Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WinFix Help, Please! [RESOLVED]


  • This topic is locked This topic is locked

#1
Manners

Manners

    Member

  • Member
  • PipPipPip
  • 181 posts
:tazz: Thank you in advance for your help. I have run every virus, adware, trojan destroyer I can download from your page and they find Vundo and clean it and it comes right back. In this case, I thought that "overkill"might be a good thing, but I have spent the last 2 days running scans and the minute I open IE, there is WinFix again usually followed by crash of IE. It is very hard to even get online anymore. Now other things are starting to pop up too. OMG it is morphing!!

I hope I am doing this correctly. Here is my log from Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 8:47:12 AM, on 10/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\EzButton\CplBCL50.EXE
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package

Menu\SonyTray.exe
C:\Program Files\MSN Toolbar

Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Toolbar

Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jay\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670}

- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSN Search Toolbar Helper -

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar

Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} -

C:\WINDOWS\system32\ddayx.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

- C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88}

- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN Search Toolbar -

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar

Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CplBCL50] C:\Program Files\EzButton\CplBCL50.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program

Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft

IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program

Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program

Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search

& Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program

Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony

Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN

Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program

Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN

Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab -

res://C:\Program Files\MSN Toolbar

Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?5bd5e4c7ff2045e78eac2

e457621d744
O8 - Extra context menu item: Open in new foreground tab -

res://C:\Program Files\MSN Toolbar

Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?5bd5e4c7ff2045e78eac2

e457621d744
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Guide - {A6E07A80-436A-11d3-83B6-00902747E82E} -

C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PeoplePC - {A6E07A82-436A-11d3-83B6-00902747E82E} -

C:\WINDOWS\PeoplePC\hta\peopledialer.hta (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Wallet - {F05B7DAE-337E-11D3-83B6-00E0980647AC} -

C:\WINDOWS\PeoplePC\BIN\PAYMEN~1.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zon...kr.cab31267.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook

Import ActiveX Control) -

http://www.snapfish....tlookImport.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient

Class) -

http://messenger.zon...ent.cab31267.ca

b
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)

-

http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://update.micros...s/en/x86/client

/muweb_site.cab?1130396072296
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...trendmicro.com/

housecall/xscan53.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class)

- http://c.ancestry.co...er/MFImgVwr.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload

Class) -

http://das.microsoft...tail/DASAct.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) -

http://images.myfami...oads/MrSIDI.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zon...nt.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield

International Setup Player) -

http://www.lizardtec.../webinstall/ise

tup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -

http://a19.g.akamai....3302/cpbrkpie.c

ab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -

http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://messenger.zon...ro.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune

Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)

-

http://download.game...ejeweled2/popca

ploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -

http://messenger.zon...ss.cab31267.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj

Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown

Class) -

http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkkli - C:\WINDOWS\system32\jkkli.dll (file

missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation

- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks -

C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program

Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation -

C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel

Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec

Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - -

C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi Manners and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. Your Notepad settings are currently causing you to post logs/reports in double space format which makes it very difficult for us to easily analyze your posts.

I need you to post your log in single space format instead of double space as it currently is.

To remove the double spacing in your log, please do the following:
  • Please go to Start >> Run... and type notepad.exe
  • Hit OK.
  • Now go to Format and uncheck WordWrap.
  • Close Notepad.

2. Please DELETE your current HJT program from its present location.

3. Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
  • Run HijackThis
  • Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
  • POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren

  • 0

#3
Manners

Manners

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 181 posts
Thanks Trevuren. Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 10:42:05 AM, on 10/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\ddayx.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CplBCL50] C:\Program Files\EzButton\CplBCL50.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?5bd5e4c7ff2045e78eac2e457621d744
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?5bd5e4c7ff2045e78eac2e457621d744
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Guide - {A6E07A80-436A-11d3-83B6-00902747E82E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PeoplePC - {A6E07A82-436A-11d3-83B6-00902747E82E} - C:\WINDOWS\PeoplePC\hta\peopledialer.hta (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Wallet - {F05B7DAE-337E-11D3-83B6-00E0980647AC} - C:\WINDOWS\PeoplePC\BIN\PAYMEN~1.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish....tlookImport.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130396072296
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://c.ancestry.co...er/MFImgVwr.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://images.myfami...oads/MrSIDI.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtec...tall/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkkli - C:\WINDOWS\system32\jkkli.dll (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
I need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes.
  • Open Microsoft AntiSpyware.
  • Click on Options, Settings.
  • In the left pane, click on Real-time Protection.
  • Under Startup Options uncheck: Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
  • Under Real-time spyware threat protection uncheck: Enable real-time spyware threat protection (recommended).
  • After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
  • Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware

Make double sure to disable Spybot's Tea Timer for now, as it can interfere with the fixing of problems.

Open Spybot and and make sure you are in Advanced mode (check it in the 'Mode' menu). Go to the Tools section and click resident and then uncheck the box for Tea Timer.

Then, REBOOT
=========================================================
Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):


    • C:\WINDOWS\system32\ddayx.dll

  • Press Enter to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum
    staff then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):


    C:\WINDOWS\system32\xyadd.*


    This will be the vundo filename spelt backwards. for example if the vundo dll was vundo.dll you would have the user enter odnuv.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:

    R3 - Default URLSearchHook is missing
    O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\ddayx.dll
    O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll
    O20 - Winlogon Notify: jkkli - C:\WINDOWS\system32\jkkli.dll (file missing)

  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

Regards,

Trevuren

  • 0

#5
Manners

Manners

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 181 posts
Here is Active Scan and Hijack this after the fix. Thanks again for your help!


Incident Status Location
Adware:adware/coupons No disinfected Windows Registry

Logfile of HijackThis v1.99.1
Scan saved at 2:47:06 PM, on 10/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\ddayx.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CplBCL50] C:\Program Files\EzButton\CplBCL50.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?5bd5e4c7ff2045e78eac2e457621d744
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?5bd5e4c7ff2045e78eac2e457621d744
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Guide - {A6E07A80-436A-11d3-83B6-00902747E82E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PeoplePC - {A6E07A82-436A-11d3-83B6-00902747E82E} - C:\WINDOWS\PeoplePC\hta\peopledialer.hta (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Wallet - {F05B7DAE-337E-11D3-83B6-00E0980647AC} - C:\WINDOWS\PeoplePC\BIN\PAYMEN~1.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish....tlookImport.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130396072296
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://c.ancestry.co...er/MFImgVwr.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://images.myfami...oads/MrSIDI.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtec...tall/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkkli - C:\WINDOWS\system32\jkkli.dll (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#6
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
There is a file in your log of which I am unsure and of which there exists very little informatiion. For that reason, I need you to submit it to Jotti's for analysis.

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

C:\WINDOWS\System32\shdocvw.dll


NOTE:You will probably find 2 files in that folder that are spelled the same way. I would like the one starting with a lower case "s" submitted, not the other.

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

Regards,

Trevuren

  • 0

#7
Manners

Manners

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 181 posts
I did not find a folder. Only the one file.

Service load: 0% 100%

File: shdocvw.dll
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 a9120115895389d60bdf421281c3cb9a
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
  • 0

#8
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
I need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes.
  • Open Microsoft AntiSpyware.
  • Click on Options, Settings.
  • In the left pane, click on Real-time Protection.
  • Under Startup Options uncheck: Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
  • Under Real-time spyware threat protection uncheck: Enable real-time spyware threat protection (recommended).
  • After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
  • Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    R3 - Default URLSearchHook is missing
    O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\ddayx.dll (file missing)
    O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
    O20 - Winlogon Notify: jkkli - C:\WINDOWS\system32\jkkli.dll (file missing)


  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System


  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now. In addition, please tell me if there are any more malware problems that you are aware of.
Regards,

Trevuren

  • 0

#9
Manners

Manners

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 181 posts
This is the latest HijackThis log. Windows was very slow to start after reboot. Yesterday, I would have different numbers of virus findings on all the different "killer" sites listed on the "Start Here" page. I kept zapping and cleaning and think I got them all. the first virus to show itself before Virtumonde was Istbar. I think I got that yesterday with either Edwido, Spybot or Trojan Hunter.


Logfile of HijackThis v1.99.1
Scan saved at 5:23:20 PM, on 10/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\1XConfig.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CplBCL50] C:\Program Files\EzButton\CplBCL50.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?5bd5e4c7ff2045e78eac2e457621d744
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?5bd5e4c7ff2045e78eac2e457621d744
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Guide - {A6E07A80-436A-11d3-83B6-00902747E82E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PeoplePC - {A6E07A82-436A-11d3-83B6-00902747E82E} - C:\WINDOWS\PeoplePC\hta\peopledialer.hta (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Wallet - {F05B7DAE-337E-11D3-83B6-00E0980647AC} - C:\WINDOWS\PeoplePC\BIN\PAYMEN~1.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish....tlookImport.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130396072296
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://c.ancestry.co...er/MFImgVwr.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://images.myfami...oads/MrSIDI.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtec...tall/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#10
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Because of the quantity of infections present to start with, I think we should do a thorough check of all your system.
I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe. This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results.

Put a check next to the below items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Folder - then click "browse" to change the directory to C: (default is C:\Windows)
  • Registry
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files
Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items", please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.

Regards,

Trevuren

  • 0

Advertisements


#11
Manners

Manners

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 181 posts
This "infected items" list seems pretty big to me! I am so sorry! I added the stats at the beginning. I am really hoping this is not as bad as it looks. Again, I can't thank you enough for your help and for being so thorough.
Manners

Sat Oct 29 01:39:46 2005 => Total Objects Scanned: 111797
Sat Oct 29 01:39:46 2005 => Total Virus(es) Found: 92
Sat Oct 29 01:39:46 2005 => Total Disinfected Files: 0
Sat Oct 29 01:39:46 2005 => Total Files Renamed: 0
Sat Oct 29 01:39:46 2005 => Total Deleted Objects: 0
Sat Oct 29 01:39:46 2005 => Total Errors: 268
Sat Oct 29 01:39:46 2005 => Time Elapsed: 06:26:17
Sat Oct 29 01:39:46 2005 => Virus Database Date: 2005/10/21
Sat Oct 29 01:39:46 2005 => Virus Database Count: 155382

Object "searchexe Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "azesearch Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "clipgenie Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor.topicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\cpbrkpie.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\PeoplePC\BIN\ODWabUtil.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-cht.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-kor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-esp.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-chs.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-tha.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Ahead\NeroDigital\settings.xml". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnap-Deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnap-Jpn.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnapViewer-Deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnapViewer-Jpn.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero ShowTime\ShowTime-Deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero ShowTime\ShowTime-Jpn.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero ShowTime\Skins\standard.bmp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Jpn.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\cpbrkpie.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\AOL\Flasha.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\OnlinePrintApp.exe" refers to invalid object "C:\Program Files\Sony Corporation\Picture Package\OnlinePrint\OnlinePrintApp.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Program Files\Cypress Semiconductor\Cypress USB Mass Storage Driver Installation\setup.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\Program Files\HP\Non Driver CIO Components\yourapp.Exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bag". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bak". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IND". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jsp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LST". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".OFX". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".php". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".prj". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pvm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sav". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sbrt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".THM". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Connectivity Services". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Spyware Protection". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "CallWave". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Media Gateway". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MRW!UninstallKey". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MSN Toolbar". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Port Magic". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SM1FX_AT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WSEM Update". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{34957B51-9676-41CE-9E52-44AE91B73F1C}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{381641C6-9E32-4721-A09F-7534964564D7}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7BF7B688-4A95-4003-BA98-EA8A79DA0ABA}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9CFEF9F9-8E2E-4ABA-A72C-29EA594724A6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A27F2A64-3D23-4449-B395-75335CED458E}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600205}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FB015BB0-5518-4767-9DE4-F9A5C7C62E46}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00014C0D-B007-4448-B89B-4EC3E857961D}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00e0313F-8627-45db-863d-fd41083c3d32}" refers to invalid object ""C:\Program Files\America Online 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{087B02E0-E16B-4757-B939-8249FC409632}" refers to invalid object "C:\Program Files\ISP50\bin\PPCOFSO.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{09E6F477-C3C3-4636-8BFD-2DDB36147FEC}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0FE9096F-7F7A-4e40-857C-E48A53440DFE}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{10AF3945-2E81-4C59-AF6E-B8B428E34074}" refers to invalid object "C:\Program Files\Common Files\AOL\1128458269\EE\AOLSvcMgr.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1167C47F-01F9-4C08-8564-1D6C9BAAFB60}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Pathfinder.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{14DB4DBD-FB4A-458e-8699-F9EB4BDAFEBC}" refers to invalid object ""C:\Program Files\America Online 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{18477169-4752-41DC-AB0F-C50EBA75641D}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPWz.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}" refers to invalid object "C:\Program Files\America Online 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{189504B8-50D1-4AA8-B4D6-95C8F58A6414}" refers to invalid object "C:\Program Files\America Online 9.0\sb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{19038319-D799-4819-94C0-1A115A590BF8}" refers to invalid object ""C:\Program Files\America Online 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1A6EF75B-87D4-4461-8945-C8C6821F2F62}" refers to invalid object "C:\Program Files\ISP50\bin\PPCOFSO.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B28020D-9DE7-11D4-A2D4-001083025146}" refers to invalid object "C:\Program Files\America Online 9.0\axclntbrg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1CB749C0-81EC-484E-B82C-ADD141FC6415}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Xanthe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1FCD27B5-EE65-42DF-9607-9AA56507E3F6}" refers to invalid object "C:\Program Files\Common Files\AolCoach\en_en\rgver_en.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{205D2DFB-BBAD-4DC4-A0BB-CDA12A1639CE}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{225789FB-CCA8-11D2-A719-0060B0B41584}" refers to invalid object ""C:\Program Files\America Online 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d5-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78df-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e0-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e1-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e2-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{274154FA-D7EF-43B6-9FC1-95979668805C}" refers to invalid object "C:\Program Files\Common Files\AOL\1128458269\EE\AOLSvcMgr.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2BAE89B0-68EF-4fab-AFF7-1E486D93F9EB}" refers to invalid object "C:\Program Files\America Online 9.0\ae.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{41A118BC-DAA5-480A-B3BB-D56C7D199930}" refers to invalid object "C:\Program Files\ISP50\bin\LogOff.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E97BE17-3300-4A4F-B380-5988DD771F1F}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Ares.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5145942E-41DF-4658-B7C4-089F48E84A75}" refers to invalid object "C:\Program Files\America Online 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5788DAE8-4B72-4BE6-89A0-1E6123E4CBC2}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Cerberus.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{57C368A7-F2E9-48C6-B0E2-C201751383C1}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5D9D235A-C235-4F29-8B58-96FE1482DD8C}" refers to invalid object "C:\Program Files\ISP50\bin\ISPUTIL8.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{602DB47D-DFE2-4553-8C54-0522A9DC74AC}" refers to invalid object ""C:\Program Files\America Online 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{63435828-E10D-42d5-8859-C94796B7C22D}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{639A19DD-1D97-4A6E-A0D1-01E04FED563F}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6AD3B5BD-9A96-4ca2-9455-2034D05EB134}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6E449686-C509-11CF-AAFA-00AA00B6015C}" refers to invalid object "%SystemDrive%\DOCUME~1\Jay\LOCALS~1\Temp\IXP000.TMP\inseng.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{752B9690-7A0B-4c67-8A09-AE3885CFCDF4}" refers to invalid object ""C:\Program Files\America Online 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{75D44B92-DCAF-43f3-A7D1-91041F34E719}" refers to invalid object "C:\Program Files\Common Files\AOL\Flasha.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}" refers to invalid object "C:\Program Files\America Online 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{79498D83-FEFE-4e36-8B7E-E9CF79F010B0}" refers to invalid object ""C:\Program Files\America Online 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7BD901A3-39BA-419b-AF57-EAA3145420DF}" refers to invalid object ""C:\Program Files\America Online 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7C9688C3-7279-474D-ABA5-A632373D2CDB}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{80373D03-D993-11D3-A2CE-00108335731F}" refers to invalid object "C:\Program Files\America Online 9.0\MIMEHook.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{84CBABC2-D3BE-4EEF-8394-121FAC215CEF}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicInfo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8BBDA254-CE76-11D3-A2CE-00108335731F}" refers to invalid object "C:\Program Files\America Online 9.0\MIMEHook.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8FC6A820-6BFC-11d6-A10D-0010A49A288A}" refers to invalid object ""C:\Program Files\America Online 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{943742F6-3A40-43FF-97F4-A1750D97B200}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicInfo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9482BC28-EAA5-4b6e-82E9-C6832320936E}" refers to invalid object ""C:\Program Files\America Online 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}" refers to invalid object "C:\WINDOWS\cpbrkpie.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{98BFD494-F6AD-4794-9038-832C0654CC43}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPUPF.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9F62797E-1249-4596-9FF7-AC6D851A542A}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9F63FEE2-136E-4F16-8734-A425BAD0E747}" refers to invalid object "C:\Program Files\ISP50\bin\PPCOFSO.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A105BD70-BF56-4D10-BC91-41C88321F47C}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\SCREEN~1\YGPSCR~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}" refers to invalid object "C:\WINDOWS\cpbrkpie.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A8ABE123-FAC4-41c1-ABA3-051B6F112B83}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A98ABF1C-107C-44E7-9254-2C3FF435D0C2}" refers to invalid object "C:\Program Files\America Online 9.0\sb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AC44023F-D183-4397-9D02-27D34F120CB2}" refers to invalid object ""C:\Program Files\America Online 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AD41621C-A2DD-487D-A24B-8BE40116A5A3}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicInfo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AED456C4-4866-4420-863F-35767EBED514}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B3E7BCF9-05C8-4233-BA88-37FDA4AD3147}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B4F80028-5714-4B7B-B9B1-5748B204799A}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}" refers to invalid object "C:\Program Files\America Online 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB4AEB43-D0AB-11D2-A719-0060B0B41584}" refers to invalid object ""C:\Program Files\America Online 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BBDA76FB-B05C-4A30-8E75-A96499A840D1}" refers to invalid object ""C:\Program Files\America Online 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c4-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c5-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c6-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c7-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c8-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BE265956-6F5F-4790-9CAB-EDFAC64362EF}" refers to invalid object "C:\Program Files\AIM\rtvideo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BFC880F1-7484-11d0-8309-00AA00B6015C}" refers to invalid object "%SystemDrive%\DOCUME~1\Jay\LOCALS~1\Temp\IXP000.TMP\inseng.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}" refers to invalid object "C:\Program Files\Common Files\AOL\Flasha.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}" refers to invalid object "C:\Program Files\Common Files\AOL\Flasha.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1B8CE59-7FE5-4316-8803-712EC96EA636}" refers to invalid object "C:\PROGRA~1\Napster\NMSUBS~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C28BC286-884C-4a63-8A9C-6F7F5711034F}" refers to invalid object "C:\Program Files\America Online 9.0\Media\NmpX\nmpx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C689CA08-726F-4676-8876-99F163685B32}" refers to invalid object ""C:\Program Files\America Online 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C8A7FDAD-94D1-4da6-8D95-75888FB12DD4}" refers to invalid object ""C:\Program Files\America Online 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CA4B8235-AA17-423D-B363-24EF4EC274B7}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\112845~1\EE\AOLHOS~1.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CFF4464C-2907-11D5-8E3F-00B0D0237492}" refers to invalid object ""D:\SETUP.EXE"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D465B936-C361-4417-9AC5-35167066F84B}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D670D0B3-05AB-4115-9F87-D983EF1AC747}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicDownload.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D9F99C6B-A3A6-11D4-AF64-444553546170}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DA3C177A-D1DA-47f2-BBF0-E9710CA7253F}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DC0C2640-1415-4644-875C-6F4D769839BA}" refers to invalid object ""C:\Program Files\iTunes\iTunes.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicEdit.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E3393F8F-B0C2-4103-A9E6-E0EB74645770}" refers to invalid object ""C:\Program Files\America Online 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E3852604-B619-11d6-94EC-00047521F020}" refers to invalid object "C:\Program Files\America Online 9.0\Media\NmpXChat\nmpxchat.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E6D91E42-4026-11D3-83B6-EBAE461DEC56}" refers to invalid object "C:\WINDOWS\PeoplePC\bin\PPCDIA~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E8ABFC8E-2F9E-11D3-83B6-BEF3F90A0763}" refers to invalid object "C:\WINDOWS\PeoplePC\bin\PPCDIA~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E981D791-F499-4837-A483-5AB22F1C548F}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EB511AE4-87FE-4EFB-91A3-428B2F2601F7}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ED7C8A64-50A4-48C6-B80D-4CFB6E451714}" refers to invalid object "C:\Program Files\ISP50\bin\OEUI.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE7CB360-F635-449D-BBB1-0D844F2A269D}" refers to invalid object "C:\Program Files\Common Files\AOL\AOL Toolbar\AOLHelper.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F0384565-94D7-4086-B0CC-7BB8681D9D47}" refers to invalid object "C:\Program Files\ISP50\bin\OEUI.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F05B7DAE-337E-11D3-83B6-00E0980647AC}" refers to invalid object "C:\WINDOWS\PeoplePC\BIN\PAYMEN~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4F30C01-A7B4-492e-943E-58A7CF2D9DD6}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{00A987AE-587B-4343-B826-89F17AB41A03}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{06645894-E73C-413B-8704-71823A9C39B5}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Cerberus.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{0B54F548-639F-462F-BCDE-9557B8AB378F}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicEdit.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{16D8D842-6E64-489F-99BB-D6CEF503A74E}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Xanthe.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1B280200-9DE7-11D4-A2D4-001083025146}" refers to invalid object "C:\Program Files\America Online 9.0\axclntbrg.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1B8B281E-F67E-4212-8D3B-C98B8AE18DA4}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicDownload.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{21C00D6D-3FC1-4F53-BBA4-254FE05D3083}" refers to invalid object "C:\Program Files\Common Files\AolCoach\en_en\rgver_en.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{229B78B8-38F5-11D5-9001-00C04F4C3B9F}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{296802FE-345A-4CA4-B941-692B8622CC69}" refers to invalid object "C:\Program Files\America Online 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{39DC8E5F-A573-4D58-8A13-6877A3B672EA}" refers to invalid object "C:\Program Files\America Online 9.0\sb.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0}" refers to invalid object "C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3F8E02B4-6601-41A2-95E7-6BD102935C55}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{43C952F1-9CC0-404A-92CD-15B3B8D460CA}" refers to invalid object "C:\DOCUME~1\Jay\LOCALS~1\Temp\Word8.0\MARQUEELib.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{57B2FD05-64D4-4AD7-A92A-7C32FE50A0F4}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPUPF.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5FE16E42-47D1-471A-BEFF-9C650F9F43BB}" refers to invalid object "C:\Program Files\Common Files\AOL\AOL Toolbar\AOLHelper.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{648924D4-AD5D-471D-A079-9A370E3B8072}" refers to invalid object "C:\DOCUME~1\Jay\LOCALS~1\Temp\PPT11.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{64E26A20-8A9E-4B33-9F8D-F3663F13811E}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPWz.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7730E782-A89A-11D3-9982-0060B088BBCA}" refers to invalid object "C:\Program Files\America Online 9.0\Media\NmpX\nmpx.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{79C10055-C1B5-4754-AC44-003784AA3A44}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicInfo.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7BDFC74B-295D-4CE4-A2B1-27B9EADC1F40}" refers to invalid object "C:\Program Files\ISP50\bin\ISPUtil8.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{83CD6E28-FEC2-4834-B4E9-BD4CCB984572}" refers to invalid object "C:\Program Files\ISP50\bin\PPCOLink.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}" refers to invalid object "C:\WINDOWS\cpbrkpie.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{8AA16AC4-CD19-4417-BDB8-7170902C665D}" refers to invalid object "C:\DOCUME~1\Jay\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{8BBDA247-CE76-11D3-A2CE-00108335731F}" refers to invalid object "C:\Program Files\America Online 9.0\MIMEHook.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{8D66A700-5DF0-4706-9ACA-FEB467A7A853}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Ares.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{90EE477E-AECC-48ED-A2C9-FB796FBCF9B8}" refers to invalid object "C:\Program Files\ISP50\bin\OEUI.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{96039CF0-551B-48DC-9DC4-1D5D1E4AF98E}" refers to invalid object "C:\Program Files\AIM\rtvideo.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{9E93C96F-CF0D-43F6-8BA8-B807A3370712}" refers to invalid object "C:\Program Files\iTunes\iTunes.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A0739880-6BF8-11D6-A10D-0010A49A288A}" refers to invalid object "C:\Program Files\America Online 9.0\waol.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A0A2373D-D3C2-4DE8-86CD-FF6B0900FAB9}" refers to invalid object "C:\Program Files\ISP50\bin\LogOff.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C114555B-A454-11D4-9020-00D0B7239081}" refers to invalid object "C:\Program Files\Common Files\AOL\Flasha.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CC491105-58FA-437F-A1CE-CC947B6AFE4F}" refers to invalid object "C:\Program Files\America Online 9.0\ae.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CDF27469-AD11-4650-9F9B-24EC071ED74D}" refers to invalid object "C:\DOCUME~1\Jay\LOCALS~1\Temp\Word8.0\InlineMultimedia.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CFF4463F-2907-11D5-8E3F-00B0D0237492}" refers to invalid object "D:\SETUP.EXE". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D93EA0E8-9F97-4ADC-B82C-E1BE6BA7450F}" refers to invalid object "C:\Program Files\ISP50\bin\PPCOFSO.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Program Files\Messenger\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCCAF17F-7581-4C86-9867-56D9405FAC3F}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Pathfinder.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DD3FCE4D-8442-4EFA-A71E-1C131F502F4A}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\SCREEN~1\YGPSCR~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E3852602-B619-11D6-94EC-00047521F020}" refers to invalid object "C:\Program Files\America Online 9.0\Media\NmpXChat\nmpxchat.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E8ABFC81-2F9E-11D3-83B6-BEF3F90A0763}" refers to invalid object "C:\WINDOWS\PeoplePC\bin\PPCDialer.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{EF7412FC-B84C-4A8A-B37A-A8FE9DD3F381}" refers to invalid object "C:\DOCUME~1\Jay\LOCALS~1\Temp\Word8.0\ShockwaveFlashObjects.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{F05B7DA1-337E-11D3-83B6-00E0980647AC}" refers to invalid object "C:\WINDOWS\PeoplePC\BIN\PAYMENTBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{F2C4D5B0-F939-483A-AA62-EF6DC8F04028}" refers to invalid object "C:\Program Files\Napster\NMSubscriptionStub.dll". Action Taken: No Action Taken.
Entry "HKCR\.ftoi" refers to invalid object "ftoifile". Action Taken: No Action Taken.
Entry "HKCR\.ftos" refers to invalid object "ftosfile". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\ComDialer.DialerApp.1" refers to invalid object "{667CD401-36AD-4334-B1F6-0D063B4C26B3}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\Dms.DialManager.1" refers to invalid object "{4A05736D-9A14-43CC-867C-07D2BC9B4EBF}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
Entry "HKCR\RSSearch.CustomWordbreaker" refers to invalid object "{A373F27E-7B87-11D3-B1C1-00C04F68155C}". Action Taken: No Action Taken.
Entry "HKCR\RSSearch.CustomWordbreaker.1" refers to invalid object "{A373F27E-7B87-11D3-B1C1-00C04F68155C}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\007D27CC infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0857320E tagged as "not-a-virus:AdWare.Win32.Pacer.j". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0C403A9C.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.p". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D713A14 infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F5B68F5.dll tagged as "not-a-virus:AdWare.Win32.Sahat.w". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11C07AE2 infected by "Trojan-Downloader.Win32.Dyfuca.dp" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11C324DE infected by "Trojan-Downloader.Win32.Dyfuca.ei" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11C64EDB infected by "Trojan-Downloader.Win32.Dyfuca.dt" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\17DE565E infected by "Trojan-Downloader.JS.Inor.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2A6C5849 tagged as "not-a-virus:AdWare.Win32.WinAD.bf". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2F634F91 infected by "Trojan-Spy.Win32.Agent.hn" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\35FC1448 tagged as "not-a-virus:AdWare.Win32.WebSearch.as". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\402376F6 infected by "Trojan-Downloader.BAT.Ftp.c" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\423B13A2 infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4BF73200 infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\54D227F2.dll tagged as "not-a-virus:AdWare.Win32.Sahat.w". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5F40055A infected by "Trojan-Downloader.Win32.Dyfuca.de" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5FB57486 tagged as "not-a-virus:AdWare.Win32.WebRebates.g". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5FB81E83 infected by "Trojan-Downloader.Win32.Dyfuca.de" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5FBC487F tagged as "not-a-virus:AdWare.Win32.WinAD.bg". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5FBF727C infected by "Trojan-Downloader.Win32.Dyfuca.ei" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5FC21C78 tagged as "not-a-virus:AdWare.Win32.WebRebates.n". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5FC54674 infected by "Trojan-Dropper.Win32.Agent.rs" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\61593BBD infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\615C65B9 infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\629C1233.dll tagged as "not-a-virus:AdWare.Win32.Sahat.w". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\62D149AF.dll tagged as "not-a-virus:AdWare.Win32.Sahat.w". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\70343649 infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\70961311 infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\70E86274.dll tagged as "not-a-virus:AdWare.Win32.Sahat.w". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\724C5E95 infected by "Trojan-Downloader.Win32.Dyfuca.de" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\73A90762 infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74D01229.dll tagged as "not-a-virus:AdWare.Win32.Sahat.w". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7AB457AD.dll tagged as "not-a-virus:AdWare.Win32.Sahat.w". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7BC47247 tagged as "not-a-virus:AdWare.Win32.WebRebates.n". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7EB2778A infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7FD4104A infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7FDC0496.dll tagged as "not-a-virus:AdWare.Win32.Sahat.w". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8F6F3EA4-9D8D-4044-A4EE-D45DC8197F74}\RP71\A0006287.dll infected by "Trojan-Spy.Win32.Agent.hn" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8F6F3EA4-9D8D-4044-A4EE-D45DC8197F74}\RP78\A0007991.ocx tagged as "not-a-virus:AdWare.Win32.Coupons.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8F6F3EA4-9D8D-4044-A4EE-D45DC8197F74}\RP78\A0008058.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.q". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\007D27CC infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0857320E tagged as "not-a-virus:AdWare.Win32.Pacer.j". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0C403A9C.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.p". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D713A14 infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F5B68F5.dll tagged as "not-a-virus:AdWare.Win32.Sahat.w". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11C07AE2 infected by "Trojan-Downloader.Win32.Dyfuca.dp" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11C324DE infected by "Trojan-Downloader.Win32.Dyfuca.ei" Virus! Action Taken: No Action Taken.
File C:\Prog
  • 0

#12
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
A. . Please download the 30-day free trial of Kaspersky anti virus

. Install the program
. Run the definition update module.
. Scan your whole system and let the program remove anything it wants.
. When finished, REBOOT your system


B. Then empty Norton AV Quarantine:

If you are using Nav2005, this is how to proceed. If using an earlier version, the methos can be found at the Symamtec site.

1. Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program and click Norton AntiVirus.
2. In the left pane, click Reports.
3. Click View Quarantined Items.
4. In the right pane, select the files that you want to remove.
To select multiple items, press and hold down the Ctrl key while clicking the items that you want to select for deletion. To select everything in Quarantine, click the first item in the list, and then press Shift+End.
5. Click Delete Item.
6. When prompted "Warning! Are you sure that you want to remove this item from Quarantine," click Yes.
7. Close the Quarantine window, and then exit Norton AntiVirus.


Regards,

Trevuren

Edited by Trevuren, 29 October 2005 - 06:45 AM.

  • 0

#13
Manners

Manners

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 181 posts
I have downloaded Kaspersky. During installation it told me that it had detected Norton and that, to avoid complications & conflicts, I should completely uninstall Norton 2005. Advice?? I have not continued the installation and will wait for your reply.

Also, I have no quarantined items in Norton. I usually delete those immediately. I do have 42 backup items shown that I didn't know I had. Delete?

Don't mean to sound so stupid but I am trying to do everything in the order you tell me.
Thanks,
Manners

Edited by Manners, 29 October 2005 - 04:47 PM.

  • 0

#14
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Don't Uninstall Norton

Just disable its constant monitoring features.

That should work

Regards,

Trevuren

  • 0

#15
Manners

Manners

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 181 posts
All the above done. I deleted the backup of the Kaspersky deletes and deleted those in Norton. I have been unable to get online for hours now. I would get to the homepage (even tried making this thread my homepage) and if I tried to GO anywhere, IE would just disappear. As a last resort, I uninstalled Kaspersky. Here I am! Hope this lasts! Once, when I tried to get online, Kaspersky instantly found something trying to attack and repelled. Then I disabled all virus and spyware protection to try to get online. Hope I haven't caught anything else! They are back on now. I'm starting to feel panicky. Where do I go from here???? Should I run a HijackThis?

Here is the Kaspersky report. Sorry about the length. Didn't know what parts to take out. I ran another scan before I completely uninstalled, and it was clear.

Statistics:
"Start time: 10/29/2005 5:27:04 PM"
"Completion time: 10/29/2005 6:25:03 PM"
"Objects scanned: 202837"
"Dangerous objects detected: 22"
"Viruses disinfected: 0"
"Objects deleted: 22"
"Objects quarantined: 0"

Settings:
Objects to scan:
My Computer
If a dangerous object is detected:
Prompt user for action once the scan is completed
Scan level:
Recommended
Exclusions from the scan scope:
Option not used

Report:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternetAurora.zip\cfin;password protected has not been processed;10/29/2005 5:30:58 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternetAurora.zip\sbRecovery.ini;password protected has not been processed;10/29/2005 5:30:58 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternetAurora1.zip\cfout.txt;password protected has not been processed;10/29/2005 5:30:58 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternetAurora1.zip\sbRecovery.ini;password protected has not been processed;10/29/2005 5:30:58 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA.zip\sbRecovery.reg;password protected has not been processed;10/29/2005 5:30:59 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA.zip\sbRecovery.ini;password protected has not been processed;10/29/2005 5:30:59 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA1.zip\sbRecovery.reg;password protected has not been processed;10/29/2005 5:30:59 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA1.zip\sbRecovery.ini;password protected has not been processed;10/29/2005 5:30:59 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify.zip\sbRecovery.reg;password protected has not been processed;10/29/2005 5:30:59 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify.zip\sbRecovery.ini;password protected has not been processed;10/29/2005 5:30:59 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.reg;password protected has not been processed;10/29/2005 5:30:59 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.ini;password protected has not been processed;10/29/2005 5:30:59 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\arrow1.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\arrow2.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bck1.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bck2.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bt11.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bt12.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bt13.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bt21.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bt22.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bt23.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bt31.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bt32.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bt33.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bt41.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bt42.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bt43.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bt51.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bt52.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bt53.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bt61.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\bt62.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\checkbox1.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\checkbox2.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\checkbox3.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\checkbox4.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\default.skn;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\defbtn1.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\defbtn2.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\defbtn3.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\glyph1.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\glyph2.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\glyph3.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\glyph4.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\glyph5.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\glyph6.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\glyph7.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\main.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\preview.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\sprite1.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\tab1.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Documents and Settings\Jay\My Documents\My Received Files\aawsepersonal.exe/WISE0022.BIN\tab2.bmp;password protected has not been processed;10/29/2005 5:39:54 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp;password protected has not been processed;10/29/2005 5:54:37 PM
C:\Program Files\Norton AntiVirus\Quarantine\007D27CC;is a Trojan Trojan-Downloader.JS.IstBar.j;10/29/2005 5:57:19 PM
C:\Program Files\Norton AntiVirus\Quarantine\007D27CC;object could not be disinfected disinfection postponed;10/29/2005 5:57:19 PM
C:\Program Files\Norton AntiVirus\Quarantine\0D713A14;is a potentially dangerous program Exploit.HTML.Mht;10/29/2005 5:57:20 PM
C:\Program Files\Norton AntiVirus\Quarantine\0D713A14;object could not be disinfected disinfection postponed;10/29/2005 5:57:20 PM
C:\Program Files\Norton AntiVirus\Quarantine\11C07AE2;is a Trojan Trojan-Downloader.Win32.Dyfuca.dp;10/29/2005 5:57:20 PM
C:\Program Files\Norton AntiVirus\Quarantine\11C07AE2;object could not be disinfected disinfection postponed;10/29/2005 5:57:20 PM
C:\Program Files\Norton AntiVirus\Quarantine\11C324DE;is a Trojan Trojan-Downloader.Win32.Dyfuca.ei;10/29/2005 5:57:20 PM
C:\Program Files\Norton AntiVirus\Quarantine\11C324DE;object could not be disinfected disinfection postponed;10/29/2005 5:57:20 PM
C:\Program Files\Norton AntiVirus\Quarantine\11C64EDB;is a Trojan Trojan-Downloader.Win32.Dyfuca.dt;10/29/2005 5:57:20 PM
C:\Program Files\Norton AntiVirus\Quarantine\11C64EDB;object could not be disinfected disinfection postponed;10/29/2005 5:57:20 PM
C:\Program Files\Norton AntiVirus\Quarantine\17DE565E;is a Trojan Trojan-Downloader.JS.Inor.a;10/29/2005 5:57:20 PM
C:\Program Files\Norton AntiVirus\Quarantine\17DE565E;object could not be disinfected disinfection postponed;10/29/2005 5:57:20 PM
C:\Program Files\Norton AntiVirus\Quarantine\2F634F91;is a Trojan Trojan-Spy.Win32.Agent.hn;10/29/2005 5:57:20 PM
C:\Program Files\Norton AntiVirus\Quarantine\2F634F91;object could not be disinfected disinfection postponed;10/29/2005 5:57:20 PM
C:\Program Files\Norton AntiVirus\Quarantine\402376F6;is a Trojan Trojan-Downloader.BAT.Ftp.c;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\402376F6;object could not be disinfected disinfection postponed;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\423B13A2;is a Trojan Trojan-Downloader.JS.IstBar.j;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\423B13A2;object could not be disinfected disinfection postponed;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\4BF73200;is a Trojan Trojan-Downloader.JS.IstBar.j;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\4BF73200;object could not be disinfected disinfection postponed;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\5F40055A;is a Trojan Trojan-Downloader.Win32.Dyfuca.de;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\5F40055A;object could not be disinfected disinfection postponed;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\5FB81E83;is a Trojan Trojan-Downloader.Win32.Dyfuca.de;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\5FB81E83;object could not be disinfected disinfection postponed;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\5FBF727C;is a Trojan Trojan-Downloader.Win32.Dyfuca.ei;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\5FBF727C;object could not be disinfected disinfection postponed;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\5FC54674;is a Trojan Trojan-Dropper.Win32.Agent.rs;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\5FC54674;object could not be disinfected disinfection postponed;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\61593BBD;is a Trojan Trojan-Downloader.JS.IstBar.j;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\61593BBD;object could not be disinfected disinfection postponed;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\615C65B9;is a Trojan Trojan-Downloader.JS.IstBar.j;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\615C65B9;object could not be disinfected disinfection postponed;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\70343649;is a Trojan Trojan-Downloader.Win32.Dyfuca.gen;10/29/2005 5:57:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\70343649;object could not be disinfected disinfection postponed;10/29/2005 5:57:22 PM
C:\Program Files\Norton AntiVirus\Quarantine\70961311;is a potentially dangerous program Exploit.HTML.Mht;10/29/2005 5:57:22 PM
C:\Program Files\Norton AntiVirus\Quarantine\70961311;object could not be disinfected disinfection postponed;10/29/2005 5:57:22 PM
C:\Program Files\Norton AntiVirus\Quarantine\724C5E95;is a Trojan Trojan-Downloader.Win32.Dyfuca.de;10/29/2005 5:57:22 PM
C:\Program Files\Norton AntiVirus\Quarantine\724C5E95;object could not be disinfected disinfection postponed;10/29/2005 5:57:22 PM
C:\Program Files\Norton AntiVirus\Quarantine\73A90762;is a Trojan Trojan-Downloader.JS.IstBar.j;10/29/2005 5:57:22 PM
C:\Program Files\Norton AntiVirus\Quarantine\73A90762;object could not be disinfected disinfection postponed;10/29/2005 5:57:22 PM
C:\Program Files\Norton AntiVirus\Quarantine\7EB2778A;is a potentially dangerous program Exploit.HTML.Mht;10/29/2005 5:57:22 PM
C:\Program Files\Norton AntiVirus\Quarantine\7EB2778A;object could not be disinfected disinfection postponed;10/29/2005 5:57:22 PM
C:\Program Files\Norton AntiVirus\Quarantine\7FD4104A;is a potentially dangerous program Exploit.HTML.Mht;10/29/2005 5:57:22 PM
C:\Program Files\Norton AntiVirus\Quarantine\7FD4104A;object could not be disinfected disinfection postponed;10/29/2005 5:57:22 PM
C:\Program Files\Norton AntiVirus\Quarantine\007D27CC;is a Trojan Trojan-Downloader.JS.IstBar.j;10/29/2005 6:24:05 PM
C:\Program Files\Norton AntiVirus\Quarantine\007D27CC;moved to the backup storage;10/29/2005 6:24:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\007D27CC;deleted;10/29/2005 6:24:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\0D713A14;is a potentially dangerous program Exploit.HTML.Mht;10/29/2005 6:24:21 PM
C:\Program Files\Norton AntiVirus\Quarantine\0D713A14;moved to the backup storage;10/29/2005 6:24:34 PM
C:\Program Files\Norton AntiVirus\Quarantine\0D713A14;deleted;10/29/2005 6:24:34 PM
C:\Program Files\Norton AntiVirus\Quarantine\11C07AE2;is a Trojan Trojan-Downloader.Win32.Dyfuca.dp;10/29/2005 6:24:34 PM
C:\Program Files\Norton AntiVirus\Quarantine\11C07AE2;moved to the backup storage;10/29/2005 6:24:40 PM
C:\Program Files\Norton AntiVirus\Quarantine\11C07AE2;deleted;10/29/2005 6:24:40 PM
C:\Program Files\Norton AntiVirus\Quarantine\11C324DE;is a Trojan Trojan-Downloader.Win32.Dyfuca.ei;10/29/2005 6:24:41 PM
C:\Program Files\Norton AntiVirus\Quarantine\11C324DE;moved to the backup storage;10/29/2005 6:24:47 PM
C:\Program Files\Norton AntiVirus\Quarantine\11C324DE;deleted;10/29/2005 6:24:47 PM
C:\Program Files\Norton AntiVirus\Quarantine\11C64EDB;is a Trojan Trojan-Downloader.Win32.Dyfuca.dt;10/29/2005 6:24:47 PM
C:\Program Files\Norton AntiVirus\Quarantine\11C64EDB;moved to the backup storage;10/29/2005 6:24:47 PM
C:\Program Files\Norton AntiVirus\Quarantine\11C64EDB;deleted;10/29/2005 6:24:47 PM
C:\Program Files\Norton AntiVirus\Quarantine\17DE565E;is a Trojan Trojan-Downloader.JS.Inor.a;10/29/2005 6:24:47 PM
C:\Program Files\Norton AntiVirus\Quarantine\17DE565E;moved to the backup storage;10/29/2005 6:24:48 PM
C:\Program Files\Norton AntiVirus\Quarantine\17DE565E;deleted;10/29/2005 6:24:48 PM
C:\Program Files\Norton AntiVirus\Quarantine\2F634F91;is a Trojan Trojan-Spy.Win32.Agent.hn;10/29/2005 6:24:48 PM
C:\Program Files\Norton AntiVirus\Quarantine\2F634F91;moved to the backup storage;10/29/2005 6:24:48 PM
C:\Program Files\Norton AntiVirus\Quarantine\2F634F91;deleted;10/29/2005 6:24:48 PM
C:\Program Files\Norton AntiVirus\Quarantine\402376F6;is a Trojan Trojan-Downloader.BAT.Ftp.c;10/29/2005 6:24:48 PM
C:\Program Files\Norton AntiVirus\Quarantine\402376F6;moved to the backup storage;10/29/2005 6:24:48 PM
C:\Program Files\Norton AntiVirus\Quarantine\402376F6;deleted;10/29/2005 6:24:48 PM
C:\Program Files\Norton AntiVirus\Quarantine\423B13A2;is a Trojan Trojan-Downloader.JS.IstBar.j;10/29/2005 6:24:48 PM
C:\Program Files\Norton AntiVirus\Quarantine\423B13A2;moved to the backup storage;10/29/2005 6:24:49 PM
C:\Program Files\Norton AntiVirus\Quarantine\423B13A2;deleted;10/29/2005 6:24:49 PM
C:\Program Files\Norton AntiVirus\Quarantine\4BF73200;is a Trojan Trojan-Downloader.JS.IstBar.j;10/29/2005 6:24:49 PM
C:\Program Files\Norton AntiVirus\Quarantine\4BF73200;moved to the backup storage;10/29/2005 6:24:49 PM
C:\Program Files\Norton AntiVirus\Quarantine\4BF73200;deleted;10/29/2005 6:24:49 PM
C:\Program Files\Norton AntiVirus\Quarantine\5F40055A;is a Trojan Trojan-Downloader.Win32.Dyfuca.de;10/29/2005 6:24:49 PM
C:\Program Files\Norton AntiVirus\Quarantine\5F40055A;moved to the backup storage;10/29/2005 6:24:49 PM
C:\Program Files\Norton AntiVirus\Quarantine\5F40055A;deleted;10/29/2005 6:24:49 PM
C:\Program Files\Norton AntiVirus\Quarantine\5FB81E83;is a Trojan Trojan-Downloader.Win32.Dyfuca.de;10/29/2005 6:24:50 PM
C:\Program Files\Norton AntiVirus\Quarantine\5FB81E83;moved to the backup storage;10/29/2005 6:24:50 PM
C:\Program Files\Norton AntiVirus\Quarantine\5FB81E83;deleted;10/29/2005 6:24:50 PM
C:\Program Files\Norton AntiVirus\Quarantine\5FBF727C;is a Trojan Trojan-Downloader.Win32.Dyfuca.ei;10/29/2005 6:24:50 PM
C:\Program Files\Norton AntiVirus\Quarantine\5FBF727C;moved to the backup storage;10/29/2005 6:24:50 PM
C:\Program Files\Norton AntiVirus\Quarantine\5FBF727C;deleted;10/29/2005 6:24:50 PM
C:\Program Files\Norton AntiVirus\Quarantine\5FC54674;is a Trojan Trojan-Dropper.Win32.Agent.rs;10/29/2005 6:24:50 PM
C:\Program Files\Norton AntiVirus\Quarantine\5FC54674;moved to the backup storage;10/29/2005 6:24:51 PM
C:\Program Files\Norton AntiVirus\Quarantine\5FC54674;deleted;10/29/2005 6:24:51 PM
C:\Program Files\Norton AntiVirus\Quarantine\61593BBD;is a Trojan Trojan-Downloader.JS.IstBar.j;10/29/2005 6:24:51 PM
C:\Program Files\Norton AntiVirus\Quarantine\61593BBD;moved to the backup storage;10/29/2005 6:24:51 PM
C:\Program Files\Norton AntiVirus\Quarantine\61593BBD;deleted;10/29/2005 6:24:51 PM
C:\Program Files\Norton AntiVirus\Quarantine\615C65B9;is a Trojan Trojan-Downloader.JS.IstBar.j;10/29/2005 6:24:51 PM
C:\Program Files\Norton AntiVirus\Quarantine\615C65B9;moved to the backup storage;10/29/2005 6:24:51 PM
C:\Program Files\Norton AntiVirus\Quarantine\615C65B9;deleted;10/29/2005 6:24:51 PM
C:\Program Files\Norton AntiVirus\Quarantine\70343649;is a Trojan Trojan-Downloader.Win32.Dyfuca.gen;10/29/2005 6:24:51 PM
C:\Program Files\Norton AntiVirus\Quarantine\70343649;moved to the backup storage;10/29/2005 6:24:52 PM
C:\Program Files\Norton AntiVirus\Quarantine\70343649;deleted;10/29/2005 6:24:52 PM
C:\Program Files\Norton AntiVirus\Quarantine\70961311;is a potentially dangerous program Exploit.HTML.Mht;10/29/2005 6:24:52 PM
C:\Program Files\Norton AntiVirus\Quarantine\70961311;moved to the backup storage;10/29/2005 6:25:01 PM
C:\Program Files\Norton AntiVirus\Quarantine\70961311;deleted;10/29/2005 6:25:01 PM
C:\Program Files\Norton AntiVirus\Quarantine\724C5E95;is a Trojan Trojan-Downloader.Win32.Dyfuca.de;10/29/2005 6:25:01 PM
C:\Program Files\Norton AntiVirus\Quarantine\724C5E95;moved to the backup storage;10/29/2005 6:25:02 PM
C:\Program Files\Norton AntiVirus\Quarantine\724C5E95;deleted;10/29/2005 6:25:02 PM
C:\Program Files\Norton AntiVirus\Quarantine\73A90762;is a Trojan Trojan-Downloader.JS.IstBar.j;10/29/2005 6:25:02 PM
C:\Program Files\Norton AntiVirus\Quarantine\73A90762;moved to the backup storage;10/29/2005 6:25:02 PM
C:\Program Files\Norton AntiVirus\Quarantine\73A90762;deleted;10/29/2005 6:25:02 PM
C:\Program Files\Norton AntiVirus\Quarantine\7EB2778A;is a potentially dangerous program Exploit.HTML.Mht;10/29/2005 6:25:02 PM
C:\Program Files\Norton AntiVirus\Quarantine\7EB2778A;moved to the backup storage;10/29/2005 6:25:02 PM
C:\Program Files\Norton AntiVirus\Quarantine\7EB2778A;deleted;10/29/2005 6:25:02 PM
C:\Program Files\Norton AntiVirus\Quarantine\7FD4104A;is a potentially dangerous program Exploit.HTML.Mht;10/29/2005 6:25:02 PM
C:\Program Files\Norton AntiVirus\Quarantine\7FD4104A;moved to the backup storage;10/29/2005 6:25:03 PM
C:\Program Files\Norton AntiVirus\Quarantine\7FD4104A;deleted;10/29/2005 6:25:03 PM
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP