Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
8 replies to this topic

#1 EndExploitation

EndExploitation

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 28 September 2005 - 03:14 AM

I have ran Spybot and Ad-aware several times lately (everyday for the past 4 days) and I keep finding problems. I have ran AVG (Free edition) as well but it doesn't find anything. Symptons: slow startup, extremely slow shutdown/restart/log off, pop ups when using Mozilla Firefox (even more if IE is opened).

This is my first post, so I hope I included all the proper info. Thanks again!

Logfile of HijackThis v1.99.1
Scan saved at 4:01:13 AM, on 9/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\RoamMgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.supportforyourpc.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {DC68EBC3-2421-27D7-7D25-0CC2B95F4695} - C:\WINDOWS\System32\gct.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/18d695057b660b...ip/RdxIE601.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2000i\AcDcToday.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file://C:\Program Files\AutoCAD 2000i\InstFred.ocx
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2000i\AcPreview.ocx
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: msjtes40 - Unknown owner - C:\WINDOWS\system32\msjtes40.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

BC AdBot (Login to Remove)

 


m

#2 alsocom

alsocom

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 01 October 2005 - 06:04 PM

Hello EndExploitation and welcome to BleepingComputer. :thumbsup:

Step 1
Open HijackThis, run a scan, then check the following:

O2 - BHO: (no name) - {DC68EBC3-2421-27D7-7D25-0CC2B95F4695} - C:\WINDOWS\System32\gct.dll (file missing)

O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/18d695057b660b...ip/RdxIE601.cab

O23 - Service: msjtes40 - Unknown owner - C:\WINDOWS\system32\msjtes40.exe (file missing)


With all other programs and browsers closed, click fix checked.


Step 2
Delete the offending Service
  • Open HijackThis and click Config -> Misc Tools -> Delete an NT service.
  • In the Delete window, type msjtes40 and press OK.
  • OK any prompts, close HijackThis, and restart your computer.
Step 3
Please set your computer to show all files.
  • Double-click My Computer.
  • Click the Tools menu, and then click Folder Options.
  • Click the View tab.
  • Clear "Hide file extensions for known file types."
  • Under the "Hidden files" folder, select "Show hidden files and folders."
  • Clear "Hide protected operating system files."
  • Click Apply, and then click OK.
You will need to reverse this process when all steps are done.


Step 4
Please delete the following files:

C:\WINDOWS\system32\msjtes40.exe

You'll need to search for these files with Explorer to delete. They may be in C:\WINDOWS\system32\ or C:\WINDOWS\
(Start > Search > All files and folders > More advanced options place a check in the first three boxes)

D0CE0C16B1.dll

If you have any problem deleting these items, reboot into Safe Mode (tap F8 during bootup, use arrow keys to select Safe Mode, then hit 'enter') and try again.


Step 5
Reboot normally and scan with HijackThis. Post the new log as a reply to this thread.
Please let us know of any complications you had and how the computer is behaving.
Alan

#3 EndExploitation

EndExploitation
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 01 October 2005 - 08:06 PM

I was able to do everything as instructed except to delete the listed in step 4. I could not locate them! The only thing I did find was msjtes40.dll in several places but I didn't delete it since it wasn't the requested file. I followed the instructions in Step 3, i.e. all hidden files are shown. I just wasn't able to find msjtes40.exe or D0CE0C16B1.dll. Here is the updated logfile. Thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 5:55:47 PM, on 9/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\RoamMgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.supportforyourpc.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2000i\AcDcToday.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file://C:\Program Files\AutoCAD 2000i\InstFred.ocx
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2000i\AcPreview.ocx
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

#4 alsocom

alsocom

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 01 October 2005 - 08:16 PM

Download CCleaner to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • Click Options < Advanced and uncheck "Only delete files in Windows Temp folders older than 48 hours".
  • Click Run Cleaner to run the program.
  • After it has completed it's process, click Exit.
Caution : It is not recommended to use the 'Issues' tab as it is known to find legitimate items.


Click here to download mwavscan.
  • Double-click it to run it.
  • Read then accept the agreement.
  • Check Drive, and select all local drives, scan all files, then press 'scan'. (This may take a while and will not fix anything)
  • Once it finds something, it will prompt you so click OK.
  • When it is completed, anything found will be displayed in the lower pane.
  • Highlight it with the mouse, copy it (CTRL+C), and paste (CTRL+V) it in your next reply.
Note : It will find many orphaned registry entries so please do not be alarmed by the amount of items that show.
Alan

#5 EndExploitation

EndExploitation
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 12 October 2005 - 06:53 PM

Ok, Here is the result from mwavscan (it doesn't look pretty):

Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "websearch toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "websearch toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.tooncomics Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\PrevAdX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinStatX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\MSXML3A.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA2000\Formatted\ctia2000.dwg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA2000\Measured\RUN1.wvc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA2000\Optimized\CTIA99_measured1_317.dat". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA2000\RF_Design\ctia2000.cpm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA2000\Unformatted\ctia.bmp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA2000\Work\default.opt". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA99\Formatted\CTIA99.dwg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA99\Measured\CTIA1.log". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA99\Optimized\CTIA99_measured1_317.dat". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA99\RF_Design\CTIA99_measured11.cpm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA99\Work\CTIA99.dwg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Miles\Unformatted\0027SA00.DWG". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Miles\Work\default.opt". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\NEB\Formatted\Neb.dwg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\NEB\Optimized\SW1-1870.DAT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\NEB\Predicted\neb1.dwg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\NEB\Unformatted\0126SA01.DWG". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\NEB\Work\CDMA1.CHL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Training\workbook10.dwg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Training\Formatted\dbh_rrs.DWG". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Training\Measured\RUN1.wvc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Training\Predicted\dbh_design.DWG". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Training\Unformatted\2060sa01.dwg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Training\Work\default.opt". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\VT96\Formatted\VT96 Checked.DWG". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\VT96\Measured\Fox.log". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\VT96\Work\default.opt". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Whit_Neb\micro1.dwg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Whit_Neb\Formatted\whit_neb.dwg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Whit_Neb\RF_Design\micro1.cpm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Whit_Neb\Work\MICROCELL.chl". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinStatX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\PrevAdX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\Install.wse.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\config.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\templates.zip". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Aironet" refers to invalid object "C:\Program Files\Cisco Systems\Aironet Client Utility\Aironet". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ML-2010 CommonSM" refers to invalid object "C:\Program Files\Samsung ML-2010 Series\ML-2010 CommonSM". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Program Files\REALTEK Semiconductor Corp.\Realtek Fast Ethernet Adapter Driver\setup.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\siteplan.exe" refers to invalid object "C:\Program Files\SitePlanner\siteplan.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Template\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA2000\Formatted\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA2000\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA2000\Measured\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA2000\Optimized\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA2000\RF_Design\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA2000\Unformatted\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA2000\Work\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA99\Formatted\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA99\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA99\Measured\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA99\Optimized\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA99\RF_Design\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\CTIA99\Work\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Miles\Unformatted\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Miles\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Miles\Work\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\NEB\Formatted\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\NEB\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\NEB\Optimized\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\NEB\Predicted\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\NEB\Unformatted\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\NEB\Work\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Training\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Training\Formatted\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Training\Measured\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Training\Predicted\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Training\Unformatted\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Training\Work\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\VT96\Formatted\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\VT96\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\VT96\Measured\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\VT96\Work\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Whit_Neb\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Whit_Neb\Formatted\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Whit_Neb\RF_Design\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SitePlanner\Workspaces\Whit_Neb\Work\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".000". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".avg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cpm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".doc?bsession=2170386&bsession_str=session_id=2170386,user_id_pk1=12430,user_id_sos_id_pk2=1,user_id=ghank003,one_time_token=,batch_uid=411497". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".doc?bsession=2226662&bsession_str=session_id=2226662,user_id_pk1=12430,user_id_sos_id_pk2=1,user_id=ghank003,one_time_token=,batch_uid=411497". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".doc?bsession=2464782&bsession_str=session_id=2464782,user_id_pk1=12430,user_id_sos_id_pk2=1,user_id=ghank003,one_time_token=,batch_uid=411497". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".doc?bsession=715379&bsession_str=session_id=715379,user_id_pk1=12430,user_id_sos_id_pk2=1,user_id=ghank003,one_time_token=,batch_uid=41149". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".doc?OpenElement". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".flg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".hdr". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LNG". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".m4a". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".me". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".part". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PFB". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PPZ". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PQI". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".RST". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB810217". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821557". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833407". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833987". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840987". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841356". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841533". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB867282-IE6SP1-20050127.163319". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB871250". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB873376". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB891711". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{5081528F-5DD5-49BA-8213-9A6A13502497}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D56772AC-0DDA-4376-BA9E-80A38ABB717F}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0254F2B0-7116-40FC-8551-A2ED8C0C5872}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{038E9840-12DD-40E8-82BE-DA826423886E}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0794210B-6C16-4874-82C3-644FF8846BD0}" refers to invalid object "C:\Program Files\SitePlanner\acDcLinetypes.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{09A58AF8-1F1D-4A33-91F2-73D3C7B0A61F}" refers to invalid object "C:\Program Files\SitePlanner\acDcLayouts.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BB66938-FC89-4658-A365-7CD7F60E87E7}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0CA55C77-CC60-408B-94C6-EC772FD104A9}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0FD95BFE-8321-11D2-B10D-00805F88185D}" refers to invalid object "C:\Program Files\AutoCAD 2000i\express\axrtext.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{189504B8-50D1-4AA8-B4D6-95C8F58A6414}" refers to invalid object "C:\PROGRA~1\AIM\sb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1CA68D9F-3A22-4EE6-8DD3-9F4BA554625A}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1FAE3754-F46B-45DA-B4CF-9EBF92E950EA}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1FE7C365-F6A9-4AD2-A075-D61F9AD59236}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{20351880-1EF9-4879-A646-9FAF6D9FC87D}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{23AF82A5-E704-4EBC-BFE8-DF33EA467512}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2AFC1A12-65EC-433A-BF9B-7AD381F1EF10}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2D0DE198-0296-4A84-AC3B-0DB11C7F62F2}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3A5AC3A7-CC29-47F8-A0FF-AB82F3D2D9F5}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C4E3B8D-98C8-4701-92D6-64702D6A9EEF}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{40503CEC-5DE2-4AC0-A711-6F74AD772AC7}" refers to invalid object "C:\Program Files\SitePlanner\acDcXrefs.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{40B4DD9D-83C1-11D2-B340-0060B0B3B2E6}" refers to invalid object "C:\Program Files\AutoCAD 2000i\express\axctextapp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{41600CBD-0A19-11D2-B54A-080009D023F9}" refers to invalid object "C:\Program Files\AutoCAD 2000i\shapes.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4643A0DC-ACD8-496C-B1CC-B42AE4B59940}" refers to invalid object "C:\Program Files\SitePlanner\AcDimDynProp.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{56336BCA-3D8A-11d6-A00B-0050DA18DE71}" refers to invalid object "C:\DOCUME~1\GENEVI~1\LOCALS~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5D4757FC-BA38-4876-A279-65457B4BBCFB}" refers to invalid object "C:\Program Files\SitePlanner\acDcImages.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6A7065BC-9BD4-4080-BA7D-B8C3B3F21371}" refers to invalid object "C:\Program Files\SitePlanner\AcDimDynProp.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{70A4E5E9-D350-4AF0-8298-98E8BB30ADB7}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7969FA85-242D-4E8E-99B1-D639AF38DA0E}" refers to invalid object "C:\Program Files\SitePlanner\acDcHatch.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8B67EEAF-ACED-43D4-923F-B8FDF0111DF2}" refers to invalid object "C:\Program Files\SitePlanner\acISMui.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8D2E6C05-A032-4B23-8287-C3ACF30703B0}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8DB7CFFE-CC24-4FBB-9530-2E59F908B1B8}" refers to invalid object "C:\PROGRA~1\SITEPL~1\siteplan.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8E808D9A-BDC2-4921-85B0-384055832094}" refers to invalid object "C:\Program Files\SitePlanner\acDcSymbols.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9505E617-3EC4-4197-A0D3-49AE46DAD275}" refers to invalid object "C:\Program Files\SitePlanner\acDcDimstyles.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9E0B8886-3014-4617-91AA-DF4B8D50E77C}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A7371B3E-46D1-48B0-890D-CC9E7E531EDD}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A9141FB9-7A4F-4047-94A2-0A0B1DEF5EBB}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A98ABF1C-107C-44E7-9254-2C3FF435D0C2}" refers to invalid object "C:\PROGRA~1\AIM\sb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B50EB9E2-FC6D-4E25-9492-B5D77F373EE2}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B7800816-BCE4-4228-BD55-2E7A2B0B230A}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BE265956-6F5F-4790-9CAB-EDFAC64362EF}" refers to invalid object "C:\Program Files\AIM\rtvideo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C3F6D44C-AEED-41B2-B68D-92992CB14D6F}" refers to invalid object "C:\Program Files\SitePlanner\achlnkui.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C68A31E5-96B3-466C-910C-0D3CF9D38C16}" refers to invalid object "C:\Program Files\SitePlanner\siteplan.exe /InPlaceServer". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CEBF0161-DD4F-414E-AC4E-F016A572C81D}" refers to invalid object "C:\Program Files\SitePlanner\siteplan.exe /Automation". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D20DE085-1472-4116-82A8-E87FD12E65C7}" refers to invalid object "C:\Program Files\SitePlanner\acmted.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D64E7893-865F-44F0-8F9A-302D225A27E5}" refers to invalid object "C:\Program Files\SitePlanner\acDcTextStyles.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F708D841-35FE-4AD6-A313-A7F5F1037A8A}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F7249706-A296-49F9-A159-7E581E10BE1C}" refers to invalid object "C:\Program Files\SitePlanner\acdim.arx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FBA89159-6A08-4004-B269-D34588429A88}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{0F76B76E-A514-48A0-AED2-C2989897C861}" refers to invalid object "C:\Program Files\SitePlanner\AXAUTO15.TLB". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{0FD95BF0-8321-11D2-B10D-00805F88185D}" refers to invalid object "C:\Program Files\AutoCAD 2000i\express\axrtext.tlb". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{23E164FF-C7FE-4712-9973-4FE9AADA149F}" refers to invalid object "C:\Program Files\SitePlanner\AcDimDynProp.arx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{39DC8E5F-A573-4D58-8A13-6877A3B672EA}" refers to invalid object "C:\PROGRA~1\AIM\sb.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{40B4DD8F-83C1-11D2-B340-0060B0B3B2E6}" refers to invalid object "C:\Program Files\AutoCAD 2000i\express\axctextapp.tlb". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{41600C95-0A19-11D2-B54A-080009D023F9}" refers to invalid object "C:\Program Files\AutoCAD 2000i\shapes.arx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{46D3B6B0-CDC6-11D3-9696-0060B0F00955}" refers to invalid object "acedinetservice.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{719B50E2-44A9-42EF-A351-15D8EEF5D2C0}" refers to invalid object "C:\Program Files\SitePlanner\SITE.TLB". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{79FB6764-A201-11D3-AAA0-00108302FDB2}" refers to invalid object "LiveUpdate.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7AF322C5-AB43-11D4-A00B-0050DA18DE71}" refers to invalid object "C:\DOCUME~1\GENEVI~1\LOCALS~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{89988AA7-41CF-4AA0-853B-977665F71665}" refers to invalid object "C:\Program Files\AIM\rtvideo.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{96039CF0-551B-48DC-9DC4-1D5D1E4AF98E}" refers to invalid object "C:\Program Files\AIM\rtvideo.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{AEBF7961-6BE5-425F-A9F3-93E41B70D158}" refers to invalid object "C:\DOCUME~1\GENEVI~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CEACE91F-3F71-4A8C-B952-63716B2BC026}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Program Files\Messenger\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E7201B9F-CBA8-4D35-BF4E-80288934AD5E}" refers to invalid object "C:\DOCUME~1\GENEVI~1\LOCALS~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E9446806-96E7-11D3-B208-0060B0872C1E}" refers to invalid object "acetransmit.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FD6A6883-D950-4689-98AC-23B5E1035CCD}" refers to invalid object "C:\DOCUME~1\GENEVI~1\LOCALS~1\Temp\Excel8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\bak_auto_file\shell\open\command" refers to invalid object ""C:\Program Files\SitePlanner\siteplan.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\EnterprisePlannerStandardsCheckFile.16\shell\open\command" refers to invalid object ""C:\Program Files\EnterprisePlanner\DwgCheckStandards.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\Messenger.MessengerApp" refers to invalid object "{FB7199AB-79BF-11d2-8D94-0000F875C541}". Action Taken: No Action Taken.
Entry "HKCR\Messenger.MessengerApp.1" refers to invalid object "{FB7199AB-79BF-11d2-8D94-0000F875C541}". Action Taken: No Action Taken.
Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.
Entry "HKCR\PCB123DesignFile.2\shell\open\command" refers to invalid object ""C:\Program Files\PCB123 V2\PCB123.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
Entry "HKCR\PrevAdX.Installer" refers to invalid object "{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\SearchRelevant" refers to invalid object "{1D7E3B41-23CE-469B-BE1B-A64B877923E1}". Action Taken: No Action Taken.
Entry "HKCR\SitePlannerColorDependentPlotStyleTableFile\shell\open\command" refers to invalid object "C:\Program Files\SitePlanner\STYEXE.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\SitePlannerStyleSheetFile\shell\open\command" refers to invalid object "C:\Program Files\SitePlanner\STYEXE.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\SitePlannerTemplate\shell\open\command" refers to invalid object "C:\Program Files\SitePlanner\siteplan.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\WinStatX.Installer" refers to invalid object "{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\53DF899E-F5AF-4D38-90BF-91CA07\E1B48918-0503-4031-83B4-5776C5 tagged as "not-a-virus:AdWare.Win32.WinAD.aa". Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\08EC6AE4-2747-46BE-87B1-A9FCC0\F6147E25-9DBB-44A4-92EC-FA08B9 infected by "Trojan-Clicker.Win32.Agent.dh" Virus! Action Taken: No Action Taken.

Thanks,
Genevieve

#6 alsocom

alsocom

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 12 October 2005 - 11:05 PM

That's not as bad as it looks. :thumbsup:
Most of the items are the orphaned registry entries I mentioned. There are only two bad items and they are already in the Microsoft Antispyware Quarantine folder.

How is the computer behaving now?
If everything is working well, I'll give you some recommendations to better secure the computer.
Alan

#7 EndExploitation

EndExploitation
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 13 October 2005 - 01:36 PM

Everything seems better! The only thing that I still notice is that when I shutdown is takes a good 3-4 minutes to even pop up the menu for restart/log off/shutdown. It doesn't take too long to actually shut down after that though.

Genevieve

#8 alsocom

alsocom

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 22 October 2005 - 04:47 AM

I must apologize for not replying to you sooner. I lost track of this topic. Are you still having the very slow shutdown problem?


Here are the recommendations that were promised.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

1. Right-click My Computer, and then click Properties.
2. On the System Restore tab, put a check mark in the 'Turn Off System Restore' check box.
3. Click OK, and then click Yes.
4. Restart the computer.
5. Repeat steps 1 - 2, this time clearing the box beside 'Turn Off System Restore', click 'OK'.


I suggest that you download these programs to help keep the computer clean:

Spyware Blaster - Blocks bad ActiveX items from installing on your computer. Spyware Blaster runs silently in the background.
ie-spyad - Puts over 12,000 bad URLs into your restricted sites for Internet Explorer.
Google Toolbar - Blocks many unwanted pop-ups in Internet Explorer.
Firefox - 'Safer' alternative to the Internet Explorer web browser.
ZoneAlarm - Free firewall program if you currently are not using one.

Update these regularly.

You may also want to read the following posts to learn how to better secure your computer.
"So how did I get infected in the first place"
"Securing Your PC After An Attack"

Be sure to keep Windows and your Anti-virus updated.
Alan

#9 alsocom

alsocom

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 01 November 2005 - 04:48 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending a PM to a member of the HJT team with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Alan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users