Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Task Manager won't open [CLOSED]


  • This topic is locked This topic is locked

#1
jjjenniferbbb

jjjenniferbbb

    Member

  • Member
  • PipPip
  • 34 posts
I am in the process of trying to clean up a mess. My mothers computer is approximately 3 years old. It has never had any anti-virus software on it. It did not come loaded with any. This computer has continued to run completely slow and would sometimes take 5 minutes just to open a program. I installed Norton Antivirus 2005 and Spam Blocker 2005 with all updates already installed. The computer found 2 virus' and a bunch of adware files (approximately 64?) The only ones that I could not remove were the 180search, ezula and websearch using Norton. I have done everything on the beginning page regarding all the downloads and updates needing to be done before I signed up for this forum. The task manager refuses to open and the computer is still running slow. Any ideas on what to do?
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Please read the first link in my signature and follow the steps outlined there. Post the HijackThis log when ready.
  • 0

#3
jjjenniferbbb

jjjenniferbbb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Okay, here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 6:15:00 PM, on 7/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\ltmsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 8.0a\aol.exe
C:\Program Files\America Online 8.0a\waol.exe
C:\Documents and Settings\Jennifer\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgsocy.exe" /background
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker...IL/PhPSetup.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...539/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2961C55E-C42D-4F70-B18F-D1A14F8BA0AF}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{2961C55E-C42D-4F70-B18F-D1A14F8BA0AF}: NameServer = 205.188.146.145
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOW
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please get XP SP1a first since without it you will be open to many security problems. Install SP1a and post back a new HijackThis log. I see a few things that needs to be removed there.
  • 0

#5
jjjenniferbbb

jjjenniferbbb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Sorry for the delay.....
I have downloaded the updated. Below is the new log.

Logfile of HijackThis v1.99.1
Scan saved at 12:29:15 PM, on 7/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\America Online 8.0a\aol.exe
C:\Program Files\America Online 8.0a\waol.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jennifer\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker...IL/PhPSetup.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...539/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2961C55E-C42D-4F70-B18F-D1A14F8BA0AF}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{2961C55E-C42D-4F70-B18F-D1A14F8BA0AF}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you fix anything? I see that they're gone now after the update.

Just one entry to fix (a minor one :tazz:):

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

No need for a new log.

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#7
jjjenniferbbb

jjjenniferbbb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I did some reading online and fixed a few things. The computer is still running really slow. If its worth anything I had the w32.klez virus but it was cleaned before ever posting here. Just from reading maybe I have lost some files because of that. I am still unable to open task manager. I tried to just do a system restore but there was only 2 restore points and they were after I started having this problem on the 15th and 16th to be exact. I am unsure of what else to do now.
  • 0

#8
jjjenniferbbb

jjjenniferbbb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Also for what it's worth I did go through and empty all the downloaded files from over the years and files that were not needed thinking that maybe the memory was just low. Still the system runs very slow. Almost like there are to many processes running although I can't look at the task manager to stop any of them...Any other ideas of what could be wrong. Microsoft word has mysteriously stopped working as well and when trying to do another virus scan this afternoon Norton stopped responding.
  • 0

#9
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Let's see if it's corrupted files then:
Go to Start->Run and type in sfc /scannow and hit OK. Let it scan. If it finds any files missing/corrupted, it may ask for the Windows CD.

I want you to run both of these scans:
Run an online virus scan at TrendMicro http://uk.trendmicro...call_launch.php. Just follow the instructions on the site to run the free online scan. If any viruses/trojans are detected, try to delete or clean them in that site. If any are not cleanable, copy and paste the infected files here. You may also use Panda ActiveScan at http://www.pandasoft...ucts/activescan. Post the log from the Panda scan here.
  • 0

#10
jjjenniferbbb

jjjenniferbbb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I am running the Panda scan now. Trendmicro was giving me a run error. Also, I did the SFC thing under run and it brings up a black box with typing although it shuts off so quickly I can't tell what it says. I will post the virus scan log when finished. BTW thanks so much for your help!! :tazz:
  • 0

Advertisements


#11
jjjenniferbbb

jjjenniferbbb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Okay, I am done. It took forever and I had 150K files on my computer. The other day it was only 90K. I assume this is because of the Windows update.

I am unable to copy the report but here is what it detected:

adware:adware/ncase C:\PROGRAM FILES\saap_gdf.dat No Disinfected
adware:adware/myway C:\PROGRAM FILES\MyWay No Disinfected
adware:adware/wintools HKEY_CLASSES_ROOT\PROTOCOLS\NAME-SPACE HANDLER\RES No Disinfected
adware:adware/MyWay C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
No Disinfected

Sorry if the above looks distorted. If it matters I also ran Ad-Aware and in my opinion the report was interesting. It found the IBIS toolbar - 15 total references, MRU list - 30 total references and tracking cookie - 3 total references. Let me know if you want me to post that log as well.

Jenn
  • 0

#12
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Jennifer,

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKEY_CLASSES_ROOT\PROTOCOLS\NAME-SPACE HANDLER\RES]


Save the file as "delete.reg". Make sure to save it with the quotes. Double click on it and choose Yes to merge it. You may delete the file afterwards.

Uninstall MyWay from the Add/Remove panel.

Delete these if found:

C:\PROGRAM FILES\saap_gdf.dat
C:\PROGRAM FILES\MyWay


Did you fix everything found in Ad-aware? If not, fix them now. I don't need the log for that.

If you are still having problems, give me these two logs:

Right click on http://www.silentrun...ent Runners.vbs and choose Save As...Save it to your Desktop. Make sure you have disabled any programs that may block/disable scripts (ex: Ad-Watch, TeaTimer, Norton, etc.). Double click on 'Silent Runners' to run it. This will take a few minutes. It will create a file called 'Startup Programs' followed by your computer name and current date. Open up that file and post all the contents here in your next post.

Please empty any Quarantine folder in your antivirus program and purge all recovery items in the Spybot program (if you use it) before running this tool.

Download the Mwav virus checker at http://www.mwti.net/antivirus/mwav.asp (Use Link 3)

1. Save it to a folder.
2. Reboot into Safe Mode.
3. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything.
4. Select all local drives, scan all files, and press SCAN. When it is completed, anything found will be displayed in the lower pane.
5. In the Virus Log Information Pane......
Left click and highlight all the information in the Lower pane --- Use &CTRL C &on your keyboard to copy everything found in the lower pane and save it to a notepad file
*Note* If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files.

Once you copy that to a Notepad file...highlight the text and copy it here.
  • 0

#13
jjjenniferbbb

jjjenniferbbb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Sorry for the delay in getting back. I had to rerun the Microview scan and couldn't get it done Monday and had to do last night.

Below is the scan from silentrunners:

Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, July 31, 2005 12:59:10 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R57 26.07.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar(TAC index:5):15 total references
MRU List(TAC index:0):30 total references
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


7-31-2005 12:59:10 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 400
ThreadCreationTime : 7-31-2005 5:19:26 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 616
ThreadCreationTime : 7-31-2005 5:19:33 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 644
ThreadCreationTime : 7-31-2005 5:19:36 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 688
ThreadCreationTime : 7-31-2005 5:19:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 700
ThreadCreationTime : 7-31-2005 5:19:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 844
ThreadCreationTime : 7-31-2005 5:19:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 7-31-2005 5:19:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1024
ThreadCreationTime : 7-31-2005 5:19:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1068
ThreadCreationTime : 7-31-2005 5:19:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1188
ThreadCreationTime : 7-31-2005 5:19:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1632
ThreadCreationTime : 7-31-2005 5:19:53 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1888
ThreadCreationTime : 7-31-2005 5:19:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [acsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 240
ThreadCreationTime : 7-31-2005 5:20:02 PM
BasePriority : Normal


#:14 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 268
ThreadCreationTime : 7-31-2005 5:20:03 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:15 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 460
ThreadCreationTime : 7-31-2005 5:20:12 PM
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:16 [kodakccs.exe]
FilePath : C:\WINDOWS\system32\drivers\
ProcessID : 488
ThreadCreationTime : 7-31-2005 5:20:12 PM
BasePriority : Normal
FileVersion : 1.1.5100.4
ProductVersion : 4.4.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe

#:17 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 528
ThreadCreationTime : 7-31-2005 5:20:14 PM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:18 [npfmntor.exe]
FilePath : C:\Program Files\Norton AntiVirus\IWP\
ProcessID : 972
ThreadCreationTime : 7-31-2005 5:20:18 PM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:19 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1104
ThreadCreationTime : 7-31-2005 5:20:22 PM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:20 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 1448
ThreadCreationTime : 7-31-2005 5:20:30 PM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:21 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1528
ThreadCreationTime : 7-31-2005 5:20:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1628
ThreadCreationTime : 7-31-2005 5:20:41 PM
BasePriority : Normal
FileVersion : 1, 8, 54, 534
ProductVersion : 1, 8, 54, 534
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:23 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 1696
ThreadCreationTime : 7-31-2005 5:20:47 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:24 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1860
ThreadCreationTime : 7-31-2005 5:20:58 PM
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:25 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2440
ThreadCreationTime : 7-31-2005 5:22:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:26 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3036
ThreadCreationTime : 7-31-2005 5:23:57 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:27 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 3244
ThreadCreationTime : 7-31-2005 5:31:46 PM
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:28 [aol.exe]
FilePath : C:\Program Files\America Online 8.0a\
ProcessID : 2324
ThreadCreationTime : 7-31-2005 5:42:43 PM
BasePriority : Normal


#:29 [waol.exe]
FilePath : C:\Program Files\America Online 8.0a\
ProcessID : 3020
ThreadCreationTime : 7-31-2005 5:42:44 PM
BasePriority : Normal


#:30 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 948
ThreadCreationTime : 7-31-2005 5:58:49 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jennifer@ads.addynamix[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:jennifer@ads.addynamix.com/
Expires : 8-1-2005 5:38:12 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jennifer@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:jennifer@2o7.net/
Expires : 7-30-2010 12:48:44 PM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jennifer@bravenet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jennifer@bravenet.com/
Expires : 7-27-2015 6:52:08 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 4



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

Disk Scan Result for C:\DOCUME~1\Jennifer\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 4



MRU List Object Recognized!
Location: : C:\Documents and Settings\Jennifer\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Jennifer\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\automap\9.0\findmru
Description : list of recently used find queries used in microsoft automap-based products


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1279371858-473866232-3689853989-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrHighlight

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrForeColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrBackColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrDownload

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrViewed

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrStatic

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\installer\userdata\sto

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_tbpssvc

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_wintoolssvc

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : AutoSearch

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : CustomizeSearch

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\installer\userdata
Value : TUID

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : IEWatsonEnabled

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 14
Objects found so far: 48

1:10:18 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:07.329
Objects scanned:67151
Objects identified:18
Objects ignored:0
New critical objects:18
  • 0

#14
jjjenniferbbb

jjjenniferbbb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
and below is the log from Microview:

Object "CWS.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\QDow.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\msxml3a.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeEffects.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeMusic.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTimeMusicalInstruments.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeStreamingExtras.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeStreamingAuthoring.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeVRAuthoring.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\QDow.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\KODAK\KODAK Software Updater\7288971\clasid.bak". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{008A2D7B-6CD7-4b07-84EB-06AC56831192}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\MNAutoUpdate.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0130F7C1-5FB4-4c56-951F-4EB0FD0F9D63}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{024C4FD0-2ED0-4aeb-AC2D-61A49E52A460}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0396EAB5-57AF-48A8-ACF1-BEF7BED042B6}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\AOLMNAdapter.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{06C979E7-21A8-45df-9819-2D9D77DCB8CA}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0E307CAC-D8A7-4156-9B34-35BEC66ABFD0}" refers to invalid object "C:\Program Files\Enigma Software Group\SpyHunter\LSPFix.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{14FF7FBD-87FA-497e-B750-47E90A5668B9}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{16D76A45-4260-4972-8E94-4BECB16BB426}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{17D92E60-3CDD-4d19-9588-276E9146497D}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\MNMetaData.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1D1E08F3-F659-46e9-9E65-1E1B99293A7D}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1D560F9D-11C9-45D0-A8B5-3CAADB651236}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\AOLMNAdapter.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1D924EA5-1826-4ee1-88E5-865512D9825F}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E63839E-4D0D-4130-A6CA-794A9DE18FC3}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1EB83965-2C5C-45ee-8D43-7E9D66C65B79}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mntlc20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1EDA8477-F509-4920-B2F4-9D2717F327B0}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\MNUtil20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{22778075-8509-451f-BAF1-D53B1A96C2B8}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2564FAFF-173D-4ef0-8ED8-2CCF72745E0D}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FACD863-7873-4a2d-9637-C55359F2C5E9}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{371FB140-5D42-42d8-A1C4-3C5852CD6522}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mntlc20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{397291BA-5633-4119-ABC3-0F30BF4D5A5A}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4838A70B-A7AB-411c-AE36-45CEEE734640}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4A79C5DD-B7AC-4034-B30D-F8D6F6F0473F}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mntlc20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4D380C46-EE60-4e7d-B44F-59DC5DAB7290}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{540CC3C6-2F10-4D2E-97E8-A3D44184AABE}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\AOLMNAdapter.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5C8383FA-2267-4682-B127-0C01B6DDBAC2}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5FB69E2B-2B15-408d-AAE4-8D0A4B6A6E7F}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6AC71857-6148-4534-8405-9A37C4994A0D}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\VL5Auth.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6C9D228D-82EB-4E53-93A3-D963392152FB}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\AOLMNAdapter.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6DFC8476-94A9-4500-A2BF-141C44C18113}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{74C96716-CDB7-4b8c-809A-84DF9163E8AB}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{76706AD5-F3F5-46e6-B741-9F2C9A5C1D1B}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{77C07F06-61A0-4c45-B39E-AFE1666BEB6A}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mntlc20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{81B637FC-46F9-4327-B986-7944C7824E13}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83724544-4413-403e-A6C9-7A4A3CF272E7}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83ACFD4E-9408-4425-9698-AFAB8AD766F2}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\AOLMNAdapter.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9052DB67-FE58-46c6-89BC-D2ACF2E98D5E}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mntlc20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{981FC566-181C-4711-B4CE-872FA846E8A9}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9D56FDEF-CBE4-4336-8985-EBE6EF368378}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\AOLMNAdapter.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9EE7E371-04FA-4c4d-A235-7B1945B427E7}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A5AED658-776A-45bb-ADE6-9CCFCEA57FA5}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A6422768-5D9C-48cf-92B5-807E779B54BB}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A698B31A-3940-4ca0-95AB-5DEE78739F31}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AD6315F2-5964-40df-B018-C27BAD2512FC}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AE88201A-B085-408c-99D8-A38162F8540A}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mntlc20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B9C6681F-855F-4896-A32E-B26DA123B681}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\MNAutoUpdate.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BC99AE37-98C5-47f5-AC7D-8EB5BFB4F0CD}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D3AF1777-DFF8-452a-97D5-C64B69F4E374}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D4D83347-5B80-4404-8E4E-8C270D69F0C3}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mntlc20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D5AAF8C4-A785-49ab-9196-CDACA29E76A2}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mntlc20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E51BEF2A-A251-4068-B46C-AB78B5E49E80}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E784645E-A478-4e22-99C6-B8A7E43BFEED}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E85F222E-033D-4c89-BB3A-44076BF0F884}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EAD8704E-03FA-48af-A0C0-AEB81BB96B89}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mntlc20.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F101A071-DB4D-4401-AF1D-38CA90C8B351}" refers to invalid object "C:\Program files\MusicNetonAOL\client\bin\mnsdk\mninet20.dll". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Map.NA" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Map.NA.9" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Template.NA.9" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\PDF.PdfCtrl.5" refers to invalid object "{CA8A9780-280D-11CF-A24D-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\08073016.exe tagged as "not-a-virus:AdWare.WebSearch.an". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1732494B.dll infected by "Trojan-Downloader.Win32.QDown.h" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\17496F31.dll tagged as "not-a-virus:AdWare.WebSearch.o". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1F272813.exe tagged as "not-a-virus:AdWare.WebSearch.an". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\330A6611.exe tagged as "not-a-virus:AdWare.Wintol.ah". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\37382B7B.exe infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.

It looks really messy. I hope you can read it. Anyhow the computer is running a little faster but the task manager does not work. When originally ran the Microview scan I copied the wrong log and I did see that it said something about an error and said task manager may be corrupted with a trojan or worm....I don't remember the exact words. Anyhow let me know if there is anything else I can do and thanks for your help.

Jennifer
  • 0

#15
jjjenniferbbb

jjjenniferbbb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Oh and I forgot to add that I thought the Norton quarantined files were deleted as I usually do this immediately as I quarantine items but guess it was overlooked. It has been done now.

Jenn
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP