hey trevuren,
so eight hours later the mwav thing was still scanning, i had to use the computer and just couldn't wait anymore, but i've included the infected list at the bottom. preceding are the ewido scan results and a new hijack log as requested. man, there was quite a few things on both those logs, does mcafee just suck? also a note any files in the Q Drive Dump, which there seems to be a few, are files from an old drive that are sitting on my desktop. i don't think that the problems in it are system-wide. thanks for taking the time, this is turning out to be quite educational.
EWIDO SCAN
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 3:32:58 PM, 8/10/2005
+ Report-Checksum: FA620F3F
+ Scan result:
HKU\S-1-5-21-1644491937-1004336348-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup
C:\data -> TrojanDownloader.IstBar.ja : Cleaned with backup
C:\Documents and Settings\me\Cookies\
[email protected][2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\me\Desktop\DESKTOP\QUE DRIVE DUMP\C DRIVE!!\Program Files\NewDotNet\uninstall3_88.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Common Files\Verizon Online\SFP\vzbb.dll -> Spyware.MegaSearch : Cleaned with backup
:mozilla.9:F:\Documents and Settings\Fancy\Application Data\Phoenix\Profiles\default\zj8j7y8o.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.10:F:\Documents and Settings\Fancy\Application Data\Phoenix\Profiles\default\zj8j7y8o.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][1].txt -> Spyware.Cookie.X10 : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][1].txt -> Spyware.Cookie.Porngraph : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@clickagents[2].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@commission-junction[1].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@gator[1].txt -> Spyware.Cookie.Gator : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@hotlog[2].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@paycounter[2].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@sexlist[1].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@spylog[2].txt -> Spyware.Cookie.Spylog : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\fancy@xxxcounter[1].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
F:\Documents and Settings\Fancy\Cookies\
[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
::Report End
HIJACK LOG AFTER EWIDO SCAN
Logfile of HijackThis v1.99.1
Scan saved at 3:49:19 PM, on 8/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://cgi.verizon.n....1&bm=ho_searchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MFWAKeys.lnk = C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcaf...90/mcinsctl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1122012957906O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcaf...,23/mcgdmgr.cabO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
MWAV INFECTED LIST
File C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll tagged as "not-a-virus:AdWare.BHO.MegaSearch.b". Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0215EB02-8DA8-11D4-A833-D5C37E25DF70}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0215EB04-8DA8-11D4-A833-D5C37E25DF70}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{04B202E1-7044-495E-BFC8-8D71887E3797}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{04B202E2-7044-495E-BFC8-8D71887E3797}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0F977BE9-A677-11d3-A773-00C04F68F44E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{18A8D388-8DEA-4429-B2CF-159791F6CBCD}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1D22D407-A677-11d3-A773-00C04F68F44E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2BA5BF6D-F456-45E1-B78E-7ADB166B62FF}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2E130DC2-63EB-4B0C-810B-603FDD609A9C}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{38FFB667-D599-45CD-951A-099FC9719B0C}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4BBEC3C9-654F-444E-8DE4-F9E5B2A05794}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5E1E2CA3-AF4F-11D4-97AF-9CC8A1041279}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{76E3292B-87AF-48A1-9A92-3D3CBB192398}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{80A52E2B-72F2-4BD4-B67D-F7A674A82964}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83FDD082-7419-43E9-803A-71205A019090}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8E925C02-AA02-11D4-97AF-CAF1D1DACA7A}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5}" refers to invalid object "C:\DOCUME~1\me\LOCALS~1\Temp\CMDLIN~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99C08A2F-81D0-11D4-A832-444553546170}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A068133D-1A21-45ED-BB29-9F4488EA967E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A59EB362-A677-11d3-A773-00C04F68F44E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A9494862-A935-11D4-97AF-CF4D3C800A79}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A9494864-A935-11D4-97AF-CF4D3C800A79}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A9494866-A935-11D4-97AF-CF4D3C800A79}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B09FC359-C80E-4087-BB83-80850810D137}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB0D8F91-C1F5-11D5-A152-000244036A12}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB0D8F93-C1F5-11D5-A152-000244036A12}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB0D8F95-C1F5-11D5-A152-000244036A12}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D9D242AC-47D6-486E-837B-D3DA8EECCD67}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DBB2B290-4C6E-4129-BED2-716BF47F57E0}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\A3d" refers to invalid object "{d8f1eee0-f634-11cf-8700-00a0245d918b}". Action Taken: No Action Taken.
Entry "HKCR\A3dApi" refers to invalid object "{92FA2C24-253C-11d2-90FB-006008A1F441}". Action Taken: No Action Taken.
Entry "HKCR\A3dDAL" refers to invalid object "{442D12A1-2641-11d2-90FB-006008A1F441}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ILogic.Logic" refers to invalid object "{76CE1CC0-7932-11D1-9509-00A0C9925315}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCIMSP.RTCIMService" refers to invalid object "{83D4679F-B6D7-11D2-BF36-00C04FB90A03}". Action Taken: No Action Taken.
Entry "HKCR\RTCIMSP.RTCIMService.1" refers to invalid object "{83D4679F-B6D7-11D2-BF36-00C04FB90A03}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
File C:\axexx.chm infected by "Trojan.Win32.Dialer.ce" Virus! Action Taken: No Action Taken.
File C:\data infected by "Trojan-Downloader.Win32.IstBar.ja" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00001604. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00002155. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00002160. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00002246. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00002272. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00002535. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00002694. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00008814. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00008815. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00008906. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00011254. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00011262. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00011976. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00011980. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00012506. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00012575. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00013434. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00013452. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00016575. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00016576. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00016947. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00017099. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00017220. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00017304. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00017445. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00018912. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00020704. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00020705. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00020740. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00022853. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00022887. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00023267. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00025555. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00025621. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00025622. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00025623. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00025624. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00025625. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00025626. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00025627. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00025628. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00025629. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00025630. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00025631. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00025632. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00025649. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00025928. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00026380. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00026381. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00026511. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00027026. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00028007. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00028031. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00028033. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\RECYCLER\NPROTECT\00028058. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File F:\System Volume Information\_restore{94EAE56C-BCB3-49EC-8685-B643C8D13A7A}\RP1\A0000002.exe tagged as "not-a-virus:AdWare.IGetNet". Action Taken: No Action Taken.
File F:\System Volume Information\_restore{94EAE56C-BCB3-49EC-8685-B643C8D13A7A}\RP1\A0000003.DLL tagged as "not-a-virus:AdWare.IGetNet". Action Taken: No Action Taken.
File F:\System Volume Information\_restore{94EAE56C-BCB3-49EC-8685-B643C8D13A7A}\RP1\A0000004.DLL tagged as "not-a-virus:AdWare.IGetNet". Action Taken: No Action Taken.
File C:\axexx.chm infected by "Trojan.Win32.Dialer.ce" Virus! Action Taken: No Action Taken.
File C:\data infected by "Trojan-Downloader.Win32.IstBar.ja" Virus! Action Taken: No Action Taken.