Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hjt log


  • Please log in to reply
9 replies to this topic

#1 madcanot

madcanot

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 31 May 2005 - 01:46 AM

Im having pop-ups and a problem with the double clicking on my mouse, if anyone could take a look at this and advise I'd much appreciate it, btw i have used norton antivirus, adwarw, and adbot and they cant seem to fix the problem.. thanks for you time
heres the log:
Logfile of HijackThis v1.99.1
Scan saved at 2:26:30 AM, on 05/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yaplock\YaplockTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F8D1D297-1C0F-32AF-5987-645374081090} - C:\WINDOWS\System32\skwk.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\hoezg.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitexzr32.exe
O4 - HKLM\..\RunServices: [Service Drivers] msnpg.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [Brb] C:\WINDOWS\System32\l?gonui.exe
O4 - HKCU\..\Run: [Service Drivers] msnpg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wccapp] c:\windows\winln.exe
O4 - HKCU\..\Run: [ole2nls] C:\WINDOWS\System32\ole2nls.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunServices: [Service Drivers] msnpg.exe
O4 - Startup: Yaplock.lnk = C:\Program Files\Yaplock\YaplockTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095380455685
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

BC AdBot (Login to Remove)

 


#2 Joe - London

Joe - London

  • Security Colleague
  • 327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:38 PM

Posted 31 May 2005 - 04:05 AM

Hi madcanot,

Please download this tool: LQfix.zip
Unzip it to your Desktop.
Don't use it yet!

IMPORTANT! Reboot the computer into Safe Mode (tap F8 during bootup, use arrow keys to select Safe Mode, then hit 'enter').

Doubleclick LQfix.bat that you saved on your desktop before.
A Dos Window will open and close again, that is normal.

Reboot into normal mode.

Viewpoint Media Player/Manager is foistware, I recommend you uninstall it from "Add/Remove Programs" in the Windows® Control Panel.

*Open Hijackthis, take another scan and place a checkmark next to these entries.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {F8D1D297-1C0F-32AF-5987-645374081090} - C:\WINDOWS\System32\skwk.dll (file missing)
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\hoezg.exe
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitexzr32.exe
O4 - HKLM\..\RunServices: [Service Drivers] msnpg.exe
O4 - HKCU\..\Run: [Brb] C:\WINDOWS\System32\l?gonui.exe
O4 - HKCU\..\Run: [Service Drivers] msnpg.exe
O4 - HKCU\..\Run: [wccapp] c:\windows\winln.exe
O4 - HKCU\..\Run: [ole2nls] C:\WINDOWS\System32\ole2nls.exe
O4 - HKCU\..\RunServices: [Service Drivers] msnpg.exe

The free version of Weather Bug is generally considered to be adware. As such, it is up to you whether you wish to remove it or leave it installed.
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

*Close all open Windows except Hijackthis and click on "fix Checked".

*Open Windows Explorer, navigate to and delete the following Files/Folders if present:

C:\WINDOWS\System32\hoezg.exe <<< file
C:\WINDOWS\avserve2.exe <<< file
C:\windows\system32\elitexzr32.exe <<< file
C:\WINDOWS\System32\l?gonui.exe <<< file
c:\windows\winln.exe <<< file
C:\WINDOWS\System32\ole2nls.exe <<< file


If you decided to remove Wearherbug delete this folder as well:
C:\Program Files\AWS <<< folder

Reboot the Computer in normal mode again.

I'm not familiar with "Yaplock" can you tell me about it?

i have used norton antivirus, adwarw, and adbot and they cant seem to fix the problem

Norton anti-virus is clear, I assume you mean Ad-aware, but adbot? Please explain?

Click the "AddReply" button and post a new Hijackthis log in this thread for further review and evaluation.

Joe.
If I have helped you in any way, please consider a donation:
Posted Image
Member of UNITE and ASAP.

#3 madcanot

madcanot
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 31 May 2005 - 10:52 AM

Joe,
Thanks much for your help, solved a whole heap of problems.

I was able to fix the items you told me to on hijack this, however couldn't find the files you told me to delete in windows explorer.

Heres a scan I did after I cleared up the comp:

Logfile of HijackThis v1.99.1
Scan saved at 11:35:40 AM, on 05/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095380455685
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

END LOG



The mouse double clicking problems seem to be solved as far as I can tell.
Adbot was supposed to be Spybot(another free adware protection program), sorry getting my spyware programs mixed up, and I have no idea what yaplock is or how it got on my computer but i found it and uninistalled it.

Thanks again for you help, I was about ready to throw the computer straight out the window..or reformat.

#4 Joe - London

Joe - London

  • Security Colleague
  • 327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:38 PM

Posted 31 May 2005 - 12:59 PM

Hi madcanot,

Just a couple of things to clear up.

Viewpoint Media Player/Manager is foistware, I recommend you uninstall it from "Add/Remove Programs" in the Windows® Control Panel if present.
Let me know what you decided about this programme?

*Open Hijackthis again, take another scan and place a checkmark next to these entries.

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

If you decided to remove Viewpoint Manager fix this entry as well if present:
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

*Close all open Windows except Hijackthis and click on "fix Checked".

Some of the files may be already deleted, however in case they are just hidden please have another look for them.
Try this:

* Enable the ”Show Hidden Files and Folders” option:

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select "Show hidden files and folders".
Uncheck: "Hide file extensions for known file types"
Uncheck: "Hide protected operating system files (recommended)"
Click Yes to confirm.
Click OK.

*Open Windows Explorer, navigate to and delete the following Files/Folders if present:

C:\WINDOWS\System32\hoezg.exe <<< file
C:\WINDOWS\avserve2.exe <<< file
C:\windows\system32\elitexzr32.exe <<< file
C:\WINDOWS\System32\l?gonui.exe <<< file
c:\windows\winln.exe <<< file
C:\WINDOWS\System32\ole2nls.exe <<< file
C:\Program Files\AWS <<< folder

If you decided to remove/fix Viewpoint Manager delete this folder as well:
C:\Program Files\Viewpoint\ <<<folder

Reboot the Computer.

Adbot was supposed to be Spybot(another free adware protection program),


Spybot Search & Destroy is a good recommended programme you should have in your armoury.

Click the "AddReply" button and post a new Hijackthis log in this thread for further review and evaluation.

Joe.
If I have helped you in any way, please consider a donation:
Posted Image
Member of UNITE and ASAP.

#5 madcanot

madcanot
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 31 May 2005 - 09:27 PM

Joe,
I took the step you suggested an still werent able to find those files. I uninstalled viewpoint.

here is the log after I fixed those extra items:
Logfile of HijackThis v1.99.1
Scan saved at 10:21:09 PM, on 05/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095380455685
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Also-
The double click problem (the mouse double clicks when i press it only once on occassions, or when i hold it down) seems to have not dissapeared but happens less frequently.
Any suggestions?
thanks again- Madcanot

#6 Joe - London

Joe - London

  • Security Colleague
  • 327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:38 PM

Posted 01 June 2005 - 03:26 AM

Hi Madcanot,

Can you post full details about the mouse e.g. the type, make, cordless etc. What happens to the cursor etc when you have this trouble.

Also I'm a little concerned that you cannot find any of the files on the hard drive listed above for removal. Its not unusual though with the files but what about the folders, did you find and delete those?

Can you let us know how the Computer is performing apart from the mouse problem?

Please download and run MWavScan... It will produce a log in the lower right hand corner and you will need to use Ctrl-C to copy the bottom part of it that has the bad items and then paste it here for review....

http://www.mwti.net/antivirus/free_utilities.asp

It will suggest that you buy the product to fix what it finds, but that is not necessary... Just post the bad part of the scan, if any, and we will deal with it...

*Reboot the Computer in normal mode, click the "Reply Post" button and post a new Hijackthis log and the MWavScan log in this thread for further review and evaluation.

Joe.

Edited by Joe - London, 01 June 2005 - 03:28 AM.

If I have helped you in any way, please consider a donation:
Posted Image
Member of UNITE and ASAP.

#7 madcanot

madcanot
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 03 June 2005 - 01:32 AM

Joe-

About the double clicking.

Its an issue that seems to effect the mouse left click button only. It seems when I try to click once it seems to force a double click (for example on occasion if I click once on the back button on my firefox browser i get sent back two pages, or on an icon on my desktop it'll open the program as if I double clicked it), even though I've only clicked once. This seems to happen completely at random. It becomes especially annoying when dealing with text, if I wish to click once to move the cursor in between two letters it'll highlight the entire word like I double clicked. It also can be annoying when wanting to highlight and drag text, as everything previously highlighted well no longer be selected and only the word the cursor is on is selected mid drag. This seems to suggest the double clicking "virus" is working when I'm holding the left button down, not just after a quick click. I should add that when I first downloaded Spybot it found something callled double click so i assumed this was it, but when I tried to fix the entries spybot would just close after asking my if I wanted to fix selected. After a couple of scans Spybot seems to be working properly now, but it has yet to detect the double click as it did at first. Spybot is currently telling me that I have no threats on my computer, which seems not to be the case.

I also had a question relating to your instructions to post "the bad part of the log."
I am not quite sure as to what you are referring
Thanks.

#8 Joe - London

Joe - London

  • Security Colleague
  • 327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:38 PM

Posted 03 June 2005 - 03:58 AM

Hi madcanot,

In relation to the mouse problem, I need to know approximately when the problem started, what kind of mouse you have, standard, cordless whatever.

As to the Mwav scan, it has two windows, the text, if any, in the lower window is what you need to copy and past in your next post.

Doubleclick is a type of cookie you get when visiting websites and can be easily removed with Ad-aware SE..

You appear to be running two anti-virus programmes, Norton and McAfee, this is not recommended as it can cause conflicts and slowdowns. If this is the case you need to select one and disable the other.

Please download and run: Ad-Aware Second Edition.,

Tutorial

Ad-Aware Second Edition Tutorial

Now do the Mwav scan as instructed in my last post and post the log along with another Hijackthis scan and the other information here.

Joe.
If I have helped you in any way, please consider a donation:
Posted Image
Member of UNITE and ASAP.

#9 madcanot

madcanot
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 03 June 2005 - 04:31 PM

Joe-

The mouse is the standard logitech dell LED laser mouse that came with my computer. It is not cordless.

The problem began occuring about a week and a half ago.

Regarding my antivirus software: You expressed that it appears as if I am running two antivirus programs, Mcafee and Norton. I uninstalled Macafee about 5 months ago when I purchased Norton and there appears to be no Mcafee files listed.

Thanks for clarifying your instructions for me, here is the Mwav scan followed by the HJT scan.

Mwav:

Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "HuntBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SearchEXE Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "CWS.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\movie.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\MSXML3A.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\pxwma.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\movie.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00014C0D-B007-4448-B89B-4EC3E857961D}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0025F2F6-5458-478E-997C-76BBB056B3D6}" refers to invalid object "c:\PROGRA~1\mcafee.com\shared\mccomctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}" refers to invalid object "C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{09E6F477-C3C3-4636-8BFD-2DDB36147FEC}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "c:\PROGRA~1\QUICKI~1.1\mfc42.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "c:\PROGRA~1\QUICKI~1.1\mfc42.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "c:\PROGRA~1\QUICKI~1.1\mfc42.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0FE9096F-7F7A-4e40-857C-E48A53440DFE}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{10F34E64-BBB2-11D6-8A17-00E029570A3E}" refers to invalid object "C:\Program Files\America Online 9.0\sa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1167C47F-01F9-4C08-8564-1D6C9BAAFB60}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Pathfinder.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{18477169-4752-41DC-AB0F-C50EBA75641D}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPWz.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}" refers to invalid object "C:\Program Files\America Online 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}" refers to invalid object "C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B28020D-9DE7-11D4-A2D4-001083025146}" refers to invalid object "C:\Program Files\America Online 9.0\axclntbrg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1CB749C0-81EC-484E-B82C-ADD141FC6415}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Xanthe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{205D2DFB-BBAD-4DC4-A0BB-CDA12A1639CE}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{21DB24D5-9DD7-4F6F-993A-5FB0980EC5DB}" refers to invalid object "c:\PROGRA~1\mcafee.com\shared\mccomctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d5-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78df-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e0-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e1-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e2-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{28E74E8D-7B99-4486-AE32-11B67F93B54B}" refers to invalid object "c:\PROGRA~1\mcafee.com\shared\mccomctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}" refers to invalid object "C:\PROGRA~1\AWS\WEATHE~1\MINIBU~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2BAE89B0-68EF-4fab-AFF7-1E486D93F9EB}" refers to invalid object "C:\Program Files\America Online 9.0\ae.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2CA511C5-C677-4e33-A018-EADF07E08299}" refers to invalid object "C:\PROGRA~1\FUNBAR~1\funbar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{307A6C42-0000-0010-8000-00AA00389B71}" refers to invalid object "c:\program files\warcraft iii\blizzard.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{32686C65-B40D-4899-B309-D93839D506FD}" refers to invalid object "c:\program files\mcafee.com\agent\mcagntps.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3D48B387-E74A-4651-A2ED-7FC490964319}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3ED232B4-0346-4A74-A883-B85B69ADA6A4}" refers to invalid object "c:\PROGRA~1\mcafee.com\shared\mccomctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4634A8A8-E78E-4fed-9751-52307590D7F1}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E97BE17-3300-4A4F-B380-5988DD771F1F}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Ares.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5145942E-41DF-4658-B7C4-089F48E84A75}" refers to invalid object "C:\Program Files\America Online 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{51B21D54-F57F-4ca1-93FF-D986E9F0A388}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5788DAE8-4B72-4BE6-89A0-1E6123E4CBC2}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Cerberus.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{57C368A7-F2E9-48C6-B0E2-C201751383C1}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{60A07B6D-B66C-4339-BD52-EC9520FDCE6A}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{61E15DE7-D229-4eb3-A460-40DCDDA60DA7}" refers to invalid object "C:\Program Files\America Online 9.0\abui.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{63435828-E10D-42d5-8859-C94796B7C22D}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{63603526-954A-42eb-8BEB-8E4BF2F636CB}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{639A19DD-1D97-4A6E-A0D1-01E04FED563F}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6AD3B5BD-9A96-4ca2-9455-2034D05EB134}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{741506D7-C215-48A1-8211-4CEFF2E8FE2C}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{756A2CB8-EC02-4DC8-8588-296C611A5365}" refers to invalid object "C:\Program Files\Common Files\aolshare\Coach\coachdm3.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}" refers to invalid object "C:\Program Files\America Online 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78D0C657-22F0-4E19-A34A-757B14A30344}" refers to invalid object "c:\PROGRA~1\mcafee.com\shared\mccomctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}" refers to invalid object "C:\WINDOWS\System32\Fmoonclj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7C9688C3-7279-474D-ABA5-A632373D2CDB}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7F23E6E5-0E79-4aee-B723-B1463805D5A9}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{80373D03-D993-11D3-A2CE-00108335731F}" refers to invalid object "C:\Program Files\America Online 9.0\MIMEHook.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{84CBABC2-D3BE-4EEF-8394-121FAC215CEF}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicInfo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8AB5F344-B600-11D6-8A15-00E029570A3E}" refers to invalid object "C:\Program Files\America Online 9.0\sa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8BBDA254-CE76-11D3-A2CE-00108335731F}" refers to invalid object "C:\Program Files\America Online 9.0\MIMEHook.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{943742F6-3A40-43FF-97F4-A1750D97B200}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicInfo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{95E0B7D0-0588-4AC4-B992-FE7F8CF85415}" refers to invalid object "C:\WINDOWS\madopew.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{98BFD494-F6AD-4794-9038-832C0654CC43}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPUPF.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99720901-B635-43bd-83E6-D084A990F15A}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9DC1221E-0B36-445a-A2D1-FCA92E502834}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9ECF572B-8638-4FEB-BBAC-D6A9631B4D98}" refers to invalid object "c:\program files\mcafee.com\agent\mcscindx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9F62797E-1249-4596-9FF7-AC6D851A542A}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A105BD70-BF56-4D10-BC91-41C88321F47C}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A30C94ED-ED1D-4cd9-931B-032481FED884}" refers to invalid object "c:\program files\mcafee.com\agent\mcaping.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A8ABE123-FAC4-41c1-ABA3-051B6F112B83}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AA8B4FD2-B5A9-459C-BF9E-4B377A1500A8}" refers to invalid object "C:\WINDOWS\madopew.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AD41621C-A2DD-487D-A24B-8BE40116A5A3}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicInfo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AED456C4-4866-4420-863F-35767EBED514}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B02F4EEB-78D3-414D-8814-7E88F4828C28}" refers to invalid object "c:\PROGRA~1\mcafee.com\shared\mccomctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B3E7BCF9-05C8-4233-BA88-37FDA4AD3147}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B4087707-EFB7-46C0-830E-714899CCE724}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B4F80028-5714-4B7B-B9B1-5748B204799A}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B9BA256A-075B-49ea-B9E2-7DBC2EF021D5}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}" refers to invalid object "C:\Program Files\America Online 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}" refers to invalid object "C:\Program Files\CxtPls\proxystub.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c4-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c5-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c6-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c7-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c8-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BF4C25B5-CD0A-4770-B2F5-750A4407957F}" refers to invalid object "c:\PROGRA~1\mcafee.com\shared\mccomctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C28BC286-884C-4a63-8A9C-6F7F5711034F}" refers to invalid object "C:\Program Files\America Online 9.0\Media\NmpX\nmpx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C657669A-754D-4E13-BB96-B7269F2078F0}" refers to invalid object "c:\PROGRA~1\mcafee.com\shared\mccomctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C8B29238-05AD-421E-8B44-1C11C43FAE1C}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CD34B69E-6117-4eaf-B5B4-F9FD659BF00D}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D465B936-C361-4417-9AC5-35167066F84B}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D670D0B3-05AB-4115-9F87-D983EF1AC747}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicDownload.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D9F99C6B-A3A6-11D4-AF64-444553546170}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DA3C177A-D1DA-47f2-BBF0-E9710CA7253F}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DD943AD3-7672-40EC-B54A-50A54AFAFDC9}" refers to invalid object "C:\WINDOWS\madopew.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicEdit.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E13046F7-A5DF-4574-BD7A-6DC12EC10FF5}" refers to invalid object "C:\Program Files\America Online 9.0\ebrowser.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E3852604-B619-11d6-94EC-00047521F020}" refers to invalid object "C:\Program Files\America Online 9.0\Media\NmpXChat\nmpxchat.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E981D791-F499-4837-A483-5AB22F1C548F}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E9DD2392-EF9B-4963-BEDF-F86C0A2B762A}" refers to invalid object "C:\Program Files\America Online 9.0\AMH.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EB511AE4-87FE-4EFB-91A3-428B2F2601F7}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F091791F-D50D-4ace-9D82-05C42DBB9897}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4F30C01-A7B4-492e-943E-58A7CF2D9DD6}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll". Action Taken: No Action Taken.
Entry "HKCR\AOLCoach.TrainerOCXCtrl.10" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\CoachDM.WebCoachDownload" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\CoachDM.WebCoachDownload.1" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\OemjiSearchPlus.IEFriendly" refers to invalid object "{D240DC29-C093-4388-B71F-A7103C796B0C}". Action Taken: No Action Taken.
Entry "HKCR\OemjiSearchPlus.IEFriendly.1" refers to invalid object "{D240DC29-C093-4388-B71F-A7103C796B0C}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\WINDOWS\ucmoreiex.exe tagged as "not-a-virus:AdWare.ToolBar.Ucmore.a". Action Taken: No Action Taken.
File C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\System32\msdioo.exe infected by "Trojan.Win32.Small.i" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mseggo.gif infected by "Trojan-Spy.Win32.Delf.dx" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\msfaol.dll tagged as "not-a-virus:AdWare.ClientMan". Action Taken: No Action Taken.
File C:\DOCUME~1\Ryan\LOCALS~1\Temp\aigeijgg.htm infected by "Trojan.JS.Pooter.b" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Ryan\LOCALS~1\Temp\dchdpcjl.htm infected by "Trojan.JS.Pooter.b" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Ryan\LOCALS~1\Temp\inf-sh10eng_gf.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\DOCUME~1\Ryan\LOCALS~1\Temp\mjclofbg.htm infected by "Trojan.JS.Pooter.b" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Ryan\LOCALS~1\Temp\msdioo.exe infected by "Trojan.Win32.Small.i" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Ryan\LOCALS~1\Temp\temp.frD5DB infected by "Trojan.JS.StartPage.u" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Ryan\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\Documents and Settings\Ryan\Local Settings\Temp\aigeijgg.htm infected by "Trojan.JS.Pooter.b" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Ryan\Local Settings\Temp\dchdpcjl.htm infected by "Trojan.JS.Pooter.b" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Ryan\Local Settings\Temp\inf-sh10eng_gf.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\Documents and Settings\Ryan\Local Settings\Temp\mjclofbg.htm infected by "Trojan.JS.Pooter.b" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Ryan\Local Settings\Temp\msdioo.exe infected by "Trojan.Win32.Small.i" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Ryan\Local Settings\Temp\temp.frD5DB infected by "Trojan.JS.StartPage.u" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02052AA5.fr5 tagged as "not-a-virus:AdWare.WebSearch.am". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\024031CB.exe infected by "Trojan-Downloader.Win32.Apropo.g" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\036A176A.exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\03706B62.exe infected by "Trojan-Downloader.Win32.Apropo.u" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0374155F.exe infected by "Trojan-Downloader.Win32.Apropo.g" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\03773F5B.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11F75B74.exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\12015969.exe infected by "Trojan-Downloader.Win32.Apropo.u" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\120B575E.exe infected by "Trojan-Downloader.Win32.Apropo.g" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\191024BB.000 infected by "Trojan-Downloader.Win32.QDown.m" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\21B95663.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\24A160BA.ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2FD1496A.exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\55404FFD.exe infected by "Trojan-Clicker.Win32.Small.fw" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\554D77EF.exe infected by "Trojan-Clicker.Win32.Small.fw" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\564818DA.dat infected by "Trojan-Downloader.Win32.QDown.j" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5ED902BA.exe tagged as "not-a-virus:AdWare.DealHelper.ac". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6A045123.exe infected by "Trojan-Clicker.Win32.Small.fw" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6A693EB9.exe infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6D697167.exe infected by "Trojan-Clicker.Win32.Small.fw" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E0226BE.exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E0650BA.exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E097AB7.exe infected by "Trojan-Downloader.Win32.Apropo.u" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E0C24B3.exe infected by "Trojan-Downloader.Win32.Apropo.g" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E0F4EAF.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E0F4EAF.exe infected by "Trojan-Downloader.Win32.Apropo.ab" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E1622A8.exe infected by "Trojan-Downloader.Win32.Apropo.ab" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E1D76A1.000 infected by "Trojan-Downloader.Win32.QDown.m" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E1D76A1.dll tagged as "not-a-virus:AdWare.Ipend". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E20209D.exe tagged as not-a-virus:Tool.Win32.Exporun. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E234A9A.dll tagged as "not-a-virus:AdWare.Ipend". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E234A9A.gif tagged as "not-a-virus:AdWare.Ipend". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E234A9A.ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E267496.dll tagged as "not-a-virus:AdWare.PurityScan.ak". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E267496.htm infected by "Trojan-Clicker.JS.Linker.j" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E2D488F.exe tagged as "not-a-virus:AdWare.DealHelper.ac". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E2D488F.gif tagged as "not-a-virus:AdWare.Ipend". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP198\A0055665.exe infected by "Trojan-Clicker.Win32.Small.fw" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP198\A0055666.exe infected by "Trojan-Dropper.Win32.Agent.kd" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP198\A0056666.exe infected by "Trojan-Dropper.Win32.Agent.kd" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP198\A0056667.exe infected by "Trojan-Clicker.Win32.Small.fw" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP198\A0056670.dll tagged as "not-a-virus:AdWare.ToolBar.EliteBar.af". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP198\A0056680.exe infected by "Trojan-Clicker.Win32.Small.fw" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP198\A0056681.exe infected by "Trojan-Dropper.Win32.Agent.kd" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP198\A0056684.dll tagged as "not-a-virus:AdWare.ToolBar.EliteBar.af". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP198\A0056691.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP198\A0056704.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP200\A0062024.exe tagged as "not-a-virus:AdWare.BargainBuddy.w". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP200\A0062031.dll tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP200\A0062032.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP200\A0062034.exe infected by "Trojan.Win32.Small.i" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP200\A0062035.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP200\A0062036.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP200\A0062037.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP200\A0062038.exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP200\A0062039.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP200\A0062040.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP200\A0062041.exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP200\A0062042.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP200\A0064760.exe infected by "Trojan-Dropper.Win32.Agent.kd" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067780.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067781.exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067782.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067783.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067784.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067785.exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067786.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067787.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067859.exe tagged as "not-a-virus:AdWare.DealHelper.ac". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067869.dll tagged as "not-a-virus:AdWare.Ipend". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067872.dll tagged as "not-a-virus:AdWare.ClientMan". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067875.exe infected by "Trojan.Win32.Small.i" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067924.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067925.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067926.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067927.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067928.exe infected by "Trojan-Downloader.Win32.VB.df" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067929.exe infected by "Trojan-Downloader.Win32.Small.us" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067930.exe infected by "Trojan-Downloader.Win32.Agent.dm" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067931.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067932.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067933.exe infected by "Trojan-Proxy.Win32.Sobit.e" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067934.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067935.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067936.exe infected by "Trojan-Spy.Win32.Qukart.m" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067937.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067938.exe infected by "Trojan-Spy.Win32.Qukart.m" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067939.exe infected by "Trojan-Spy.Win32.Qukart.m" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067940.exe infected by "Trojan-Spy.Win32.Qukart.m" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067941.exe infected by "Trojan-Spy.Win32.Qukart.m" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067942.exe infected by "Trojan-Spy.Win32.Qukart.m" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067943.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067944.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067945.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067946.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067947.dll infected by "Trojan-Spy.Win32.Qukart.m" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067948.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067949.exe infected by "Trojan-Dropper.Win32.Tibsis.a" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067950.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067951.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067952.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP201\A0067954.exe infected by "Net-Worm.Win32.Padobot.k" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0069053.dll tagged as "not-a-virus:AdWare.WebSearch.am". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070056.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070070.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070079.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070137.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070401.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070427.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070482.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070493.exe infected by "Trojan-Clicker.Win32.Small.fw" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070494.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070495.exe infected by "Trojan-Downloader.Win32.Apropo.ab" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070497.exe tagged as "not-a-virus:AdWare.DealHelper.ac". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070498.dll tagged as "not-a-virus:AdWare.Ipend". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070499.dll tagged as "not-a-virus:AdWare.PurityScan.ak". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070505.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070516.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070517.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070518.exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070519.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070520.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070521.exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070522.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070523.dll tagged as "not-a-virus:AdWare.WebSearch.aj". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070530.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070532.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070538.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\A0070637.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP202\snapshot\MFEX-2.DAT tagged as "not-a-virus:AdWare.WebSearch.am". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP203\A0071638.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP203\A0071646.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP203\A0071771.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP203\A0071784.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP203\A0071798.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP203\A0071810.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP204\A0071827.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP204\A0071839.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP204\A0071860.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP204\A0071870.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP204\A0071877.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP205\A0071889.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP205\A0071890.exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP205\A0071891.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP205\A0071892.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP205\A0071893.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP205\A0071894.exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP205\A0071895.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP206\A0071907.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP206\A0071908.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP206\A0071909.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP206\A0071910.exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP206\A0071911.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP206\A0071912.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP206\A0071913.exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP206\A0071914.dll infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP206\A0071925.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP206\A0071935.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP206\A0072935.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP208\A0072968.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP208\A0072980.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP208\A0072994.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP210\A0073994.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP214\A0074104.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP214\A0075104.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP214\A0076103.exe tagged as "not-a-virus:AdWare.WebSearch.al". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B4F6-3584C5B70EC0}\RP214\A0076156.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\System Volume Information\_restore{52E4D7DE-D88E-4314-B

Edited by madcanot, 03 June 2005 - 04:39 PM.


#10 Joe - London

Joe - London

  • Security Colleague
  • 327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:38 PM

Posted 04 June 2005 - 08:10 AM

Hi Madcanot,

As you see Mwav threw all sorts of stuff, mostly orphaned files, possible remnants of old infections etc.Unfortunately this means a lot of additional work for you.

The first thing I'd like you to do is

Download CWShredder from the below link and unzip it into a directory. Start CWShredder and click on the FIx button to have it remove all CWS infections it finds.

Download CWShredder from the following site:

CWShredder Download Site

After you download the program, unzip it into a directory. Make sure all browser windows are closed and double click on the cwshredder.exe to start the program. When the program is loaded click on the "Check for Update" button, and if it finds an new version it will download it. You should then double click on cwshredder.exe again and click on the "FIX" button (not the "Scan only" button) and let it scan your computer.

How to remove CoolWebSearch with CWShredder

When that is done I would like you to disable/enable System Restore:

Disabling the System Restore Utility (Windows XP Users)
Right click the My Computer Icon on the Desktop and click on Properties.
Click on the System Restore tab.
Put a check mark next to 'Turn off System Restore on All Drives'.
Click the 'OK' button.
You will be prompted to restart the Computer. Click Yes.
Now re-enable the Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.

Please create a new System Restore point immediately as this is vital.

Now delete everything you have Quarantined in the Norton/Symantec anti-virus programme.

Do the same with anything you have quarantined in Ad-ware SE'

Noe go to Start | Run

Copy and paste "%temp%" (without the exclamations) in the slot an click OK.

The Temp folder should now be open.

Delete everything in this folder.

Close the folder.

Now do a comlete online scan at this site:
Kapersky On-Line Scan

This will take a long time, possibly hours as its very thorough. Post the log with your next post.

Finally do another Mwav scan and a Hijackthis scan and post both logs here. can you also confirm the type of Computer this is.

Joe.
If I have helped you in any way, please consider a donation:
Posted Image
Member of UNITE and ASAP.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users