Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Winfix Problems, and virtumonde [RESOLVED]

Started by dontcareaboutmyid , Nov 20 2005 11:08 PM

  • This topic is locked This topic is locked

#1
dontcareaboutmyid
Posted 20 November 2005 - 11:08 PM

dontcareaboutmyid

    Member

  • Member
  • PipPip
  • 28 posts
I've been having problems with winfix, pop-ups and the like. I followed the instructions within another thread and it seems to have fixed the problem

I've used spysweeper and trojan remover as prescribed in another thread and just wish for someone to lok over my hijack and spysweeper log to make sure everythings up to par

Thanks in advanced

Spysweeper log

********
3:23 PM: | Start of Session, Sunday, November 20, 2005 |
3:23 PM: Spy Sweeper started
3:23 PM: Sweep initiated using definitions version 574
3:24 PM: Starting Memory Sweep
3:24 PM: Found Adware: virtumonde
3:24 PM: Detected running threat: C:\WINDOWS\SYSTEM32\vturs.dll (ID = 77)
3:26 PM: Memory Sweep Complete, Elapsed Time: 00:02:17
3:26 PM: Starting Registry Sweep
3:26 PM: Found Trojan Horse: trojan-downloader-conhook
3:26 PM: HKCR\clsid\{8e13dde1-e013-47ec-9c4c-27c2f78bdd26}\ (3 subtraces) (ID = 834750)
3:26 PM: HKLM\software\classes\clsid\{8e13dde1-e013-47ec-9c4c-27c2f78bdd26}\ (3 subtraces) (ID = 834754)
3:26 PM: Registry Sweep Complete, Elapsed Time:00:00:18
3:26 PM: Starting Cookie Sweep
3:26 PM: Found Spy Cookie: 3 cookie
3:26 PM: alison@3[2].txt (ID = 1959)
3:26 PM: Found Spy Cookie: 5 cookie
3:26 PM: alison@5[1].txt (ID = 1979)
3:26 PM: alison@5[2].txt (ID = 1979)
3:26 PM: Found Spy Cookie: 64.62.232 cookie
3:26 PM: [email protected][1].txt (ID = 1987)
3:26 PM: [email protected][2].txt (ID = 1987)
3:26 PM: [email protected][3].txt (ID = 1987)
3:26 PM: [email protected][4].txt (ID = 1987)
3:26 PM: [email protected][5].txt (ID = 1987)
3:26 PM: Found Spy Cookie: about cookie
3:26 PM: [email protected][1].txt (ID = 2038)
3:26 PM: Found Spy Cookie: websponsors cookie
3:26 PM: [email protected][2].txt (ID = 3665)
3:26 PM: Found Spy Cookie: go.com cookie
3:26 PM: [email protected][1].txt (ID = 2729)
3:26 PM: alison@about[1].txt (ID = 2037)
3:26 PM: alison@about[2].txt (ID = 2037)
3:26 PM: Found Spy Cookie: ad-rotator cookie
3:26 PM: alison@ad-rotator[2].txt (ID = 2051)
3:26 PM: Found Spy Cookie: yieldmanager cookie
3:26 PM: [email protected][2].txt (ID = 3751)
3:26 PM: Found Spy Cookie: adknowledge cookie
3:26 PM: alison@adknowledge[2].txt (ID = 2072)
3:26 PM: Found Spy Cookie: hbmediapro cookie
3:26 PM: [email protected][2].txt (ID = 2768)
3:26 PM: Found Spy Cookie: specificclick.com cookie
3:26 PM: [email protected][1].txt (ID = 3400)
3:26 PM: Found Spy Cookie: cc214142 cookie
3:26 PM: [email protected][2].txt (ID = 2367)
3:26 PM: Found Spy Cookie: pointroll cookie
3:26 PM: [email protected][1].txt (ID = 3148)
3:26 PM: Found Spy Cookie: adultfriendfinder cookie
3:26 PM: alison@adultfriendfinder[2].txt (ID = 2165)
3:26 PM: [email protected][1].txt (ID = 2038)
3:26 PM: Found Spy Cookie: associated new media cookie
3:26 PM: [email protected][2].txt (ID = 2223)
3:26 PM: Found Spy Cookie: ask cookie
3:26 PM: alison@ask[1].txt (ID = 2245)
3:26 PM: Found Spy Cookie: belnk cookie
3:26 PM: [email protected][2].txt (ID = 2293)
3:26 PM: [email protected][1].txt (ID = 2038)
3:26 PM: Found Spy Cookie: atwola cookie
3:26 PM: alison@atwola[2].txt (ID = 2255)
3:26 PM: Found Spy Cookie: bannerspace cookie
3:26 PM: alison@bannerspace[2].txt (ID = 2284)
3:26 PM: Found Spy Cookie: banners cookie
3:26 PM: alison@banners[1].txt (ID = 2282)
3:26 PM: Found Spy Cookie: banner cookie
3:26 PM: alison@banner[1].txt (ID = 2276)
3:26 PM: alison@belnk[1].txt (ID = 2292)
3:26 PM: Found Spy Cookie: burstnet cookie
3:26 PM: alison@burstnet[1].txt (ID = 2336)
3:26 PM: Found Spy Cookie: 2o7.net cookie
3:26 PM: [email protected][2].txt (ID = 1958)
3:26 PM: Found Spy Cookie: casalemedia cookie
3:26 PM: alison@casalemedia[1].txt (ID = 2354)
3:26 PM: Found Spy Cookie: ccbill cookie
3:26 PM: alison@ccbill[1].txt (ID = 2369)
3:26 PM: Found Spy Cookie: classmates cookie
3:26 PM: alison@classmates[2].txt (ID = 2384)
3:26 PM: [email protected][1].txt (ID = 1958)
3:26 PM: Found Spy Cookie: tickle cookie
3:26 PM: [email protected][1].txt (ID = 3530)
3:26 PM: Found Spy Cookie: 360i cookie
3:26 PM: [email protected][2].txt (ID = 1962)
3:26 PM: [email protected][1].txt (ID = 2729)
3:26 PM: [email protected][1].txt (ID = 2293)
3:26 PM: Found Spy Cookie: experclick cookie
3:26 PM: alison@experclick[1].txt (ID = 2639)
3:26 PM: [email protected][1].txt (ID = 2038)
3:26 PM: alison@go[2].txt (ID = 2728)
3:26 PM: [email protected][1].txt (ID = 2038)
3:26 PM: Found Spy Cookie: clickandtrack cookie
3:26 PM: [email protected][2].txt (ID = 2397)
3:26 PM: Found Spy Cookie: screensavers.com cookie
3:26 PM: [email protected][1].txt (ID = 3298)
3:26 PM: [email protected][1].txt (ID = 1958)
3:26 PM: Found Spy Cookie: aptimus cookie
3:26 PM: [email protected][2].txt (ID = 2235)
3:26 PM: Found Spy Cookie: touchclarity cookie
3:26 PM: [email protected][1].txt (ID = 3567)
3:26 PM: Found Spy Cookie: partypoker cookie
3:26 PM: alison@partypoker[2].txt (ID = 3111)
3:26 PM: Found Spy Cookie: questionmarket cookie
3:26 PM: alison@questionmarket[1].txt (ID = 3217)
3:26 PM: [email protected][1].txt (ID = 2038)
3:26 PM: Found Spy Cookie: directtrack cookie
3:26 PM: [email protected][2].txt (ID = 2528)
3:26 PM: Found Spy Cookie: realmedia cookie
3:26 PM: alison@realmedia[2].txt (ID = 3235)
3:26 PM: [email protected][2].txt (ID = 2729)
3:26 PM: Found Spy Cookie: reunion cookie
3:26 PM: alison@reunion[2].txt (ID = 3255)
3:26 PM: Found Spy Cookie: rn11 cookie
3:26 PM: alison@rn11[2].txt (ID = 3261)
3:26 PM: [email protected][1].txt (ID = 2729)
3:26 PM: Found Spy Cookie: coolsavings cookie
3:26 PM: [email protected][1].txt (ID = 2466)
3:26 PM: alison@screensavers[1].txt (ID = 3297)
3:26 PM: Found Spy Cookie: servlet cookie
3:26 PM: alison@servlet[2].txt (ID = 3345)
3:26 PM: [email protected][1].txt (ID = 2528)
3:26 PM: Found Spy Cookie: starware.com cookie
3:26 PM: alison@starware[2].txt (ID = 3441)
3:26 PM: Found Spy Cookie: reliablestats cookie
3:26 PM: [email protected][1].txt (ID = 3254)
3:26 PM: Found Spy Cookie: stlyrics cookie
3:26 PM: alison@stlyrics[2].txt (ID = 3461)
3:26 PM: Found Spy Cookie: trafficmp cookie
3:26 PM: alison@trafficmp[2].txt (ID = 3581)
3:26 PM: Found Spy Cookie: tribalfusion cookie
3:26 PM: alison@tribalfusion[1].txt (ID = 3589)
3:26 PM: Found Spy Cookie: tripod cookie
3:26 PM: alison@tripod[1].txt (ID = 3591)
3:26 PM: [email protected][2].txt (ID = 2038)
3:26 PM: [email protected][2].txt (ID = 2038)
3:26 PM: Found Spy Cookie: burstbeacon cookie
3:26 PM: [email protected][2].txt (ID = 2335)
3:26 PM: Found Spy Cookie: clixgalore cookie
3:26 PM: [email protected][2].txt (ID = 2417)
3:26 PM: Found Spy Cookie: myaffiliateprogram.com cookie
3:26 PM: [email protected][1].txt (ID = 3032)
3:26 PM: [email protected][2].txt (ID = 3298)
3:26 PM: Found Spy Cookie: seeq cookie
3:26 PM: [email protected][1].txt (ID = 3332)
3:26 PM: [email protected][1].txt (ID = 3462)
3:26 PM: Found Spy Cookie: stopzilla cookie
3:26 PM: [email protected][2].txt (ID = 3466)
3:26 PM: Found Spy Cookie: try games cookie
3:26 PM: [email protected][1].txt (ID = 3594)
3:26 PM: [email protected][1].txt (ID = 3332)
3:26 PM: Found Spy Cookie: xiti cookie
3:26 PM: alison@xiti[1].txt (ID = 3717)
3:26 PM: alison@yieldmanager[2].txt (ID = 3749)
3:26 PM: [email protected][2].txt (ID = 2528)
3:26 PM: Found Spy Cookie: adserver cookie
3:26 PM: [email protected][1].txt (ID = 2142)
3:26 PM: Found Spy Cookie: zedo cookie
3:26 PM: alison@zedo[1].txt (ID = 3762)
3:26 PM: Found Spy Cookie: apmebf cookie
3:26 PM: chris@apmebf[2].txt (ID = 2229)
3:26 PM: Found Spy Cookie: paycounter cookie
3:26 PM: chris@paycounter[2].txt (ID = 3115)
3:26 PM: Found Spy Cookie: qksrv cookie
3:26 PM: chris@qksrv[2].txt (ID = 3213)
3:26 PM: [email protected][2].txt (ID = 3254)
3:26 PM: chris@tribalfusion[1].txt (ID = 3589)
3:26 PM: [email protected][1].txt (ID = 3751)
3:26 PM: sue@adknowledge[1].txt (ID = 2072)
3:26 PM: [email protected][1].txt (ID = 3400)
3:26 PM: sue@atwola[1].txt (ID = 2255)
3:26 PM: sue@burstnet[2].txt (ID = 2336)
3:26 PM: [email protected][1].txt (ID = 1962)
3:26 PM: sue@go[2].txt (ID = 2728)
3:26 PM: [email protected][2].txt (ID = 2729)
3:26 PM: Found Spy Cookie: one-time-offer cookie
3:26 PM: sue@one-time-offer[2].txt (ID = 3095)
3:26 PM: [email protected][1].txt (ID = 2729)
3:26 PM: Found Spy Cookie: tracking cookie
3:26 PM: sue@tracking[2].txt (ID = 3571)
3:26 PM: [email protected][2].txt (ID = 2335)
3:26 PM: Cookie Sweep Complete, Elapsed Time: 00:00:08
3:26 PM: Starting File Sweep
4:02 PM: Warning: Unhandled Archive Type
4:02 PM: Warning: Unhandled Archive Type
4:02 PM: Warning: Unhandled Archive Type
4:02 PM: Warning: Unhandled Archive Type
4:03 PM: Warning: Invalid Stream
4:03 PM: Warning: Invalid Stream
4:03 PM: File Sweep Complete, Elapsed Time: 00:36:15
4:03 PM: Full Sweep has completed. Elapsed time 00:39:07
4:03 PM: Traces Found: 111
4:07 PM: Removal process initiated
4:07 PM: Quarantining All Traces: virtumonde
4:07 PM: virtumonde is in use. It will be removed on reboot.
4:07 PM: C:\WINDOWS\SYSTEM32\vturs.dll is in use. It will be removed on reboot.
4:07 PM: Quarantining All Traces: trojan-downloader-conhook
4:07 PM: Quarantining All Traces: 2o7.net cookie
4:07 PM: Quarantining All Traces: 3 cookie
4:07 PM: Quarantining All Traces: 360i cookie
4:07 PM: Quarantining All Traces: 5 cookie
4:07 PM: Quarantining All Traces: 64.62.232 cookie
4:07 PM: Quarantining All Traces: about cookie
4:07 PM: Quarantining All Traces: adknowledge cookie
4:07 PM: Quarantining All Traces: ad-rotator cookie
4:07 PM: Quarantining All Traces: adserver cookie
4:07 PM: Quarantining All Traces: adultfriendfinder cookie
4:07 PM: Quarantining All Traces: apmebf cookie
4:07 PM: Quarantining All Traces: aptimus cookie
4:07 PM: Quarantining All Traces: ask cookie
4:07 PM: Quarantining All Traces: associated new media cookie
4:07 PM: Quarantining All Traces: atwola cookie
4:07 PM: Quarantining All Traces: banner cookie
4:07 PM: Quarantining All Traces: banners cookie
4:07 PM: Quarantining All Traces: bannerspace cookie
4:07 PM: Quarantining All Traces: belnk cookie
4:07 PM: Quarantining All Traces: burstbeacon cookie
4:07 PM: Quarantining All Traces: burstnet cookie
4:07 PM: Quarantining All Traces: casalemedia cookie
4:07 PM: Quarantining All Traces: cc214142 cookie
4:07 PM: Quarantining All Traces: ccbill cookie
4:07 PM: Quarantining All Traces: classmates cookie
4:07 PM: Quarantining All Traces: clickandtrack cookie
4:07 PM: Quarantining All Traces: clixgalore cookie
4:07 PM: Quarantining All Traces: coolsavings cookie
4:07 PM: Quarantining All Traces: directtrack cookie
4:07 PM: Quarantining All Traces: experclick cookie
4:07 PM: Quarantining All Traces: go.com cookie
4:07 PM: Quarantining All Traces: hbmediapro cookie
4:07 PM: Quarantining All Traces: myaffiliateprogram.com cookie
4:07 PM: Quarantining All Traces: one-time-offer cookie
4:07 PM: Quarantining All Traces: partypoker cookie
4:07 PM: Quarantining All Traces: paycounter cookie
4:07 PM: Quarantining All Traces: pointroll cookie
4:07 PM: Quarantining All Traces: qksrv cookie
4:07 PM: Quarantining All Traces: questionmarket cookie
4:07 PM: Quarantining All Traces: realmedia cookie
4:07 PM: Quarantining All Traces: reliablestats cookie
4:07 PM: Quarantining All Traces: reunion cookie
4:07 PM: Quarantining All Traces: rn11 cookie
4:07 PM: Quarantining All Traces: screensavers.com cookie
4:07 PM: Quarantining All Traces: seeq cookie
4:07 PM: Quarantining All Traces: servlet cookie
4:07 PM: Quarantining All Traces: specificclick.com cookie
4:07 PM: Quarantining All Traces: starware.com cookie
4:07 PM: Quarantining All Traces: stlyrics cookie
4:07 PM: Quarantining All Traces: stopzilla cookie
4:07 PM: Quarantining All Traces: tickle cookie
4:07 PM: Quarantining All Traces: touchclarity cookie
4:07 PM: Quarantining All Traces: tracking cookie
4:07 PM: Quarantining All Traces: trafficmp cookie
4:07 PM: Quarantining All Traces: tribalfusion cookie
4:07 PM: Quarantining All Traces: tripod cookie
4:07 PM: Quarantining All Traces: try games cookie
4:07 PM: Quarantining All Traces: websponsors cookie
4:07 PM: Quarantining All Traces: xiti cookie
4:07 PM: Quarantining All Traces: yieldmanager cookie
4:07 PM: Quarantining All Traces: zedo cookie
4:07 PM: Warning: Timed out waiting for explorer.exe
4:07 PM: Warning: Timed out waiting for explorer.exe
4:07 PM: Warning: Timed out waiting for explorer.exe
4:07 PM: Warning: Quarantine process could not restart Explorer.
4:07 PM: Removal process completed. Elapsed time 00:00:53
********
3:21 PM: | Start of Session, Sunday, November 20, 2005 |
3:21 PM: Spy Sweeper started
3:22 PM: Your spyware definitions have been updated.
3:23 PM: | End of Session, Sunday, November 20, 2005 |


Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 11:07:47 PM, on 11/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://music.tinfoil.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\vturs.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: infocr - C:\WINDOWS\msagent\infocr.dll (file missing)
O20 - Winlogon Notify: ssqpn - C:\WINDOWS\system32\ssqpn.dll (file missing)
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Edited by dontcareaboutmyid, 21 November 2005 - 01:21 AM.

  • 0

Advertisements

#2
dontcareaboutmyid
Posted 21 November 2005 - 01:20 AM

dontcareaboutmyid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
More problems.

I've run into the VIRTUMONDE trojan, which i've promtly removed.

New Hijack file to make sure everythings up to par

Logfile of HijackThis v1.99.1
Scan saved at 1:20:21 AM, on 11/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://music.tinfoil.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\vturs.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: infocr - C:\WINDOWS\msagent\infocr.dll (file missing)
O20 - Winlogon Notify: ssqpn - C:\WINDOWS\system32\ssqpn.dll (file missing)
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • 0

#3
rambro
Posted 25 November 2005 - 08:33 AM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear dontcareaboutmyid, :tazz:

Welcome to the Geeks to Go forums.

We are currently studying your log. :)
  • 0

#4
rambro
Posted 25 November 2005 - 12:58 PM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear dontcareaboutmyid, :tazz:

Make sure your PC is configured to show hidden files. Here is how to do this:

Windows XP

* Click "Start".
* Open "My Computer".
* Select the "Tools" menu and click "Folder Options".
* Select the "View" Tab.
* Under the "Hidden files and folders" heading select "Show hidden files and folders".
* Make sure "Hide extensions for known file types" is unchecked
* Uncheck the "Hide protected operating system files (recommended)" option.
* Click "Yes" to confirm.
* Click "OK".

Here is a link for further explanation: http://www.xtra.co.n...1916458,00.html

Please do a search (i.e using the Windows XP's Search Feature) on your computer for this file: msgrapp.dll. If you find this file please give me the "directory path/location" of this file.
Please do a search (i.e using the Windows XP's Search Feature) on your computer for this file: WRLogonNTF.dll. If you find this file please give me the "directory path/location" of this file.
Please do a search (i.e using the Windows XP's Search Feature) on your computer for this file: acsd.exe. If you find this file please give me the "directory path/location" of this file.
Please do a search (i.e using the Windows XP's Search Feature) on your computer for this file: ashMaiSv.exe. If you find this file please give me the "directory path/location" of this file.
Please do a search (i.e using the Windows XP's Search Feature) on your computer for this file: ashWebSv.exe. If you find this file please give me the "directory path/location" of this file.
Please do a search (i.e using the Windows XP's Search Feature) on your computer for this file: wanmpsvc.exe. If you find this file please give me the "directory path/location" of this file.

See the following link as a reference: http://www.cyberwalk.../find-file.html. :)
  • 0

#5
dontcareaboutmyid
Posted 25 November 2005 - 02:37 PM

dontcareaboutmyid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
msgrapp.dll was found in c:\program files\msn messenger

google took me to a site called castle cops and described the file in the hijack log if it helps you along


WRLogonNTF.dll was not found


acsd.exe was not found


ashMaiSv.exe found in c:\program files\alwil software\avast4

google took me to liutilities and said it was a vital component of avast antivirus


ashWebSv.exe also found in c:\program files\alwil software\avast4

liutilites said it was a vital part of avast antivirus


wanmpsvc.exe was not found

Edited by dontcareaboutmyid, 25 November 2005 - 02:37 PM.

  • 0

#6
rambro
Posted 25 November 2005 - 03:07 PM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear dontcareaboutmyid, :tazz:

(Note: Please read through these instructions a couple of times before executing the steps in this post.)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

Please download and run a Free Trial of Trojan Hunter at http://www.misec.net...rojanHunter.exe. Please restart your computer.

Please run the Housecall online virus scan located at: http://housecall.tre.../start_corp.asp. Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system. When the scan is finished, please restart your computer.

Then please run the Panda scan here: http://www.pandasoft...n_principal.htm. Delete any viruses found, and restart your computer.
*******************************

Download, install, update, configure and run a scan with Ad-Aware SE at the following link: http://rstones12.gee...areSE_setup.htm

Restart your computer.
*************************

Go to Start -> Run and type "Services.msc" (without quotes) then hit Ok. Scroll down and find the below service/services:

AOL Connectivity Service (or AOL ACS)
WAN Miniport (ATW) Service (or WANMiniportService)

When you find each service, double-click on it. The next window that opens should be the properties dialog box for that service. On the "General" tab, in the "Service Status" section click the Stop button, then click the drop-down box to change the Startup Type to Disabled. Now hit Apply and then Ok.
*************************

Click Start then Control Panel then Add and Remove Programs. Look for the following installed program/programs and if they are listed click on each one and then click on the Remove or Change button and if asked select "Yes" or "Ok" to remove:

Optional programs you can uninstall, through the Add/Remove program:

Weatherbug is considered adware, I recommend that you remove Weatherbug entirely. It is becoming a nuisance and may install spyware/malware if you are not using the paid version. WeatherPulse by Tropic Designs is, in my opinion, a better program and does not install any spyware/malware; You can download it here (free): http://www.tropicdesigns.net. See the following link: http://www.pchell.co...eatherbug.shtml.

Uninstall the following program/programs through Add/Remove programs:

WeatherBug

Please restart your computer.
*******************************

Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://music.tinfoil.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\vturs.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O20 - Winlogon Notify: infocr - C:\WINDOWS\msagent\infocr.dll (file missing)
O20 - Winlogon Notify: ssqpn - C:\WINDOWS\system32\ssqpn.dll (file missing)
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)

Optional Fixes

I highly recommend you to fix these items:

If you choose to remove WeatherBug, put a check next to the following entry as well:

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1

Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

Please reboot your computer into Safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). For additional help in booting into Safe Mode, see the following site: http://www.pchell.co.../safemode.shtml

Next, make sure your PC is configured to show hidden files. Here is how to do this:

Windows XP

* Click "Start".
* Open "My Computer".
* Select the "Tools" menu and click "Folder Options".
* Select the "View" Tab.
* Under the "Hidden files and folders" heading select "Show hidden files and folders".
* Make sure "Hide extensions for known file types" is unchecked
* Uncheck the "Hide protected operating system files (recommended)" option.
* Click "Yes" to confirm.
* Click "OK".

Here is a link for further explanation: http://www.xtra.co.n...1916458,00.html

Optional folder/folders marked in blue to be deleted (if they exist):

If you uninstalled WeatherBug you need to remove the next folder also:

C:\Program Files\AWS

Finally, clean out temporary and Temporary Internet files. Go to Start -> Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

Restart your computer in normal mode, and then please post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :)
  • 0

#7
dontcareaboutmyid
Posted 25 November 2005 - 04:21 PM

dontcareaboutmyid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Trojan hunter picked up nothing

trend is currently being run

i've never had weatherbug on the computer, so I'm thinking its the spyware that would go along with weather bug that I have. I'll delete the files just the same.

when trend was running, avast came up with the detection on the attatchment, I moved it to the chest for now.


question, I'm leery about fixing the r1's in hijack. My ISP is through yahoo dsl and I'm thinking it might affect my service


the R0 is my homepage, I have it setup to start at music.tinfoil.net

Attached Thumbnails

  • avast_screen.JPG

  • 0

#8
rambro
Posted 25 November 2005 - 05:36 PM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear dontcareaboutmyid, :tazz:

Fix all the R1 lines in HijackThis in my last post to you, they are bad. You don't have to fix that R0 line.

The the file that you sent to the "Chest", is a "Temp" file and is probably bad. In the following lines of my last post:

Finally, clean out temporary and Temporary Internet files. Go to Start -> Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin


I have you clean out the temporary files in the "Temp" and "Temporary Internet Files" folders on your computer. By running "cleanmger", I am actually having you run your "Disk Cleanup" application on your computer. You should frequently clean out your "Temp" and "Temp Internet files" on your computer. Note: Don't delete the "Temp" and Temporary Internet Files" folders on your computer, just the files in those folders.

In addition, The "chest" location in your Avast antivirus software is probably your "Quarantine" folder for "infected files". Do me a favor and go to this location and delete all the files in this location (i.e. clear out the "Chest" by deleting all the files in that location").

Edited by rambro, 25 November 2005 - 05:43 PM.

  • 0

#9
dontcareaboutmyid
Posted 26 November 2005 - 03:10 AM

dontcareaboutmyid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Here's the hijack this log, along with adaware

The computer has been running fine since i ran the vundo mundo whatever virus executable remover. My boot scans with avast have showed nothing, spybot has nothing and ad-aware is just picking up tracking cookies, which are nothing the way I use the internet.

I currently have

Avast antivirus
spybot S&D
ad-aware
spyware blaster
spyware guard
firefox
hijackthis

protecting the compy

Logfile of HijackThis v1.99.1
Scan saved at 3:12:46 AM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://music.tinfoil.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE





ad aware log


Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, November 26, 2005 1:47:47 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R76 22.11.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R76 22.11.2005
Internal build : 88
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal
\defs.ref
File size : 548994 Bytes
Total size : 1646316 Bytes
Signature data size : 1612422 Bytes
Reference data size : 33382 Bytes
Signatures total : 45881
CSI Fingerprints total : 1119
CSI data size : 32093 Bytes
Target categories : 15
Target families : 784


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:50 %
Total physical memory:523248 kb
Available physical memory:258268 kb
Total page file size:2029552 kb
Available on page file:1780560 kb
Total virtual memory:2097024 kb
Available virtual memory:2038052 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Create log file for removal operations
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


11-26-2005 1:47:47 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 580
ThreadCreationTime : 11-26-2005 7:37:41 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 628
ThreadCreationTime : 11-26-2005 7:37:43 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 11-26-2005 7:37:43 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 696
ThreadCreationTime : 11-26-2005 7:37:43 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 708
ThreadCreationTime : 11-26-2005 7:37:43 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 864
ThreadCreationTime : 11-26-2005 7:37:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 940
ThreadCreationTime : 11-26-2005 7:37:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1032
ThreadCreationTime : 11-26-2005 7:37:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1076
ThreadCreationTime : 11-26-2005 7:37:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1168
ThreadCreationTime : 11-26-2005 7:37:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1420
ThreadCreationTime : 11-26-2005 7:37:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1568
ThreadCreationTime : 11-26-2005 7:37:54 AM
BasePriority : Normal


#:13 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1580
ThreadCreationTime : 11-26-2005 7:37:54 AM
BasePriority : High
FileVersion : 4, 6, 695, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswServ.exe

#:14 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1664
ThreadCreationTime : 11-26-2005 7:37:54 AM
BasePriority : Normal
FileVersion : 6.14.10.6573
ProductVersion : 6.14.10.6573
ProductName : NVIDIA Driver Helper Service, Version 65.73
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 65.73
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:15 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1932
ThreadCreationTime : 11-26-2005 7:37:58 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:16 [ashmaisv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 576
ThreadCreationTime : 11-26-2005 7:37:59 AM
BasePriority : Normal


#:17 [ashwebsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 596
ThreadCreationTime : 11-26-2005 7:37:59 AM
BasePriority : Normal


#:18 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1156
ThreadCreationTime : 11-26-2005 7:37:59 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:19 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 280
ThreadCreationTime : 11-26-2005 7:42:09 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [dsentry.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2052
ThreadCreationTime : 11-26-2005 7:42:11 AM
BasePriority : Normal
FileVersion : 1, 0, 5, 0
ProductVersion : 1, 0, 5, 0
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright © 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player when a DVD is inserted.

#:21 [pcmservice.exe]
FilePath : C:\Program Files\Dell\Media Experience\
ProcessID : 2124
ThreadCreationTime : 11-26-2005 7:42:11 AM
BasePriority : Normal
FileVersion : 1.0.0826
ProductVersion : 1.0.0826
ProductName : PCM2Launcher Application
CompanyName : CyberLink Corp.
FileDescription : PowerCinema Resident Program for Dell
InternalName : PowerCinema Resident Program for Dell
LegalCopyright : Copyright c 2003 CyberLink Corp.
OriginalFilename : PCM2Launcher.EXE

#:22 [ybrwicon.exe]
FilePath : C:\Program Files\Yahoo!\browser\
ProcessID : 2280
ThreadCreationTime : 11-26-2005 7:42:12 AM
BasePriority : Normal
FileVersion : 2003, 7, 11, 1
ProductVersion : 1, 0, 0, 1
ProductName : Yahoo!, Inc. YBrwIcon
CompanyName : Yahoo!, Inc.
FileDescription : YBrwIcon
InternalName : YBrwIcon
LegalCopyright : Copyright © 2003
OriginalFilename : YBrwIcon.exe

#:23 [cfd.exe]
FilePath : C:\Program Files\BroadJump\Client Foundation\
ProcessID : 2288
ThreadCreationTime : 11-26-2005 7:42:13 AM
BasePriority : Normal


#:24 [motivesb.exe]
FilePath : C:\PROGRA~1\SBCSEL~1\SMARTB~1\
ProcessID : 2296
ThreadCreationTime : 11-26-2005 7:42:13 AM
BasePriority : Normal
FileVersion : 5.6.7.asst_classic.smartbridge.20031210_035000
ProductVersion : 5.6.7.asst_classic.smartbridge
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : SBC Self Support Tool Alerts
InternalName : version
LegalCopyright : Copyright 1998-2003
OriginalFilename : version

#:25 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
ProcessID : 2304
ThreadCreationTime : 11-26-2005 7:42:13 AM
BasePriority : Normal
FileVersion : 4, 6, 695, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswDisp.exe

#:26 [ipclient.exe]
FilePath : C:\Program Files\Visual Networks\Visual IP InSight\SBC\
ProcessID : 2316
ThreadCreationTime : 11-26-2005 7:42:14 AM
BasePriority : Normal
FileVersion : 5.8.0.13
ProductVersion : 5.8.0.13
ProductName : Visual IP InSight
CompanyName : Visual Networks
FileDescription : IP Session Statistics
InternalName : IPCLIENT
LegalCopyright : Copyright © 2003 Visual Networks Technologies, Inc.
OriginalFilename : ipclient32.exe

#:27 [ipmon32.exe]
FilePath : C:\Program Files\Visual Networks\Visual IP InSight\SBC\
ProcessID : 2332
ThreadCreationTime : 11-26-2005 7:42:14 AM
BasePriority : Normal
FileVersion : 5.8.0.13
ProductVersion : 5.8.0.13
ProductName : Visual IP InSight
CompanyName : Visual Networks
FileDescription : IP Monitor
InternalName : IPMON32
LegalCopyright : Copyright © 2003 Visual Networks Technologies, Inc.
OriginalFilename : ipmon32.exe

#:28 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2360
ThreadCreationTime : 11-26-2005 7:42:14 AM
BasePriority : Normal
FileVersion : 6.0.1.3
ProductVersion : 6.0.1.3
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:29 [ycommon.exe]
FilePath : C:\PROGRA~1\Yahoo!\browser\
ProcessID : 2364
ThreadCreationTime : 11-26-2005 7:42:14 AM
BasePriority : Normal
FileVersion : 2003, 7, 14, 1
ProductVersion : 1, 0, 0, 1
ProductName : YCommon Exe Module
CompanyName : Yahoo!, Inc.
FileDescription : YCommon Exe Module
InternalName : YCommonExe
LegalCopyright : Copyright 2003 Yahoo! Inc.
OriginalFilename : YCommon.EXE

#:30 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2408
ThreadCreationTime : 11-26-2005 7:42:15 AM
BasePriority : Normal
FileVersion : 7.0.3
ProductVersion : QuickTime 7.0.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
OriginalFilename : QTTask.exe

#:31 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2432
ThreadCreationTime : 11-26-2005 7:42:16 AM
BasePriority : Normal
FileVersion : 7.5.0311
ProductVersion : 7.5.0311
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:32 [dsagnt.exe]
FilePath : C:\Program Files\Dell Support\
ProcessID : 2588
ThreadCreationTime : 11-26-2005 7:42:17 AM
BasePriority : Below Normal
FileVersion : 1, 1, 0, 73
ProductVersion : 1, 1, 0, 73
ProductName : Dell Support
CompanyName : Gteko Ltd.
FileDescription : Dell Support
InternalName : AUAgent
LegalCopyright : Copyright © 2000 - 2004 Gteko Ltd.
OriginalFilename : AUAgent.exe

#:33 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2732
ThreadCreationTime : 11-26-2005 7:42:18 AM
BasePriority : Normal
FileVersion : 6.0.1.3
ProductVersion : 6.0.1.3
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:34 [googletalk.exe]
FilePath : C:\Program Files\Google\Google Talk\
ProcessID : 2800
ThreadCreationTime : 11-26-2005 7:42:18 AM
BasePriority : Normal
FileVersion : 1,0,0,76
ProductVersion : 1,0,0,76
ProductName : Google Talk
CompanyName : Google
FileDescription : Google Talk
InternalName : Google Talk
LegalCopyright : Copyright © 2005
OriginalFilename : googletalk.exe

#:35 [sgmain.exe]
FilePath : C:\Program Files\SpywareGuard\
ProcessID : 2912
ThreadCreationTime : 11-26-2005 7:42:20 AM
BasePriority : Normal
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
ProductName : SpywareGuard
FileDescription : SpywareGuard
InternalName : sgmain
LegalCopyright : Copyright © 2002-2003 Javacool Software LLC
OriginalFilename : sgmain.exe
Comments : SpywareGuard

#:36 [mpbtn.exe]
FilePath : C:\Program Files\SBC Self Support Tool\bin\
ProcessID : 3108
ThreadCreationTime : 11-26-2005 7:42:21 AM
BasePriority : Normal


#:37 [sgbhp.exe]
FilePath : C:\Program Files\SpywareGuard\
ProcessID : 3340
ThreadCreationTime : 11-26-2005 7:42:24 AM
BasePriority : Normal
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
ProductName : SG Browser Hijacking Protection
FileDescription : SG Browser Hijacking Protection
InternalName : sgbhp
LegalCopyright : Copyright © 2002-2003 Javacool Software LLC.
OriginalFilename : sgbhp.exe
Comments : SG Browser Hijacking Protection

#:38 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3836
ThreadCreationTime : 11-26-2005 7:43:48 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chris@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alison@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Alison\Cookies\alison@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alison@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Alison\Cookies\alison@tribalfusion[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alison@tripod[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Alison\Cookies\alison@tripod[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Alison\Cookies\[email protected][1].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1151 entries scanned.
New critical objects:0
Objects found so far: 6




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6

2:03:30 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:15:43.609
Objects scanned:180625
Objects identified:6
Objects ignored:0
New critical objects:6

Edited by dontcareaboutmyid, 26 November 2005 - 03:13 AM.

  • 0

#10
rambro
Posted 26 November 2005 - 08:09 AM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear dontcareaboutmyid, :tazz:

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

1. Prepare Ewido Security Suite for use:
  • Download the trial version of Ewido Security Suite.
  • Install the Program.
  • Click on the "update" button on the left hand side of the window.
  • Click on "Start Update".
2. When installing, under 'Additional Options' uncheck:
  • Install background guard
  • Install scan via context menu
3. You should not run the program yet so Exit the program.
4. Reboot into Safe mode. To reboot in Safe mode:
  • Restart your computer and immediately begin tapping the F8 key on your keyboard.
  • If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
5. Run Ewido Security Suite:
  • Open Ewido Security Suite.
  • Click on the "scanner" button on the left hand side of the window.
  • Click on "Complete System Scan".
  • After the scan is completed, save the logfile from the scan.
6. Restart your computer normally to return to normal mode.
7. Prepare in your reply:
  • Please post a fresh HijackThis log.
  • Please post the Ewido Security Suite log.
In addition, let me know in detail how your computer system is running after performing the above steps. :)
  • 0

Advertisements

#11
dontcareaboutmyid
Posted 26 November 2005 - 04:36 PM

dontcareaboutmyid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Is there something specific that you're trying to find?

Logfile of HijackThis v1.99.1
Scan saved at 4:31:05 PM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://music.tinfoil.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:24:19 PM, 11/26/2005
+ Report-Checksum: 6C6917EE

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.491:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.504:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.559:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.636:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\61jdnqzv.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Alison\Cookies\alison@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\z40ib92q.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chris\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0B.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP210\A0054180.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS -> Trojan.Qhost.r : Cleaned with backup


::Report End

Edited by dontcareaboutmyid, 26 November 2005 - 04:37 PM.

  • 0

#12
rambro
Posted 26 November 2005 - 06:18 PM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear dontcareaboutmyid, :tazz:

I usually have the user run a couple of scans from different applications to see if their are hidden, bad files on the user's computer that the HijackThis log does not pick up. These scans also tell me if the system restore points need to be cleared out in a user's computer.

Looking at the Ewido security scan from your last post, I would like to make the following comment: Don't go crazy in doing this, but make sure you clean out the cookies in your Internet Explorer and FireFox browsers frequently. In addition, make sure you do a Disk Cleanup on your computer frequently, that is, clear out/delete the files in your "Temp" and "Temporary Internet Files" folders frequently (i.e. as I mentioned in a previous post).

In the next set of instructions, I want you run a "MWAV antivirus tool" scan on your computer. It is a cute little program, and it will help me analyze your computer even further, that is, to see if their are any hidden, bad files on your computer. Have fun running this program and stick with executing these posts from me. Hopefully, we will be done in a few more posts. Good Luck!!! :)
*************************************

(Note/Disclaimer: Hi dontcareaboutmyid, in this next post, I would like you run another antivirus scan. When you download and install this application, it likes to install itself in a temporary folder by default, which is not a good idea. The thing is that if you ever tried to do a Disk Cleanup of your system (which is a good idea and should be done frequently) these files will be deleted and the program will not run. My instructions below, will give you a way to install this program, without it installing itself (by default) in a temporary folder which could be deleted (you probably should have the winzip application on your computer to install the application to a different directory.). See also the link on removing temporary files: http://www.tech-reci...cipes&rx_id=463. Good Luck!) :)

I would like you to download a program to your computer that will check for bad, hidden, files that the HijackThis program may not recognize.

Please create a folder on your desktop and rename it to something like "MWAV or MWAV application".

Please download the free MWAV antivirus tool from here: ftp://ftp.microworldsystems.com/download/tools/mwav.exe.

Save the downloaded "executable file" to this folder and "extract it" to this folder. Do a search for a file called mwavscan.com and double click on this file. The MWAV antivirus tool application should run.

(Note #1: The application will ask you if you want to purchase this product say "NO".)

Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window in a reply to this post.

(Note #2: When you run the MWAV antivirus tool scan, I do not want the log produced when pressing the view log button. When you run this application to scan your computer, you will see two panes or panels. By pressing the "view log button" it will give you the information in the top pane or panel. I want you to post the information in the bottom pane or panel. The title for the bottom pane/panel should say: Virus Log Information. Please post the information in the bottom pane/panel in a reply to this post.)

(Note #3: Some users were having trouble copying the information in the bottom pane or panel. To copy the information from the bottom pane or panel, highligt the information in the "bottom pane/panel" with your mouse then on your keyboard press the following keys simultaneously: Ctrl + c. This will copy the information in the bottom pane to your clipboard. Then open up your notepad application, and paste the information from your clipboard into notepad and save the notepad file as "mwav.txt". Or you can past the contents of the clipboard directly into your next post using the paste function or pressing the following keys on your keyboard simultaneously, Ctrl + v.)

Please restart your computer and then post a new HijackThis log, along with the log from the MWAV antivirus tool application.

In addition, let me know in detail how your computer system is running after performing the above steps. :woot:
  • 0

#13
dontcareaboutmyid
Posted 27 November 2005 - 01:16 AM

dontcareaboutmyid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Are you kidding? I love this security stuff. I like dl'ing all this stuff and scanning.

i had a field day with my dad when I first dl'ed avast over our trail version of mcaffee which was 2 and a half months out of date. I took down four trojans on that day and had the best of times showing him that he knew nothing in the field of our computer's internet security.

log from MWav - edited by rambro because log was incomplete.

Edited by rambro, 28 November 2005 - 07:09 PM.

  • 0

#14
rambro
Posted 27 November 2005 - 02:32 AM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear dontcareaboutmyid, :tazz:

The MWAV antivirus tool scan seems incomplete or cutoff, please rescan and post a new MWAV antivirus tool log. If you need to post the log in more than one post, please do. Remember to give me the data in the bottom pane or panel.

rambro :)
  • 0

#15
dontcareaboutmyid
Posted 28 November 2005 - 07:00 PM

dontcareaboutmyid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Part 1

Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "weatherbug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "coolwebsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "coolwebsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "clipgenie Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\dcainst.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\yinsthelper.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjbctrl.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMFWCtrl.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMRadioEngine.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\drivers\ipvnmon.sys". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\yinsthelper.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\dcainst.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bantam.dll" refers to invalid object "bantam.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bdeadmin.hlp" refers to invalid object "bdeadmin.hlp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\blw32.dll" refers to invalid object "blw32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\disp.dll" refers to invalid object "disp.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idapi32.dll" refers to invalid object "idapi32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idasci32.dll" refers to invalid object "idasci32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idbat32.dll" refers to invalid object "idbat32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idda3532.dll" refers to invalid object "idda3532.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddao32.dll" refers to invalid object "iddao32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddbas32.dll" refers to invalid object "iddbas32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddr32.dll" refers to invalid object "iddr32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idodbc32.dll" refers to invalid object "idodbc32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idpdx32.dll" refers to invalid object "idpdx32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idqbe32.dll" refers to invalid object "idqbe32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idr20009.dll" refers to invalid object "idr20009.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idsql32.dll" refers to invalid object "idsql32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MOH.exe" refers to invalid object "C:\Program Files\NetWaiting\MOH.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\WMPLYR\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\VSRCPLIN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\DELLCUSTOM\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\AUDP\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\AUSTRM\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\CDBURNING\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RMJPLN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\CDEXTRACT\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\CDINFO\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\CDROMS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\COMMON\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\DATACACHE\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\DEVICES\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\FIRSTRUN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\DTDRPLINDIR\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\EPLUGINS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\FAUST\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\FFTRANSCDIR\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\FIRSTRUN_LOCALGUIDE\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\FLASH\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\FREE\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\GEMSETUP\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\GEMXMLBIN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\HOWTO\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\HOWTOHANDLER\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\JSCRIPT\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MinAim\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MINHELP\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MP3\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MP3PL\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MP3PLN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MSGIMG\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MSGROOT\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MSGUI\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MULTICST\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PDBURNDEVICEINI\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PDBURNENGINE\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PDBURNPLUGINS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PDBURNRPPLUGINS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PDBURNSUPPORT\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PDMGR\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PLAYER\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PLAYERPLUGINS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PLAYERPLUGOCX\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PLAYERUNINST\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PLINS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PLSHARED\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PLUS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RACODECS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RJBRES\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RJBVIZ\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RJDLG\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RJMPMED\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RJMPZIP\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RMXPLN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RNADMIN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RTPLINS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RV9CODECS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RVCODECS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\SECURITY\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\SKINS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\TDWNMGR\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\TEMPLATES\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\TFILESYS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\UI\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\UPDATE\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\VIDP\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\VIZ\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\VMPG\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Dell\Support\bin\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Dell\Support\Alert\bin\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Dell\Support\Alert\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Dell\DSLogDB\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Dell\Support\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Dell\Alert\0\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Dell\Alert\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Your Company Name\Your Product Name\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Your Company Name\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dwi". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".hpi". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".net]". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".OGG". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PBP". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r00". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r3t". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rjs". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rjt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sdp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AolCoach". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{0552A36D-0D7E-4FF5-8FDB-6629ABA7C779}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{35AFD495-EC2E-4B2B-B9DB-30EEBC74049D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{3CB41017-F5CA-4C56-934C-ED02156251E6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{47808F78-F178-49DC-B708-15FE538B16FF}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{5A4AFC3E-4973-46A1-92D6-3A1C5E52948A}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817611". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826959". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuickTime". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WildTangent CDA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{1E7D8F6E-959C-4819-8BC3-837B0A4A6653}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{43FCA273-9534-40DB-B7C5-D7758875616A}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4E921E6B-CFF1-4901-B262-FD049AC8EF56}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{89A344E4-A54B-4C5E-97BD-040B4B300813}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{89A344E4-A54B-4C5E-97BD-040B4B300816}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600777}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00014C0D-B007-4448-B89B-4EC3E857961D}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0662245D-254C-4363-AA70-D909C154A688}" refers to invalid object ".\sldwebpub.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0880413D-9C3D-11D3-B931-00C04F8EF738}" refers to invalid object ".\sldse.dll". Action Taken: No Action Taken.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP