNuninstall5_20.exe
C:\!Submit\NDNuninstall5_40.exe
C:\!Submit\NDNuninstall5_48.exe
C:\!Submit\NDNuninstall6_10.exe
C:\!Submit\NDNuninstall6_22.exe
C:\!Submit\NDNuninstall6_38.exe


5) Return to Killbox, go to the File menu, and choose "Paste from Clipboard". Now you will see, this is pasted in the "Full Path of File to Delete" field. There's a little arrow (dropdown-arrow) next to that field. If you expand it, these lines must be there together!

6) Click the red-and-white "Delete File" button.
Click "Ok" at the Delete on Reboot prompt.
Click "Ok" at the Reboot needed prompt.

Restart your computer in normal mode.

As a double check, see if some of the above files were in fact deleted and let me know if they were deleted.
**************************************

Next, please rerun the MWAV antivirus tool. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window in a reply to this post.

Please restart your computer and then post a new HijackThis log, along with the log from the MWAV antivirus tool application.

In addition, let me know in detail how your computer system is running after performing the above steps.

I deleted the specified files using killbox and they have stayed deleted. My computer is running fine, here is my mwav log:

Object "altnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "isearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\scrrun.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MusicMatch\MusicMatch Jukebox\ATL.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{32DA2B15-CFED-11D1-B747-00C04FC2B085}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0CF774D0-F077-11D1-B1BC-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0CF774D1-F077-11D1-B1BC-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{85131630-480C-11D2-B1F9-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{85131631-480C-11D2-B1F9-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DB40C160-09A1-11D3-BAF2-000000000000}" refers to invalid object "C:\Program Files\ICQ\IExplorerMime.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{f802f260-519b-11d1-bb5d-0060974c6013}" refers to invalid object "C:\Program Files\ICQ\ICQShell.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EDDC2226-92A4-11D2-88F2-00104B3E670E}" refers to invalid object "C:\PROGRA~1\ICQ\AGENT\ICQWEB~1.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{19A34456-852D-11D2-88E8-00104B3E670E}" refers to invalid object "C:\PROGRA~1\ICQ\AGENT\ICQWEB~1.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BC55995C-D9F9-11D2-8A45-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQFTLIB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BC55995F-D9F9-11D2-8A45-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQFTLIB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ABA40B01-DDD6-11D1-B674-006097E1E294}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQSMLIB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A25884D1-CFF7-11D2-8A42-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQSMLIB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7392459A-C4AC-11D2-BF33-00104B2794E7}" refers to invalid object "C:\PROGRA~1\ICQ\MCTICKER.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{73924599-C4AC-11D2-BF33-00104B2794E7}" refers to invalid object "C:\PROGRA~1\ICQ\MCTICKER.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D116A2F3-8380-11D2-A147-00104B9B4C0E}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQP3C.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5D28581-CA46-11d2-A150-00104B9B4C0E}" refers to invalid object "C:\PROGRAM FILES\ICQ\POP3.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D26BB11A-2890-11D3-AF1A-0090270D8D35}" refers to invalid object "C:\PROGRA~1\ICQ\STREAM~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{483BE501-E42A-11D1-B679-006097E1E294}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C116523-3028-11D2-8A05-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C116522-3028-11D2-8A05-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FEA9C971-B6B6-11D2-8A38-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0659DDD1-FAC8-11D2-ACB6-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{31D6F701-0B27-11D3-ACB8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{30C8A6E1-351E-11D2-8A0B-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{302B93B5-9014-11D2-ACA5-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E37C97F1-904F-11D2-ACA5-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6E8A9A21-BE9A-11D2-ACAE-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C031D0D1-312C-11D2-8A09-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9C457A31-C68D-11D2-8A3C-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{980556F1-3128-11D2-8A09-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{08D781E1-3129-11D2-8A09-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E9AF8C17-BB5B-11D2-ACAE-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36C1F411-ABB1-11D2-ACA8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36C1F412-ABB1-11D2-ACA8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36C1F413-ABB1-11D2-ACA8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{25516251-CFE3-11D2-ACB0-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{25516252-CFE3-11D2-ACB0-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E9AF8C14-BB5B-11D2-ACAE-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CC772B71-2F0C-11D3-AF13-0090270D89AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CC772B72-2F0C-11D3-AF13-0090270D89AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB5122E3-2F91-11D3-AF14-0090270D89AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3D4E5C2-4990-11D3-ADDF-0090271A8BEA}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\ICQMAIL\ICQMAIL.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{104DD9C3-402D-11D3-AF32-0090271A8BEA}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\ICQMAIL\ICQMAIL.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{104DD9C5-402D-11D3-AF32-0090271A8BEA}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\ICQMAIL\ICQMAIL.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99B4815C-2008-11d3-AF17-0090270D6DEC}" refers to invalid object "C:\PROGRA~1\ICQ\ALAGENT.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\WINDOWS\SYSTEM\MFC42.1". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\WINDOWS\SYSTEM\MFC42.1". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\WINDOWS\SYSTEM\MFC42.1". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DCB06047-D907-11D1-9DF0-006097E09FDB}" refers to invalid object "C:\PROGRA~1\CASINO~1\CHIPCTRL.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DCB06046-D907-11D1-9DF0-006097E09FDB}" refers to invalid object "C:\PROGRA~1\CASINO~1\CHIPCTRL.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{43D94B25-2B3C-4635-93DE-3240327DC9CD}" refers to invalid object "C:\PROGRA~1\MESSEN~1\MCMESS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0B76AB44-9926-48b3-8738-D864D8E1BE5F}" refers to invalid object "C:\PROGRA~1\MESSEN~1\MCMESS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A1491A15-2BFE-4094-B631-2871FCD35B3B}" refers to invalid object "C:\PROGRA~1\MESSEN~1\MCMESS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2482B240-E979-11D9-9A77-4445726C1340}" refers to invalid object "C:\WINDOWS\SYSTEM\KFFA.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.



Here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 17:37:36, on 1/08/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MOUSE\AMOUMAIN.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\GEOFF\FIXING COMPUTER\PROGRAMMES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NInit] C:\Program Files\Norton SystemWorks\Norton Uninstall\NINIT.EXE
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [DLF_00001000] C:\WINDOWS\SYSTEM\Vcdlf.exe /c
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TVWatch] C:\WINDOWS\SYSTEM\TVWatch.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.yahoo.com/v/yacscom.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.fhm.com/girls/zoomify/download/zoomify138.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Dear cryptopsy,

Your HijackThis log is clean.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:

• How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
• How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

• Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
• Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
• IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Google Toolbar <= Get the free google toolbar to help stop pop up windows.

Other necessary Programs:

• AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
• Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
• More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.

And also see TonyKlein's good advice So how did I get infected in the first place? and Spyware Aid's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.

Hopefully this should take care of your problems! Good luck.

This post has been edited by rambro: Aug 1 2005, 08:17 AM