Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

New Poly Win32 & HijackThis problems [RESOLVED]

Started by beeglemania , Aug 20 2005 11:06 AM

This topic is locked

#1
beeglemania

Posted 20 August 2005 - 11:06 AM

Member

Member
28 posts

Thanks already for having a service like this.

I received a warning from McAfee virus scan indicating file A0005530.exe has been infected with the “New Poly Win32” virus and that this involves system restore information. The file path McAfee gave, C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP121, I cannot find.

I have not yet had any issues that I know of but I am now afraid to shut down fearing I’ll have problems when I restart, or worse, unable reboot at all. Except for one problem I hadn’t had before; When I downloaded the latest version of HijackThis from your site and tried to run it I got a “HijackThis.exe is not a valid Win32 application” I tried three other sites to download HijackThis from. With each I would unzip the HijackThis zip file to a folder I created under My Documents. Each time I would only see the HijackThis.exe for a second and then it was gone as if deleted but not in my recycle bin.

Here is my HijackThis v1.97.7 log. I had to modify the version shown below because my first post was rejected, but part of my problem is getting the new version to run! I already had this version installed and didn’t have any problems. I’m expecting from reading your other threads that the MyWaySA stuff is bad news but I don’t know if the New Poly Win32 is related. Or if the HijackThis problems are related to these either.

Please, please help. I’m not even shutting down till I hear for you. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 11:04:53 AM, on 8/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Jeffrey\My Documents\Software\Printkey.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Jeffrey\My Documents\Software\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - Startup: Shortcut to Printkey.lnk = C:\Documents and Settings\Jeffrey\My Documents\Software\Printkey.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab

#2
Excal

Posted 20 August 2005 - 05:40 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Hi beeglemania and welcome to GeeksToGo! My name is Excal and I will be helping you.

Don't be alarmed by this: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP121.
All that means is in that ol restore point there is a possible file infected with that virus. Unless you restore back to this date, it can;t harm you. Soon as we are done here, I will show you how to reset your System Restore Points so you won't have that problem anymore

Lets get your HiJackthis problem worked out.

Please download http://www.merijn.or...ackthis_sfx.exe to your desktop

Double Click on hijackthis_sfx.exe. (This will install HiJackthis)
Chose Unzip.
Go to Start then to My Computer> then to Program Files> then to HiJackThis.
In the HiJackthis folder you will see a file called HiJackthis.exe. (should look like a stick of Dynamite) double click on that.
Click on Scan and save a log.
Copy and paste the entire contents of that log

Excal

#3
beeglemania

Posted 20 August 2005 - 06:42 PM

Member

Topic Starter
Member
28 posts

I Unzipped HijackThis as you said. WinZip Self-Extractor says "1 file(s) unzipped successfully". I went to Program files, opened the HijackThis folder but it's empty! Then I got an alert from McAfee "The file C:\unzipped\hijackthis\HijackThis.exe was infected by the W32/Generic.worm!p2p virus and has been deleted to complete the Clean process."

Thanks so much for replying. :tazz:

I'm really getting nervous!

#4
Excal

Posted 20 August 2005 - 06:47 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

No need to be nervous. Sometime Anti-virus protectors identify HiJackthis as a bad file. Never heard of them deleting them, but there is always a first time. I can assure you that HiJackthis is not a virus or infected.

Lets do this then:

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido security suite it is a trial version of the program.

Install ewido security suite
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update
Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if the main link does not work) and install it. Please Do not run yet.

Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Open up and run Ewido:

Click on scanner
Click Complete System Scan and the scan will begin.
During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop

Close Ewido

Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

Please post the Active scan log, Ewido log and a fresh HiJackThis log. Let me know how your computer is running.

#5
beeglemania

Posted 20 August 2005 - 09:02 PM

Member

Topic Starter
Member
28 posts

I did all that you said... or all that I could. I run the ActiveScan twice. Both times it run for quite a while then explorer closes without warning and nothing comes up saying an error has occured. Both the ActiveScan website and geekstogo that I left open closed. So then I tried again to install the latest HijackThis from your link above and got the same "The file C:\unzipped\hijackthis\HijackThis.exe was infected by the W32/Generic.worm!p2p virus and has been deleted to complete the Clean process." from McAfee.

Here is the Ewido report.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:33:03 PM, 8/20/2005
+ Report-Checksum: FDA254C2

+ Scan result:

C:\Documents and Settings\Jeffrey\My Documents\Software\HijackThis\backup-20041208-083305-776.dll -> Spyware.MyWay : Cleaned with backup
C:\Documents and Settings\Jeffrey\My Documents\Software\HijackThis\backup-20041208-083307-504.dll -> Spyware.Adstart : Cleaned with backup
C:\Documents and Settings\Jeffrey\My Documents\Software\Spy_Sweeper\ouk.exe -> TrojanDownloader.INService.i : Cleaned with backup
C:\WINDOWS\hpomdl03.dat:qatrtg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\IIS6.LOG:wpspt -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_jcxofp.txt -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SYSTEM32:gdaa.dll -> TrojanDownloader.Small.azk : Cleaned with backup
C:\WINDOWS\SYSTEM32\wppp.html -> Spyware.PSGuard : Cleaned with backup
C:\WINDOWS\WIASERVC.LOG:mytwmm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\WMSETUP.LOG:zytrln -> TrojanDownloader.Agent.bc : Cleaned with backup

::Report End

#6
Excal

Posted 20 August 2005 - 09:31 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Silent Runners:

Please click this link to download Silent Runners.
Save it to the desktop.
Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.
NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
For some time it will look like nothing is happening. Just keep waiting.
Once it's done it will create a log. A window will come up telling you when it's saved. Please post that log here

Try this online scan:

Kaspersky

#7
beeglemania

Posted 20 August 2005 - 09:40 PM

Member

Topic Starter
Member
28 posts

It didn't propt me about scripts. It asked somthing about supplimental searches yes or no but before I could decide it ran anyway. It took less than a minute to run. Should I do it again? Here's the log. Thanks for your continuing help!

"Silent Runners.vbs", revision 40, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [null data]
"IAAnotif" = "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" ["Intel Corporation"]
"IntelMeM" = "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" ["Intel Corporation"]
"CTSysVol" = "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"]
"P17Helper" = "Rundll32 P17.dll,P17Helper" [MS]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."]
"DMXLauncher" = "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [null data]
"UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" ["Networks Associates Technology, Inc"]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]
"DwlClient" = "C:\Program Files\Common Files\Dell\EUSW\Support.exe" ["Dell"]
"VirusScan Online" = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" ["Networks Associates Technology, Inc"]
"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]
"HP Software Update" = ""C:\Program Files\HP\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray" ["Webroot Software, Inc."]
"SsAAD.exe" = "C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [null data]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" ["McAfee, Inc"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "*Z*i?*w**b********" (unwritable string)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = "AcroIEToolbarHelper Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "AutoCAD Digital Signatures Icon Overlay Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll" ["Autodesk"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{E0D79300-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
"{E0D79301-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
"{E0D79302-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Jeffrey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Startup items in "Jeffrey" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\Jeffrey\Start Menu\Programs\Startup
"Shortcut to Printkey" -> shortcut to: "C:\Documents and Settings\Jeffrey\My Documents\Software\Printkey.exe" ["Fred's Software Company"]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ["Adobe Systems Inc."]
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"America Online 9.0 Tray Icon" -> shortcut to: "C:\Program Files\America Online 9.0\aoltray.exe -check" ["America Online, Inc."]
"AutoCAD Startup Accelerator" -> shortcut to: "C:\Program Files\Common Files\Autodesk Shared\acstart16.exe" [null data]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

Enabled Scheduled Tasks:
------------------------

"McAfee.com Scan for Viruses - My Computer (DC5J2W61-Jeffrey)" -> launches: "c:\program files\mcafee.com\vso\mcmnhdlr.exe /runtask:0" ["Networks Associates Technology, Inc"]
"McAfee.com Update Check (DC5J2W61-Administrator)" -> launches: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"McAfee.com Update Check (DC5J2W61-Jeffrey)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"McAfee.com Update Check (DELL-Jeffrey)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"McAfee.com Update Check (OLD_HP-Jeffrey)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = "Adobe PDF" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = "Adobe PDF" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"
-> {CLSID}\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["Networks Associates Technology, Inc"]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = "Adobe PDF" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\ = "Adobe PDF" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
IAA Event Monitor, IAANTMon, "C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe" ["Intel Corporation"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee Corporation"]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["Network Associates, Inc."]
McAfee.com VirusScan Online Realtime Engine, MCVSRte, "c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" ["Networks Associates Technology, Inc"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]
SonicStage SCSI Service, SSScsiSV, "C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe" ["Sony Corporation"]
Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "Yes" at the first message box.
---------- (total run time: 46 seconds, including 18 seconds for message boxes)

#8
Excal

Posted 20 August 2005 - 09:44 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Still don't see anything.

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe.
Put a check next to the below items before scanning:

Memory
Startup Folders
Drive - All Local Drives
Registry
System Folders
Services
Include Sub-Directory
Scan All Files

Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items". When it's done scanning, please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.

#9
beeglemania

Posted 21 August 2005 - 05:31 AM

Member

Topic Starter
Member
28 posts

Got it! It took 5.5 hours to run but it looks like it found some things.

Object "SubSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\CTDetect.cpl". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\Jeffrey\LOCALS~1\Temp\~MDAC270\MDAC_TYP.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\Jeffrey\LOCALS~1\Temp\50comupd.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\Jeffrey\LOCALS~1\Temp\axdist.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\Jeffrey\LOCALS~1\Temp\Deaxdist.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\Jeffrey\LOCALS~1\Temp\Jaaxdist.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\Jeffrey\LOCALS~1\Temp\Twaxdist.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\Jeffrey\LOCALS~1\Temp\hhupd.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\Jeffrey\LOCALS~1\Temp\Jet40SP5_9xNT.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\Jeffrey\LOCALS~1\Temp\Jet40SP5_Me.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\AnswerWorks 4.0\awApi4.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\MSXML3A.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00782156-43A5-4567-B187-37F3AF98FE67}" refers to invalid object "AcEPlotCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0473E417-9F6B-4B4E-9BB4-EA8EF2A0B237}" refers to invalid object "AcDrCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{04B9D34D-6CA0-4972-AE24-144623BC0D1B}" refers to invalid object "AcEPlotRenderer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{04D47EE2-EA15-41BD-A1E7-990331C7CECD}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0662245D-254C-4363-AA70-D909C154A688}" refers to invalid object ".\sldwebpub.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{07F4D811-C1F7-46FD-BD81-4A4B2CD58CE1}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0849281F-857E-44E2-AA67-EB5B7A8A4DA7}" refers to invalid object "AcEPlotCore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{087CF7BD-9343-4946-8BEE-44578710527E}" refers to invalid object "acETransmitui.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0880413D-9C3D-11D3-B931-00C04F8EF738}" refers to invalid object ".\sldse.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{08D2B309-56A6-4516-BFD6-BE6860293201}" refers to invalid object ".\Express\axctextapp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0A684F12-A26F-42F8-B16F-9EC25B372353}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "C:\Program Files\Common Files\Adobe\Shell\psicon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{117A2298-A910-41E9-B6A6-5D31B8F609EB}" refers to invalid object "AcMPolygonCOM.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{12B5E8F7-D104-3F64-9E1D-AAB6F7C7BC33}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{12ED1E87-AA15-48F9-844B-A4E47D0D0569}" refers to invalid object "ProjectPointClient.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1444FA95-CB58-11d4-88F5-00B0D0239602}" refers to invalid object ".\sldproe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{151E6750-4079-4609-9FD3-AD68B60F8B65}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{15CC9D07-16B4-11D6-A4C1-001083782B8E}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{160229B0-00CE-42F4-97CC-72EED76A12E5}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{174B3E36-396B-4C6C-860C-C063C136E5BF}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{184FDC14-2458-4E90-ADB2-6B239826D217}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1855F960-0154-4256-9FF7-7650FF50538F}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{196841AB-566B-4D81-9AAF-BDCEB3FEFB6E}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{19BE29E8-A9FF-4B59-97AA-02DE9DE4DF59}" refers to invalid object "AcDrCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1A6C7634-6585-45F1-B33A-2B21724D2238}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1A9C010F-29CE-4755-85A6-C11DD1FD1F2E}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1C9BC2F5-6822-11d2-B8A7-00C04F8EF738}" refers to invalid object ".\sldug.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}" refers to invalid object "AcETransmit.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1FA1D9C3-A91A-4995-9C6A-7F6B83E07800}" refers to invalid object "AcTcTools.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{21D3E63B-2CEF-4A83-B2D0-D64DB6772112}" refers to invalid object "AcSmNav.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{23B36DFA-25C6-449C-A1C9-3E0F94371ECB}" refers to invalid object "vl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{23C79E27-9A43-4A25-BF25-501888F37F26}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2430821E-E213-4A90-B38A-77F090B65339}" refers to invalid object "acdchatch.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2464FDD3-E3C5-4715-8977-3024BE535F0C}" refers to invalid object "acmted.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{24F2614A-D524-44C8-8A51-57DC9D51A4F6}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{252C3FFD-5114-4D0C-BFA5-BBE62A740C0A}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2579DAF4-BA52-434A-857A-D03C5095A43C}" refers to invalid object "AcDrCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2590FEFF-1F68-4691-9834-C96F2817DBC9}" refers to invalid object "AcObjClassImp.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{25DE6B7C-2219-4CD9-9E37-0C56F47EA7D4}" refers to invalid object "vl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{25E11127-A908-4F2E-B272-A43ECF73D652}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2973F7C7-0D14-44B8-A634-18CD70119EB8}" refers to invalid object "AcDrCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2A9A858F-79E8-4BE6-B205-E7D41B137114}" refers to invalid object "csp16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2AADC298-8C6C-4DF5-ABA6-07F8E21303BA}" refers to invalid object "AcEPlotCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2AE7120B-CEE4-47A5-9B50-EF9F3ADE24AC}" refers to invalid object "AcTcTools.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2AF455A6-9012-4D01-9E02-A8E5680E1E7E}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2CB2F785-7736-3581-AC7C-C734C1498138}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2D29F8DF-372D-4027-B638-8938F1587691}" refers to invalid object "AcMPolygonCOM.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2D71332F-560F-4060-B599-3375E7E47783}" refers to invalid object "AcEPlotCore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2E759BFF-9723-408F-BBE0-6A798135B3CC}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FAA8BEA-AB1B-479A-97B2-6E7AAB38750E}" refers to invalid object "Acopm.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{31DBB451-9109-41EA-854C-B25905225AEA}" refers to invalid object "Acpi.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{31F87CA6-498C-425f-BD0A-339141E2A58C}" refers to invalid object "AcProject16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{352450CA-4793-3608-8BF3-3EEA430EB898}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{375DD1E5-11C0-4606-80F9-FB9D8978E0B7}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3AB8DCCE-A4F4-464E-9BE2-49C46518402B}" refers to invalid object "AcDmPropertyEditors.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3AB8DCCF-A4F4-464E-9BE2-49C46518402C}" refers to invalid object "AcDmPropertyEditors.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C7F7161-53CD-4DFD-8A7E-DD3513C253DB}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3D0A034C-1028-4AA1-B2E7-99E52473C7D4}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3EFB8E83-DFA7-4705-A9CF-27287E5F14B4}" refers to invalid object "AcSmNav.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}" refers to invalid object "AcETransmit.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3FF3D4A0-C89A-4C2B-9847-3DB02BC22F33}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{43F4168B-C1C3-43E0-BFE4-B703447E2AA2}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{43FD41DE-D16A-44AD-847F-70C08743BDDB}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{45029A0D-EAA5-4618-ABA5-86F3FEEBC8C4}" refers to invalid object "AcEPlotCore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4575C431-E2CB-11d2-B8E0-00C04F8EF738}" refers to invalid object ".\sld2demu.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{45D4C0E8-5896-420D-A27C-6A9793497065}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{46C64A4D-2B14-11D2-B484-00C04FA33EF2}" refers to invalid object "ShellExt\sldicon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{46F375E5-2D7E-4C5A-9438-222713012BDC}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}" refers to invalid object "AcETransmit.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{47426477-BD24-47B4-8F79-4B739488B39D}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{47B1A6D8-48F2-469A-B52E-6CFB87D01666}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{47B4ACA1-B1C4-11d2-8398-0008C7B2F44D}" refers to invalid object ".\sldmdt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{47C32803-2322-4B65-B546-CEF4867A29A6}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{49E0BE0A-39E0-4932-B7BE-F249D56ACD31}" refers to invalid object "csp16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4B72D1F6-14EC-4442-9BD6-BADF80B009F3}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4C0AFFDF-F919-4A04-A3B0-E048DF7907C2}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4C17F79D-0C15-40FD-B8BD-D3F7B5F13DAB}" refers to invalid object "acdcimages.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4C480BB3-ECB5-4BF3-BD26-B69A05B11980}" refers to invalid object "AcDrCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4C7D3572-08DA-408F-AAB6-3C1A25E230EA}" refers to invalid object "AcTcTools.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4D0BBBEF-B91D-46AC-A3C0-BEBB947FADE6}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}" refers to invalid object "C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}" refers to invalid object "C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4DE4AD7B-6F4A-441E-98EE-8B1DF0F8BDC4}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4EEF602A-59C4-465B-B191-D0D18FC5669D}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{50446CFC-B0CF-432A-BA08-5D1CBDF090C8}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{50A6E6B7-BF09-40BA-9BC0-2D0915F8E4BD}" refers to invalid object "AcEPlotCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5149A9AC-E7E5-43C7-A78F-A80A53783A8D}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{526F2FB5-3C09-4AC7-B85F-BBF4AF0C321A}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{53A0CDD1-85DB-4A31-935B-02DC85DEC824}" refers to invalid object "AcEPlotCore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{54F4FDEB-0565-4E6C-9E17-B086D8EB5988}" refers to invalid object "AcDrCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}" refers to invalid object "AcETransmit.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{55CF0D68-EBD0-4D54-B138-98CCF7BCCB20}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{56B33EE5-A0C8-4FCC-878D-55D5459C2202}" refers to invalid object "AcProject16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{56F7B847-C084-4592-B7D9-8DCA4F2E8E3F}" refers to invalid object "AcTcTools.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{58683F4B-E026-4945-856C-B28BC1CC2997}" refers to invalid object "acdclayouts.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586B5241-824A-4782-B979-F7EE45273A2C}" refers to invalid object "AcDrCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{58E75994-81AC-4D23-8685-DB85C91E8F8F}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5903AA09-83E7-4EC6-B75B-65D682388798}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5923C86F-5E02-4DED-8552-4C9EB49D1B45}" refers to invalid object "AcEPlotCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5D38618F-91BF-4051-A9F8-DD3603D9E506}" refers to invalid object "ProjectPointClient.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5d3d7a00-5f31-11d1-b1c9-0020af351f6f}" refers to invalid object ".\sldtrans.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5D41236F-4888-4DAD-8B73-09DF4320FCBB}" refers to invalid object "AcEPlotCore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5D4ACD67-7FD8-4089-9EB7-EF145EBFF3C9}" refers to invalid object "AcTcTools.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5D7B80B6-3670-4ADB-B5E2-7B3CEA6CCD80}" refers to invalid object "AcProject16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5E303963-5DA0-4A8C-81E1-8E8C227EE369}" refers to invalid object "AcObjClassImp.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5F113180-B226-4EE1-9B3C-059147155BE2}" refers to invalid object "vl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5FE9BF0E-C458-430F-AB9E-0913D056B39B}" refers to invalid object "acETransmitui.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{600DFAE3-319F-407C-813A-8FEE8B6CD923}" refers to invalid object "AcEPlotRenderer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{609D182C-79AB-458D-A107-DF2368812FFB}" refers to invalid object "ProjectPointClient.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{60F068A4-8FF0-42D2-87CC-CBBD8C97F91A}" refers to invalid object "AcStMgr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{613DF36A-190B-4A0A-A1CA-F91463379C6D}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6159C2A0-F4DE-4416-966B-C766BB8C8C60}" refers to invalid object "ProjectPointClient.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{615F2CF0-C283-4FF9-B839-FAB43A957885}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{61889A04-5A84-462F-91E3-FCF5D6011386}" refers to invalid object "AcStMgr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{61F1B194-8BD7-49B9-9B5E-8E6102B545C0}" refers to invalid object "AcDrCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{62FDCD8F-87CF-11D6-A55B-0060B0875CB4}" refers to invalid object "AcStLay.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{62FDCD91-87CF-11D6-A55B-0060B0875CB4}" refers to invalid object "AcStDStyle.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6494BB2C-9E51-4E2D-9396-94BE47A9F6DC}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{65D10D07-1DEA-461E-A828-003EED48A43D}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{682E7978-812E-4F58-81E8-7067899D2328}" refers to invalid object "cao16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6A4379DC-17DA-46F6-8044-A2B92F4168AB}" refers to invalid object "acdcdimstyles.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6B8FE721-A25A-11d3-B45B-0008C7B2ECD7}" refers to invalid object ".\sldinventor.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6C2269DC-77B6-4908-8D0C-4E3CF1036FA7}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6C8C8217-60FA-43EE-A844-3ECC323BB16E}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6CFA013D-9ECB-4C64-9F1F-850D73C01A0B}" refers to invalid object "AcSmNav.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6F11097F-B60D-48CC-9BB7-4DC75517107D}" refers to invalid object "ProjectPointClient.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6FA79072-CFB7-4745-8D27-C5BCC0FF37C7}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6FA888E1-7D5A-4E6F-B06E-3434DD217D03}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{700D36FB-3889-11D4-AF00-00C04F61025C}" refers to invalid object ".\sldxgl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7020D670-DF25-47E3-9BFB-E269B4029559}" refers to invalid object "WSCommCntrAcCon.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7169F451-E1F5-4B29-B267-8A8A0E6435CE}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}" refers to invalid object "AcETransmit.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{73A2C661-DD2D-4340-9D3A-7ED93F6A3158}" refers to invalid object "acETransmitui.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7528300E-DC20-4650-BB67-DA0ADAD6F9EE}" refers to invalid object "AcObjClassImp.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{758C6B6F-E553-42E1-BC76-22DE2D80F7EF}" refers to invalid object "AcEPlotRenderer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{785C0F04-2F05-476A-A523-3886591B5AD4}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{79047464-B441-435B-80E8-21E0095CC741}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7A051850-9B71-492D-8B82-474C3A2B0570}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7C21FF74-D9D0-4C6B-9C25-1D41B58F4776}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7C39017A-0875-45D2-AEE1-8CE5FA00A9BD}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7C66BE02-EB10-4D63-AE3E-B47326EBC821}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7C672133-53DB-4FBF-BA5C-E017F83D866B}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7CF8CA03-1DCE-11d1-A89B-0020AF351FA9}" refers to invalid object ".\fworks\fworks.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7E1D816A-6300-494B-AA72-8334650C5399}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7E7D8243-4A38-42F5-A152-0629315D7B2B}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7ECFDADD-4D10-4EE0-8B4B-E4441562B99D}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7EFD5D24-CB58-11d4-88F5-00B0D0239602}" refers to invalid object ".\sldjpeg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7F962213-845A-4E01-9CC7-8498DF226400}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7FFD8B60-5083-4C30-A642-AE08CD6B75E7}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{80F11EE2-7D24-4929-91AF-DB046C90D811}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8221CC89-8C65-4C50-85FE-53005DE1B3B0}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8236E827-1066-39D0-A668-B01872D0EEA2}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83809F95-F7BB-49CD-9B88-AF845E262AC0}" refers to invalid object "AdFTP.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83E53FB0-C3F9-44C8-8917-1A79D89B90AA}" refers to invalid object "Acopm.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{841C6AD6-6305-40EF-954A-4E640C441D9A}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{86508E78-0E54-4AE3-A648-74C4A17817BA}" refers to invalid object "acdim.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{86C923E2-046B-4681-9621-6FDEF0EB4928}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{86F1A762-A73E-4e29-B22C-A757344BA60B}" refers to invalid object ".\Express\axrtext.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{86F97DA6-DB20-414D-9E17-6E9043977C32}" refers to invalid object "WSCommCntrUI1.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{87492213-63E9-4D80-B315-3D8194F8F176}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8753FADF-A8C0-4F12-B49F-2E137012AE6C}" refers to invalid object "ProjectPointClient.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{891BBE9C-F28F-48BB-87D2-80016268F6AD}" refers to invalid object "AcDrCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{89EF6CAA-5E61-4E9F-BD27-02216EE949CD}" refers to invalid object "AcDrCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8AE5BFE8-9F94-494B-87B9-DFF35E28920B}" refers to invalid object "AcDrCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8AF4C509-177C-4898-90A7-981C44DE444E}" refers to invalid object "C:\Program Files\AnswerWorks 4.0\awApi4.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8B539C81-CB02-4E75-B09F-C9ABB138246E}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8BA21FDA-27B1-4877-B8CB-255266619AC1}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8C77B6E2-46A5-4041-90A5-ECFF70A4B875}" refers to invalid object "AcStETransmit.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8F0155F1-BE87-47FD-9888-56CDBB72919D}" refers to invalid object "vl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{907F9836-6B47-43F2-853D-43DB01BC3CD5}" refers to invalid object "ProjectPointClient.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{93023A42-4399-463F-AB7B-29776E3573E5}" refers to invalid object "acdcxrefs.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9307A809-170D-4A75-B8EC-D3C462D2F4DB}" refers to invalid object "Acopm.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{94684377-17FE-452E-9A51-7AABFFFE40BA}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9505D6DC-6B3E-483C-AB22-67369EF30225}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{96455E4D-80A8-400D-8D3A-3A7D92B54581}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{965F8AA1-215C-407C-A581-CFC64B073E4F}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{979F9A0A-9738-40FC-A216-84BD6DD27A88}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{97B6DC06-B77F-498B-8647-918893DFF6F9}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{97E9824E-0AAF-4045-8003-7C58B0F13CD5}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{98EEC9A9-7F09-48E0-B615-984801A634CB}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99798E83-5AA5-432D-886E-D9F29AD6B617}" refers to invalid object "ProjectPointClient.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99CD9966-D002-425D-AB7A-04E500546DB6}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9A924FFC-7D57-481D-B254-C892E7E37425}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9B706F88-2A5E-44F5-9A8E-2BBF75708823}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9C057DFC-A5D8-4EE4-ACF3-48BE085EF4BC}" refers to invalid object "AcInetUI.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9D736334-2AF0-4BD2-98B0-8AF68BC1E2A1}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9E416B3E-02BC-4312-A77D-78F7AD8C31A1}" refers to invalid object "acETransmitui.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A05B8828-D41A-457F-B9A6-254D62A2369C}" refers to invalid object "AcEPlotRenderer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A117FEB5-6122-4207-B02D-C6574DD30729}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A3CE677E-5566-4798-B7AF-4F7ED56CC9F7}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}" refers to invalid object "AcETransmit.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A5935BA4-F591-413D-905C-66E2F2AF0735}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A610AC29-F739-4C2A-9400-70AF488A3C23}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A6E28B64-42C3-4518-B926-65AB6BDB2CF1}" refers to invalid object "AcDrCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AA055959-C7F1-4CFD-A2D1-8881D547E79C}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AC616378-FC04-4FCC-AB22-DB2D8622AA4C}" refers to invalid object "acETransmitui.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AD8D5EEF-2D87-489F-BE7C-10D9A9C23A3C}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AE1348D9-6BC1-4F2E-8903-7E894E0B7199}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AF0F641B-9CCE-4474-8582-EFE0A38410FC}" refers to invalid object "AcTcTools.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AF2B061F-DE61-421E-A4C7-9DCC77B001F4}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B171FBE5-2002-4F93-B71A-24D1749BA6F1}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B17C17E0-382C-4A3F-8D27-BAC759D66781}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B300A5BE-819A-4F6A-A452-DD115F4981D1}" refers to invalid object "AcObjClassImp.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B34E3425-00AC-4C25-8800-EB5C80BF97F7}" refers to invalid object "vl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B3922BE8-7DE6-49C7-A6CD-CA35899C499F}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B4245981-1737-491D-9BA1-88D628259F4F}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}" refers to invalid object "AcETransmit.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B5B91160-9818-4E96-BD97-B981A7AF8E06}" refers to invalid object "AcFocusCtrl16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B68C9A08-89A0-4A9D-A3CE-7951EBE5E08F}" refers to invalid object "AcDrCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B7866F36-CA7E-4495-80A0-457435A5EA19}" refers to invalid object "AcDrCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B89CCEBE-5B33-4646-9CD2-D1DCFDA16242}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB38C5A6-BB24-4986-9782-2FCD6437B1B1}" refers to invalid object "AcStMgr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB8CA337-87D3-11D6-A55B-0060B0875CB4}" refers to invalid object "AcStLtype.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB8CA339-87D3-11D6-A55B-0060B0875CB4}" refers to invalid object "AcStTStyle.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BBE1C463-3DBE-4b29-976B-E1C75AFE1EDF}" refers to invalid object "C:\Program Files\Musicmatch\MUSICMATCH Music Services\MMDRMCtrlObj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BBEF802E-1021-11d4-BD57-00C04F019809}" refers to invalid object ".\sldcollab.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BD41FC2A-1A19-47B2-A361-D64CD9833AD5}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BD41FC2B-1A19-47B2-A361-D64CD9833AD5}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BE67D23F-E36A-11D5-B4E5-00B0D03E954A}" refers to invalid object "AcTc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BECFA513-0C01-458E-B468-657849849E33}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C0F0AB90-05BF-4555-AE09-8AC5EC775309}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C118EE4F-3692-4B1F-BBC7-1F1911E64910}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C14AD0AE-7C2D-48E7-B8FC-2D48AD9149D1}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1908682-7B2C-4AB0-B98E-183649A0BF84}" refers to invalid object "C:\Program Files\AnswerWorks 4.0\awApi4.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1B19206-6E9A-49F2-A937-6F804AF4C477}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1FA096D-C442-3B7F-90C9-7299B16A2989}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C3E6AAC1-5DA2-48A9-ACC4-666EDD788084}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C48D6DB4-09BB-442A-899D-7B85B1011FB9}" refers to invalid object "AcSmNav.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C504B291-944A-4828-9CFC-D3727B651AC7}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C64EA053-7634-4466-89CF-AFDAB92C8F1B}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C6CB13D4-3E36-4AB8-80D2-FC202CBB0ACD}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C8298CDD-FB72-40A1-B39A-5A51E13EBEC6}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C8710257-8A07-4E19-855B-FD685D8939A7}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C8F4366D-BAC6-4463-9F42-C2627D8E86FB}" refers to invalid object "acdcsymbols.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C90DF1A7-4DEF-11D4-AF15-00C04F61025C}" refers to invalid object ".\sldhsf.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C9AB9290-FC5A-458B-AEB4-BDF9BE6A5E55}" refers to invalid object "AcTcTools.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C9B1F283-9A3A-4BEA-B425-34D3E868CD78}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CA665E1B-2ACF-4984-B9B6-04965AFEBF0C}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CC54D9C4-CB60-46F3-9B0C-7B4565B26824}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CC7F3967-6919-42E6-A2ED-6FFA0697AFBB}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CD0C64E9-8BDA-11d6-B09D-00065B87F34E}" refers to invalid object ".\photoworks\pworks.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CD5C7ABB-9A0C-4C3A-B0C7-73296AFF7EC1}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CEDD7570-F7B8-40D1-98C6-38B8D26CCFD6}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D02729A2-65C5-470A-93B0-17715C9D6555}" refers to invalid object "AcTcTools.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D0C90C35-1ADD-40F5-8B5D-90DE4E6DACB8}" refers to invalid object "ProjectPointClient.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D15AAEC7-3F91-487A-9558-910CF4ACFE2F}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D3F43638-64EF-417F-98C4-D41439051A23}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D4AC5178-7768-4F83-9865-D4F1AA0333E5}" refers to invalid object "acdctextstyles.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D54C093F-BABF-419A-8C7F-F4BEE70267F6}" refers to invalid object "AcEPlotCore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}" refers to invalid object "AcETransmit.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D621630B-0BFA-480E-94EF-2EEA1BD58D51}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D6E617DD-97D4-41DD-BD2F-56C1FFBF8BFD}" refers to invalid object "acdclinetypes.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D7EC585A-02A5-45E7-8792-7F1A9175E7F8}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D7F62684-30B2-4652-8460-C12FBC7E9D2E}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D8538A54-4BBD-42B8-8C5F-FAC5CA7B4CA4}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D8ED77BE-9062-4E7C-9402-962BE0C836C4}" refers to invalid object "AcEPlotCommon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DAB9A45B-39DA-46D9-ADE6-A2D49DDBE577}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DB09FC5C-EB2A-49D0-ADA5-C771FD61862C}" refers to invalid object "cao16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DDE306CA-B5C1-4C92-AFAB-2B37D01A717F}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DEC6F1C3-58C3-49D0-A3E8-4C9A730B8190}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E186066F-8228-48F9-B0CF-5164FE23CC4A}" refers to invalid object "acETransmitui.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E2CD2B06-5B97-41D9-AA27-18AC0F98505F}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E2E8A2A9-935D-4BB5-9347-717DDAEB327F}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E4048BDD-B397-4A27-ABEB-ED0F88B41756}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E4727F6D-8534-4CC5-8731-FEC2D7570F4C}" refers to invalid object "achlnkui.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}" refers to invalid object ".\sldmts.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E4A55764-4C3D-405E-BCCB-8C81AB6DBCFC}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E4F2A54A-AF3A-4366-ACE0-F11F189D1A49}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E57B2E09-8B70-4C6B-B70F-06886ABA4684}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E616BB3D-C830-424E-966B-65C54F4C150C}" refers to invalid object "AcDmPropertyEditors.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E631D337-7F88-44C8-B63F-C9031292FB4E}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E68312A2-580C-4F22-BCD9-2E0CE58CB135}" refers to invalid object "acismui.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E6FED699-B021-425F-9B7C-E631551E2E41}" refers to invalid object "ProjectPointClient.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E8009946-92BE-45CA-A2F6-22A607FE41D8}" refers to invalid object "AcStMgr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E981DDD5-E7B9-11d2-8BC1-00105A1E7868}" refers to invalid object ".\animator\animator.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EA320F72-9CFB-11D3-B931-00C04F8EF738}" refers to invalid object ".\slddxf3d.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EA6D6140-B967-4D4F-90A8-7F1B2E350B03}" refers to invalid object "AcStMgr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EBF2737C-503C-417B-9157-BE52BD858BFF}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EC5EB7D5-F7B0-43EB-BBFC-5B66535262C5}" refers to invalid object "cao16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ECC7712B-3A38-440A-BBF5-531D811B16A5}" refers to invalid object "AcEPlotCore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ECE597DD-A801-4B74-8BFD-E21A31460F6A}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ECF0DB32-1396-4402-8231-0B4FC1124537}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ED2490B2-06E6-4B7E-80D7-1ADAD6363694}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ED78333F-D5DB-11d4-BD5A-00C04F019809}" refers to invalid object ".\toolbox\swtoolbox.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ED783340-D5DB-11d4-BD5A-00C04F019809}" refers to invalid object ".\toolbox\swbrowser.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EEE6A656-87AC-11D6-A55B-0060B0875CB4}" refers to invalid object "AcStMgr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EEE6A65A-87AC-11D6-A55B-0060B0875CB4}" refers to invalid object "AcStMgr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EF4A5D29-39FA-49C6-B7D3-F2D2D0423245}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EF5A02F6-7908-407F-A945-2BCB2AE589AB}" refers to invalid object "AcPEXCtl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F335158C-A691-11D3-B934-00C04F8EF738}" refers to invalid object ".\sldhcg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F5586766-A8F5-4DA4-99D2-4FA1A45FDFBF}" refers to invalid object "AcEPlotViewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F5EF74D3-7179-4897-97C9-FB6AC324D85D}" refers to invalid object "AcTable.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F6138459-F06F-4007-AB1E-9BC06F28E864}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F65301D2-6C8D-42A2-9E20-50E21CD5A223}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F80FA0F1-B13D-11d4-944A-000629992CFE}" refers to invalid object ".\sldutils\swloadersw.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F8683F4B-E026-4945-856C-B28BC1CC2997}" refers to invalid object "acdctblstys.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F8AEF2C7-62ED-40DA-B6C5-9FE54D6612F8}" refers to invalid object "vl.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F972DFFB-179F-48A6-8B26-E04697991A92}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FE4228BB-8F46-41CB-BC39-6A2061A60EF2}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FEBD61A0-4DCA-4CC1-A461-6801ED213209}" refers to invalid object "acETransmitui.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FFA27C46-6146-4BEF-8B42-014E7FB7A893}" refers to invalid object "axdb16.dll". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\gotobar.HSBColor.3" refers to invalid object "{A272895F-590A-E427-E0E9-2A598A8E4817}". Action Taken: No Action Taken.
Entry "HKCR\HPCUE.DfrgCtl.3" refers to invalid object "{45E7139E-0271-4472-6FB2-1716432872D2}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\MSPaper.Document" refers to invalid object "{F086132E-222E-410A-BED7-343FF4D963A7}". Action Taken: No Action Taken.
Entry "HKCR\Office.TabletManager" refers to invalid object "{DA65B152-E34D-4263-657D-6F966884B39F}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.PPScripting" refers to invalid object "{8C4C127B-E75A-D18B-37C9-2D8469CB50EB}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
File C:\Program Files\Dell\Media Experience\Plugins\WildTangent\plugin\WildTangent\onplay.exe tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\Program Files\Dell\Media Experience\Plugins\WildTangent\progfile\onplay.exe tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\Program Files\Dell\Media Experience\Plugins\WildTangent\wtsetup.exe tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP121\A0005523.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP121\A0005526.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP121\A0005527.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP121\A0005528.dll infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP121\A0005531.dll tagged as "not-a-virus:AdWare.SearchPage". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP121\A0005537.dll tagged as "not-a-virus:AdWare.SearchPage". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP121\snapshot\MFEX-1.DAT infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP57\A0003384.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP57\A0003386.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP57\A0003389.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP57\A0003390.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP57\A0003391.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP57\A0003394.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP57\A0003396.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP57\A0003397.dll tagged as "not-a-virus:AdWare.SearchPage". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP57\A0003398.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.

#10
Excal

Posted 21 August 2005 - 09:45 AM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

open Hijackthis and do a scan. Please check off the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

click FIX CHECKED then close Hijackthis

Please remove the following folders using Windows Explorer (if present):

C:\Program Files\Dell\Media Experience\Plugins\WildTangent
C:\Program Files\MyWaySA

Reboot

You Registry has a lot of left overs in it, probally from uninstalls and old bad files, and it needs to be cleaned.

Please dowload: RegSeeker.
Click on "Clean The Registry" in the left panel.
Check all boxes (make sure the backup box in the lower left corner is selected!).
After it runs, click "Select All" on the bottom, then right-click on any selected item in the window and select "Delete Selected Items".
Click "Quit RegSeeker".

Now, open any of your installed programs, and make sure that everything opens ok. If so, reboot, then go back and run the RegSeeker again, do the same thing again if anything is found. When RegSeeker finds nothing else, then it's clean!

#11
beeglemania

Posted 21 August 2005 - 01:34 PM

Member

Topic Starter
Member
28 posts

Okay, I fixed the items in HijackThis like you said. Then I run the RegSeeker. I opened a few programs and everything seemed to work okay.

Then I tried to restart the machine. I received an error; COPY ERROR 1719 THE WINDOWS INSTALLER SERVICE COULD NOT BE ACCESSED. THIS CAN OCCUR IF YOU ARE RUNNING IN SAFE MODE, (which I wasn't) OR IF THE WINDOWS INSTALLER IS NOT CORRECTLY INSTALLED. CONTACT YOUR SUPPORT PERSONELL FOR ASSISTANCE. So I had to click OK and END NOW then the computer rebooted.

Upon restart a window appeared showing PREPARING TO INSTALL TRAY APP. Then it dissapeared. Then I got PREPARING TO INSTALL FAX. It then changed to FAX THE FEATURE YOU ARE TRYING TO USE IS ON A CD-ROM OR OTHER REMOVABLE DISK THAT IS NOT AVAILABLE. INSERT THE FAX DISK AND CLICK OK. We'll I clicked cancel three times and it comes back so i found the original Drivers and Utilities disk that came from Dell for 56K data/Fax and modem software. I clicked OK and it still did not find what it needed. So I clicked browse. I searched the entire disk and cant find the FAX.msi file it is looking for. This window for Fax is still here. It keeps coming back.

Last I turned of the McAfee virus scan, downloaded HijackThis from the link in your inital reply, run it and I have the log posted below. When I turned McAfee back on it deleated my HijackThis.exe again saying that it's a W32/Generic.worm!p2p. However it does not delete my HijackThis v1.97.7.

Logfile of HijackThis v1.99.1
Scan saved at 3:11:13 PM, on 8/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Jeffrey\My Documents\Software\Printkey.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - Startup: Shortcut to Printkey.lnk = C:\Documents and Settings\Jeffrey\My Documents\Software\Printkey.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Qlapfsvcmr - QLogic Corporation - (no file)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#12
Excal

Posted 21 August 2005 - 01:43 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

I need you to go to start then run. type in Services.msc. Scroll down and tell me if you see this in the list Qlapfsvcmr or QLogic Corporation

also

Create a Startup List:

Open HiJackThis
Click on the configure button on the bottom right
Click on the tab "Misc Tools"
Check off the 2 boxes next to the Box that says "Generate StartupList log"
Click on the button "Generate StartupList log"
Copy and past the StartupList from the notebook onto your post

Thanks,

Excal

#13
beeglemania

Posted 21 August 2005 - 01:53 PM

Member

Topic Starter
Member
28 posts

Qlapfsvcmr is there and it is set for manual.

Here's the startup list report from HijackThis.

StartupList report, 8/21/2005, 3:50:24 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\Jeffrey\My Documents\Software\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Jeffrey\My Documents\Software\Printkey.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\MsiExec.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeffrey\My Documents\Software\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Jeffrey\Start Menu\Programs\Startup]
Shortcut to Printkey.lnk = C:\Documents and Settings\Jeffrey\My Documents\Software\Printkey.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
IAAnotif = C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
IntelMeM = C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
CTSysVol = C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
P17Helper = Rundll32 P17.dll,P17Helper
UpdReg = C:\WINDOWS\UpdReg.EXE
DVDLauncher = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
DMXLauncher = C:\Program Files\Dell\Media Experience\DMXLauncher.exe
UpdateManager = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
dla = C:\WINDOWS\system32\dla\tfswctrl.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command

(Default) = "C:\WINDOWS\notepad.exe" "%1"

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}

--------------------------------------------------

Enumerating Task Scheduler jobs:

McAfee.com Scan for Viruses - My Computer (DC5J2W61-Jeffrey).job
McAfee.com Update Check (DC5J2W61-Administrator).job
McAfee.com Update Check (DC5J2W61-Jeffrey).job
McAfee.com Update Check (DELL-Jeffrey).job
McAfee.com Update Check (OLD_HP-Jeffrey).job

--------------------------------------------------

Enumerating Download Program Files:

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll
CODEBASE = http://download.mcaf...90/mcinsctl.cab

[Java Plug-in 1.4.2_03]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoft...free/asinst.cab

[DwnldGroupMgr Class]
InProcServer32 = C:\WINDOWS\system32\McGDMgr.dll
CODEBASE = http://download.mcaf...,23/mcgdmgr.cab

[Java Plug-in 1.4.2_03]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: system32\DRIVERS\ABP480N5.SYS (system)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
adpu160m: system32\DRIVERS\adpu160m.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)
Compaq AGP Bus Filter: system32\DRIVERS\agpCPQ.sys (system)
Aha154x: system32\DRIVERS\aha154x.sys (system)
aic78u2: system32\DRIVERS\aic78u2.sys (system)
aic78xx: system32\DRIVERS\aic78xx.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: system32\DRIVERS\aliide.sys (system)
ALI AGP Bus Filter: system32\DRIVERS\alim1541.sys (system)
AMD AGP Bus Filter Driver: system32\DRIVERS\amdagp.sys (system)
amsint: system32\DRIVERS\amsint.sys (system)
AOL Connectivity Service: C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: system32\DRIVERS\asc.sys (system)
asc3350p: system32\DRIVERS\asc3350p.sys (system)
asc3550: system32\DRIVERS\asc3550.sys (system)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
Autodesk Licensing Service: "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe" (manual start)
Broadcom NetXtreme 57xx Gigabit Controller: system32\DRIVERS\b57xp32.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
cbidf: system32\DRIVERS\cbidf2k.sys (system)
cd20xrnt: system32\DRIVERS\cd20xrnt.sys (system)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Arrowkey Device Access: \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS (autostart)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
CmdIde: system32\DRIVERS\cmdide.sys (system)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: system32\DRIVERS\cpqarray.sys (system)
Creative Service for CDROM Access: C:\WINDOWS\system32\CTsvcCDA.EXE (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Creative SoundFont Management Device Driver: system32\DRIVERS\ctsfm2k.sys (manual start)
dac2w2k: system32\DRIVERS\dac2w2k.sys (system)
dac960nt: system32\DRIVERS\dac960nt.sys (system)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
dpti2o: system32\DRIVERS\dpti2o.sys (system)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
drvmcdb: system32\drivers\drvmcdb.sys (system)
drvnddm: system32\drivers\drvnddm.sys (autostart)
Intel® PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido\security suite\ewidoctrl.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
hpn: system32\DRIVERS\hpn.sys (system)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: system32\DRIVERS\i2omp.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
IAA Event Monitor: C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (autostart)
Intel AHCI Controller: system32\drivers\iaStor.sys (system)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
ini910u: system32\DRIVERS\ini910u.sys (system)
IntelC51: system32\DRIVERS\IntelC51.sys (manual start)
IntelC52: system32\DRIVERS\IntelC52.sys (manual start)
IntelC53: system32\DRIVERS\IntelC53.sys (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
mchInjDrv: \??\C:\WINDOWS\TEMP\mc210.tmp (disabled)
McAfee.com McShield: c:\PROGRA~1\mcafee.com\vso\mcshield.exe (manual start)
McAfee SecurityCenter Update Manager: C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (manual start)
McAfee.com VirusScan Online Realtime Engine: c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
mohfilt: system32\DRIVERS\mohfilt.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
MPFIREWL: System32\Drivers\MpFirewall.sys (system)
McAfee Personal Firewall Service: C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (autostart)
mraid35x: system32\DRIVERS\mraid35x.sys (system)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
MSCSPTISRV: C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (manual start)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
NaiFiltr: system32\DRIVERS\NaiFiltr.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
OMCI WDM Device Driver: system32\DRIVERS\omci.sys (system)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Creative OS Services Driver: system32\DRIVERS\ctoss2k.sys (manual start)
Sound Blaster Live! 24-bit: system32\drivers\P17.sys (manual start)
PACSPTISVR: C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
perc2: system32\DRIVERS\perc2.sys (system)
perc2hib: system32\DRIVERS\perc2hib.sys (system)
PfModNT: \??\C:\WINDOWS\system32\drivers\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (manual start)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
ql1080: system32\DRIVERS\ql1080.sys (system)
Ql10wnt: system32\DRIVERS\ql10wnt.sys (system)
ql12160: system32\DRIVERS\ql12160.sys (system)
ql1240: system32\DRIVERS\ql1240.sys (system)
ql1280: system32\DRIVERS\ql1280.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: system32\DRIVERS\sisagp.sys (system)
Sparrow: system32\DRIVERS\sparrow.sys (system)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Sony SPTI Service: C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (manual start)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
sscdbhk5: system32\drivers\sscdbhk5.sys (system)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
ssrtln: system32\drivers\ssrtln.sys (system)
SonicStage SCSI Service: C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Webroot Spy Sweeper Engine: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{2F130D52-0BDB-47EB-AF81-1E09BA7E21E7} (manual start)
symc810: system32\DRIVERS\symc810.sys (system)
symc8xx: system32\DRIVERS\symc8xx.sys (system)
sym_hi: system32\DRIVERS\sym_hi.sys (system)
sym_u3: system32\DRIVERS\sym_u3.sys (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
tfsnboio: system32\dla\tfsnboio.sys (autostart)
tfsncofs: system32\dla\tfsncofs.sys (autostart)
tfsndrct: system32\dla\tfsndrct.sys (autostart)
tfsndres: system32\dla\tfsndres.sys (autostart)
tfsnifs: system32\dla\tfsnifs.sys (autostart)
tfsnopio: system32\dla\tfsnopio.sys (autostart)
tfsnpool: system32\dla\tfsnpool.sys (autostart)
tfsnudf: system32\dla\tfsnudf.sys (autostart)
tfsnudfa: system32\dla\tfsnudfa.sys (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
TosIde: system32\DRIVERS\toside.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: system32\DRIVERS\ultra.sys (system)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: system32\DRIVERS\viaagp.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WMDM PMSP Service: C:\WINDOWS\system32\MsPMSPSv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
End of report, 39,002 bytes
Report generated in 0.734 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#14
Excal

Posted 21 August 2005 - 02:06 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Can you please look and let me know if you have either folder in your Program files folder.

Go to start, My computer> C drive> Program files: now look to see if you have either Kazaa folder or a emule folder.

Excal