Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple Problems with Adware [RESOLVED]


  • This topic is locked This topic is locked

#1
mcb

mcb

    New Member

  • Member
  • Pip
  • 9 posts
Having issues with adware taking over my computer. Very slow even with high-speed connection and off-line tasks. Have tried all suggestions in preparation section of your website and attached is my first HJT log and eWido scan.
Thanks for any help you can provide.

Logfile of HijackThis v1.99.1
Scan saved at 10:09:46 PM, on 10/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128739999406
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



******************************************************************

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:34:59 PM, 10/7/2005
+ Report-Checksum: 630D224A

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{954814C0-40F3-4249-8528-B4922CD2964E} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A54814C0-40F3-4249-8528-B4922CD2964E} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/btiein.dll\\.Owner -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/btiein.dll\\{26E8361F-BCE7-4F75-A347-98C88B418322} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/EGDHTML_1021.dll\\.Owner -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/EGDHTML_1021.dll\\{94742E3F-D9A1-4780-9A87-2FFA43655DA2} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\buddylinks.net -> Spyware.BuddyLinks : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\websearch_ipinsight.xml -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{B195B3B3-8A05-11D3-97A4-0004ACA6948E} -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{014DA6C9-189F-421A-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B195B3B3-8A05-11D3-97A4-0004ACA6948E} -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000EF1-0786-4633-87C6-1AA7A44296DA} -> Spyware.FavoriteMan : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000020DD-C72E-4113-AF77-DD56626C6C42} -> Spyware.TwainTech : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{13197ACE-6851-45C3-A7FF-C281324D5489} -> Spyware.2nsSearch : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{386A771C-E96A-421F-8BA7-32F1B706892F} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58F9B276-E1CC-458E-8159-21CBC021874B} -> Spyware.DailyToolbar : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63B78BC1-A711-4D46-AD2F-C581AC420D41} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63CF97E8-4133-438A-A831-CC9C6D47D673} -> Spyware.FlashTrack : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{665ACD90-4541-4836-9FE4-062386BB8F05} -> Spyware.FlashTrack : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7371F073-AC0F-4B80-BB2F-96A488CEFB32} -> Spyware.FlashTrack : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7CD20E91-1F31-41DA-8379-479EA31DF969} -> Spyware.FlashEnhancer : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6DFF6D8-B94B-4720-B730-1C38C7065C3B} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-3134616843-294421709-1990122784-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\owner@mysearch[1].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Start Menu\Programs\buddylinks.net -> Spyware.BuddyLinks : Cleaned with backup
C:\Documents and Settings\Owner\Start Menu\Programs\buddylinks.net\buddylinks.net Configuration.lnk -> Spyware.BuddyLinks : Cleaned with backup
C:\Documents and Settings\Owner\Start Menu\Programs\buddylinks.net\Games -> Spyware.BuddyLinks : Cleaned with backup
C:\Program Files\NewDotNet\newdotnet6_38.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\uninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall5_20.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall5_40.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall5_64.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_10.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@mysearch[2].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\WINDOWS\system32\EGDHTML_1021.dll -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\EGDHTML_1024.dll -> TrojanDownloader.Wintrim.h : Cleaned with backup
C:\WINDOWS\system32\unimt.exe -> Spyware.PurityScan : Cleaned with backup


::Report End
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi mcb and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.


1. Download, install, update, configure, and run Ad-Aware SE Personal 1.06.
  • Download Ad-Aware SE Personal 1.06:
  • Install Ad-Aware SE Personal 1.06:
    • Double-click on aawsepersonal.exe to install the program.
    • Follow the default settings for installation.
    • After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
  • Update Ad-Aware SE Personal 1.06:
    • Double-click the Ad-Aware SE Personal icon on your desktop.
    • Click "Check for updates now" then click "Connect".
    • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
  • Configure Ad-Aware SE Personal 1.06:
    • Click on the Gear button at the top of the window.
    • Click "General" on the left hand side to display the General Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Automatically save logfile"
        • "Automatically quarantine objects prior to removal"
        • "Safe Mode (always request confirmation)"
        • "Prompt to update outdated definitions" - change to 7 days from the default 14.
    • Click "Scanning" on the left hand side to display the Scan Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Scan within archives"
      • "Select drives & folders to scan" - select your hard drive(s).
      • "Scan active processes"
      • "Scan registry"
      • "Deep-scan registry"
      • "Scan my IE favorites for banned URLs"
      • "Scan my Hosts file"
    • Click "Advanced" on the left hand side to display the Advanced Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Move deleted files to Recycle Bin"
      • "Include additional object information"
      • "Include negligible objects information"
      • "Include environment information"
    • Click "Defaults" on the left hand side to display the Default Settings box.
      • Make sure these items have your preferred settings in them.:
      • "Default homepage"
      • "Default searchpage"
    • Click "Tweak" on the left hand side to display the Tweak Settings box.
      • Click the + (plus) sign next to the Log Files section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Include basic Ad-Aware settings in log file"
        • "Include additional Ad-Aware settings in log file"
        • "Include reference summary in log file"
        • "Include alternate data stream details in log file"
      • Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Unload recognized processes & modules during scan"
        • "Scan registry for all users instead of current user only"
        • "Obtain command line of scanned processes"
      • Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Always try to unload modules before deletion"
        • "During removal, unload Explorer and IE if necessary"
        • "Let Windows remove files in use at next reboot"
        • "Delete quarantined objects after restoring"
    • Once you are done with these settings, click "Proceed" to save them.
    • This will take you back to the main screen.
  • Run Ad-Aware SE Personal 1.06:
    • Click the "Start" button.
    • Uncheck the "Search for negligible risk entries" entry.
    • Choose the "Use custom scanning options" scan mode.
    • Click the "Next" button.
    • Ad-Aware will begin to scan for malware residing on your computer.
    • Allow the scan to finish.
    • Right-click on any entry in the list and click "Select All" to select the whole list.
    • Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.
2. REBOOT your system

3. Download a trial version of SpySweeper
  • Install the application
  • Update its definitions
  • Run the program
  • Let it remove everything it wants
  • Finally, when it has finished its work, REBOOT your system.
4. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren

  • 0

#3
mcb

mcb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Okay. Thanks for the speedy reply. I have done everything on your instruction list. However, I encountered a glitch: After running the Spy Sweeper and removing everything it had on the list, my computer would not reboot. The following things occurred:

1. The icons did not all change to their regular appearance.
2. The mouse cursor froze on the screen.
3. The big blue screen with the HP logo came up.

I got the message... "Disk failure. Insert System Disk and hit Enter." I don't have a system disk.

So I ended up having to revert to the last known good configuration in order to get anything to work at all and to be able to reply to you.

After that I went ahead and ran the Hijack This scan. The results are below...



Logfile of HijackThis v1.99.1
Scan saved at 4:04:19 PM, on 10/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128739999406
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


I know very little about computers and doing anything with them that might mess them up is kind of scary for me. I hope you can walk me through this and get it fixed up.

Thanks.
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Everything looks fine except for 1 entry to remove from Startup.
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe


  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System


  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now. In addition, please tell me if there are any more malware problems that you are aware of.
Regards,

Trevuren

  • 0

#5
mcb

mcb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I removed the item you suggested. I have attached the new Hijack this log file....

I also received an alert from Spy Sweeper saying there was a program... Webshots.lnk.... that should be removed. I didn't remove it.


Logfile of HijackThis v1.99.1
Scan saved at 12:56:51 PM, on 10/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128739999406
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks for your quick reply.

MCB
  • 0

#6
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Just to be sure:

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe. This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results.

Put a check next to the below items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Folder - then click "browse" to change the directory to C: (default is C:\Windows)
  • Registry
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files
Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items", please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.

Regards,

Trevuren

  • 0

#7
mcb

mcb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I downloaded MWav as you suggested and started the scan per your instructions. I watched it for an hour. At that point it had found 89 viruses. I went to bed, thinking I would copy the infected areas log and send it to you this morning.
Unfortuantely, when I went back to the computer this morning, I had a black screen with the words...... "Disk boot failure. Insert System Disk and hit Enter." I had to restart and lost the log.

I will check this evening when I get home from work and see if you have any other instructions. If not, I will try to run the MWav scan again.

Thanks.

Michael
  • 0

#8
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please attempt to run the Scan one more time. It gives us so much to work with.


Thanks,

Trevuren

  • 0

#9
mcb

mcb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here is the log of the MWav scan you requested...


Object "imesh Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "p2p networking Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "imesh Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "topsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "buddylinks Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "imesh Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "weatherbug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "topsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "buddylinks Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "imesh Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "weatherbug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "abetterinternet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "conducent flexpak Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "imesh Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerreg scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "clientman Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor.topicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\AccesMembre.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ActiveXWebCam.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\btiein.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\customerclient.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\dwnldr.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ieatgpc.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ipixx.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\OUTC.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\View22RTE.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\wavetab.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WSDownloader.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\yinsthelper.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\EGDHTML_1021.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\o2oService_2.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\WINDOWS\System32\msxml3a.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\Web\Adoberegistrationenu.html". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "E:\Office\Actors\logo.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "E:\Office\Actors\scribble.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "E:\Office\Actors\dot.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "E:\Office\Actors\mnature.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "E:\Office\Actors\hoverbot.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "E:\Office\Actors\will.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "E:\Office\Actors\powerpup.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "E:\Office\Actors\genius.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\View22RTE.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ipixx.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ActiveXWebCam.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\OUTC.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\yinsthelper.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\customerclient.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\btiein.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\wavetab.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\Setup.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\IGDI.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\IsProBE.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\objectps.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\dwnldr.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\EGDHTML_1021.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\AccesMembre.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WSDownloader.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\FwsVpn.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ieatgpc.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\o2oService_2.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Avery\DesignPro5\Templates\Merge\__index". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bantam.dll" refers to invalid object "bantam.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bdeadmin.exe" refers to invalid object "bdeadmin.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bdeadmin.hlp" refers to invalid object "bdeadmin.hlp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\blw32.dll" refers to invalid object "blw32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\BS96SE.EXE" refers to invalid object "E:\aamsstp\app\bs96se.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\disp.dll" refers to invalid object "disp.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idapi32.dll" refers to invalid object "idapi32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idasci32.dll" refers to invalid object "idasci32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idbat32.dll" refers to invalid object "idbat32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idda3532.dll" refers to invalid object "idda3532.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddao32.dll" refers to invalid object "iddao32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddbas32.dll" refers to invalid object "iddbas32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddr32.dll" refers to invalid object "iddr32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idodbc32.dll" refers to invalid object "idodbc32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idpdx32.dll" refers to invalid object "idpdx32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idqbe32.dll" refers to invalid object "idqbe32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idr20009.dll" refers to invalid object "idr20009.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idsql32.dll" refers to invalid object "idsql32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\landscape.exe" refers to invalid object "C:\Program Files\3D Landscape for Everyone\landscape.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SmartDraw.exe" refers to invalid object "C:\SmartDraw\SmartDraw.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SoundMAX" refers to invalid object "C:\Program Files\Analog Devices\SoundMAX\SoundMAX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SoundMAX WDM Driver" refers to invalid object "C:\Program Files\Analog Devices\SoundMAX WDM Driver\SoundMAX WDM Driver". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\sqlint32.dll" refers to invalid object "sqlint32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\YourApp.exe" refers to invalid object "C:\Program Files\DAZZLE\MovieStar\YourApp.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\Documents and Settings\All Users\Start Menu\Programs\WordPerfect Office 2002\Utilities\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\Documents and Settings\All Users\Start Menu\Programs\WordPerfect Office 2002\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\Documents and Settings\All Users\Start Menu\Programs\WordPerfect Office 2002\Help Files\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\Documents and Settings\All Users\Start Menu\Programs\WordPerfect Office 2002\CorelCENTRAL 10 Applications\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\Documents and Settings\All Users\Start Menu\Programs\WordPerfect Office 2002\Setup and Notes\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Avery\DesignPro5\Templates\Merge\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".140/WAVs/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".3dmf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ac3". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BAK". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BK2". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".CH_". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/Capptain%20TuDan/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/UKNOWHOO/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".final". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".final2". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".hdmp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".hpi". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jar". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lst". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".m4a". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".med". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mp1". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mpga". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PKG". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PRO". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rel". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".S". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfd". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfk". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".smp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ssm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TMP". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".type". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AdSupport_202". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AltnetDM". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AolCoach". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ArcSoft Software Suite". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BTLINK_DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "buddylinks.net". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "CommonName". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "eZula". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Finale NotePad 2004". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "FTapp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB810217". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821557". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823559". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823980". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveUpdate1.7". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MSNEXT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "My Search Uninstall". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "New.net". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q308387". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q308676". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q308677". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q309521". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q309691". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q311842". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q311889". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q311967". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q312370". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q313450". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q314147". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q314862". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q315000". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q315403". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q317277". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q318138". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q319580". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q323172". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q324096". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q324380". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q326830". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q328310". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329048". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329115". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329170". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329390". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329441". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329834". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q331953". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810565". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810577". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810833". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q811493". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814033". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815021". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817606". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q819696". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Reg2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "RVP". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Studio Buddy". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "websearch_ipinsight.xml". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Webshots". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3075C5C3-0807-4924-AF8F-FF27052C12AE}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8F8A0923-9987-4791-9014-968B5A984A4B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F8766B65-4B9C-11D6-830E-0050DABBB449}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0037AC54-E32B-4ACA-9864-09F869AA82FE}" refers to invalid object "C:\Program Files\Windows Media Components\encoder\WMEx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{06EB6213-A677-11d3-A773-00C04F68F44E}" refers to invalid object "C:\Program Files\Sonic Foundry\Super Duper Music Looper XPress\sdmlxpress.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{12379C41-9EC4-11D4-B63B-00E0293197BC}" refers to invalid object "C:\Documents and Settings\Owner\Desktop\manalyse.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{17865D21-9DDA-11D4-B63B-00E0293197BC}" refers to invalid object "C:\Documents and Settings\Owner\Desktop\vanalyse.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{247161C5-995C-4097-9FF4-655DC6D12DB5}" refers to invalid object "C:\Program Files\Windows Media Components\encoder\WMEx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2F09DFE2-278B-49F7-ABAD-63BED2E84984}" refers to invalid object "C:\PROGRA~1\WILDTA~1\DDC\DDCMAN~1\DDCMan.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{301DA1EE-F65C-4188-A417-9E915CC8FBFA}" refers to invalid object "c:\Program Files\Microsoft Money\System\mnyviewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\yinsthelper.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3AB1D5A1-7AB5-11d5-B63C-00E0293197BC}" refers to invalid object "C:\Documents and Settings\Owner\Desktop\textout.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3AB1D5A2-7AB5-11d5-B63C-00E0293197BC}" refers to invalid object "C:\Documents and Settings\Owner\Desktop\textout.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3B5D1E9D-DAA9-4973-8522-A497576F954F}" refers to invalid object "C:\PROGRA~1\Arcsoft\Showbiz\MPEG-2Writer.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3B62A8E8-A3FA-4638-94A0-184BC69F20FD}" refers to invalid object "C:\Documents and Settings\Owner\Desktop\flash.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3B6ED8C5-5B91-11D5-803C-00D0B768B4B0}" refers to invalid object "C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3D5EF619-F606-4FAA-97C0-222B7DCA05EC}" refers to invalid object "C:\PROGRA~1\Sonic\MyDVD\MyDVD.exe -autoplay". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{40AF8200-4E6E-11D4-878D-00C0F6B0D1A7}" refers to invalid object "C:\Program Files\ArcSoft\Software Suite\photoimpression\ezrgb24.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{40AF8201-4E6E-11D4-878D-00C0F6B0D1A7}" refers to invalid object "C:\Program Files\ArcSoft\Software Suite\photoimpression\ezrgb24.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4178CE3B-11B1-46DD-A36D-BBCD36A5425A}" refers to invalid object "C:\Program Files\Windows Media Components\encoder\WMEx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{41BC8C35-A677-11d3-A773-00C04F68F44E}" refers to invalid object "C:\Program Files\Sonic Foundry MP3 Plug-In\commp3.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{447AC255-CE81-43AD-9827-AFDDB1561B07}" refers to invalid object "C:\Program Files\Windows Media Components\encoder\WMEx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4C171D40-8277-11D5-AD55-00010333D0AD}" refers to invalid object "C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4F748926-4FD1-42B7-A38D-217F7FEFD291}" refers to invalid object "C:\PROGRA~1\WILDTA~1\DDC\ACTIVE~1\DDCACT~1.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{550B32CE-4EDA-11D2-A4C7-00104B9E1179}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ipixx.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{575416D8-8A60-4DC0-B745-BC119B3CFCA7}" refers to invalid object "C:\Program Files\Windows Media Components\encoder\WMEx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{59803D7B-D6E4-4B89-864E-626EBB587BF4}" refers to invalid object "C:\PROGRA~1\Sonic\MyDVD\MyDVD.exe -AtlComm". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5A5ECA97-4FB6-4a36-801B-39A7DAD0930E}" refers to invalid object "C:\Program Files\Windows Media Components\encoder\WMEx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5B8CCD0D-04EB-4DEB-A31F-6FC7FCFA4DF4}" refers to invalid object "C:\PROGRA~1\Arcsoft\Showbiz\showbiz.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{64D24359-F22F-49B3-B220-95816BAFFD86}" refers to invalid object "C:\Program Files\Adobe\Premiere 6.0\plug-ins\dvsupport.prm". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{86767105-AA64-43BE-A794-8EE19C42F98A}" refers to invalid object "C:\PROGRA~1\WILDTA~1\DDC\DDCMAN~1\DDCMan.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}" refers to invalid object "C:\Program Files\Windows Media Components\encoder\WMEx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3}" refers to invalid object "c:\Program Files\Microsoft Money\System\mnyviewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{95F57411-9A21-4846-B131-450ADBEAE753}" refers to invalid object "C:\Program Files\Windows Media Components\encoder\WMEx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9B9F1C0A-3B96-43D5-B3B6-83F1AA6A55D5}" refers to invalid object "c:\Program Files\Microsoft Money\System\mnyviewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A192FEF1-EFB5-4677-ACDB-D547BB652F90}" refers to invalid object "C:\Program Files\Adobe\Premiere 6.0\plug-ins\dvcontrol.prm". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A7E9EBC4-4B2D-44F4-8DDC-28BE73911E0A}" refers to invalid object "C:\Program Files\Windows Media Components\encoder\WMEx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A83362E3-941E-4d36-8A4C-AC6EE5FB0D7B}" refers to invalid object "C:\Documents and Settings\Owner\Desktop\flash.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A8D3AD02-7508-4004-B2E9-AD33F087F43C}" refers to invalid object "C:\Program Files\Windows Media Components\encoder\WMEx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ACFAE296-5936-41ED-AB2B-CD5F3AABCE63}" refers to invalid object "C:\Program Files\Adobe\Premiere 6.0\plug-ins\dxmAvSource.prm". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B333CDB5-5772-11D3-9112-00C04F79C327}" refers to invalid object "C:\Program Files\Adobe\Premiere 6.0\plug-ins\dx-gensource.prm". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA}" refers to invalid object "C:\PROGRA~1\RRIM\aimauto.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BC1C0B16-1D61-4C0F-B539-47B1133FE487}" refers to invalid object "C:\Program Files\Adobe\Premiere 6.0\plug-ins\dvRecordControl.prm". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C0EF29CB-30A6-4F70-84A1-87B79A61AC3D}" refers to invalid object "C:\PROGRA~1\HPCENT~1\137903\Program\BACKWE~1.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C20CC0CA-590E-11D3-9112-00C04F79C327}" refers to invalid object "C:\Program Files\Adobe\Premiere 6.0\plug-ins\dx-genrender.prm". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CF3EBABF-3E64-4422-BE23-514BB066ADBE}" refers to invalid object "C:\Program Files\Windows Media Components\encoder\WMEx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D5C373FF-A1A8-49EB-B84F-9C4FB960A057}" refers to invalid object "c:\Program Files\Microsoft Money\System\mnyviewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D5DC4B7F-786B-42b7-B83B-FE1B5FC15E2C}" refers to invalid object "C:\Program Files\Windows Media Components\encoder\WMEx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DBBA191C-9A68-431F-B866-A5D3AA58A5A6}" refers to invalid object "c:\Program Files\Microsoft Money\System\mnyviewer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}" refers to invalid object "C:\Program Files\Windows Media Components\encoder\WMEx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" refers to invalid object "C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E789F4FF-E3E4-4985-8160-745A9226A726}" refers to invalid object "C:\PROGRA~1\WILDTA~1\DDC\DDCMAN~1\DDCMan.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EFFA8CA5-3839-11D5-A9DB-0010B5439657}" refers to invalid object "C:\PROGRA~1\HPCENT~1\137903\Program\BACKWE~1.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F29031E1-1308-11d5-B63C-00E0293197BC}" refers to invalid object "C:\Documents and Settings\Owner\Desktop\textout.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F29031E2-1308-11d5-B63C-00E0293197BC}" refers to invalid object "C:\Documents and Settings\Owner\Desktop\textout.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F869AC20-E930-11CE-AE10-444553540000}" refers to invalid object "C:\SmartDraw\SmartDraw.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FF8F1D65-AD2B-47F1-9E71-66B7D35E3852}" refers to invalid object "C:\Program Files\Windows Media Components\encoder\WMEx.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{012F24C1-35B0-11D0-BF2D-0000E8D0D146}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{390CE9E4-C4A0-11D4-8A92-0090271D4F88}" refers to invalid object "C:\Program Files\Yahoo!\Messenger\ycrwin32.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3AF78A60-6F14-11D1-A884-0000B43699FC}" refers to invalid object "C:\Program Files\BackWeb\BackWeb Client\6.1.0.153\Program\BWfiles.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{53FCF357-5323-11D0-A864-0000B43699FC}" refers to invalid object "C:\Program Files\BackWeb\BackWeb Client\6.1.0.153\Program\BackWeb.tlb". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{590DF1E4-C721-11D2-989A-00A0C93BF050}" refers to invalid object "C:\Program Files\BackWeb\BackWeb Client\6.1.0.153\Program\bwdlg.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5B196502-F1BA-4305-B438-2F819BF0E1A7}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\PPT8.0\MSForms.EXD". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6011C747-820B-4316-8F03-BD2FFDB13E75}" refers to invalid object "c:\Program Files\Microsoft Money\System\mnyviewer.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6173D3CA-B034-4450-A149-CC54499A92DF}" refers to invalid object "C:\Program Files\Arcsoft\Showbiz\showbiz.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6280871F-63D1-4ACB-9DCD-0FE90F1A6FD8}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\Word8.0\MSForms.EXD". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{632B6060-BBC6-11D2-A329-006097C4E476}" refers to invalid object "C:\Program Files\Windows Media Components\encoder\WMEx.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{731B9F1D-5496-45D5-BCBF-4071980A1E08}" refers to invalid object "C:\Program Files\America Online 7.0b\ebrowser.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{874C5A6E-AFD8-447B-B09C-D0B5B4A9F010}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\yinsthelper.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{8847C5C1-E2C5-11D3-B882-0010A404098C}" refers to invalid object "C:\Program Files\BackWeb\BackWeb Client\6.1.0.153\Program\BWCmndr.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{8E926E2D-BF6C-11D2-A33D-00A0C94B8D0E}" refers to invalid object "C:\Program Files\Yahoo!\Messenger\stock.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{917623C2-D8E5-11D2-BE8B-00104B06BDE3}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{9C8CCF00-F10F-11CE-9A35-00AA005370B0}" refers to invalid object "C:\Program Files\Anvil Studio\MidiCtl.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{BDD268BB-A9DA-41C2-A816-BD9DFD03CD0C}" refers to invalid object "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C1A95B70-E795-11D4-B96F-0010A4FBBFC9}" refers to invalid object "C:\Program Files\BackWeb\BackWeb Client\6.1.0.153\Program\BWCHelpr.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C9FD8996-E800-487C-8445-DF8B18B0B931}" refers to invalid object "C:\Documents and Settings\Owner\Desktop\flash.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CD999ADC-7B89-4D10-815A-82A39D6EA09E}" refers to invalid object "C:\Program Files\Sonic\MyDVD\MyDVD.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DAB0E85F-A0B4-4649-B50F-D90C8241B34F}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\PPT8.0\ShockwaveFlashObjects.EXD". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Program Files\Messenger\rtcimsp.dll". Action Taken: No Action
  • 0

#10
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Apparently there is a lot more lurking around.

1. Run Ewido in Safe mode and post the log

2. Reboot your system.

3. Download, install, update, configure, and run Ad-Aware SE Personal 1.06.
  • Download Ad-Aware SE Personal 1.06:
  • Install Ad-Aware SE Personal 1.06:
    • Double-click on aawsepersonal.exe to install the program.
    • Follow the default settings for installation.
    • After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
  • Update Ad-Aware SE Personal 1.06:
    • Double-click the Ad-Aware SE Personal icon on your desktop.
    • Click "Check for updates now" then click "Connect".
    • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
  • Configure Ad-Aware SE Personal 1.06:
    • Click on the Gear button at the top of the window.
    • Click "General" on the left hand side to display the General Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Automatically save logfile"
        • "Automatically quarantine objects prior to removal"
        • "Safe Mode (always request confirmation)"
        • "Prompt to update outdated definitions" - change to 7 days from the default 14.
    • Click "Scanning" on the left hand side to display the Scan Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Scan within archives"
      • "Select drives & folders to scan" - select your hard drive(s).
      • "Scan active processes"
      • "Scan registry"
      • "Deep-scan registry"
      • "Scan my IE favorites for banned URLs"
      • "Scan my Hosts file"
    • Click "Advanced" on the left hand side to display the Advanced Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Move deleted files to Recycle Bin"
      • "Include additional object information"
      • "Include negligible objects information"
      • "Include environment information"
    • Click "Defaults" on the left hand side to display the Default Settings box.
      • Make sure these items have your preferred settings in them.:
      • "Default homepage"
      • "Default searchpage"
    • Click "Tweak" on the left hand side to display the Tweak Settings box.
      • Click the + (plus) sign next to the Log Files section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Include basic Ad-Aware settings in log file"
        • "Include additional Ad-Aware settings in log file"
        • "Include reference summary in log file"
        • "Include alternate data stream details in log file"
      • Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Unload recognized processes & modules during scan"
        • "Scan registry for all users instead of current user only"
        • "Obtain command line of scanned processes"
      • Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Always try to unload modules before deletion"
        • "During removal, unload Explorer and IE if necessary"
        • "Let Windows remove files in use at next reboot"
        • "Delete quarantined objects after restoring"
    • Once you are done with these settings, click "Proceed" to save them.
    • This will take you back to the main screen.
  • Run Ad-Aware SE Personal 1.06:
    • Click the "Start" button.
    • Uncheck the "Search for negligible risk entries" entry.
    • Choose the "Use custom scanning options" scan mode.
    • Click the "Next" button.
    • Ad-Aware will begin to scan for malware residing on your computer.
    • Allow the scan to finish.
    • Right-click on any entry in the list and click "Select All" to select the whole list.
    • Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.
4. Reboot your system

5. Run SpySweeper again and reboot your system and post any log/report.


Trevuren
  • 0

Advertisements


#11
mcb

mcb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here are the results fo the Ewido and Spy Sweeper....



Spy Sweeper will provide you with detailed information about the operations being performed in this area.
Spy News is provided to help you get the most out of Spy Sweeper by providing you with real-time information such as usability tips and news regarding the latest threats.
Processing Startup Alerts
Removed Startup entry: Webshots.lnk

To ensure proper removal of spyware, adware and other unwanted items, be sure to close any programs that are open.
Your Sweep Options indicate the following will be swept:
Drives: C:
Also sweeping: Memory, Cookies, Registry, Do Not Sweep System Restore Folder
Spy Cookie found: nextag cookie
Spy Cookie found: about cookie
Full Sweep has completed. Elapsed time 00:13:58
Traces Found: 2

I REMOVED THE TWO ITEMS IT FOUND.



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:39:49 PM, 10/12/2005
+ Report-Checksum: 9F2204F

+ Scan result:

C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup


::Report End
  • 0

#12
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Apparently mostly traces and orphaned registry entries


Please post a final log for review. Please advise me if you are still experiencing problems. If all is well, we will proceed with final cleanup provedures.

Regards,

Trevuren

Edited by Trevuren, 13 October 2005 - 07:21 PM.

  • 0

#13
mcb

mcb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I'm sorry I don't know what kind of log you mean.
Is it Spy Sweeper or Adaware or Hijack this, or something else?

Just let me know and I'll run it and post it.
  • 0

#14
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
I meant an HJT log. I should have been more precise.

Regards,

Trevuren

Edited by Trevuren, 14 October 2005 - 11:26 AM.

  • 0

#15
mcb

mcb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks.
I will run it tomorrow morning and send it as soon as it's complete.
I really appreciate all your help.

Michael
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP