Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hijackthis log- need help [RESOLVED]


  • This topic is locked This topic is locked

#1
vikingsrule11

vikingsrule11

    Member

  • Member
  • PipPip
  • 63 posts
I was referred by t-man in the hardware forum. He said that this might help with the problem that i am having with my DVD+rw. here is the link to that forum

http://www.geekstogo...ite-t53154.html

I have followed all the steps that you require in order to post the logs here.

I would greatly appreciate it for any help that you can give me with this problem.
thank you and i will be waiting patiently.

here is my log


Logfile of HijackThis v1.99.1
Scan saved at 10:36:08 PM, on 8/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinMX\WinMX.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KCV46UDJ\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...oad/tgctlcm.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c6.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.samsungca...w50_install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...9.12/ttinst.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprote...ungcard/npx.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5467FE57-297D-4CAF-8184-B9D84B19CDDB}: NameServer = 64.160.192.70,206.13.29.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#2
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi vikingsrule

There are a few items that need to be fixed, but I don't believe those are related to your problem. Let's go ahead and fix them though, but first you need to move HijackThis from the temporary folder to a permanent folder.

Please create a new folder. It could be in your C: drive, in Program files, or My Documents folder, whichever is easier to access for you. Then right click on HijackThis.exe in the temp folder and click copy. Then go in that new folder, right click on an empty space and choose paste.Now you can run it from there and delete the other copy from the temp folder.

Open HijackThis and click Scan. Put a check next to these:

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c6.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprote...ungcard/npx.cab


optionals:

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
If you're not using Partypoker,fix these.
O17 - HKLM\System\CCS\Services\Tcpip\..\{5467FE57-297D-4CAF-8184-B9D84B19CDDB}: NameServer = 64.160.192.70,206.13.29.12 This IP belongs to this URL: dns1.bkfdca.sbcglobal.net and is owned by Pac Bell Internet Services. If this is your ISP or your network, leave it otherwise fix it.

Close all windows except HijackThis and click Fix Checked.

Open Task Manager (CTRL+ALT+DEL) and end-task this process:

ALCXMNTR.EXE

Go to Control Panel Add/Remove Programs and uninstall these:

Updates from HP
PartyPoker.net (optional)

Then navigate to and delete these folders and files:

C:\Program Files\Updates from HP
C:\Program Files\PartyPoker.net(optional)
C:\WINDOWS\ALCXMNTR.EXE

Reboot when done.

As for your main problem I will suggest cleaning the paging file as it may contain outdated data which can cause problems with drives. To do that, follow the instructions on this page:

http://forums.net-in...showtopic=29261

Then post a new HijackThis log along with any comments on whether cleaning the paging file helped.

Regards,

Armodeluxe
  • 0

#3
vikingsrule11

vikingsrule11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
here is my hijack new hijack this file not sure if i missed anything'

for my main problem i tried cleaning the paging files but it did not help. i'll go back to to the hardware forums to try and figure it out .

Logfile of HijackThis v1.99.1
Scan saved at 12:19:12 AM, on 8/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinMX\WinMX.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\downloads\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.samsungca...w50_install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...9.12/ttinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5467FE57-297D-4CAF-8184-B9D84B19CDDB}: NameServer = 64.160.192.70,206.13.29.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanx, appreciate all the help if theres anything I missed, I would greatly appreciate it if you let me know


Thank you again
Vikingsrule :tazz:
  • 0

#4
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
That log looks clean now. However, I'd like to check if anything lurking in the background is causing your problem.

Download F-Secure Blacklight (blbeta.exe) to your desktop.
- Double click on blbeta.exe to run the program. Accept the user agreement.
- Leave "Scan through windows explorer" checked.
- Click Scan.
After the scan finishes, click on Next, then Exit.

BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log". Please post that log.

Also let's run an MWAV scan..

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe.
Put a check next to the below items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Folder - then click "browse" to change the directory to C: (default is C:\Windows)
  • Registry
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files
Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items". When it's done scanning, please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list. Also, it will suggest that you buy the program to fix the items it found, no need for that. If it finds anything, we will deal with it.

Regards,

Armodeluxe
  • 0

#5
vikingsrule11

vikingsrule11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Okay, Thanx I'll run these and I will get back with you
  • 0

#6
vikingsrule11

vikingsrule11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Ok,

I ran the blacklight first and it didn't find anything.

Here is the results for the Mwav. You weren't lying this thing ran for about 7 hours

Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Media Access Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Unknown Toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "WeatherBug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Install.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\npx.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\WINDOWS\System32\SNDefs.dat". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\npx.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Install.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\VUGames\Leisure Suit Larry - Magna Cum Laude\PC\control_README.txt". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\arcsoft.exe" refers to invalid object "C:\Program Files\ArcSoft\Software Suite\arcsoft.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bantam.dll" refers to invalid object "bantam.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bdeadmin.exe" refers to invalid object "bdeadmin.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bdeadmin.hlp" refers to invalid object "bdeadmin.hlp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\blw32.dll" refers to invalid object "blw32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\disp.dll" refers to invalid object "disp.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HP IntelliMover Demo" refers to invalid object "C:\Program Files\IntelliMover Data Transfer Demo\HP IntelliMover Demo". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idapi32.dll" refers to invalid object "idapi32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idasci32.dll" refers to invalid object "idasci32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idbat32.dll" refers to invalid object "idbat32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idda3532.dll" refers to invalid object "idda3532.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddao32.dll" refers to invalid object "iddao32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddbas32.dll" refers to invalid object "iddbas32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddr32.dll" refers to invalid object "iddr32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idodbc32.dll" refers to invalid object "idodbc32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idpdx32.dll" refers to invalid object "idpdx32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idqbe32.dll" refers to invalid object "idqbe32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idr20009.dll" refers to invalid object "idr20009.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idsql32.dll" refers to invalid object "idsql32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\minstall.exe" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MyDSC.exe" refers to invalid object "C:\Program Files\General\My DSC\MyDSC.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Napster" refers to invalid object "C:\Program Files\Napster\Napster". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\sqlint32.dll" refers to invalid object "sqlint32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\Program Files\USB Storage RW\yourapp.Exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\System\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\CDEngine\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\VUGames\Leisure Suit Larry - Magna Cum Laude\PC\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".abm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cmx". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".FAM". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".grd". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iff". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".l". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rbn[1]". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".scn". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sig". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tri". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Ad-aware 6 Personal". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "HyperLinker". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "INSTAFIN". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB282010". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817778". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB820291". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821253". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821557". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822603". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823559". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823980". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826942". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB829558". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833998". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Media Gateway". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q322011". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q328310". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329048". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329115". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329170". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "q329256". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329390". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329441". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329834". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329909". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q331953". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q331958". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810565". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810577". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810833". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q811493". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q811789". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814033". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814995". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815021". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815485". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817287". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817606". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "salm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "The Sims". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "wcmdmgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "wtdmmp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "wtwebdriver". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{1A103D70-5C9B-4E1A-B306-5106C68F9914}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4FCC384C-18EA-4E25-9281-A06AE006D219}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7CE979C6-E5FF-41C5-B6CC-4EE18071563B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7D268154-7A31-40F2-9779-7A250914BB39}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{81767861-BEB9-4B02-A004-90E35E7A5B82}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{E0782EFC-69AE-44AF-87E8-24E2503D4E2C}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EDCD4CE3-DE92-49A9-87F9-FE09B2FBA16C}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{000C1025-0000-0000-C000-000000000046}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\MsiExec.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01111000-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01111100-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01111200-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01111300-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01111400-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01111500-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01111600-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01111700-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01111900-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01113400-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01113800-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01113900-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01113d00-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01114200-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01114300-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01114400-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01114500-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01114600-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01114700-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01114800-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01114a00-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01114b00-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01114c00-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01114d00-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01114e00-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01114f00-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01115400-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01115901-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01117a00-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01118c00-3e00-11d2-8470-0060089874ed}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\twc\installer\activation.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{164A4365-064D-494D-92C8-9303A5080157}" refers to invalid object "C:\Program Files\palmOne\SgCalendar.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{188047CE-0F0A-11D7-8331-00C04FA03755}" refers to invalid object "C:\PROGRA~1\palmOne\QUICKI~1.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1D67C047-F016-11D6-831E-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\PictPreview.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1FFD7892-06E4-4A0A-941E-BC966900C883}" refers to invalid object "C:\Program Files\palmOne\PhotoDesktop\Media.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{209DAEB8-0F02-11D7-8331-00C04FA03755}" refers to invalid object "C:\PROGRA~1\palmOne\QUICKI~1.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2E0C66AC-5A87-4AFF-AC9F-93B33D43E4ED}" refers to invalid object "C:\Program Files\palmOne\SgDateAlarm.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3193996D-1AC8-11D4-80CC-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\AlarmSvr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{33AF5286-DC7B-40B3-AF6B-D5E15E9E72B7}" refers to invalid object "C:\Program Files\palmOne\PhotoDesktop\MpegCodecFilter.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{33AF5287-DC7B-40B3-AF6B-D5E15E9E72B7}" refers to invalid object "C:\Program Files\palmOne\PhotoDesktop\MpegCodecFilter.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3597288E-FF31-49C2-A58A-EA88F3CEDD42}" refers to invalid object "C:\Program Files\palmOne\SgCalendar.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3B52D512-935F-11D6-82D4-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\PRouter.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3CF39B9A-0CF8-4792-A918-67573260BDBE}" refers to invalid object "C:\Program Files\palmOne\PhotoDesktop\Media.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{43F73EA1-92AE-11D6-82D3-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\PRouter.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{496038FA-3891-4827-AFCD-A7B13B9FF75A}" refers to invalid object "C:\Program Files\palmOne\PhotoDesktop\PhotosPlugIn.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5C14E47F-09F6-468A-BCA9-539343B30B70}" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\PhotoshopAlbum.exe -deviceConnect". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6357BCA7-B06E-11D6-82EF-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\DefaultPlugin.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6357BCB6-B06E-11D6-82EF-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\PqiIcon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6357BCB9-B06E-11D6-82EF-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\PqiIcon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6357BCBC-B06E-11D6-82EF-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\PqiIcon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6357BCBE-B06E-11D6-82EF-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\PqiIcon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6600B26A-CCCE-4EF9-870E-DAB97E489CDF}" refers to invalid object "C:\Program Files\palmOne\SgDateAlarm.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{72440244-25C1-11D4-80D7-00C04FA03755}" refers to invalid object "C:\PROGRA~1\palmOne\AlarmApp.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7433EB64-25C1-11D4-80D7-00C04FA03755}" refers to invalid object "C:\PROGRA~1\palmOne\AlarmApp.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{74531205-74DC-48FF-953B-3B6DC988424F}" refers to invalid object "C:\Program Files\palmOne\VoiceMemoExt.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{74A3F9EA-25C1-11D4-80D7-00C04FA03755}" refers to invalid object "C:\PROGRA~1\palmOne\AlarmApp.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{763F9014-A89C-11D6-82E7-00C04FA03755}" refers to invalid object "C:\PROGRA~1\palmOne\QUICKI~1.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7686FC59-EA6F-11D5-823E-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\InstServ.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78547CB6-2D08-47F4-A1EB-AF576A33E433}" refers to invalid object "C:\Program Files\palmOne\SgContacts.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78D80080-F388-11D3-9161-00105A07EA40}" refers to invalid object "C:\WINDOWS\SYSTEM\LCODCCMP.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78D80081-F388-11D3-9161-00105A07EA40}" refers to invalid object "C:\WINDOWS\SYSTEM\LCODCCMP.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78D80082-F388-11D3-9161-00105A07EA40}" refers to invalid object "C:\WINDOWS\SYSTEM\LCODCCMP.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78D80083-F388-11D3-9161-00105A07EA40}" refers to invalid object "C:\WINDOWS\SYSTEM\LCODCCMP.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7CE63704-0B67-4B86-81C4-33FBD29A170D}" refers to invalid object "C:\PROGRA~1\Sierra\PRINTA~1\PRINTA~1.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{831B49E8-91A6-11D5-820F-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\ExpenseExt.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{831B49E9-91A6-11D5-820F-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\ExpenseExt.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{868C6D64-8B98-11D5-8209-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\NotePadExt.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{868C6D65-8B98-11D5-8209-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\NotePadExt.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{87001487-8B8A-4C40-BFEF-036F5BD5BAA3}" refers to invalid object "C:\Program Files\palmOne\PhotoDesktop\PhotosPlugIn.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8753E474-8653-4CFD-827B-AA3E0270D2F2}" refers to invalid object "c:\windows\system32\omano.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8DEBF92B-1EC4-11D4-80D0-00C04FA03755}" refers to invalid object "C:\PROGRA~1\palmOne\AlarmApp.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{92DA540D-FCC0-442C-8F82-7F6C1DBD66C8}" refers to invalid object "C:\Program Files\palmOne\SgMemos.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9A2C7EC1-976E-11D2-9897-000092A92198}" refers to invalid object "C:\PROGRA~1\COMMON~1\ADAPTE~1\LABELC~1\CDLabel.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9D3B3E2B-1789-4A83-8050-5ED8307B02E5}" refers to invalid object "C:\Program Files\palmOne\VoiceMemoExt.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AB40E4E0-0F0C-11D7-8331-00C04FA03755}" refers to invalid object "C:\PROGRA~1\palmOne\QUICKI~1.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AF478991-F6B0-40E8-856B-E80BE0677AFC}" refers to invalid object "C:\Program Files\palmOne\SgTasks.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B2565128-0F22-11D7-8331-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\PRouter.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B2F7AF3C-0CA7-4EAE-BBBF-A748FBC500DD}" refers to invalid object "C:\Program Files\palmOne\SgMemos.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BE1B5231-A3E2-11D6-82E3-00C04FA03755}" refers to invalid object "C:\PROGRA~1\palmOne\QUICKI~1.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BE1B5233-A3E2-11D6-82E3-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\PRouter.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BE1B5235-A3E2-11D6-82E3-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\PRouter.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BE44897A-EB38-11D5-823F-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\RegServ.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C0010C26-F44B-4BE2-9D65-04D3934C5E46}" refers to invalid object "C:\Program Files\palmOne\SgTasks.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C11BCF07-4F91-4748-956E-2B4FFC9401C5}" refers to invalid object "C:\Program Files\palmOne\SgContacts.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C55A1680-CD5A-11CF-8D29-444553540000}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\twc\installer\bin\regobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CFCB7309-782F-11D4-BE27-000102598CE4}" refers to invalid object "C:\WINDOWS\DOWNLO~1\npx.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DFD4C164-AE18-11D6-82EC-00C04FA03755}" refers to invalid object "C:\PROGRA~1\palmOne\QUICKI~1.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EACEB807-2AB5-11D4-88DE-00C0F05ABB4B}" refers to invalid object "C:\PROGRA~1\palmOne\AlarmApp.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE469827-4ED9-443B-9FB0-EFA81FEA6646}" refers to invalid object "C:\Program Files\palmOne\Components\DelDups.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F21AC7C7-D6F5-11D6-8306-00C04FA03755}" refers to invalid object "C:\Program Files\palmOne\PRouter.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{01111001-3E00-11D2-8470-0060089874ED}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\is-3AIEO.tmp\iebranding\bin\tglib.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{01118C01-3E00-11D2-8470-0060089874ED}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\twc\installer\activation.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7AD23EB0-96E8-11D2-9893-000092A92198}" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\Label Creator\CDLabel.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{BAE2166A-5AC1-4F1D-BD63-4DD999E495CC}" refers to invalid object "C:\Program Files\Updates from HP\137903\Program\HPClientExt.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CFCB7305-782F-11D4-BE27-000102598CE4}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\npx.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Program Files\Messenger\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DE10C540-810E-11CF-BBE7-444553540000}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\twc\installer\bin\regobj.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{ECA616E7-0972-4682-8A5D-589301C5EA9F}" refers to invalid object "c:\windows\system32\omano.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{F688222C-74CA-4B5D-A5A7-81D114E9995E}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\.FPK\shell\open\command" refers to invalid object "C:\FORMFLOW\DFFILL.EXE %1". Action Taken: No Action Taken.
Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
Entry "HKCR\AcroExch.Document.7" refers to invalid object "{B801CA65-A1FC-11D0-85AD-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\AcroExch.XDPDoc" refers to invalid object "{B801CA65-A1FC-11D0-85AD-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\AcroPDF.PDF" refers to invalid object "{CA8A9780-280D-11CF-A24D-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\AcroPDF.PDF.1" refers to invalid object "{CA8A9780-280D-11CF-A24D-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\ALLPlayerFile\shell\open\command" refers to invalid object ""C:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\bittorrent\shell\open\command" refers to invalid object ""C:\Program Files\Shareaza\Shareaza.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\CDLabelCreator.Document\shell\open\command" refers to invalid object "C:\PROGRA~1\COMMON~1\ADAPTE~1\LABELC~1\CDLabel.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
Entry "HKCR\ed2k\shell\open\command" refers to invalid object ""C:\Program Files\Shareaza\Shareaza.exe" "%L"". Action Taken: No Action Taken.
Entry "HKCR\gnet\shell\open\command" refers to invalid object ""C:\Program Files\Shareaza\Shareaza.exe" "%L"". Action Taken: No Action Taken.
Entry "HKCR\gnutella\shell\open\command" refers to invalid object ""C:\Program Files\Shareaza\Shareaza.exe" "%L"". Action Taken: No Action Taken.
Entry "HKCR\magnet\shell\open\command" refers to invalid object ""C:\Program Files\Shareaza\Shareaza.exe" "%L"". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\MediaGatewayX.Installer" refers to invalid object "{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}". Action Taken: No Action Taken.
Entry "HKCR\mp2p\shell\open\command" refers to invalid object ""C:\Program Files\Shareaza\Shareaza.exe" "%L"". Action Taken: No Action Taken.
Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.
Entry "HKCR\NPX.NPXCtrl.1" refers to invalid object "{CFCB7308-782F-11D4-BE27-000102598CE4}". Action Taken: No Action Taken.
Entry "HKCR\PalmQuickInstall.PdbFile\shell\open\command" refers to invalid object ""C:\Program Files\palmOne\QuickInstall.exe" /FileExt". Action Taken: No Action Taken.
Entry "HKCR\PalmQuickInstall.PncFile\shell\open\command" refers to invalid object ""C:\Program Files\palmOne\QuickInstall.exe" /FileExt". Action Taken: No Action Taken.
Entry "HKCR\PalmQuickInstall.PqaFile\shell\open\command" refers to invalid object ""C:\Program Files\palmOne\QuickInstall.exe" /FileExt". Action Taken: No Action Taken.
Entry "HKCR\PalmQuickInstall.PrcFile\shell\open\command" refers to invalid object ""C:\Program Files\palmOne\QuickInstall.exe" /FileExt". Action Taken: No Action Taken.
Entry "HKCR\PalmQuickInstall.ScpFile\shell\open\command" refers to invalid object ""C:\Program Files\palmOne\QuickInstall.exe" /FileExt". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
Entry "HKCR\Presentations10.QuickFile\shell\open\command" refers to invalid object "C:\Program Files\Corel\WordPerfect Office 2002\PROGRAMS\SHOW.EXE %1". Action Taken: No Action Taken.
Entry "HKCR\Presentations3.QuickFile\shell\open\command" refers to invalid object "C:\Program Files\Corel\WordPerfect Office 2002\PROGRAMS\SHOW31.EXE %1". Action Taken: No Action Taken.
Entry "HKCR\Print.Attitudes.Project\shell\open\command" refers to invalid object "C:\PROGRA~1\Sierra\PRINTA~1\PRINTA~1.EXE /dde". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\shareaza\shell\open\command" refers to invalid object ""C:\Program Files\Shareaza\Shareaza.exe" "%L"". Action Taken: No Action Taken.
Entry "HKCR\Shareaza.Collection\shell\open\command" refers to invalid object ""C:\Program Files\Shareaza\Shareaza.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\VCDLayout.Document" refers to invalid object "{01668F03-0AC4-11CF-AB99-00C0F00683EB}". Action Taken: No Action Taken.
Entry "HKCR\VCDLayout.Document\shell\open\command" refers to invalid object "C:\PROGRA~1\Adaptec\EASYCD~1\EASYCD~1\vcdcr32.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall5_48.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0C.dat tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\My Documents\downloads\dt themes\vikngs\themnvikings.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\My Documents\downloads\dt themes\vikngs\vikings2001_by_dave.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\Program Files\FileSubmit\BBZSII\nnez_388.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\Program Files\FileSubmit\The Minnesota Vikings\nnez_388.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\048B70BF.exe tagged as "not-a-virus:AdWare.MDH.a". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F564D82.htm infected by "Trojan-Downloader.JS.IstBar.k" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\167B3404.exe tagged as "not-a-virus:AdWare.WinAD.bf". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\35641643.dll infected by "Trojan.Win32.Delf.gh" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\35EE3FCC.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\39707572.exe tagged as "not-a-virus:AdWare.MDH.a". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3977496B.dll tagged as "not-a-virus:AdWare.Suggestor.g". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3FEA7C11.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3FEA7C11.htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3FEA7C11.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\417505B3.cla infected by "Trojan.Java.ClassLoader.Dummy.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\417505B3.htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49D5696D.exe infected by "Trojan-Downloader.Win32.QDown.z" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49D91369.dll tagged as "not-a-virus:AdWare.WinAD.bg". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49D91369.exe infected by "Trojan-Downloader.Win32.Dyfuca.ei" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49DC3D66.cab tagged as "not-a-virus:AdWare.WebSearch.as". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49DC3D66.exe infected by "Trojan-Dropper.Win32.Agent.rs" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4C955821.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5C431203.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\735F4492.dll tagged as "not-a-virus:AdWare.Sahat.w". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7B743360.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7BC97702.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7BDE6185.exe infected by "Email-Worm.Win32.Nyxem.c" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7C5710B4.dll tagged as "not-a-virus:AdWare.Sahat.w". Action Taken: No Action Taken.
File C:\Program Files\WildTangent\Components\SystemConfig0100.dll tagged as "not-a-virus:AdWare.WinAD". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall5_48.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtbgm\wtbgmtt.exe tagged as "not-a-virus:AdWare.WinAD". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtbgm\files\1.5.1.019\wtbgmtt.exe tagged as "not-a-virus:AdWare.WinAD". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtvh.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent&
  • 0

#7
vikingsrule11

vikingsrule11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
I was browsing thru the list and i noticed alot of adware and remnants of programs that I deleted ages ago, but i am not going to do anything with this until you get achance to look at it.


Thanx in advance

Vikingsrule standing by for further instructions
  • 0

#8
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Yes what it found are mostly leftovers, but there are files we should delete. None of them something that could cause your main problem though, all adware..

Still, the log you posted got cut off cause it didn't fit in one post. Could you determine where it got cut and post the rest please. If you're not sure, find the point where it first says File in the beginning of a line instead of Entry and post the section starting from there omitting the part before.
  • 0

#9
vikingsrule11

vikingsrule11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
File C:\WINDOWS\NDNuninstall5_48.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0C.dat tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\My Documents\downloads\dt themes\vikngs\themnvikings.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\My Documents\downloads\dt themes\vikngs\vikings2001_by_dave.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\Program Files\FileSubmit\BBZSII\nnez_388.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\Program Files\FileSubmit\The Minnesota Vikings\nnez_388.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\048B70BF.exe tagged as "not-a-virus:AdWare.MDH.a". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F564D82.htm infected by "Trojan-Downloader.JS.IstBar.k" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\167B3404.exe tagged as "not-a-virus:AdWare.WinAD.bf". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\35641643.dll infected by "Trojan.Win32.Delf.gh" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\35EE3FCC.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\39707572.exe tagged as "not-a-virus:AdWare.MDH.a". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3977496B.dll tagged as "not-a-virus:AdWare.Suggestor.g". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3FEA7C11.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3FEA7C11.htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3FEA7C11.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\417505B3.cla infected by "Trojan.Java.ClassLoader.Dummy.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\417505B3.htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49D5696D.exe infected by "Trojan-Downloader.Win32.QDown.z" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49D91369.dll tagged as "not-a-virus:AdWare.WinAD.bg". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49D91369.exe infected by "Trojan-Downloader.Win32.Dyfuca.ei" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49DC3D66.cab tagged as "not-a-virus:AdWare.WebSearch.as". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49DC3D66.exe infected by "Trojan-Dropper.Win32.Agent.rs" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4C955821.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5C431203.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\735F4492.dll tagged as "not-a-virus:AdWare.Sahat.w". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7B743360.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7BC97702.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7BDE6185.exe infected by "Email-Worm.Win32.Nyxem.c" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7C5710B4.dll tagged as "not-a-virus:AdWare.Sahat.w". Action Taken: No Action Taken.
File C:\Program Files\WildTangent\Components\SystemConfig0100.dll tagged as "not-a-virus:AdWare.WinAD". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall5_48.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtbgm\wtbgmtt.exe tagged as "not-a-virus:AdWare.WinAD". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtbgm\files\1.5.1.019\wtbgmtt.exe tagged as "not-a-virus:AdWare.WinAD". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtvh.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0C.dat tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\My Documents\downloads\dt themes\vikngs\themnvikings.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\My Documents\downloads\dt themes\vikngs\vikings2001_by_dave.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\Program Files\FileSubmit\BBZSII\nnez_388.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\Program Files\FileSubmit\The Minnesota Vikings\nnez_388.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\048B70BF.exe tagged as "not-a-virus:AdWare.MDH.a". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F564D82.htm infected by "Trojan-Downloader.JS.IstBar.k" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\167B3404.exe tagged as "not-a-virus:AdWare.WinAD.bf". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\35641643.dll infected by "Trojan.Win32.Delf.gh" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\35EE3FCC.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\39707572.exe tagged as "not-a-virus:AdWare.MDH.a". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3977496B.dll tagged as "not-a-virus:AdWare.Suggestor.g". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3FEA7C11.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3FEA7C11.htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3FEA7C11.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\417505B3.cla infected by "Trojan.Java.ClassLoader.Dummy.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\417505B3.htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49D5696D.exe infected by "Trojan-Downloader.Win32.QDown.z" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49D91369.dll tagged as "not-a-virus:AdWare.WinAD.bg". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49D91369.exe infected by "Trojan-Downloader.Win32.Dyfuca.ei" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49DC3D66.cab tagged as "not-a-virus:AdWare.WebSearch.as". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49DC3D66.exe infected by "Trojan-Dropper.Win32.Agent.rs" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4C955821.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5C431203.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\735F4492.dll tagged as "not-a-virus:AdWare.Sahat.w". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7B743360.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7BC97702.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7BDE6185.exe infected by "Email-Worm.Win32.Nyxem.c" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7C5710B4.dll tagged as "not-a-virus:AdWare.Sahat.w". Action Taken: No Action Taken.
File C:\Program Files\WildTangent\Components\SystemConfig0100.dll tagged as "not-a-virus:AdWare.WinAD". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall5_48.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtbgm\wtbgmtt.exe tagged as "not-a-virus:AdWare.WinAD". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtbgm\files\1.5.1.019\wtbgmtt.exe tagged as "not-a-virus:AdWare.WinAD". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtvh.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
  • 0

#10
vikingsrule11

vikingsrule11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
okay, here is the rest of the log starting at like you said with file

Standing by
vikingsrule11
  • 0

#11
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Ok, just navigate to and delete these files, none of them should be hidden, then let me see a final HijackThis log so I can declare you clean malwarewise.

C:\WINDOWS\NDNuninstall5_48.exe
C:\WINDOWS\NDNuninstall6_38.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0C.dat
C:\Documents and Settings\Owner\My Documents\downloads\dt themes\vikngs\themnvikings.exe
C:\Documents and Settings\Owner\My Documents\downloads\dt themes\vikngs\vikings2001_by_dave.exe
C:\Program Files\FileSubmit\BBZSII\nnez_388.exe
C:\Program Files\FileSubmit\The Minnesota Vikings\nnez_388.exe
C:\Program Files\WildTangent\Components\SystemConfig0100.dll
C:\WINDOWS\wt\wtbgm\wtbgmtt.exe
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll
C:\WINDOWS\wt\wtupdates\wtbgm\files\1.5.1.019\wtbgmtt.exe
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll
C:\WINDOWS\wt\wtvh.dll

Oh and also delete everything in the Norton quarantine folder, there's no point in keeping those viruses in quarantine.
  • 0

#12
vikingsrule11

vikingsrule11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:20:28 PM, on 8/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\My Documents\downloads\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.samsungca...w50_install.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...9.12/ttinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5467FE57-297D-4CAF-8184-B9D84B19CDDB}: NameServer = 64.160.192.70,206.13.29.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

cleaned everything you said
here is the new hijack this log

Do you any good programs for cleaning the registry? or do i have to do it manually? i'd like to get rid of some of the junk that is in there.

Thanx much
Vikingsrule11
  • 0

#13
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Yep, that log looks clean now. I personally haven't ever used one, but I've seen Easy Cleaner being recommended for registry cleaning. Just a note, don't forget to backup your registry prior to any such attempt.

http://personal.inet...rts/ecleane.htm

As for your main problem you better get back to your original thread saying you got a clean bill from Malware.

Here are some tips in trying to prevent any future infections:

Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe
  • 0

#14
vikingsrule11

vikingsrule11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Thank you for all the help and the info

I'm going to return to my original post and see if we cant get this figured out

Thanx again
  • 0

#15
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP