Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{06506B3A-857D-431f-BE0B-038B1EC386B3}" refers to invalid object ""C:\Program Files\SpyAxe\spyaxe.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BFF94F7-9748-43d1-BAC4-D963351B63E7}" refers to invalid object ""C:\Program Files\SpyAxe\spyaxe.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C580891-CA9D-4619-BDC9-85378EB65931}" refers to invalid object ""C:\Program Files\SpyAxe\spyaxe.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{53525A6C-3774-4b47-B317-BC7DFE4FC7ED}" refers to invalid object ""C:\Program Files\SpyAxe\spyaxe.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5DEB9A24-19E0-49e6-A6B2-110BC3E1062A}" refers to invalid object ""C:\Program Files\SpyAxe\spyaxe.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5E1ACE2A-8638-4775-8AA9-5C187AD40A82}" refers to invalid object ""C:\Program Files\SpyAxe\spyaxe.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{629C4FE9-B627-4905-AF5B-AD652BB1B5C5}" refers to invalid object ""C:\Program Files\SpyAxe\spyaxe.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{659F78EA-6FF2-40f8-8EA3-06F7418A209E}" refers to invalid object ""C:\Program Files\SpyAxe\spyaxe.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB}" refers to invalid object "C:\Program Files\Security Toolbar\Security Toolbar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7616A7F7-DF99-432f-870D-4AFEA0D079F4}" refers to invalid object ""C:\Program Files\SpyAxe\spyaxe.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7EB22F36-2CCD-4003-89EE-6CF40EBC4282}" refers to invalid object ""C:\Program Files\SpyAxe\spyaxe.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A0D06AA3-499B-4156-9FFD-0BE236F0D4E5}" refers to invalid object ""C:\Program Files\SpyAxe\spyaxe.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B6610F1D-DA77-42c4-8300-721D9DA9D70B}" refers to invalid object ""C:\Program Files\SpyAxe\spyaxe.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}" refers to invalid object "C:\WINDOWS\System32\svchosts.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{0B3A6E45-78BF-4335-BBFF-A2F14F897D55}" refers to invalid object "C:\Program Files\Pinnacle\Studio\programs\KnobControl.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{2147059C-0BCB-11D4-919A-00AA00A0188E}" refers to invalid object "C:\Program Files\Pinnacle\Studio\Components\MPrProv.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{2BB3BCBF-411A-4C67-8E69-F4BB301DC333}" refers to invalid object "C:\Program Files\SpyAxe\spyaxe.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{361C2BC3-C035-11D2-99DC-00AA00AE68A1}" refers to invalid object "C:\Program Files\Pinnacle\Studio\Components\AVIWAVIm.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{399CB6B4-7312-11D2-B4D9-00105A0422DF}" refers to invalid object "C:\Program Files\Pinnacle\Studio\programs\HHActiveX.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{4B7F8BF4-99C2-11D2-B3C3-00A0CC3A50B9}" refers to invalid object "C:\WINDOWS\emsmtp.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{52F2F122-2BC5-11D2-8FB7-000000000000}" refers to invalid object "C:\Program Files\Adobe\Adobe Photoshop CS2\ImageReady.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7AF322C5-AB43-11D4-A00B-0050DA18DE71}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{89C31EC1-E2B3-11D3-8CC4-0050040BE7E0}" refers to invalid object "C:\Program Files\Pinnacle\Studio\Components\MPGTSPr.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{8C808E30-31AF-44F2-9471-04E0054414C0}" refers to invalid object "C:\Program Files\hp center\137903\Program\HPClientExt.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A07A2751-CCDD-11D3-8CBD-0050040BE7E0}" refers to invalid object "C:\Program Files\Pinnacle\Studio\Components\MPAProv.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A49DF62A-9BCE-11D4-885E-0010B542B8BB}" refers to invalid object "C:\Program Files\Hewlett-Packard\EZ Internet Signup\HPSdpApp.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E3029581-7294-11D3-AEE3-00600857EED8}" refers to invalid object "C:\Program Files\Pinnacle\Studio\Components\Filter\mpegdecoder.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E891EE9A-D0AE-4cb4-8871-F92C0109F18E}" refers to invalid object "C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Adobe Photoshop Only\Automate\ScriptingSupport.8li". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FA5A37A3-4017-11D3-A763-00E018904220}" refers to invalid object "C:\Program Files\Pinnacle\Studio\Components\MP2Prov.dll". Action Taken: No Action Taken.
Entry "HKCR\.as" refers to invalid object "asfile". Action Taken: No Action Taken.
Entry "HKCR\.ase" refers to invalid object "Photoshop.ExchangeableSwatchFile.9". Action Taken: No Action Taken.
Entry "HKCR\.ashx" refers to invalid object "ashxfile". Action Taken: No Action Taken.
Entry "HKCR\.asmx" refers to invalid object "asmxfile". Action Taken: No Action Taken.
Entry "HKCR\.axd" refers to invalid object "axdfile". Action Taken: No Action Taken.
Entry "HKCR\.cin" refers to invalid object "Photoshop.CINFile.9". Action Taken: No Action Taken.
Entry "HKCR\.config" refers to invalid object "configfile". Action Taken: No Action Taken.
Entry "HKCR\.cr2" refers to invalid object "Photoshop.CameraRawFileCanon2.9". Action Taken: No Action Taken.
Entry "HKCR\.crw" refers to invalid object "Photoshop.CameraRawFileCanon.9". Action Taken: No Action Taken.
Entry "HKCR\.cs" refers to invalid object "csfile". Action Taken: No Action Taken.
Entry "HKCR\.dcr" refers to invalid object "Photoshop.CameraRawFileKodak.9". Action Taken: No Action Taken.
Entry "HKCR\.disco" refers to invalid object "discofile". Action Taken: No Action Taken.
Entry "HKCR\.dng" refers to invalid object "Photoshop.CameraRawFileDigital.9". Action Taken: No Action Taken.
Entry "HKCR\.dpx" refers to invalid object "Photoshop.CINFile.9". Action Taken: No Action Taken.
Entry "HKCR\.eps" refers to invalid object "Photoshop.EPSFile.9". Action Taken: No Action Taken.
Entry "HKCR\.erf" refers to invalid object "Photoshop.CameraRawFileEpson.9". Action Taken: No Action Taken.
Entry "HKCR\.exr" refers to invalid object "Photoshop.OpenEXRFile.9". Action Taken: No Action Taken.
Entry "HKCR\.fido" refers to invalid object "Photoshop.CINFile.9". Action Taken: No Action Taken.
Entry "HKCR\.hdr" refers to invalid object "Photoshop.PortableBitMapFile.9". Action Taken: No Action Taken.
Entry "HKCR\.icb" refers to invalid object "Photoshop.TGAFile.9". Action Taken: No Action Taken.
Entry "HKCR\.mnu" refers to invalid object "Photoshop.MenuCustomizationFile.9". Action Taken: No Action Taken.
Entry "HKCR\.mos" refers to invalid object "Photoshop.CameraRawFileLeaf.9". Action Taken: No Action Taken.
Entry "HKCR\.mrw" refers to invalid object "Photoshop.CameraRawFileMinolta.9". Action Taken: No Action Taken.
Entry "HKCR\.nef" refers to invalid object "Photoshop.CameraRawFileNikon.9". Action Taken: No Action Taken.
Entry "HKCR\.orf" refers to invalid object "Photoshop.CameraRawFileOlympus.9". Action Taken: No Action Taken.
Entry "HKCR\.pbm" refers to invalid object "Photoshop.RadianceFile.9". Action Taken: No Action Taken.
Entry "HKCR\.pct" refers to invalid object "Photoshop.PICTFile.9". Action Taken: No Action Taken.
Entry "HKCR\.pdp" refers to invalid object "Photoshop.PDPFile.9". Action Taken: No Action Taken.
Entry "HKCR\.pef" refers to invalid object "Photoshop.CameraRawFilePentax.9". Action Taken: No Action Taken.
Entry "HKCR\.pic" refers to invalid object "Photoshop.PICTFile.9". Action Taken: No Action Taken.
Entry "HKCR\.pict" refers to invalid object "Photoshop.PICTFile.9". Action Taken: No Action Taken.
Entry "HKCR\.png" refers to invalid object "Photoshop.PNGFile.9". Action Taken: No Action Taken.
Entry "HKCR\.psb" refers to invalid object "Photoshop.PSBFile.9". Action Taken: No Action Taken.
Entry "HKCR\.psd" refers to invalid object "Photoshop.Image.9". Action Taken: No Action Taken.
Entry "HKCR\.pxr" refers to invalid object "Photoshop.PXRFile.9". Action Taken: No Action Taken.
Entry "HKCR\.raf" refers to invalid object "Photoshop.CameraRawFileFujifilm.9". Action Taken: No Action Taken.
Entry "HKCR\.raw" refers to invalid object "Photoshop.RAWFile.9". Action Taken: No Action Taken.
Entry "HKCR\.rem" refers to invalid object "remfile". Action Taken: No Action Taken.
Entry "HKCR\.rle" refers to invalid object "Photoshop.BMPFile.9". Action Taken: No Action Taken.
Entry "HKCR\.sct" refers to invalid object "Photoshop.SCTFile.9". Action Taken: No Action Taken.
Entry "HKCR\.sdpx" refers to invalid object "Photoshop.CINFile.9". Action Taken: No Action Taken.
Entry "HKCR\.shh" refers to invalid object "Photoshop.SHHFile.9". Action Taken: No Action Taken.
Entry "HKCR\.shtm" refers to invalid object "shtmfile". Action Taken: No Action Taken.
Entry "HKCR\.shtml" refers to invalid object "shtmlfile". Action Taken: No Action Taken.
Entry "HKCR\.srf" refers to invalid object "Photoshop.CameraRawFileSony.9". Action Taken: No Action Taken.
Entry "HKCR\.sta" refers to invalid object "Photoshop.STAFile.9". Action Taken: No Action Taken.
Entry "HKCR\.stm" refers to invalid object "stmfile". Action Taken: No Action Taken.
Entry "HKCR\.tga" refers to invalid object "Photoshop.TGAFile.9". Action Taken: No Action Taken.
Entry "HKCR\.tif" refers to invalid object "Photoshop.TIFFFile.9". Action Taken: No Action Taken.
Entry "HKCR\.tiff" refers to invalid object "Photoshop.TIFFFile.9". Action Taken: No Action Taken.
Entry "HKCR\.vb" refers to invalid object "vbfile". Action Taken: No Action Taken.
Entry "HKCR\.vda" refers to invalid object "Photoshop.TGAFile.9". Action Taken: No Action Taken.
Entry "HKCR\.vst" refers to invalid object "Photoshop.TGAFile.9". Action Taken: No Action Taken.
Entry "HKCR\.wbm" refers to invalid object "Photoshop.WBMFile.9". Action Taken: No Action Taken.
Entry "HKCR\.wbmp" refers to invalid object "Photoshop.WBMFile.9". Action Taken: No Action Taken.
Entry "HKCR\.web" refers to invalid object "webfile". Action Taken: No Action Taken.
Entry "HKCR\.x3f" refers to invalid object "Photoshop.CameraRawFileFoveon.9". Action Taken: No Action Taken.
Logfile of HijackThis v1.99.1
Scan saved at 3:39:00 PM, on 11/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcaf...01/mcinsctl.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcaf...,26/mcgdmgr.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
I would've replied sooner, by Mwav took 16 hours to scan.