Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora Infection?


  • Please log in to reply

#16
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
That looks good. :tazz: Any problems?
  • 0

Advertisements


#17
jacygittes

jacygittes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I'm still getting targeted popups (popups related to each site I visit). Other than that it seems fine.
  • 0

#18
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Are you being redirected at all, or are these popups from the sites you visit?
  • 0

#19
jacygittes

jacygittes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I'm not being redirected and I don't think they are from the sites I'm visiting but it's possible. For instance, when I visit GeeksToGo I get a spyware fix popup. When I visit Moviefone I get a DVD popup and when I visit McAfee.com I get a spyware fix popup.
  • 0

#20
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Ok lets see what this one finds

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#21
jacygittes

jacygittes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I get an error message that says "Unknown error detected while checking the license for Kaspersky On-line scanner product."
  • 0

#22
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Please post a new Hijack log and lets see where we are at.
  • 0

#23
jacygittes

jacygittes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I'm not sure if this will help but I'm getting popups in Firefox as well as in IE. And my Window Washer has stopped working. The system seems slow also.



Logfile of HijackThis v1.99.1
Scan saved at 3:09:51 PM, on 9/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Applications\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125972832359
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#24
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
* Please click this link to download Silent Runners.
* Save it to the desktop.
* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
* You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
* Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
  • 0

#25
jacygittes

jacygittes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"CHotkey" = "zHotkey.exe" ["Chicony"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"MXO Auto Loader" = "C:\WINDOWS\MXOALDR.EXE" ["Cypress Semiconductor"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"showicon2k" = "C:\Program Files\\eM\Bay Reader\Shwicon2k.exe" ["Alcor Micro Corp"]
"MaxtorOneTouch" = "C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" ["Maxtor"]
"(Default)" = (empty string)
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{F802F260-519B-11D1-BB5D-0060974C6013}" = "ICQ Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQ\ICQShExt.dll" [file not found]
"{955B7B84-5308-419c-8ED8-0B9CA3C56985}" = "America Online"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll" ["America Online, Inc."]
"{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE}" = "eLicense Control"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\lcmmfu.cpl" [null data]
"{6EE51AA0-77A0-11D7-B4E1-000347126E46}" = "Window Washer Shell Shredding Utility"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
"{d1f90f47-7cc1-46a9-85fa-8c6c74459a8a}" = "j2 Messenger - Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\j2 Messenger Plus 3.3\J2GShell.dll" ["j2 Global Communications, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
HotShellExtj2\(Default) = "{D1F90F47-7CC1-46a9-85FA-8C6C74459A8A}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\j2 Messenger Plus 3.3\J2GShell.dll" ["j2 Global Communications, Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Pavement\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\MUGGLE~1.SCR" (MuggleNetPOASS.scr) ["© 2003 Consulting Nation™ LLC"]


Startup items in "Pavement" & "All Users" startup folders:
----------------------------------------------------------

C:\Documents and Settings\Pavement\Start Menu\Programs\Startup
INFECTION WARNING! "PowerReg Scheduler.exe" [empty string]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"BigFix" -> shortcut to: "C:\Program Files\BigFix\BigFix.exe /atstartup" ["BigFix Inc."]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
"{72994E84-DD4C-4606-B547-000C8EE9BC43}_YOUR-PD3MH0ABGS_Pavement" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{72994E84-DD4C-4606-B547-000C8EE9BC43}_YOUR-PD3MH0ABGS_Pavement"" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\aim\aim.exe" ["America Online, Inc."]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [file not found]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.emachines.com

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
LicCtrl Service, LicCtrlService, "rundll32.exe C:\WINDOWS\mmfs.dll,Service" [MS]
Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
SAVScan, SAVScan, "C:\Program Files\Norton AntiVirus\SAVScan.exe" ["Symantec Corporation"]
SmartLinkService, SLService, "slserv.exe" [" "]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" ["Symantec Corporation"]
WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 97 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 11 seconds.
---------- (total run time: 142 seconds)
  • 0

Advertisements


#26
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
I believe thats all good. Lets try one more scan. If something is there hopefully this one will find it

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe.
Put a check next to the below items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Folder - then click "browse" to change the directory to C: (default is C:\Windows)
  • Registry
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files
Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items". When it's done scanning, please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.
  • 0

#27
jacygittes

jacygittes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Object "BigTrafficNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BigTrafficNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BigTrafficNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BigTrafficNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BigTrafficNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BigTrafficNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BigTrafficNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BigTrafficNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BigTrafficNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BigTrafficNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SurfSideKick Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "CasinoClient Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "CasinoClient Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Conducent FlexPak Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "PowerReg Scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\plugincpl131.cpl". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\csshare\plugins0942\NPSWF32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USWebUncoated.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\AppleRGB.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\ColorMatchRGB.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\EuroscaleCoated.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\EuroscaleUncoated.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\JapanStandard.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\sRGB Color Space Profile.icm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USSheetfedCoated.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USSheetfedUncoated.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USWebCoatedSWOP.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\AdobeRGB1998.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\WideGamutRGB.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\NTSC1953.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\PAL_SECAM.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\SMPTE-C.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\CIERGB.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\Photoshop5DefaultCMYK.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\Photoshop4DefaultCMYK.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\XLREC.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\RECNCL.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Microsoft Shared\Proof\MSWDS_EN.LEX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\program files\Office\Actors\CLIPPIT.ACT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Office\Actors\logo.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Office\Actors\scribble.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Office\Actors\dot.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Office\Actors\mnature.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Office\Actors\hoverbot.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Office\Actors\will.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Office\Actors\powerpup.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Office\Actors\genius.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\Pavement\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\BS96SE.EXE" refers to invalid object "D:\aamsstp\app\bs96se.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CS.EXE" refers to invalid object "C:\Program Files\CompuServe 7.0\CS.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\install.exe" refers to invalid object "C:\WINDOWS\Install.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MSMSGS.EXE" refers to invalid object "C:\Program Files\Messenger\msmsgs.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MSOFFICE.EXE" refers to invalid object "C:\program files\Office\MSOFFICE.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Net2fone.exe" refers to invalid object "C:\Program Files\Net2Phone\Net2fone.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\pcshw" refers to invalid object "C:\WINDOWS\system32\pkshkwut.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\pshower" refers to invalid object "C:\WINDOWS\system32\pshwr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\schdpl32.exe" refers to invalid object "C:\program files\Office\schdpl32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\YourApp.exe" refers to invalid object "C:\Program Files\Multimedia Keyboard Driver\YourApp.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Favorites\Financial Links\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\eM Bay Reader\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\ACD Systems\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Pavement\Start Menu\Programs\Maxtor\OneTouch\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Pavement\Start Menu\Programs\Maxtor\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\iPod\iPod Updater 2004-11-15\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\Harry Potter Creative CD\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\clippit.act" refers to invalid object "C:\program files\Office\Actors\CLIPPIT.ACT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\hlink.srg" refers to invalid object "C:\program files\Office\HLINK.SRG". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\misc.srg" refers to invalid object "C:\program files\Office\MISC.SRG". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\MSACCESS80" refers to invalid object "C:\program files\Office\MSACCESS.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\mso97.dll" refers to invalid object "C:\program files\Office\MSO97.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\msroute.dll" refers to invalid object "C:\program files\Office\MSROUTE.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\osa.exe" refers to invalid object "C:\program files\Office\OSA.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\osaintl.dll" refers to invalid object "C:\program files\Office\OSAINTL.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\recncl.dll" refers to invalid object "C:\WINDOWS\System32\RECNCL.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\xlrec.dll" refers to invalid object "C:\WINDOWS\System32\XLREC.DLL". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fdr". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{3CB41017-F5CA-4C56-934C-ED02156251E6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Media Access". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329441". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7148F0A8-6813-11D6-A77B-00B0D0142050}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0098EEE0-75CD-11D3-8DD3-00104B06462E}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00DBD9B0-4D98-11D3-ADEB-0004AC96AAB2}" refers to invalid object "C:\Program Files\ICQ\ICQPhon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00F6280E-E711-11D3-BCF3-0004AC969DC2}" refers to invalid object "C:\Program Files\ICQ\ICQSMS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{036D5CD2-0631-11D4-BD1A-0004AC96B3B4}" refers to invalid object "C:\Program Files\ICQ\icqhops.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0482E074-C5B7-101A-82E0-08002B36A333}" refers to invalid object "C:\program files\Office\schdpl32.exe -Automation". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C0A83A0-7146-11D3-8DD2-00104B06462E}" refers to invalid object "C:\Program Files\ICQ\ICQInUn.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C116522-3028-11D2-8A05-00104B9B48AB}" refers to invalid object "C:\Program Files\ICQ\ICQGreet.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C116523-3028-11D2-8A05-00104B9B48AB}" refers to invalid object "C:\Program Files\ICQ\ICQGreet.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C9FD8E4-5DF3-11D3-ADFC-0004AC96AAB2}" refers to invalid object "C:\Program Files\ICQ\ICQPhon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0ED937FD-6612-11D3-BCCD-0004AC96B3B4}" refers to invalid object "C:\Program Files\ICQ\ICQPhon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{104DD9C3-402D-11D3-AF32-0090271A8BEA}" refers to invalid object "C:\Program Files\ICQ\ICQMlp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1335272F-9B20-4CC3-8F24-5E95BE1D94BF}" refers to invalid object "C:\Program Files\ICQ\ICQSimpleApiPlugin.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1629A280-2D8C-11D3-BCCB-0050048EBC8D}" refers to invalid object "C:\Program Files\ICQ\ICQPict.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{18C55FEC-6614-11D3-BCCD-0004AC96B3B4}" refers to invalid object "C:\Program Files\ICQ\ICQPhon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1D009A58-1C67-11D4-BCD9-0004AC96DD96}" refers to invalid object "C:\Program Files\ICQ\ICQSearc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1D215721-7033-11D3-ADDF-0090270D6DEC}" refers to invalid object "C:\Program Files\ICQ\ICQStDlg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1EB5BE89-55B9-11D4-A49A-00D0B759B1D9}" refers to invalid object "C:\Program Files\ICQ\ICQSMS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d3-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d4-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d6-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d8-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d9-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78db-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78dc-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78dd-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78de-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e3-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e4-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e5-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e6-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e7-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e8-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e9-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78ea-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78eb-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{23654133-31C0-27DA-D1FF-59DAE0B7EB9A}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{23DF73B4-D740-11D4-8DEE-0010B56F9E9E}" refers to invalid object "C:\Program Files\ICQ\ICQStDlg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{23DF73B5-D740-11D4-8DEE-0010B56F9E9E}" refers to invalid object "C:\Program Files\ICQ\ICQStDlg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{23DF73B6-D740-11D4-8DEE-0010B56F9E9E}" refers to invalid object "C:\Program Files\ICQ\ICQStDlg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{23DF73B8-D740-11D4-8DEE-0010B56F9E9E}" refers to invalid object "C:\Program Files\ICQ\ICQStDlg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{270FBE58-2F1D-415E-9C7F-16A1FFD79DA0}" refers to invalid object "C:\Program Files\ICQ\ICQStDlg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{271BC450-D971-11D4-8DEF-0010B56F9E9E}" refers to invalid object "C:\Program Files\ICQ\ICQStDlg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{279BCBAA-F6DE-11D4-BDA5-0004AC96B3B4}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{28069770-0265-11D3-8DB3-00104B06462E}" refers to invalid object "C:\Program Files\ICQ\ICQConLb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{29188C02-B8A7-11D4-AE1A-0090270D8F00}" refers to invalid object "C:\Program Files\ICQ\ICQTsLib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2A7E6911-211E-11D4-BCFF-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQIfDg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2A7E6912-211E-11D4-BCFF-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQIfDg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2A7E6913-211E-11D4-BCFF-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQIfDg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2A7E6914-211E-11D4-BCFF-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQIfDg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2A7E6915-211E-11D4-BCFF-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQIfDg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2B7E6AA9-C4FA-4951-815B-4AFE39D81453}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2bf50447-ef62-11d3-bd00-0004ac96b3b4}" refers to invalid object "C:\Program Files\ICQ\icqhops.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2C217C90-4D91-11D3-ADEB-0004AC96AAB2}" refers to invalid object "C:\Program Files\ICQ\ICQPhon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2CF86D50-DE72-11D3-AB21-0050048EBC8D}" refers to invalid object "C:\Program Files\ICQ\ICQSearc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2DC84132-7F0E-11D3-AF37-0090270D827A}" refers to invalid object "C:\Program Files\ICQ\ICQMlp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2DC84133-7F0E-11D3-AF37-0090270D827A}" refers to invalid object "C:\Program Files\ICQ\ICQSdMl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2DC84134-7F0E-11D3-AF37-0090270D827A}" refers to invalid object "C:\Program Files\ICQ\ICQMlp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2E1174E9-F29B-11D3-BCE3-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQPhPl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2E1174EA-F29B-11D3-BCE3-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQPhPl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2E1174EB-F29B-11D3-BCE3-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQPhPl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2E30EDEA-572F-11D4-BD1D-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{302405BD-EB23-48C1-BFB1-6EDA3303B24F}" refers to invalid object "C:\Program Files\ICQ\ICQAddUs.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{307E43FD-E76F-11D3-BCDE-0004AC961EA6}" refers to invalid object "C:\Program Files\ICQ\ICQOtlX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{307E43FF-E76F-11D3-BCDE-0004AC961EA6}" refers to invalid object "C:\Program Files\ICQ\ICQOtlX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{30C7EEE2-DC7A-11D3-BCDD-0004AC961EA6}" refers to invalid object "C:\Program Files\ICQ\ICQOutL.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{30C7EEE4-DC7A-11D3-BCDD-0004AC961EA6}" refers to invalid object "C:\Program Files\ICQ\ICQOutL.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{30C8A6E1-351E-11D2-8A0B-00104B9B48AB}" refers to invalid object "C:\Program Files\ICQ\ICQUnkn.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{312AF5B0-37BA-11D3-BCD7-0050048EBC8D}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{315C661F-270F-11D4-BD08-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQUsDg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{315C6620-270F-11D4-BD08-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQUsDg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{315C6621-270F-11D4-BD08-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQUsDg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{315C6622-270F-11D4-BD08-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQUsDg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{316DBA47-B612-489D-8CBF-7E455B05E0C7}" refers to invalid object "C:\Program Files\ICQ\ICQSimpleApi.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{32D42A20-FC4B-F79A-AC7B-AD05483E2AA7}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3421F881-3495-11D4-BD10-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQUsDg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{343DA7CB-01A7-4503-A9AF-C84CF13B4381}" refers to invalid object "C:\Program Files\ICQ\ICQURL.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{34EAC540-2883-11D3-8DBB-00104B06462E}" refers to invalid object "C:\Program Files\ICQ\ICQPict.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36CC7D55-EAF6-11D4-BD3B-0004AC96D905}" refers to invalid object "C:\Program Files\ICQ\ICQPhCl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{371EF950-AFF7-11D4-B00A-00902736685D}" refers to invalid object "C:\Program Files\ICQ\Install\ICQToolsInstaller.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{373FE9A0-E94F-11D3-BCD2-0004AC96DD96}" refers to invalid object "C:\Program Files\ICQ\ICQInfM.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{385963C5-6871-11D4-A4A4-00D0B759B1D9}" refers to invalid object "C:\Program Files\ICQ\ICQSMS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{385EB63F-30A0-11D4-BD0F-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQPhSt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{38BA1DB0-91F8-11D4-B002-00902736685A}" refers to invalid object "C:\Program Files\ICQ\ICQft.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3BA899E4-5333-11D3-AF45-0090270D6DEC}" refers to invalid object "C:\Program Files\ICQ\ICQStDlg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3DA8F160-4991-11D3-8DBE-00104B06462E}" refers to invalid object "C:\Program Files\ICQ\ICQRndP.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4025D2B0-379E-11D3-BCD7-0050048EBC8D}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{403D93E4-A7F1-11D2-AD33-00104B5F8CD8}" refers to invalid object "C:\Program Files\ICQ\ICQHttp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4062F230-379E-11D3-BCD7-0050048EBC8D}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{41250300-379E-11D3-BCD7-0050048EBC8D}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{42551950-379E-11D3-BCD7-0050048EBC8D}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{432C6240-5E77-47C8-906A-00B20FCF32EA}" refers to invalid object "C:\Program Files\ICQ\ICQMcDgs.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{43E5F7CC-E85C-11D3-BCDF-0004AC961EA6}" refers to invalid object "C:\Program Files\ICQ\ICQCom45.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{43E5F7CE-E85C-11D3-BCDF-0004AC961EA6}" refers to invalid object "C:\Program Files\ICQ\ICQCom45.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{44C09855-B5F6-4ED1-8F4C-95216D580094}" refers to invalid object "C:\Program Files\ICQ\ICQAutomation.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{467D0E2A-7676-11D4-BCE6-0004AC961EA6}" refers to invalid object "C:\Program Files\ICQ\ICQSndCntctLst.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{47A11B2C-2B1C-11D4-BD1B-0004AC969DC2}" refers to invalid object "C:\Program Files\ICQ\ICQSMS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{483BE501-E42A-11D1-B679-006097E1E294}" refers to invalid object "C:\Program Files\ICQ\ICQGreet.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{488943DF-9280-480C-A94A-72722D3F4207}" refers to invalid object "C:\Program Files\ICQ\ICQSimpleApiPlugin.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4C11CA11-69D3-11D3-ADDE-0090270D6DEC}" refers to invalid object "C:\Program Files\ICQ\ICQStDlg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E7AF4B0-8FCF-11D3-8DD7-00104B06462E}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{51F4ECE1-FD07-11D4-AE2F-0090270D827A}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{532556E0-F055-11D3-BD01-0004AC96B3B4}" refers to invalid object "C:\Program Files\ICQ\icqhops.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{53F41597-20E8-11D4-BCFD-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQIfDg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5598DA60-70EA-11D3-AF2E-0090270D827A}" refers to invalid object "C:\Program Files\ICQ\ICQP3c.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{561C9ED1-503B-11D4-AE29-0090271A8BEA}" refers to invalid object "C:\Program Files\ICQ\ICQCheck.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{56D7C520-5E0B-11D3-8DC8-00104B06462E}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{570158C3-B87B-11D4-BD2F-0004AC96D905}" refers to invalid object "C:\Program Files\ICQ\ICQChtE.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{59850400-6664-101B-B21C-00AA004BA90B}" refers to invalid object "C:\program files\Office\binder.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{59850403-6664-101B-B21C-00AA004BA90B}" refers to invalid object "C:\program files\Office\BDREC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{59850404-6664-101B-B21C-00AA004BA90B}" refers to invalid object "C:\program files\Office\BDREC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5A881D65-2A73-11D4-BD0A-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQWp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5C1E1E50-DD9E-11D3-AB1F-0050048EBC8D}" refers to invalid object "C:\Program Files\ICQ\ICQWhite.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5D11ADA3-5342-11D3-AF45-0090270D6DEC}" refers to invalid object "C:\Program Files\ICQ\ICQStDlg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5E87218D-E854-11D3-BCE1-0004AC96A2D7}" refers to invalid object "C:\Program Files\ICQ\ICQPhCl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5FD4D15E-7F33-11D3-BCC6-0004AC96AB1F}" refers to invalid object "C:\Program Files\ICQ\ICQMcDgs.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6090EBD0-4421-11D3-8DBC-00104B06462E}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{61C9CA32-1F7D-11D4-AE17-0090271A8BEA}" refers to invalid object "C:\Program Files\ICQ\ICQCheck.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{63B9B0A3-E2DE-405E-BADB-F1ED7B921783}" refers to invalid object "C:\Program Files\ICQ\ICQft.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{644E6D31-144E-11D4-ADF8-0090270D827A}" refers to invalid object "C:\Program Files\ICQ\MapiMl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{651E794E-CB38-4657-A3D6-CF3F698E02AC}" refers to invalid object "C:\Program Files\ICQ\ICQFeatures.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{66537E70-DC99-11D3-AB1C-00104B06462E}" refers to invalid object "C:\Program Files\ICQ\ICQMcDgs.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{692A08F5-8D7F-11D4-A4C5-00D0B759B1D9}" refers to invalid object "C:\Program Files\ICQ\ICQURL.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{692A08F6-8D7F-11D4-A4C5-00D0B759B1D9}" refers to invalid object "C:\Program Files\ICQ\ICQURL.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{70061810-7154-11D3-8DD2-00104B06462E}" refers to invalid object "C:\Program Files\ICQ\ICQStUn.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{71BF02F0-7143-11D3-8DD2-00104B06462E}" refers to invalid object "C:\Program Files\ICQ\ICQInUn.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{72581C37-87E9-11D4-A4C1-00D0B759B1D9}" refers to invalid object "C:\Program Files\ICQ\ICQURL.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78591D32-61B5-4BD7-8BE1-231639F83A34}" refers to invalid object "C:\Program Files\ICQ\ICQStDlg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{791A036E-D89A-11D3-BCD5-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQPhCl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{800DD100-DB43-11CE-914E-00A004000162}" refers to invalid object "C:\program files\Office\msspc32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{80874F19-2720-11D4-BD08-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQIfDg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83286680-2880-11D3-8DBB-00104B06462E}" refers to invalid object "C:\Program Files\ICQ\ICQPict.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{86BA0820-1E85-11D3-8DB6-00104B06462E}" refers to invalid object "C:\Program Files\ICQ\ICQTsLib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{86E134E6-7748-11D4-BCE8-0004AC961EA6}" refers to invalid object "C:\Program Files\ICQ\ICQSndCntctLst.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88EC1721-69D8-11D3-ADED-0090271A8BEA}" refers to invalid object "C:\Program Files\ICQ\ICQReg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{89712930-5BF1-11D3-8DC8-00104B06462E}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8B434706-F79A-11D4-AE2A-0090270D8F00}" refers to invalid object "C:\Program Files\ICQ\ICQTsLib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8CC49940-3146-11CF-97A1-00AA00424A9F}" refers to invalid object "C:\program files\Office\MSACCESS.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8D14011B-ECD8-411F-47C6-A391A9574D32}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{91DA6287-52F0-4CCF-9D67-72842C9BB367}" refers to invalid object "C:\PROGRA~1\SHOCKW~1.COM\JIGSAW~1\ui\SwDRM.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{93E8B802-4A97-11D3-AF3A-0090270D6DEC}" refers to invalid object "C:\Program Files\ICQ\ICQStDlg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{94492D50-42B3-11D3-8DBC-00104B06462E}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{96376877-24FE-11D4-BD05-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQPref.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{96BDBE35-8D65-11D4-B001-00902736685A}" refers to invalid object "C:\Program Files\ICQ\ICQft.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{96BDBE36-8D65-11D4-B001-00902736685A}" refers to invalid object "C:\Program Files\ICQ\ICQft.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{96E4C401-3569-11D4-BD10-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\icqentry.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99BAFE61-4758-11D4-AE09-0090270D827A}" refers to invalid object "C:\Program Files\ICQ\ICQMlp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9CA7F290-379E-11D3-BCD7-0050048EBC8D}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9D486540-379E-11D3-BCD7-0050048EBC8D}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9F82FA00-E332-11D3-AB31-0050048EBC8D}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9F9012BA-E55B-11D3-ADE7-0090270D8F00}" refers to invalid object "C:\PROGRA~1\ICQ\ICQHTT~1.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9F9892BA-D7F9-11D3-BCDE-0004AC96A2D7}" refers to invalid object "C:\Program Files\ICQ\ICQPhTel.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A1031BAF-3039-4dd6-BC5E-522F007DAF8B}" refers to invalid object "C:\Program Files\Messenger\msmsgs.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A25884D1-CFF7-11D2-8A42-00104B9B48AB}" refers to invalid object "C:\Program Files\ICQ\ICQSmLib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A3E0F88B-545B-124B-2A25-272E250F13EE}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A74F4EF0-8FB4-11D3-8DD7-00104B06462E}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A8EC79F0-354D-11D3-BCD7-0050048EBC8D}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AB1D8565-40E9-4616-984D-98465687E82C}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ADE97025-ADB4-11D4-BD49-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQMcDgs.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ADE97026-ADB4-11D4-BD49-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQMcDgs.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AEA71671-51D3-11D4-AE2A-0090271A8BEA}" refers to invalid object "C:\Program Files\ICQ\ICQCheck.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AFDED58B-211F-11D4-BCFF-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQIfDg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AFDED58C-211F-11D4-BCFF-000629EE4DA1}" refers to invalid object "C:\Program Files\ICQ\ICQIfDg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B220F7BF-8E37-11D4-BD28-0004AC96D905}" refers to invalid object "C:\Program Files\ICQ\ICQPlCht.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B220F7C8-8E37-11D4-BD28-0004AC96D905}" refers to invalid object "C:\Program Files\ICQ\ICQPlCht.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B220F7C9-8E37-11D4-BD28-0004AC96D905}" refers to invalid object "C:\Program Files\ICQ\ICQPlCht.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B4FEEF4A-D8FA-11D3-BCEE-0004AC969DC2}" refers to invalid object "C:\Program Files\ICQ\ICQPhPl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B69003B3-C55E-4b48-836C-BC5946FC3B28}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B72370B3-3B95-4A43-8D10-2F4E1B09965B}" refers to invalid object "C:\Program Files\ICQ\ICQStDlg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B728D180-65E1-11D3-BCEF-0050048EBC8A}" refers to invalid object "C:\Program Files\ICQ\icqDatLb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B8276F44-7747-11D4-BCE8-0004AC961EA6}" refers to invalid object "C:\Program Files\ICQ\ICQSndCntctLst.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B86631CA-E9C8-11D3-BCDF-0004AC961EA6}" refers to invalid object "C:\Program Files\ICQ\ICQEudo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B86631CE-E9C8-11D3-BCDF-0004AC961EA6}" refers to invalid object "C:\Program Files\ICQ\ICQEudo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B884ACF0-FE83-11D3-BCD2-0004AC96DD96}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B903C411-920E-11D3-AF5A-0090270D8F00}" refers to invalid object "C:\Program Files\ICQ\ICQUnkn.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BA1AF90E-00C7-11D5-B024-00902736685A}" refers to invalid object "C:\Program Files\ICQ\ICQControls.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BA8943D1-CC5F-11D4-AE21-0090270D8F00}" refers to invalid object "C:\Program Files\ICQ\ICQBase.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BBBFCB14-3B21-491c-9E2A-B0F3D50F83FD}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BBDFEC89-3555-11D4-BD29-0004AC969DC2}" refers to invalid object "C:\Program Files\ICQ\outlk.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BC20CB75-A981-460e-81D4-F06F61B59247}" refers to invalid object "C:\Program Files\Messenger\msmsgs.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BC54B24C-5A97-4C19-9181-8B8A05B2E931}" refers to invalid object "C:\WINDOWS\system32\nsb7F8.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BC55995F-D9F9-11D2-8A45-00104B9B48AB}" refers to invalid object "C:\Program Files\ICQ\ICQFTLib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c0-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c1-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c2-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c3-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\COMPUS~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BD9584EF-C28C-4F6D-8D49-0CEE3C0E442F}" refers to invalid object "C:\WINDOWS\system32\nsb7F8.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BEBAD152-915A-11D3-ADF8-0090271A8BEA}" refers to invalid object "C:\Program Files\ICQ\ICQMcDgs.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BEC3B500-354D-11D3-BCD7-0050048EBC8D}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BEFAFF10-4A4E-11D3-8DBE-00104B06462E}" refers to invalid object "C:\Program Files\ICQ\ICQTsLib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C0139EF2-53C6-11D3-AF47-0090270D6DEC}" refers to invalid object "C:\Program Files\ICQ\ICQStDlg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C0A1CA1E-9F8A-11D4-BD00-0004AC961EA6}" refers to invalid object "C:\Program Files\ICQ\ICQSndCntctLst.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C0FEB746-F860-11D3-BCFB-0004AC969DC2}" refers to invalid object "C:\Program Files\ICQ\ICQSMS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5D28581-CA46-11D2-A150-00104B9B4C0E}" refers to invalid object "C:\Program Files\ICQ\PoP3.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5D28583-CA46-11D2-A150-00104B9B4C0E}" refers to invalid object "C:\Program Files\ICQ\ICQCp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C60B7F30-379D-11D3-BCD7-0050048EBC8D}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C6D533F0-379D-11D3-BCD7-0050048EBC8D}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C748F300-6A47-11D3-BCF0-0050048EBC8A}" refers to invalid object "C:\Program Files\ICQ\ICQMcDgs.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C750FA20-379D-11D3-BCD7-0050048EBC8D}" refers to invalid object "C:\Program Files\ICQ\ICQCool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C7888681-1A83-4C14-B9A5-95F91240B44F}" refers to invalid object "C:\WINDOWS\system32\nsb7F8.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C7CA8B42-2707-11D4-BCFB-0004AC96D905}" refers to invalid object "C:\Program Files\ICQ\ICQExCt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C83AB930-2CED-11D4-BCDF-0004AC96DD96}" refers to invalid object "C:\Program Files\ICQ\ICQMcDgs.dll". Action Take
  • 0

#28
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Im sorry Ive been a little busy lately

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Post the two logs for me please

Thanks :tazz:
  • 0

#29
jacygittes

jacygittes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here's the Uninstall List. I've tried to get the CashBack thing off previously.

56Kbps Internal Modem
ACDSee 4.0.2 PowerPack
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop 7.0
Adobe Reader 7.0
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20030807.3)
AOL Instant Messenger
BigFix
Canon ScanGear Toolbox CS 2.2
CC_ccStart
ccCommon
CleanUp!
CloneCD
Command
DivX
DivX Player
eMachines Bay Reader V1.00
Final Draft 6
Final Draft v6.0.2.5 Update
Google Earth
Google Toolbar for Internet Explorer
Google Video Viewer 1.0 (based on VLC 0.8.2 Player)
GSpot Codec Information Appliance
Harry Potter and the Chamber of Secrets ™ Screen Saver
Harry Potter Creative CD
Harry Potter Divination2 Screen Saver
Harry Potter SS2
Harry Potter™ Screen Saver
HijackThis 1.99.1
InterActual Player
iPod for Windows 2005-09-06
iPod Updater 2004-11-15
iTunes
j2 Messenger Plus 3.3
J2SE Runtime Environment 5.0 Update 4
Lavasoft VX2 Cleaner
LeechFTP
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
LQfix 1.0
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia FreeHand 10
Macromedia Shockwave Player
Microsoft Data Access Components KB870669
Microsoft Office 2000 Premium
Microsoft Works 7.0
Mozilla Firefox (1.0.6)
MSRedist
MuggleNet.com's Harry Potter and the Prisoner of Azkaban Screensaver
Multimedia Keyboard Driver
Netscape 6 (6.2.1)
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton WMI Update
NVIDIA Drivers
NVIDIA nForce Drivers
NVIDIA Windows 2000/XP Display Drivers
Panda ActiveScan
PowerDVD
Quicken 2002 Deluxe
QuickTime
RealPlayer
SafeCast Shared Components
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Select CashBack
Showbiz Directory 2005-Q1
Skype 1.3
Sonic CinePlayer MP3 Pack
Spybot - Search & Destroy 1.4
Symantec Script Blocking Installer
SymNet
TrojanHunter 4.2
TurboTax Basic 2003
TurboTax Basic 2004
TypeItIn
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
USB Storage Adapter FX (MXO)
Viewpoint Media Player
ViewSonic Monitor Drivers
Visual Max
Winamp (remove only)
Window Washer 5
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip

Edited by jacygittes, 25 September 2005 - 11:33 PM.

  • 0

#30
jacygittes

jacygittes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
********
10:36 PM: |··· Start of Session, Sunday, September 25, 2005 ···|
10:36 PM: Spy Sweeper started
10:36 PM: Sweep initiated using definitions version 540
10:36 PM: Starting Memory Sweep
10:39 PM: Memory Sweep Complete, Elapsed Time: 00:02:52
10:39 PM: Starting Registry Sweep
10:39 PM: Found Adware: apropos
10:39 PM: HKLM\software\aprps\ (2 subtraces) (ID = 103741)
10:39 PM: Found Adware: begin2search
10:39 PM: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095)
10:39 PM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
10:39 PM: Found Adware: hotsearchbar toolbar
10:39 PM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
10:39 PM: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097)
10:39 PM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
10:39 PM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
10:39 PM: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099)
10:39 PM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
10:39 PM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
10:39 PM: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101)
10:39 PM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
10:39 PM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
10:39 PM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
10:39 PM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
10:39 PM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
10:39 PM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
10:39 PM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
10:39 PM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
10:39 PM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
10:39 PM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
10:39 PM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
10:39 PM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
10:39 PM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
10:39 PM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
10:39 PM: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145)
10:39 PM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
10:39 PM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
10:39 PM: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147)
10:39 PM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
10:39 PM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
10:39 PM: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149)
10:39 PM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
10:39 PM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
10:39 PM: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151)
10:39 PM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
10:39 PM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
10:39 PM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
10:39 PM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
10:39 PM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
10:39 PM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
10:39 PM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
10:39 PM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
10:39 PM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
10:39 PM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
10:39 PM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
10:39 PM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
10:39 PM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
10:39 PM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
10:39 PM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
10:39 PM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
10:39 PM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
10:39 PM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
10:39 PM: Found Adware: surfsidekick
10:39 PM: HKU\S-1-5-21-3911395138-2511197463-410073981-1005\software\surfsidekick3\ (3 subtraces) (ID = 143412)
10:39 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
10:39 PM: Found Adware: winad
10:39 PM: HKLM\software\media access\ (8 subtraces) (ID = 147182)
10:39 PM: Found Adware: cas
10:39 PM: HKU\S-1-5-21-3911395138-2511197463-410073981-1005\software\cmapp\ (ID = 381792)
10:39 PM: Found Adware: safesurf
10:39 PM: HKCR\funtools.picshow\ (5 subtraces) (ID = 730902)
10:39 PM: HKCR\funtools.picshow.1\ (3 subtraces) (ID = 730908)
10:39 PM: HKCR\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730924)
10:39 PM: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || pshower (ID = 730935)
10:39 PM: HKLM\software\classes\funtools.picshow\ (5 subtraces) (ID = 730957)
10:39 PM: HKLM\software\classes\funtools.picshow.1\ (3 subtraces) (ID = 730963)
10:39 PM: HKLM\software\classes\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730979)
10:39 PM: HKLM\software\picshow\ (30 subtraces) (ID = 730989)
10:39 PM: Registry Sweep Complete, Elapsed Time:00:00:11
10:39 PM: Starting Cookie Sweep
10:39 PM: Found Spy Cookie: pointroll cookie
10:39 PM: pavement@ads.pointroll[2].txt (ID = 3148)
10:39 PM: Found Spy Cookie: apmebf cookie
10:39 PM: pavement@apmebf[2].txt (ID = 2229)
10:39 PM: Found Spy Cookie: azjmp cookie
10:39 PM: pavement@azjmp[2].txt (ID = 2270)
10:39 PM: Found Spy Cookie: maxserving cookie
10:39 PM: pavement@maxserving[1].txt (ID = 2966)
10:39 PM: Found Spy Cookie: overture cookie
10:39 PM: pavement@perf.overture[1].txt (ID = 3106)
10:39 PM: Found Spy Cookie: qksrv cookie
10:39 PM: pavement@qksrv[2].txt (ID = 3213)
10:39 PM: Found Spy Cookie: questionmarket cookie
10:39 PM: pavement@questionmarket[1].txt (ID = 3217)
10:39 PM: Found Spy Cookie: rn11 cookie
10:39 PM: pavement@rn11[2].txt (ID = 3261)
10:39 PM: Found Spy Cookie: trafficmp cookie
10:39 PM: pavement@trafficmp[1].txt (ID = 3581)
10:39 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
10:39 PM: Starting File Sweep
10:40 PM: Found Adware: windows afa internet enhancement
10:40 PM: qbuninstaller.exe (ID = 90525)
10:40 PM: Found Adware: zquest
10:40 PM: medgs1.exe (ID = 146576)
10:41 PM: Found Adware: twain-tech
10:41 PM: support.cn (ID = 81870)
10:41 PM: sskknwrd.dll (ID = 77733)
10:41 PM: Found Adware: ispy webcam
10:41 PM: ispy.htm (ID = 64397)
10:42 PM: opr.exe (ID = 146514)
10:42 PM: Warning: Failed to read file "c:\windows\system32\pnremgmt.exe". System Error. Code: 2.
The system cannot find the file specified
10:42 PM: Warning: Failed to read file "c:\program files\j2 tunes\itsmlt47.exe". System Error. Code: 2.
The system cannot find the file specified
10:43 PM: ispy.htm (ID = 64397)
10:43 PM: wingenerics.dll (ID = 50187)
10:43 PM: greenmovie2313asaadsasfad112341231adsfa1.ico (ID = 51033)
10:43 PM: bingo_big3123.ico (ID = 51022)
10:43 PM: File Sweep Complete, Elapsed Time: 00:03:58
10:43 PM: Full Sweep has completed. Elapsed time 00:07:06
10:43 PM: Traces Found: 575
6:11 AM: Removal process initiated
6:11 AM: Quarantining All Traces: apropos
6:11 AM: Quarantining All Traces: begin2search
6:11 AM: Quarantining All Traces: hotsearchbar toolbar
6:11 AM: Quarantining All Traces: surfsidekick
6:11 AM: Quarantining All Traces: winad
6:11 AM: Quarantining All Traces: cas
6:11 AM: Quarantining All Traces: safesurf
6:11 AM: Quarantining All Traces: pointroll cookie
6:11 AM: Quarantining All Traces: apmebf cookie
6:11 AM: Quarantining All Traces: azjmp cookie
6:11 AM: Quarantining All Traces: maxserving cookie
6:11 AM: Quarantining All Traces: overture cookie
6:11 AM: Quarantining All Traces: qksrv cookie
6:11 AM: Quarantining All Traces: questionmarket cookie
6:11 AM: Quarantining All Traces: rn11 cookie
6:11 AM: Quarantining All Traces: trafficmp cookie
6:11 AM: Quarantining All Traces: windows afa internet enhancement
6:11 AM: Quarantining All Traces: zquest
6:11 AM: Quarantining All Traces: twain-tech
6:11 AM: Quarantining All Traces: ispy webcam
6:11 AM: Removal process completed. Elapsed time 00:00:43
********
10:35 PM: |··· Start of Session, Sunday, September 25, 2005 ···|
10:35 PM: Spy Sweeper started
10:36 PM: |··· End of Session, Sunday, September 25, 2005 ···|
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP