Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dialers & other Nasties [RESOLVED]


  • This topic is locked This topic is locked

#16
redpenpal

redpenpal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
It is from the bottom pane...

but I just noticed that it seems to have been somewhat cut off... I will try to repost the entire thing here...

Object "bonzibuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bonzibuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bonzibuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gonnasearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gonnasearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gonnasearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "free scratch and win Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "free scratch and win Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "free scratch and win Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "clipgenie Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor.topicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "easysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ITDetector.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\MSXML3A.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Vbox\Licenses\Adobe GoLive_6.0_DA82.lic". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Vbox\Licenses\Adobe GoLive_6.0_DA82.prf". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeEffects.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeMusic.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTimeMusicalInstruments.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeStreamingExtras.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeVRAuthoring.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QTPlugin.OCX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\Web\AdobeBannerenu.awe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\Web\AdobeBannerenu.gif". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\Web\AdobeInfoenu.gif". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\Web\Adoberegistrationenu.html". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\Debbie\LOCALS~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\Tifnydec.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\RedRegistration.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Microsoft Shard\Dao\Dao350.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeMPEG4Authoring.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\mozilla.org\Mozilla\plugins\NPSWF32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ITDetector.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\AppFile.exe" refers to invalid object "C:\Program Files\Smart Panel\AppFile.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Applet.exe" refers to invalid object "C:\Program Files\Smart Panel\Applet.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\AppOcr.exe" refers to invalid object "C:\Program Files\Smart Panel\AppOcr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Copy.exe" refers to invalid object "C:\Program Files\Smart Panel\Copy.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\LRUN32.EXE" refers to invalid object "C:\WINDOWS\LRUN32.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\NikonView.exe" refers to invalid object "C:\Program Files\Nikon\NkView5\NikonView.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\udfrinst.exe" refers to invalid object "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\udfrinst.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\YourApp.exe" refers to invalid object "C:\Program Files\UMAX\VistaScan\YourApp.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".class". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/public_html/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/public_html/images/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".doc?attach=1". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DSC". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dtd". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".email". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".hdr". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".info". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lic". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mp1". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mpga". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".scn". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".Seg1". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".Seg11". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".Seg6". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".Seg7". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ssm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tax". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TMP". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TOF". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VCD". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xhtml". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Abacast Client". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Ad-aware 6 Personal". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Hollywood FX 4.6". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB810217". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821557". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823559". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823980". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q328310". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329048". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329115". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329170". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329390". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329441". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329834". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q331953". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810565". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810577". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810833". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814033". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815021". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817606". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q819696". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Solitaire Vol. 3". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "TIFNY 3.8". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WeatherCast". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Webshots". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Yahoo! Customizations". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{032B93E8-D9A1-48D2-AA51-D057ABBA9E52}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{106E7A1C-22DA-42D7-8E74-37772A9C89FB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2318C2B1-4965-11d4-9B18-009027A5CD4F}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3075C5C3-0807-4924-AF8F-FF27052C12AE}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{438852BE-D270-4B2E-8E8C-DF813E3313EF}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{66D08203-FB46-4D27-A609-FFE9A77FAA1F}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8F408BBB-BD45-47FC-A40E-BE5AE114D1EB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8F5734D4-E8EE-449C-97AE-B4F9BE9932BF}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{989273D7-54A6-4E33-84A8-9FCEC33169EA}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EE9B31BB-1958-48CB-A298-57E3BE72FF2B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F891AAF3-DE9F-4445-85CF-6E41261A7F5A}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{031BD5DC-54FD-4748-820E-772790274CE4}" refers to invalid object "C:\Program Files\Roxio\VideoWaveMC\DemuxMPEG.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{07622CAF-BE19-11D2-9E33-00A0C9313AA3}" refers to invalid object "C:\WINDOWS\SYSTEM32\RedRegistration.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{12B39969-B156-4AAD-B838-35C93FFD990C}" refers to invalid object "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\hpsjrreg.exe HP ScanJet Copy Utility# /StiDevice:%1 /StiEvent:%2". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1F22CD29-E3DB-11D3-BC4E-0010833594F0}" refers to invalid object "C:\Program Files\America Online 7.0\ebrowser.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{22578A0F-CCA8-11D2-A719-0060B0B41584}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\waol.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{22803C10-1FD3-11D5-BE64-001083023C0D}" refers to invalid object "C:\Program Files\America Online 8.0\g2p.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d3-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d4-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d6-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d8-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d9-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78db-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78dc-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78dd-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78de-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e3-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e4-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e5-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e6-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e7-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e8-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e9-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78ea-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78eb-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{250B0184-3052-4EFB-AAA7-24429B8C0627}" refers to invalid object "C:\Program Files\America Online 8.0\CTABridge.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{29F458BE-8866-11D5-A3DD-00B0D0F3BAA7}" refers to invalid object "C:\Program Files\mozilla.org\Mozilla\mozilla.exe /MAPIStartUp". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2E1346C0-7D18-11D5-A7E7-00C02626503F}" refers to invalid object "C:\DOCUME~1\Rob\LOCALS~1\TEMPOR~1\Content.IE5\837J2GXP\GROWIT~1.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{40AF8200-4E6E-11D4-878D-00C0F6B0D1A7}" refers to invalid object "C:\Program Files\ArcSoft\Software Suite\PhotoImpression\ezrgb24.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{40AF8201-4E6E-11D4-878D-00C0F6B0D1A7}" refers to invalid object "C:\Program Files\ArcSoft\Software Suite\PhotoImpression\ezrgb24.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4896499E-3589-408C-890B-87AFA3A0A5F2}" refers to invalid object "C:\WINDOWS\SYSTEM32\tooltipw.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4FFA674E-2579-11D7-8044-00105AD1356B}" refers to invalid object "C:\WINDOWS\SYSTEM32\tdecode.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5696744A-F3BD-11D4-8A1D-001083023C0D}" refers to invalid object "C:\Program Files\America Online 7.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5696745A-F3BD-11D4-8A1D-001083023C0D}" refers to invalid object "C:\Program Files\America Online 8.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{67C3A9FB-DCC7-4B65-9B5D-0B901FB35956}" refers to invalid object "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\hpsjrreg.exe HP PrecisionScan LTX# /StiDevice:%1 /StiEvent:%2". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6833E5F0-F6D8-11D4-8A1F-001083023C0D}" refers to invalid object "C:\Program Files\America Online 7.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6833E600-F6D8-11D4-8A1F-001083023C0D}" refers to invalid object "C:\Program Files\America Online 8.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6EDA439D-F7C7-11d4-8A20-001083023C0D}" refers to invalid object "C:\Program Files\America Online 8.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7AA13923-FC82-11D2-A9CA-00AA00C7EF04}" refers to invalid object "C:\PROGRA~1\Pinnacle\SHARED~1\Filter\server.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8A560E45-0757-4B1F-B5E2-9326B2E5B964}" refers to invalid object "C:\PROGRA~1\HEWLET~1\HPPREC~1\PRECIS~1\hpsjrreg.exe HP PrecisionScan LTX# /StiDevice:%1 /StiEvent:%2". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8af37f72-e87e-471c-b5be-15f07e6d61b9}" refers to invalid object "C:\Program Files\Common Files\aolshare\Coach\AolHook.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8D5227B0-1475-11CF-B3A0-A1B057B7D2EA}" refers to invalid object "C:\PROGRA~1\DELLCO~1\DELLIM~1\dellix.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{91DA6287-52F0-4CCF-9D67-72842C9BB367}" refers to invalid object "C:\Program Files\Shockwave.com\Solitaire Vol. 3\ui\SwDRM.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{920A12C1-CF51-11D2-9E33-00A0C9313AA3}" refers to invalid object "C:\WINDOWS\SYSTEM32\RedRegistration.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9824EE63-01DC-11D0-9BEA-00A0246FD2EF}" refers to invalid object "C:\PROGRA~1\DELLCO~1\DELLIM~1\dellix.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\SCREEN~1\YGPSCR~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B93B4190-1847-11D4-BC29-444553540000}" refers to invalid object "C:\WINDOWS\SYSTEM32\AsynInet.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BADABF43-2C3A-4BC0-A0B5-08468370FCA5}" refers to invalid object "C:\WINDOWS\SYSTEM32\tooltipw.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c0-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c1-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c2-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c3-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 7.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C31746DC-4BF9-4DC8-A299-B0F09AFACFB4}" refers to invalid object "C:\Program Files\America Online 7.0\AMH.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C3D70780-19E9-11D3-803F-00105AD1356B}" refers to invalid object "C:\WINDOWS\SYSTEM32\TWBCust.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C627B4C0-01AF-41BB-A4CF-EC0DEF91ADAF}" refers to invalid object "C:\Program Files\America Online 7.0\AMH.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D5B4ACC1-9091-4D62-8E78-FACB72720DC3}" refers to invalid object "C:\WINDOWS\SYSTEM32\tooltipw.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DF0E9111-01DF-11D5-BA23-001083780941}" refers to invalid object "C:\Program Files\America Online 8.0\CalPrinting.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E5151CBE-F61D-11D4-BA21-001083780941}" refers to invalid object "C:\Program Files\America Online 8.0\CalPrinting.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EB6BEA6B-F489-4846-902B-4CA285EA2311}" refers to invalid object "C:\Program Files\America Online 7.0\AMH.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{12D56325-94E3-4E74-A91B-586982151C2F}" refers to invalid object "C:\Program Files\Common Files\aolshare\Coach\ACHtmfu.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1F22CD1C-E3DB-11D3-BC4E-0010833594F0}" refers to invalid object "C:\Program Files\America Online 7.0\ebrowser.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{451F6013-0C39-4BDA-BBD2-883DF71D7411}" refers to invalid object "C:\DOCUME~1\Debbie\LOCALS~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{4C0E82A0-EF04-432E-9C8A-551A5656ACC8}" refers to invalid object "C:\Program Files\America Online 8.0\ehtmview.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{4E038CD0-0D82-4AA7-A09D-4E5F48B12A9E}" refers to invalid object "C:\Program Files\America Online 7.0\AMH.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{4F0876E2-8ECB-4C93-94AD-4E1EAAF7C0F8}" refers to invalid object "C:\Program Files\America Online 8.0\CTABridge.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5696743D-F3BD-11D4-8A1D-001083023C0D}" refers to invalid object "C:\Program Files\America Online 8.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7F5E3516-F816-11D0-B64C-00001C1AD1F8}" refers to invalid object "C:\WINDOWS\SYSTEM32\Dwsbc36.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{8008F09D-5B18-41F3-BC53-1A3049D4F100}" refers to invalid object "C:\Program Files\America Online 7.0\waol.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{AAE1C0D1-A1D6-4C8B-8595-A8150E29264D}" refers to invalid object "C:\DOCUME~1\Debbie\LOCALS~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{AD0120AA-7F6C-44B0-A570-3AB6C461111E}" refers to invalid object "C:\DOCUME~1\Debbie\LOCALS~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{BC8542C4-719E-49D5-90C6-CCB81A8FAC55}" refers to invalid object "C:\Program Files\Shockwave.com\Solitaire Vol. 3\ui\SwDRM.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D40AFD49-0FAE-41D8-B9D7-CA376EF088B2}" refers to invalid object "C:\DOCUME~1\Debbie\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Program Files\Messenger\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DD3FCE4D-8442-4EFA-A71E-1C131F502F4A}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\SCREEN~1\YGPSCR~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E5151CB1-F61D-11D4-BA21-001083780941}" refers to invalid object "C:\Program Files\America Online 8.0\CalPrinting.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{EADCE179-1CC2-11D5-BE60-001083023C0D}" refers to invalid object "C:\Program Files\America Online 8.0\g2p.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{F11350F1-52F9-4800-952A-3F34A254C906}" refers to invalid object "C:\DOCUME~1\Debbie\LOCALS~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FF27C1ED-5774-4D06-8DAC-B0E82C4E5EA0}" refers to invalid object "C:\DOCUME~1\Debbie\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\.PFC\shell\open\command" refers to invalid object "C:\PROGRA~1\NewSoft\PAGEMA~1\PMVIEWER.EXE %1". Action Taken: No Action Taken.
Entry "HKCR\afClientDeployment" refers to invalid object "{4EAFD71E-CC5E-484D-AA7A-217419FD0D16}". Action Taken: No Action Taken.
Entry "HKCR\afIniFile" refers to invalid object "{824A15E2-C5AB-4500-BF85-CB42040EB759}". Action Taken: No Action Taken.
Entry "HKCR\afPDB" refers to invalid object "{8A475F1A-1A4C-4C2F-9A8C-2C02B6FDB877}". Action Taken: No Action Taken.
Entry "HKCR\afPDBConverter" refers to invalid object "{7C0CEDCA-A1EE-4EA4-8A12-4422F0930827}". Action Taken: No Action Taken.
Entry "HKCR\afPDBRecord" refers to invalid object "{BB4C5471-E3C3-407D-AF38-E4787B20ED7A}". Action Taken: No Action Taken.
Entry "HKCR\afUserInformation" refers to invalid object "{967715A3-A165-4278-92EB-135C1F761E26}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Catalogs.ActivationKey" refers to invalid object "{20C53573-2F87-4EFB-8001-0A119A219413}". Action Taken: No Action Taken.
Entry "HKCR\Catalogs.DeviceCatalog" refers to invalid object "{6446A177-4D50-488D-A44D-1D435A1889BE}". Action Taken: No Action Taken.
Entry "HKCR\Catalogs.PlatformCatalog" refers to invalid object "{2C615AB5-960D-4D0D-8AEE-9878FAE7E54D}". Action Taken: No Action Taken.
Entry "HKCR\Catalogs.ProductKey" refers to invalid object "{8FED0523-F63E-475A-B3C2-E53A6FE1FB73}". Action Taken: No Action Taken.
Entry "HKCR\Catalogs.ValidationKey" refers to invalid object "{FE572B19-FB2F-4E86-9933-C2519C45D800}". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\DellImageExpertAlbum\shell\open\command" refers to invalid object "C:\PROGRA~1\DELLCO~1\DELLIM~1\dellix.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\DellImageExpertAudio\shell\open\command" refers to invalid object "C:\PROGRA~1\DELLCO~1\DELLIM~1\dellix.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\DellImageExpertImage\shell\open\command" refers to invalid object "C:\PROGRA~1\DELLCO~1\DELLIM~1\dellix.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\DellImageExpertUploadAlbum\shell\open\command" refers to invalid object "C:\PROGRA~1\DELLCO~1\DELLIM~1\dellix.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\dwSbc36.Advanced.1" refers to invalid object "{5B238A07-94F7-11D1-B776-00001C1AD1F8}". Action Taken: No Action Taken.
Entry "HKCR\Dwsbc36.DwsbcPropPage.1" refers to invalid object "{3BD2C94F-049E-11D1-B66A-00001C1AD1F8}". Action Taken: No Action Taken.
Entry "HKCR\dwSbc36.MsgList.1" refers to invalid object "{0863A990-95FD-11D1-B777-00001C1AD1F8}". Action Taken: No Action Taken.
Entry "HKCR\dwsbc36.RegMsg.1" refers to invalid object "{679C8412-93B8-11D1-B773-00001C1AD1F8}". Action Taken: No Action Taken.
Entry "HKCR\Dwsbc36.Subclass.6" refers to invalid object "{7F5E3525-F816-11D0-B64C-00001C1AD1F8}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\Messenger.MessengerApp" refers to invalid object "{FB7199AB-79BF-11d2-8D94-0000F875C541}". Action Taken: No Action Taken.
Entry "HKCR\Messenger.MessengerApp.1" refers to invalid object "{FB7199AB-79BF-11d2-8D94-0000F875C541}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
Entry "HKCR\QuickTime.psd\shell\open\command" refers to invalid object "C:\PROGRA~1\QUICKT~1\PictureViewer.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\rts.Document\shell\open\command" refers to invalid object "C:\temp\RTS7~1.0\rts.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\rts.Library\shell\open\command" refers to invalid object "C:\temp\RTS7~1.0\rts.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\Stitch\shell\open\command" refers to invalid object "C:\PROGRA~1\DELLCO~1\DELLIM~1\dellix.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\Studio.Document\shell\open\command" refers to invalid object "C:\PROGRA~1\Pinnacle\STUDIO~1\programs\Studio.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.Agent" refers to invalid object "{ABA6B35D-3F5E-44E5-9FE2-F0E02720EC42}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.AgentDataStore" refers to invalid object "{E09B7103-05F6-4FA0-A244-AFCCB0668E3E}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.Agents" refers to invalid object "{6F888DC4-15EF-4E58-9A87-71713BB3A7AE}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.Common" refers to invalid object "{0EBBE452-CBF3-41D9-9FBF-4B07B2943FBE}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.DataStore" refers to invalid object "{F8564792-D478-4162-8F07-7B6F9A4D7D5F}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.EventObject" refers to invalid object "{F3F07A51-A7CF-45DC-B8A2-9719758A7121}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.Events" refers to invalid object "{3C28D6C7-297F-4687-814C-1C1BC47B289A}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.Explorer" refers to invalid object "{444598CA-89F4-4CCB-98F7-8D412125CBEB}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.Explorers" refers to invalid object "{DABC9585-5791-4C38-A33F-BB0C77A9A4B8}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.Inoculation" refers to invalid object "{D1A69F54-E98A-4EAF-AD49-7DE6F9352D76}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.Inoculations" refers to invalid object "{CA976C94-AFE1-4E59-AC3C-00DEF093687C}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.ManagedApps" refers to invalid object "{58C12E25-66BE-4D84-868C-2008CC427497}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.ManagedAppsExe" refers to invalid object "{2A58F9BD-518B-4080-B964-B849B58EC93D}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.ManagedAppsExes" refers to invalid object "{15F7410F-4AE9-47FB-8A9B-D1447279128D}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.ManagedAppsKey" refers to invalid object "{C3AA846C-5F18-47D2-940E-BFFA81A941AE}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.ManagedAppsKeys" refers to invalid object "{05D4EC19-D02F-4CFD-A7DB-0D15F9A77AC5}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.Manager" refers to invalid object "{C08637C7-7379-46BB-868E-63BBC830EEDC}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.Quarantine" refers to invalid object "{E7963E69-0830-44A3-BDFA-7582869EB93A}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.QuarantineContainer" refers to invalid object "{C8E26BB0-588A-4EC1-9342-8E756B147B46}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.QuarantineItem" refers to invalid object "{50A4066C-971D-4F1E-84BC-90D43D723DDE}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.ResourceStore" refers to invalid object "{5794C642-4E53-4C3E-84B3-02A615B6B137}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.Schedule" refers to invalid object "{8B3BD3F5-2C0F-4B2B-9407-C726C7DFB5DC}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.ScheduleScans" refers to invalid object "{66719EB5-1F77-429A-BFEE-23B3DF7793AE}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.Session" refers to invalid object "{703F1CB1-5E95-41EB-B841-07348D780885}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.ThreatData" refers to invalid object "{97641301-0964-42A0-A0A0-B725965CBD87}". Action Taken: No Action Taken.
Entry "HKCR\sunasDtServ.UpdateSchedule" refers to invalid object "{6476E647-EBEB-4DBD-8339-5DCC0611593B}". Action Taken: No Action Taken.
Entry "HKCR\TargetModel.TargetManager" refers to invalid object "{6BA12DDE-833B-4823-90DF-C03EDA192812}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Yep... NOW that is the entire thing.

Debbie
  • 0

Advertisements


#17
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear redpenpal, :tazz:

Dear redpenpal, read through this post a couple of times before executing its steps.

The following lines that will be affected in the HijackThis log, when removing references to AOL from startup are the following:

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe


The file AOLacsd.exe is part of the AOL Connectivity Service installed with AOL Internet Software. It is used to reconnect your computer to the Internet whenever you lose Internet Connection while online.

The file aolserv.exe is part of AOL's Spyware Protection Service.

There is a way to stop the above sevices from starting up a startup and hence showing up in the Hijackthis log. We can do this by going into the windows XP services console and changing the startup type from Automatic to Manual. Here is how this is done:

(Note 1: Write down/remember the following changes you make in case something happens and you have to reverse these changes.)

(Note 2: Before you change a service to manual, look at the "Dependencies" tab, which is located in the properties of that service. This tab shows you which other services depend upon the service you are considering changing. See the following link as a reference: http://www.pcmag.com...,1819182,00.asp. )

Go to Start -> Run and type "Services.msc" (without quotes) then hit Ok. Scroll down and find the below service:

AOL Connectivity Service (AOL ACS)

When you find it, double-click on it. The next window that opens should be the properties dialog box for that service, on the "General" tab, in the "Service Status" section click the "Stop" button, then click the drop-down box to change the Startup Type to Manual, go back to the "Services Status" section and click the "Start" button. Now hit Apply and then Ok.

Go to Start -> Run and type "Services.msc" (without quotes) then hit Ok. Scroll down and find the below service:

AOL Spyware Protection Service (AOLService)

When you find it, double-click on it. The next window that opens should be the properties dialog box for that service, on the "General" tab, in the "Service Status" section click the "Stop" button, then click the drop-down box to change the Startup Type to Manual, go back to the "Services Status" section and click the "Start" button. Now hit Apply and then Ok.

Restart your computer.

After restarting your computer open up your aol software to see if the changes have affected them adversely. Let me know if your computer is having any problems due to the above changes.

See the following links as a reference:

http://security.berk...es-Windows.html
http://www.pcmag.com...,1819182,00.asp
http://www.timeatlas...ndows_Services/
http://darnpc.com/wo...artup-services/
http://www.theelderg...vices_guide.htm
http://www.extremete...2129TX1K0000532

Please restart your computer and then post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :)
  • 0

#18
redpenpal

redpenpal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Rambro:

I shut down the two AOL services, rebooted, and AOL runs fine...

The entries in my Zone Alarm log continue in spite of my shutting down blue frog, stickies, and webshots... every 2-14 minutes something tries to access the internet... there were even several entries that tried to access something called:

geek12.gtghosting.com which is the geeks to go hosting site??? :tazz: Why would my computer try to send something out there??? Unless it is for this posting? But the post went through and whatever this was... Zone Alarm blocked it. How interesting...

I am reading up on cleaning my registry... which I've never done in 3 years of owning this computer... I saw lots of entries for software that I don't have anymore.... previous versions of AOL, etc. I found several recommendations for Crap Cleaner... so I am researching that program and plan to use it to clean up my registry. That might make my MAV log easier to analyze too??

Let me know what else I need to do!!!

Thanks so much for your help,

Debbie :)
  • 0

#19
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear redpenpal, :tazz:

Please restart your computer and then post a new HijackThis log.

Ok, first of all your Hijackthis log is pretty clean, the lines in the HijackThis log are legit. :)

I wouldn't worry about the stuff found by the MWAV antivirus tool scan, they are left over (orphaned) registry information that will not harm your computer.

I use a free version of Sygate Personal Firewall, with this application, I have the option of "allowing" or "asking" or "blocking" an application on my computer from accessing a web site on the Internet. If you choose the "allowing" or "blocking" option with this software, you won't get a dialog box "asking" you to allow or block an application on your computer to connect to a web site on the internet (i.e. this option should block or allow an application on your computer from accessing a web site on the Internet automatically). See if you have this option on your Zone Alarm Firewall.

(FYI: A remote website on the Internet can access/connect to your computer through ports on your computer. For example, 66.99.237.55:80, the 66.99.237.55 represents a remote website's Internet Protocol's address (for a particalur server/computer on the Internet) and the 80 stands for the port that this remote computer on the Internet wants to access on your computer to set up communications on your computer, so that information can be transferred between your computer and the remote computer on the Internet. The Hypertext Transfer Protocol (e.g. http://www.geekstogo...ies-t59728.html ) uses port 80 on your computer to setup communications (note: their are other ports on your computer, that can be used to set up communications between two computers.) Here is a definition of HTTP:

Hyper Text Transport Protocol is the communication protocol used to connect to servers on the World Wide Web. The primary function of HTTP is to establish a connection with a Web server and transmit HTML pages to the user's browser.


Dear redpenpal, I must tell you that right know you hijackThis log looks clean and I think you are good to go.

However, having said that, I can recommend to you a registry cleaner that you can use (I believe it is a trial version), that can "possibly" clear out those left over (orphaned) registery information that you have on you computer. But I personally have mixed feeling about these registry cleaners, that is I don't think they work very well. Let me know what you want to do and I will post something to you.

Dear redpenpal, I believe your computer is in good shape and anything you do further to your computer is overkill and possibly could get you in trouble. :)

P.S. What is that expression, if it is not broken, don't fix it!!! Take care. :)
  • 0

#20
redpenpal

redpenpal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Rambro:

I cleaned my computer with the crap cleaner, and rebooted and everything works fine... just a little faster on the startup.

I went through my running processes and found one called EEBsvc.exe which is the bidirectional function of an Epson Printer. According to answersthatwork.com, that process is not needed unless that printer is networked with another computer that needs to be updated on the status of ink etc. Since my husband and I are both connected to a router, but don't share info between computers, this program isn't needed. I shut it down in the services menu & viola! I still have a few odd entries in my Zone Alarm that I need to figure out since the program isn't listed... but the log has gone from having entries every 2-14 minutes to every 2-4 hours. I am a little more comfortable with this, even though I still want to know what the heck is trying to access the internet... Given enough time, I will figure it out. I know that the program is possibly legit, but usually the legit programs are listed when they try to access the internet... and the "program" column is empty for all these entries.

Thank you so much for all your assistance. I feel much better knowing that someone else has looked at my logs and didn't see any spyware. I try to keep all my security up to date, but when ActiveScan told me I had two dialers... I became a little panicked...

I may begin another thread in a different section for my husband's slow computer performance. It is driving him crazy... If he keeps Zone Alarm running, everything slows WAY down. I have already been through the spyware section & done all the necessary things there and his HJT log is clean. I will try all the things I need to do on my own before I ask for help.

Thanks again!!! :tazz:

Debbie
  • 0

#21
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear redpenpal, :tazz:

Just to tie up a few loose ends here and before I post you a prevention speech, let me see the following when you have a moment.

Please restart your computer and then post a new HijackThis log.

rambro :)
  • 0

#22
redpenpal

redpenpal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Rambro:

Done and Done...

Here is my latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 6:58:15 PM, on 9/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Blue Security\bluefrog.exe
C:\Program Files\stickies\stickies.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 960] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 960" /O6 "USB001" /M "Stylus Photo 960"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Blue Frog] C:\Program Files\Blue Security\bluefrog.exe
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\RRIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {329F26F7-0D07-4038-8338-1C04446B906E} (DemoShield DemoNow Class) - http://www.raxco.com...our/demonow.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125800546656
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

I am still in search of what is trying to send outgoing packets on my PC, but have found my hubby's problem in Zone Alarm... a bug that takes up too much Virtual Memory. Please let me know if you feel any further action on my PC is necessary.

Thank you so much for your help!!! :tazz:
Debbie
  • 0

#23
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear redpenpal, :tazz:

I am suprised that those O23 lines did not go away by changing the "Start Up" type from "Automatic" to "Manual", however leave those lines, they are legitimate.

Dear redpenpal, you are running a number of anti-spyware programs. Microsoft Antispyware, Blue Frog and possibly AOL antispyware protection, these may interfere with each other. I would uninstall all but one of these anti-spyware programs.

Dear redpenpal, is their way you can post to me the security log from your Zone Alarm Firewall application. If you want to send me a screen shot of your security log, press (Alt+PrintScreen) and Paste (Control+V) it in a reply to this post.

If you decide to get rid of some of your anti-spyware programs, then restart your computer and post me a new Hijackthis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :)
  • 0

#24
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear redpenpal, :tazz:

I probably would keep the Microsoft anti-spyware program and uninstall the other two anti-spyware programs, however, this is your choice.

rambro :)
  • 0

#25
redpenpal

redpenpal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Rambro:

The microsoft antispyware is the only one that runs all the time... other than Zone Alarm Pro which has a spyware component. The AOL software only performs a brief scan when I start the AOL software. I just use it as a backup... double check kind of thing. The blue frog program is not for spyware, it is an internet project to fight spam. I thought it might be the culprit, but the activities continued even when I turned it off... and the entries in the log related to it show it's DNS, so I can recognize it.

I could not do a screen print with the ALT + Print Screen command, but I just copied the first several entries in the log... they are representative of what I have been trying to figure out... i.e. no program listed... it is trying to go from my computer to some unidentifiable IP address... (I tried to look them up in Arin's WhoIs...) If you have any ideas, please pass them on... as I am fast running out of the things that I know to try... I know I am going to be ticked off when I find out it is some normal process... such as Zone Alarm trying to talk to itself... but I still feel like I need to know...

Description Packet sent from 192.168.0.101 (TCP Port 2398) to 63.209.52.95 (HTTP) was blocked
Rating Medium
Date / Time 2005/09/28 21:44:52-5:00 GMT
Type Firewall
Protocol TCP (flags:S)
Program
Source IP 192.168.0.101:2398
Destination IP 63.209.52.95:80
Direction Outgoing
Action Taken Blocked
Count 1
Source DNS DJNCL521
Destination DNS unknown.Level3.net


Description Packet sent from 192.168.0.101 (TCP Port 2353) to 63.209.52.73 (HTTP) was blocked
Rating Medium
Date / Time 2005/09/28 21:34:42-5:00 GMT
Type Firewall
Protocol TCP (flags:S)
Program
Source IP 192.168.0.101:2353
Destination IP 63.209.52.73:80
Direction Outgoing
Action Taken Blocked
Count 1
Source DNS DJNCL521
Destination DNS unknown.Level3.net


Description Packet sent from 192.168.0.101 (TCP Port 2044) to 64.215.170.191 (HTTP) was blocked
Rating Medium
Date / Time 2005/09/28 20:12:02-5:00 GMT
Type Firewall
Protocol TCP (flags:S)
Program
Source IP 192.168.0.101:2044
Destination IP 64.215.170.191:80
Direction Outgoing
Action Taken Blocked
Count 1
Source DNS DJNCL521
Destination DNS


Description Packet sent from 192.168.0.101 (TCP Port 1321) to 63.99.237.71 (HTTP) was blocked
Rating Medium
Date / Time 2005/09/28 19:12:12-5:00 GMT
Type Firewall
Protocol TCP (flags:S)
Program
Source IP 192.168.0.101:1321
Destination IP 63.99.237.71:80
Direction Outgoing
Action Taken Blocked
Count 1
Source DNS DJNCL521
Destination DNS

Description Packet sent from 192.168.0.101 (TCP Port 1316) to 63.99.237.55 (HTTP) was blocked
Rating Medium
Date / Time 2005/09/28 19:12:02-5:00 GMT
Type Firewall
Protocol TCP (flags:S)
Program
Source IP 192.168.0.101:1316
Destination IP 63.99.237.55:80
Direction Outgoing
Action Taken Blocked
Count 1
Source DNS DJNCL521
Destination DNS


Description Packet sent from 192.168.0.101 (TCP Port 1311) to 63.99.237.71 (HTTP) was blocked
Rating Medium
Date / Time 2005/09/28 19:11:36-5:00 GMT
Type Firewall
Protocol TCP (flags:S)
Program
Source IP 192.168.0.101:1311
Destination IP 63.99.237.71:80
Direction Outgoing
Action Taken Blocked
Count 1
Source DNS DJNCL521
Destination DNS


Description Packet sent from 192.168.0.101 (TCP Port 1146) to 63.99.237.71 (HTTP) was blocked
Rating Medium
Date / Time 2005/09/28 18:58:26-5:00 GMT
Type Firewall
Protocol TCP (flags:S)
Program
Source IP 192.168.0.101:1146
Destination IP 63.99.237.71:80
Direction Outgoing
Action Taken Blocked
Count 1
Source DNS DJNCL521
Destination DNS

Thanks again for your help!!!

Debbie :tazz:
  • 0

Advertisements


#26
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear redpenpal, :tazz:

I would like you to generate a "Add/Remove Software List" log using the HijackThis application. Here is how you can do this:

Restart your computer.
  • Open Hijackthis, In the lower right corner click the "Config..." (Configuration) button.
  • Once in the "Configuration" panel, click "Misc Tools" button.
  • Then click the "Open Uninstall Manager..." button.
  • The "Add/Remove Programs Manager" panel should appear.
  • In this panel click the "Save list" button.
  • Save the "uninstall_list.txt" file to its default location.
  • Then copy and paste the notepad text that appears in the generated "unistall_list.txt" file in a reply to this post.
Dear redpenpal, when did the unknown application on your computer start contacting a remote web site on the Internet constantly, was it before or after I started working with you on your computer.

This is what I know from your last post.

63.209.52.95:80 (Akamai Customer Care) - http://www.akamai.co...t/overview.html
63.209.52.73:80 (Akamai Customer Care)

64.215.170.191:80 (Global Crossing) - http://www.globalcro.../gl_company.xml

63.99.237.71:80 (Uunet Technologies Inc.) - http://global.mci.com/wholesale/ and http://uptime.netcra...,63.127.255.255
63.99.237.55:80 (Uunet Technologies Inc.)
63.99.237.71:80 (Uunet Technologies Inc.)
63.99.237.71:80 (Uunet Technologies, Inc.)

It looks like from what I can gather that "Akamai Customer Care" uses Unnet Technologies Inc. as a hosting web site.

This led me to find out what application on your computer uses "Akamai's" products. I went back to your last Hijackthis log and found these two lines:

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab


This information, led me to the online scan called Housecall by TrendMicro, that I told you to run. Hence my question about when you started having your current problems with your Zone Alarm Firewall.

To make sure of this assumpution, the "Add/Remove Software List" log that I told you to create and post back to me in a reply to this post, should tell me if any other applications might be using the "Akamai" software products. :)
  • 0

#27
redpenpal

redpenpal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Rambro:

Here is the requested Add/Remove Software list:


ABBYY FineReader 5.0 Sprint Plus
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
Adobe Download Manager 2.0 (Remove Only)
Adobe GoLive 4.0
Adobe Photoshop 7.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
Adobe SVG Viewer 3.0
America Online (Choose which version to remove)
American Tradition® Signature Colors™ Virtual Painter
Anfy
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Instant Messenger
AOL Spyware Protection
ATI Control Panel
ATI Display Driver
Belarc Advisor 6.1
Blue Frog
ccCommon
CCleaner (remove only)
Celestia 1.3.2
Classic PhoneTools
CleanUp!
ClearType Tuning Control Panel Applet
Conexant SmartHSFi V92 56K Speakerphone PCI Modem
Dell GPS Navigation System
Dell Modem-On-Hold
Dell Movie Studio Diagnostics
Dell Solution Center
Dell Support
Dell Support 5.0.0 (766)
Digital Line Detect
DivX 5.0.2 Bundle
Easy CD Creator 5 Basic
Easy CD-DA Extractor 5.0
EPSON Copy Utility 3
EPSON Perf 4180 Guide
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
ewido security suite
Handmark® Tetris Classic™ Game Pak for Pocket PC
HijackThis 1.99.1
Image Resizer Powertoy for Windows XP
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II
Internet Worm Protection
Java 2 Runtime Environment, SE v1.4.2_01
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Shockwave Player
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft ActiveSync 3.7
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Interactive Training
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
Modem Helper
MSN Music Assistant
MUSICMATCH Jukebox
Neonatal Resuscitation CD-ROM
Nero - Burning Rom (Web installer)
Nikon View 5
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
P.I.M. Plug-In for Photoshop
Paint Shop Pro 7
Panda ActiveScan
Photo Story 3 for Windows
Presto! BizCard 4.1 Eng
Pure Networks Port Magic
QuickTime
RealPlayer
Remove Hidden Data Tool
Road Runner Medic
Roxio VideoWave Movie Creator
ScanToWeb
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Shockwave
Sound Blaster Live!
SPBBC
Spelling Dictionaries For Adobe Reader Package
Spybot - Search & Destroy 1.3
Stickies 5.0a
SureThing CD Labeler - Stomper Edition 32 bit
Symantec
Symantec Script Blocking Installer
SymNet
TrojanHunter 4.2
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Viewpoint Media Player
WebFerret
Webshots Desktop
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
Xara3D 5
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
ZoneAlarm Pro


I am not sure when the events started happening. It wasn't until I was trying to remove spyware from my husband and daughter's computers that I decided to do mine while I was at it. I followed the spyware forum directions to run all the software and cleaners before posting, so I had run the Trend Micro scan even before we began working on this problem. I do not understand why a purely on-line scan would try to access the internet??? but it does appear from the HJT log that perhaps the Akamai entries are from that program... that wouldn't be a problem, I can uninstall it... or delete it if I can find it... and stop those entries.

Grrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr, if Zone Alarm Pro would just list the program in the program list (and it would be really nice to have the path)... I could look it up and see if it is legit or not. Why do they have to make things hard???

Thanks for helping me figure this out!!!

Debbie :tazz:
  • 0

#28
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear redpenpal, :tazz:

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
*********************

I would like you to disable/turn off your ZoneAlarm Pro Firewall software.

Restart your computer.

Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

Restart your computer

Please run the Housecall online virus scan located at: http://housecall.tre.../start_corp.asp. Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system. When the scan is finished, please restart your computer.

Re-enable/turn on your ZoneAlarm Pro Firewall software.

Restart your computer and please post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps.

Let me know if you are still experiencing the same problems with your ZoneAlarm Pro Firewall software. :)
  • 0

#29
redpenpal

redpenpal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Rambro:

OK, did all that. Zone Alarm is started on boot-up, so even when I shut it off and rebooted... it was on and I had to shut it down manually before I could run the Trend scan. I did so but there are still akamai entries.

Here are the outgoing entries in my log since I rebooted and restarted Zone Alarm:

Description Packet sent from 192.168.0.101 (TCP Port 1497) to 63.209.52.95 (HTTP) was blocked
Rating Medium
Date / Time 2005/09/29 21:44:14-5:00 GMT
Type Firewall
Protocol TCP (flags:S)
Program
Source IP 192.168.0.101:1497
Destination IP 63.209.52.95:80
Direction Outgoing
Action Taken Blocked
Count 1
Source DNS DJNCL521
Destination DNS unknown.Level3.net


Description Packet sent from 192.168.0.101 (TCP Port 1486) to 64.215.170.191 (HTTP) was blocked
Rating Medium
Date / Time 2005/09/29 21:44:08-5:00 GMT
Type Firewall
Protocol TCP (flags:S)
Program
Source IP 192.168.0.101:1486
Destination IP 64.215.170.191:80
Direction Outgoing
Action Taken Blocked
Count 1
Source DNS DJNCL521
Destination DNS


Description Packet sent from 192.168.0.101 (TCP Port 1052) to 64.215.170.191 (HTTP) was blocked
Rating Medium
Date / Time 2005/09/29 21:34:54-5:00 GMT
Type Firewall
Protocol TCP (flags:S)
Program
Source IP 192.168.0.101:1052
Destination IP 64.215.170.191:80
Direction Outgoing
Action Taken Blocked
Count 1
Source DNS DJNCL521
Destination DNS


Description Packet sent from 192.168.0.101 (TCP Port 1049) to 63.209.52.95 (HTTP) was blocked
Rating Medium
Date / Time 2005/09/29 21:34:48-5:00 GMT
Type Firewall
Protocol TCP (flags:S)
Program
Source IP 192.168.0.101:1049
Destination IP 63.209.52.95:80
Direction Outgoing
Action Taken Blocked
Count 1
Source DNS DJNCL521
Destination DNS unknown.Level3.net


Description Packet sent from 192.168.0.101 (TCP Port 1046) to 63.209.52.95 (HTTP) was blocked
Rating Medium
Date / Time 2005/09/29 21:34:46-5:00 GMT
Type Firewall
Protocol TCP (flags:S)
Program
Source IP 192.168.0.101:1046
Destination IP 63.209.52.95:80
Direction Outgoing
Action Taken Blocked
Count 1
Source DNS DJNCL521
Destination DNS unknown.Level3.net


Here is the latest HJT log after all the other stuff was done:


Logfile of HijackThis v1.99.1
Scan saved at 9:59:02 PM, on 9/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Blue Security\bluefrog.exe
C:\Program Files\stickies\stickies.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 960] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 960" /O6 "USB001" /M "Stylus Photo 960"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Blue Frog] C:\Program Files\Blue Security\bluefrog.exe
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\RRIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {329F26F7-0D07-4038-8338-1C04446B906E} (DemoShield DemoNow Class) - http://www.raxco.com...our/demonow.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125800546656
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



The computer is running fine... but still the entries in Zone Alarm continue... I will poke around for a few more minutes tonight... but my time on the computer will be sparse for the next 3 days... I work 7am-7pm so I may just get on long enough to get mail... at least until Monday.

Thanks for your continuing help!!!

Debbie :tazz:
  • 0

#30
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear redpenpal,

Please use the following links as a reference:

http://www.hawaii.ed...n/zonealarm.pdf
http://www.microsoft...ap/6402.asp#110 (Select the ZoneAlarm Link)

I would like you to open your ZoneAlarm Pro Firewall Program.

Go to the Alerts Panel

Check the Show the alert popup window

Go to the Programs Panel

Here is an excerpt from the following link: http://www.hawaii.ed...n/zonealarm.pdf

The Programs Panel is where you can view, assign, and adjust network access privileges for programs. You will mainly use this panel to view the privileges of programs and make adjustments. Programs on your computer that have attempted to connect to the Internet are listed in this panel. A green check mark indicates that the program is always permitted to connect. Programs that are in constant use and whose main function is network access such as web browsers and e-mail clients should have a green check mark. Programs that you do not recognize and programs that do not need network access should have a red X which means connection is denied. Other types of programs should have a black question mark that means to prompt you for permission.


I want you to put a black question mark next to all of the programs contained in the "Programs Panel" in your ZoneAlarm Pro Firewall Software. Each time an program on your computer wants to connect to a remote computer on the Internet, an alert popup window should prompt you asking if you want to connect to the remote computer and give the remote computer's IP address. You can take that IP address and do a WHOIS Lookup and a Domain Info search at the following link: http://www.dnsstuff.com/.

If the IP address matches the sites that constantly want to access your computer, then you will know what application on your computer is initiating those connections to your computer from remote Internet computers.

This procedure should take time to execute, read through the post a couple of times. Let the ZoneAlarm Pro firewall software go through it paces. Remember the purpose of this exercise is to find the application, which is accessing the remote web sites that is a concern of yours.

Attached File  ZoneAlarm_Pro.doc   55KB   12 downloads

rambro :tazz:

Edited by rambro, 30 September 2005 - 05:48 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP