Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unwanted web sites popping up


  • This topic is locked This topic is locked

#31
gonflyn

gonflyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Apparently all the text from that last post didnt all fit?
Let me know if you want me to try to send the rest of it.

Heres the Hijack log anyway.

Logfile of HijackThis v1.99.1
Scan saved at 2:10:23 PM, on 10/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\sprint virtual assistant\bin\mpbtn.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris and Lori Lock\Desktop\Antivirus\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\sprint virtual assistant\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094995388640
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

Advertisements


#32
gonflyn

gonflyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Let me try the complete mwav log again,

Maybe we ran out of space on that last page.


bject "claria Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zango Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "spywarestrike Trojan" found in File System! Action Taken: No Action Taken.
Object "sw Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "locators toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "clipgenie Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerreg scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "claria Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerreg scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "claria Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\gds_deskband.Deskband" refers to invalid object "{38F4C281-2396-424B-8B62-F236B44ADB02}". Action Taken: No Action Taken.
Entry "HKCR\gds_deskband.Deskband.1" refers to invalid object "{38F4C281-2396-424B-8B62-F236B44ADB02}". Action Taken: No Action Taken.
Entry "HKCR\gds_deskband.DeskbandController" refers to invalid object "{CCE15A15-75F9-4F05-AFF0-194FB588D26B}". Action Taken: No Action Taken.
Entry "HKCR\gds_deskband.DeskbandController.1" refers to invalid object "{CCE15A15-75F9-4F05-AFF0-194FB588D26B}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\Office.Desktop.Google.com" refers to invalid object "{FC4482E9-08FC-493a-BA7D-7ED5A6DD0938}". Action Taken: No Action Taken.
Entry "HKCR\PrintViewBar.PrintViewBHO.1" refers to invalid object "{D4E0C464-30CE-4075-9A10-71FD106C2847}". Action Taken: No Action Taken.
Entry "HKCR\SS.SS" refers to invalid object "{1D1B2879-99FF-11E3-8D96-D7ACAC95952A}". Action Taken: No Action Taken.
Entry "HKCR\SS.SS.1" refers to invalid object "{1D1B2879-99FF-11E3-8D96-D7ACAC95952A}". Action Taken: No Action Taken.
Entry "HKCR\SSubTimer6.CTimer" refers to invalid object "{71A27034-C7D8-11D2-BEF8-525400DFB47A}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CTPID.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CTSUEng.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\PROGRA~1\QUICKT~1\PictureViewer.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-cht.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-kor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-esp.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-sve.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-chs.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-tha.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Chs.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Cht.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Esp.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Fra.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Ita.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Kor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Nld.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Ptg.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Csy.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Dan.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Ell.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Esl.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Fin.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Hun.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Nor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Plk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Ptb.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Rus.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Sky.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Slv.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Sve.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Tha.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Trk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_chs.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_cht.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_deu.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_esl.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_esp.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_fra.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_ita.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_jpn.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_kor.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_nld.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_ptg.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_sve.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Ahead\NeroDigital\settings.xml". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Chs.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Cht.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Csy.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Dan.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Ell.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Esl.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Esp.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Fin.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Fra.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Hun.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Ita.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Jpn.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Kor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Nld.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Nor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Plk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Ptb.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Ptg.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Rus.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Sky.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Slv.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Sve.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Tha.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Trk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpodcrop.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpodloc3.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\HPODMmc.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpodskin2.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\HPODThumb.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpodtrim.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\HPODRunTimelineFilter.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\HPODSlideVideoMPEG.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpodaud.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpoddsb.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpodexif.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpodimg3.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpodtrk.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpodvid.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpodae.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpodai.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpodaierr.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpoddoh.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpodmp.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpodmpv.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpodmpv_md.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\hpodxmlutil.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\LeadTools\LCODCCMP.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\LeadTools\LMVClr.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\LeadTools\LMVCrop.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\LeadTools\LMVRGBxf.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\LeadTools\LMVRot.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\LeadTools\LMVRsz.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\LeadTools\LTStlImgRd.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\comp\gdiplus.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\comp\hpdarc.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\comp\hpdtc.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\comp\hphut.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\comp\hpschedr.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\comp\hptminet.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\comp\hpuictls.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\comp\hpuieng.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\comp\hpuihost.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\comp\hpuihtml.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\comp\hpzipmgr.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\soln\HPOSM.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\soln\content\overland-ptce_mr_1_2.hpz". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\soln\xmlreg\HPOSMReg.xml". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Digital Imaging\HP Print Screen\gdiplus.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Digital Imaging\help\hpotap08.010". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\hpcmconf.xml". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\hpcmpmgr.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\hpvaut32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\hpvcp70.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\hpvcr70.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\msxml4.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\msxml4a.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\msxml4r.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\hpcoretech\HPCMConf.dtd". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\Aa1.ICO". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\Alien Arena.bat". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\maps\dm11.bsp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\maps\dm7.bsp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\maps\dm8.bsp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\weapons\g_launch\skin.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\weapons\g_launch\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\gibs\mart_head\skin.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\gibs\mart_head\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\gibs\robot_leg\skin.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\gibs\robot_leg\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\gibs\sm_meat\skin.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\gibs\sm_meat\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\gibs\war_body\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\gibs\war_leg\skin.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\gibs\war_leg\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\gibs\war_tent\skin.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\gibs\war_tent\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\grass\skin.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\grass\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\grass_med\skin.pcx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\grass_med\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\grass_short\skin.pcx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\grass_short\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\head\skin.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\head\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\weapons\g_machn\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\laser\skin.pcx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\laser\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\minelite\light1\skin.pcx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\minelite\light1\skin.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\minelite\light1\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\minelite\light2\skin.pcx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\minelite\light2\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\patient\skin.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\patient\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\rocket\skin.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\rocket\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\skele\skin.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\skele\skin2.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\skele\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\skele\tris2.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\skele\tris3.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\weapons\g_rail\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\tube\skin.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\models\objects\tube\tris.md2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\aflash.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\basic.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\beam.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\bflash.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\blaster.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\blood.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\bubble.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\cflash.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\deathfield.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\explosion.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\leaderfield.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\puff.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\r_explod_1.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\r_explod_2.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\r_explod_3.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\r_explod_4.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\r_explod_5.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\r_explod_6.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\r_explod_7.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\ring.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\shell.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\smoke.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\particles\smoke_org.tga". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\arena\gamex86.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\GRENLF1A.WAV". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\GRENLX1A.WAV". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\Grenlb1b.wav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\Grenlr1b.wav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\Machgf1b.wav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\Machgf2b.wav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\Machgf3b.wav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\Machgf4b.wav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\Machgf5b.wav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\ROCKLF1A.WAV". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\ROCKLX1A.WAV". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\Rocklr1b.wav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\Shotgf1b.wav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\biglaser.wav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\blastf1a.wav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\electroball.wav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\energyfield.wav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\hypbrl1a.wav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\hyprbf1a.wav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\lightoff.wav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\CodeRED Alien Arena\data1\sound\weapons\lighton.wav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Win
  • 0

#33
gonflyn

gonflyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Still didnt get it all.
  • 0

#34
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear gonflyn, :whistling:

(Note #2: When you run the MWAV antivirus tool scan, I do not want the log produced when pressing the view log button. When you run this application to scan your computer, you will see two panes or panels. By pressing the "view log button" it will give you the information in the top pane or panel. --> I want you to post the information in the bottom pane or panel <--. The title for the --> bottom pane/panel should say: Virus Log Information <--. Please post the information in the --> bottom pane/panel in a reply to this post <--.)


I am curious, did you give me the whole mwav antivirus tool scan log (which I did not want) or just the information in the "bottom pane or panel" of that MWAV application (which I do want)?

Try also using the "Shift" key to highlight the information in the "Bottom pane or panel" and then using the Ctrl+c key to copy the information and place it in a notepad file or directly in a reply to this post.

rambro :blink:
  • 0

#35
gonflyn

gonflyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Rambro,

Yes that was the info from the bottom panel.
  • 0

#36
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Perform an onlinescan with panda: Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
I'll need the log later

Restart your computer and then please post a new HijackThis log, along with the log from the Panda Online scan.

In addition, let me know in detail how your computer system is running after performing the above steps. :whistling:
  • 0

#37
gonflyn

gonflyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Panda found some stuff. Wouldnt this just be easier if I just smashed my computer to pieces and went out
and bought a new one? :whistling:



Incident Status Location

Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\uninstaller.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected]ch[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][2].txt
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Chris and Lori Lock\Desktop\Antivirus\backups\backup-20061021-162214-790-PowerReg Scheduler.exe
Possible Virus. Not disinfected C:\Documents and Settings\Chris and Lori Lock\setup9X.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Chris and Lori Lock\Start Menu\Programs\Disabled Startup Items\PowerReg Scheduler.exe
Spyware:Spyware/7r7t Not disinfected C:\Program Files\PSDream\Uninstall.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\hbra.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\Locators.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\qwinrpem.exe



====================================================================



Logfile of HijackThis v1.99.1
Scan saved at 7:13:59 PM, on 10/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\sprint virtual assistant\bin\mpbtn.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris and Lori Lock\Desktop\Antivirus\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\sprint virtual assistant\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094995388640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

#38
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear gonflyn, :whistling:

(Note: Please read through these instructions a couple of times before executing the steps in this post.)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop.
******************************

Make sure your PC is configured to show hidden files. Here is how to do this:

Windows XP

* Click "Start".
* Open "My Computer".
* Select the "Tools" menu and click "Folder Options".
* Select the "View" Tab.
* Under the "Hidden files and folders" heading select "Show hidden files and folders".
* Make sure "Hide extensions for known file types" is unchecked
* Uncheck the "Hide protected operating system files (recommended)" option.
* Click "Yes" to confirm.
* Click "OK".

Here is a link for further explanation: http://www.xtra.co.n...1916458,00.html
****************************************

Submit the file "C:\Documents and Settings\Chris and Lori Lock\setup9X.exe" for an online scan at: http://virusscan.jotti.org/. Post the results of the scan in a reply to this post.

Double-click on My Computer and locate the file "setup9X.exe" (this should be located in the C:\Documents and Settings\Chris and Lori Lock\ directory). Right-click on it and choose "Properties", then click on the "Version" tab at the top. Click on "Company", "File Version", "Internal Name", "Language", "Original File name", "Product Name", and "Product Version", and please post whatever the text in the box immediately to the right says for each, in a reply to this post. Also on the "Version" tab, post back to me, what it says for "File Version", "Description" and "Copyright".

Please post the jotti online scan for the "setup9X.exe" file, along with the "properties" of the "setup9X.exe" file. :blink:
***********************************

Submit the file "C:\WINDOWS\System32\hbra.dll" for an online scan at: http://virusscan.jotti.org/. Post the results of the scan in a reply to this post.

Double-click on My Computer and locate the file "hbra.dll" (this should be located in the C:\WINDOWS\System32 directory). Right-click on it and choose "Properties", then click on the "Version" tab at the top. Click on "Company", "File Version", "Internal Name", "Language", "Original File name", "Product Name", and "Product Version", and please post whatever the text in the box immediately to the right says for each, in a reply to this post. Also on the "Version" tab, post back to me, what it says for "File Version", "Description" and "Copyright".

Please post the jotti online scan for the "hbra.dll" file, along with the "properties" of the "hbra.dll" file. :help:
***********************************

Submit the file "C:\WINDOWS\System32\qwinrpem.exe" for an online scan at: http://virusscan.jotti.org/. Post the results of the scan in a reply to this post.

Double-click on My Computer and locate the file "qwinrpem.exe" (this should be located in the C:\WINDOWS\System32 directory). Right-click on it and choose "Properties", then click on the "Version" tab at the top. Click on "Company", "File Version", "Internal Name", "Language", "Original File name", "Product Name", and "Product Version", and please post whatever the text in the box immediately to the right says for each, in a reply to this post. Also on the "Version" tab, post back to me, what it says for "File Version", "Description" and "Copyright".

Please post the jotti online scan for the "qwinrpem.exe" file, along with the "properties" of the "qwinrpem.exe" file. :)
  • 0

#39
gonflyn

gonflyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi Rambro,

Configured the computer to show hidden files.

--------------------------------------------------------------------------------------------------------------


Submitted the setup9x.exe file to jotti:

File: setup9x.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 a11b0daa2eb113bb273af6733bf62763
Packers detected: -
Scanner results
AntiVir Found Trojan/Dldr.VB.AAK.1
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Downloader.VB.AAK
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found VB.QDEL!tr
Kaspersky Anti-Virus Found nothing
NOD32 Found a variant of Win32/TrojanDownloader.VB.AFP
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found nothing


Properties for setup9x.exe are:

Company w00t
Version 6.00.0006
Internal name install
Language English (United States)
Original file name install.exe
Product name lllllllllllllllllshdshdshfh
Product version 6.00.0006

Vesion tab info for setup9x.exe is:

File Version 6.0.0.6
Description none
Copyright none

------------------------------------------------------------------------------------------------------------

Submitted the c:\windows\system32\hbra.dll file to jotti:

File: hbra.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 5bc2b91cd82e5e9daa8e755a13ba3c3f
Packers detected: -
Scanner results
AntiVir Found Adware-Spyware/PurityScan.AK.122 adware
ArcaVir Found nothing
Avast Found Win32:Agent-RY
AVG Antivirus Found Generic.RQS
BitDefender Found nothing
ClamAV Found Trojan.PurityScan.AK
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found Adware/ClickSpring
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.PurityScan.ak
NOD32 Found a variant of Win32/Adware.PurityScan application
Norman Virus Control Found W32/PurityScan.AFT
VirusBuster Found Adware.ClickSpring.Gen
VBA32 Found AdWare.Win32.PurityScan.ak

Properties for C:\WINDOWS\System32\hbra.dll are:

There is no version tab available

----------------------------------------------------------------------------------------------------------------------

Submitted the c:\windows\system32\qwinrpem.exe to jotti:

File: qwinrpem.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 74fc4c6be57e467747b3870208998d04
Packers detected: -
Scanner results
AntiVir Found Trojan/Dldr.Agent.DZ.2
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found Adware.ZenoSearch
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Properties info for c:\windows\system32\qwinrpem.exe are:

Company none
File version 0.42
INternal name none
Language English (United States)
Original file name none
Product name none
Product version 1.0b
Version tab info

Version tab info for c:\windows\system32\qwinrpem.exe is:

File version 1.0.0.1
Description none
Copyright Copyright © 2004

-----------------------------------------------------------------------------------------------------------------
  • 0

#40
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear gonflyn, :whistling:

Delete the following file/files marked in blue (if they exist):

C:\Documents and Settings\Chris and Lori Lock\setup9X.exe
C:\WINDOWS\system32\hbra.dll
C:\WINDOWS\system32\Locators.dll
C:\WINDOWS\system32\qwinrpem.exe

Delete the following folder/folders marked in blue (if they exist):

C:\Program Files\PSDream

(Note: If you cannot delete the above file/files and folder/folders in "normal mode" try deleting them in "Safe mode".)
*****************************************************

Here are a few extra things that you might want to do frequently to your computer system.
***********

Do a Disk Cleanup frequently on your computer system: See the followin link: http://www.theelderg...nup_utility.htm.
Make sure the following checkboxes are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

or

Clean out temporary and Temporary Internet files. Go to Start -> Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin
***************

Clean your IE cookies and cache frequently:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
***********

Clear the cookies from your Mozilla's FireFox browser frequently. Here is how it is done.

Open up the FireFox browser.

Go to the "Tools" menu and select the "Options" option under the Tools menu.
The Options dialog box should pop up, choose the "Privacy" icon (i.e. the icon looks like a lock).
In the "Privacy" page choose the "Cookies" tab.
Under the "Cookies" tab press the "Clear Cookies Now" button.
Then press the "OK" button to get out of the "Options" dialog box.
**************

In the Tools -> Options dialog box in the FireFox browser their is a button called "Settings". Press this button. A "Clear Private Data" dialog box will popup. I usually have the following checkboxes checked.

In the "Private Data" section check the following checkboxes:
  • Browsing History
  • Saved Form Information
  • Download History
  • Cookies
  • Cache
  • Authenticated Sessions
In the "Settings" section check the following checkboxes:
  • Ask me before clearing private data.
Then press the "OK" button to get out of the "Clear Private Data" dialog box.
Then press the "OK" button to get out of the "Options" dialog box.

Then in the FireFox browser, go to Tools -> choose the "Clear Private Data" option -> the Clear Private Data dialog box will pop up and choose the "Clear Private Data Now" button.
********************

Please run a new Panda Online scan and post the results of this scan in a reply to this post.
  • 0

Advertisements


#41
gonflyn

gonflyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi Rambro,


Found and deleted:

C:\Documents and Settings\Chris and Lori Lock\setup9X.exe
C:\WINDOWS\system32\hbra.dll
C:\WINDOWS\system32\Locators.dll
C:\WINDOWS\system32\qwinrpem.exe

C:\Program Files\PSDream

Did it in safe mode just to be sure, emptied reclyce bin.

------------------------------------------------------------------------------------------------------------------

Did disk cleanup as described

------------------------------------------------------------------------------------------------------------------

Cleaned IE cookies and cache

------------------------------------------------------------------------------------------------------------------

Cleared cookies from Mozilla Firefox browser

------------------------------------------------------------------------------------------------------------------

Setup and cleared private data in Firefox

------------------------------------------------------------------------------------------------------------------

Ran Panda Scan:


Incident Status Location

Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\uninstaller.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Chris and Lori Lock\Desktop\Antivirus\backups\backup-20061021-162214-790-PowerReg Scheduler.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Chris and Lori Lock\Start Menu\Programs\Disabled Startup Items\PowerReg Scheduler.exe



K, are we getting
somewhere? :whistling:
  • 0

#42
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear gonflyn, :whistling:

Sorry for not getting back to you sooner.

Looking at your last post, your Panda Online scan log is looking good. However, their is another file that I would like you to get rid of. This file is related to the PurityScan adware virus. What the PurityScan adware virus does is make copies of legitmate files on your computer system and places them in different folders on your computer system. What I usually do to get rid of this virus is to have the user run the Combofix application (which you ran twice) or have the user delete the bad copies of these files created by the PurityScan adware virus, without having the user delete the legitimate copies of these files. The file in question is "uninstaller.exe" file, which is located in the ""C:\Documents and Settings\Administrator\Local Settings\Temp\" directory on your computer system. Since the "Disk Cleanup" method (in my previous post) did not get rid of this file, I am going to give you another method to get rid of this file. Here is the following method to try to get rid of this file:
*************************

(Note: Please read through these instructions a couple of times before executing the steps in this post.)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
**************************
  • Please download the Killbox by O^E. Unzip it to the desktop but do NOT run it yet.
  • Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
  • Once in Safe Mode, please run Killbox. Put a check mark next to "End Explorer Shell While Killing File".
  • In the main screen of Pocket KillBox, go to Tools in the top menu bar, and select: Delete Temp Files.
  • When a box pops up, click the "Deleted Selected Temp Files" button.This may take a while.
  • When it is done, click the "Exit (Save Settings)" button.
  • Next, select "Delete on Reboot" button. The "Single File" button will be selected by default.
  • Copy the file names below to the clipboard by highlighting them and pressing Control-C:


    C:\Documents and Settings\Administrator\Local Settings\Temp\uninstaller.exe

  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard". Now you will see, that the files are pasted in the "Full Path of File to Delete" field. There's a little arrow (dropdown-arrow) next to that field. If you expand it, these lines must be there together!
  • If you have mutliple files to delete: Press the "All Files"button. If you have one file to delete: Press the "Single File" button.
  • Click the red-and-white "Delete File" button.If the "Single File" button is selected:
  • A "Delete next Reboot" dialog box will pop up.
  • A prompt will tell the user that "File will be removed on reboot, Do you want to reboot now"
  • Click "Yes" at the "Delete next Reboot" dialog box if you want to reboot now.
  • Click "No" at the "Delete next Reboot" dialog box if you want to do a manual reboot at a later time.
If the "All Files" button is selected:
  • A "Delete next Reboot" dialog box will pop up.
  • A prompt will tell the user that "Files will be removed on reboot, Do you want to reboot now"
  • Click "Yes" at the "Delete next Reboot" dialog box if you want to reboot now.
  • Click "No" at the "Delete next Reboot" dialog box if you want to do a manual reboot at a later time.
[*] The KillBox application will start the process to reboot your computer (i.e. you have the option to "abort" this reboot process).
[/list](Note: As a double check, search for the file/files I had you delete through the Killbox application to see if they are actually deleted. Let me know in detail if they were deleted.)

Please run a new Panda Online scan and post the results of this scan in a reply to this post.

In addition, let me know in detail how your computer system is running after performing the above steps. :blink:
  • 0

#43
gonflyn

gonflyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Rambro,

Ran Killbox and deleted C:\Documents and Settings\Administrator\Local Settings\Temp\uninstaller.exe
in safe mode. Searched for file and could not find it afterwards.


Heres the Panda log:


Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Chris and Lori Lock\Cookies\chris and lori [email protected][1].txt
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Chris and Lori Lock\Desktop\Antivirus\backups\backup-20061021-162214-790-PowerReg Scheduler.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Chris and Lori Lock\Start Menu\Programs\Disabled Startup Items\PowerReg Scheduler.exe
  • 0

#44
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear gonflyn, :whistling:

You need to disable your system restore, because if you go back in time with "System Restore", it's possible that you will be infected again. Here is how to do that:

(Note: By disabling "System Restore", all existing restore points will be deleted. However, if these existing restore points contain spyware, then you should follow the rest of these instructions).

To turn off Windows XP System Restore

1. Click the Start button.
2. Right-click My Computer, and then click Properties.
3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
4. Click Apply.
5. A dialog message box should pop up asking you, Do you want to turn off System Restore? Click Yes to do this.
6. Click OK.
7. Restart Windows.

To turn on Windows XP System Restore

Follow the steps in the previous section, but in step 3, uncheck Turn off System Restore or Turn off System Restore on all drives. Then click OK.

See the following link as a reference: http://service1.syma...src=sec_doc_nam

Please restart your computer and then post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :blink:
  • 0

#45
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear gonflyn, :whistling:

In my previous post, I had you clear out (remove) your system restore points from your computer. In this post I would like you to create a "restore point". This is how it is done:

To create a restore point:

1. All Programs->Accessories->System Tools->System Restore
2. Press Create a restore point and press Next.
3. In the Restore point description box, type a descriptive name to append to the date and time.
4. Press Create.

Let me know in a reply to this post when the "restore point" has been created. :blink:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP