Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt - Revans


  • This topic is locked This topic is locked
23 replies to this topic

#1 Revans

Revans

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 31 October 2005 - 09:21 PM

My machine has been infected with the StartPage-DU.dll virus. I have tried McAfee anti-virus, AdAware, AVG anti-virus & Spybot. I've been reading various solutions from different sites and the virus seems to be gone, but now I can't keep up to all the other viruses & spyware I've been receiving. I believe the Startpage-du.dll is the cause or start to all my problems.

Can anyone help? Thank you very much.

Here is my HJT log file:


Logfile of HijackThis v1.99.1
Scan saved at 8:57:36 PM, on 31/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128993800593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...598/mcfscan.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


m

#2 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:05:57 AM

Posted 02 November 2005 - 07:48 PM

Welcome to BC forum.

Please download the free MWAV antivirus tool from here.
Save it to the desktop and run it. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window.

#3 Revans

Revans
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 02 November 2005 - 09:59 PM

Welcome to BC forum.

Please download the free MWAV antivirus tool from here.
Save it to the desktop and run it. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window.



Virus Log information

Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "unknown toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "clipgenie Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "all-in-one spy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "all-in-one spy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "blank". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MOH.exe" refers to invalid object "blank". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "blank". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "blank". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\USBAudio.CPL" refers to invalid object "blank". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Intel\ProSafe\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\WordPerfect Office 12\DAD\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\WordPerfect Office 12\Programs\Corel Internet Namespace.{C0E10002-0000-0005-C0E1-C0E1C0E1C0E1}\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\WordPerfect Office 12\Programs\PerfectFit Document Management.{C0E10002-0040-0005-C0E1-C0E1C0E1C0E1}\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\WordPerfect Office 12\Programs\QuickFinder Search Results.{C0E10002-000C-0005-C0E1-C0E1C0E1C0E1}\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Jasc Software Inc\Paint Shop Pro Studio\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Jasc Software Inc\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Dell Inc\Dell Picture Studio v3.0\images\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Norton Internet Security\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\VirusDefs\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Norton Internet Security\Norton AntiVirus\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\Album\Filters\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Memories Disc\data\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Memories Disc\hpodcache\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Seagate Software\Enterprise\x86\plugins\desktop\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Seagate Software\Enterprise\x86\plugins\admin\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Seagate Software\logging\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Seagate Software\SSChart\Templates\User Defined\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Seagate Software\Report Designer Component\Cache\". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asp?file=0;124270". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asp?file=0;144014". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asp?file=0;144900". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asp?file=0;145128". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asp?file=0;146950". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asp?file=0;147838". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asp?file=0;148838". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asp?file=0;151498". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asp?file=0;151792". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asp?file=0;151849". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asp?file=0;152532". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asp?file=0;160054". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asp?file=0;163494". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asp?file=0;164841". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iaf". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mp4". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rfa". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "America Online ca". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Connectivity Services". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "GameSpy Arcade". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "HSA". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "McAfee AntiSpyware". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mcafee SecurityCenter". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "RegistryFix_is1". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SE". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SW". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "TValue 5". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ViewpointMediaPlayer". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "YInstHelper". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{101D593A-069E-472C-A7FC-6CDB8ABFE37C}". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{150A5667-2171-4D5C-ABE5-17BA5049BB55}". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{1A304AB8-6587-4997-8829-9BB71740FA65}". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3860F6E7-F4BB-4443-A4D8-AC44396E98EE}". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{438852BE-D270-4B2E-8E8C-DF813E3313EF}". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8B114997-C963-11D3-BBAD-00C04F5996A7}". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-0000-0000-6028747ADE01}". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-A00000000001}". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{BB6F8001-A8C5-41A1-9EE0-E5B245A500AA}". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FA111F3D-A299-438D-A61F-2E8D5138D1D2}". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{5DFFCDFD-FA5F-680F-908A-B5A19E680FA6}" refers to invalid object "C:\WINDOWS\system32\msvo.exe". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{710DB063-A9C1-A3DE-BCDB-7A70963A0125}" refers to invalid object "C:\WINDOWS\system32\mfcpk.exe". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{7B8483B7-1DA4-ABE4-8CBD-535AA01232E2}" refers to invalid object "C:\WINDOWS\javaew.exe". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{B1151A50-5614-AE70-73BB-2709D6EC2002}" refers to invalid object "C:\WINDOWS\mfctu.exe". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{DA3BFB82-DABD-6F9D-52D7-967B7A0B33A4}" refers to invalid object "C:\WINDOWS\system32\msbu32.exe". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{daa873d4-958c-453c-81ca-3fe6f3676a87}" refers to invalid object "C:\WINDOWS\system32:xbaa.dll". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{00A987AE-587B-4343-B826-89F17AB41A03}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\MYCALE~1.DLL". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{06645894-E73C-413B-8704-71823A9C39B5}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\media\cerberus.dll". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{0B54F548-639F-462F-BCDE-9557B8AB378F}" refers to invalid object "C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPPIC~4.DLL". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{155CD3DB-4B43-4CE6-8B51-9AAAB28B2B07}" refers to invalid object "blank". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{16D8D842-6E64-489F-99BB-D6CEF503A74E}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\media\xanthe.dll". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{1B8B281E-F67E-4212-8D3B-C98B8AE18DA4}" refers to invalid object "C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPPIC~1.DLL". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{229B78B8-38F5-11D5-9001-00C04F4C3B9F}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{232E6276-81A8-4C5D-8B2F-D64E3FE453DB}" refers to invalid object "blank". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{296802FE-345A-4CA4-B941-692B8622CC69}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\axtrack.dll". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{2ACBD496-FD2D-43CF-8870-F349AC57307B}" refers to invalid object "blank". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{39DC8E5F-A573-4D58-8A13-6877A3B672EA}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\sb.dll". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{3F8E02B4-6601-41A2-95E7-6BD102935C55}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\media\phobos.dll". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{57B2FD05-64D4-4AD7-A92A-7C32FE50A0F4}" refers to invalid object "C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPUPF.dll". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{64E26A20-8A9E-4B33-9F8D-F3663F13811E}" refers to invalid object "C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPWz.dll". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{6F8CD0F6-243F-4998-9D8B-B416061AC385}" refers to invalid object "blank". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{79C10055-C1B5-4754-AC44-003784AA3A44}" refers to invalid object "C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPPIC~3.DLL". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{8D66A700-5DF0-4706-9ACA-FEB467A7A853}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\media\ares.dll". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{A1CE1F98-0184-45C5-B49D-F6053174EAC7}" refers to invalid object "blank". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{CC491105-58FA-437F-A1CE-CC947B6AFE4F}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\ae.dll". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{DA2FAE70-6518-4700-A264-3500A380F695}" refers to invalid object "C:\Program Files\AOL 9.0\abui.dll". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{DCCAF17F-7581-4C86-9867-56D9405FAC3F}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\media\PATHFI~1.DLL". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{DD3FCE4D-8442-4EFA-A71E-1C131F502F4A}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\SCREEN~1\YGPSCR~1.DLL". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{E2F23A76-EF3B-4F33-B88E-656C015FBE00}" refers to invalid object "blank". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{E3852602-B619-11D6-94EC-00047521F020}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\media\nmpxchat\nmpxchat.dll". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{ECAD18F1-CA65-11D6-8A1B-00E029570A3E}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\sa.dll". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{F699CCA6-432B-4BE6-84BB-B33D7215A4C0}" refers to invalid object "blank". Action Taken: No Action Taken.

Entry "HKCR\ABUI.ABUI.1" refers to invalid object "{61E15DE7-D229-4eb3-A460-40DCDDA60DA7}". Action Taken: No Action Taken.

Entry "HKCR\AOL.MemExpWz" refers to invalid object "{18477169-4752-41DC-AB0F-C50EBA75641D}". Action Taken: No Action Taken.

Entry "HKCR\AOL.MemExpWz.1" refers to invalid object "{18477169-4752-41DC-AB0F-C50EBA75641D}". Action Taken: No Action Taken.

Entry "HKCR\AOL.PicDownloadCtrl" refers to invalid object "{D670D0B3-05AB-4115-9F87-D983EF1AC747}". Action Taken: No Action Taken.

Entry "HKCR\AOL.PicDownloadCtrl.1" refers to invalid object "{D670D0B3-05AB-4115-9F87-D983EF1AC747}". Action Taken: No Action Taken.

Entry "HKCR\AOL.PicEditCtrl" refers to invalid object "{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}". Action Taken: No Action Taken.

Entry "HKCR\AOL.PicEditCtrl.1" refers to invalid object "{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}". Action Taken: No Action Taken.

Entry "HKCR\AOL.PicSsvrCtrl" refers to invalid object "{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}". Action Taken: No Action Taken.

Entry "HKCR\AOL.PicSsvrCtrl.1" refers to invalid object "{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}". Action Taken: No Action Taken.

Entry "HKCR\AOL.UPFCtrl" refers to invalid object "{98BFD494-F6AD-4794-9038-832C0654CC43}". Action Taken: No Action Taken.

Entry "HKCR\AOL.UPFCtrl.1" refers to invalid object "{98BFD494-F6AD-4794-9038-832C0654CC43}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACCalendarDCtrl" refers to invalid object "{63435828-E10D-42d5-8859-C94796B7C22D}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACCalendarDCtrl.4" refers to invalid object "{63435828-E10D-42d5-8859-C94796B7C22D}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACCalendarListCtrl" refers to invalid object "{A8ABE123-FAC4-41c1-ABA3-051B6F112B83}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACCalendarListCtrl.5" refers to invalid object "{A8ABE123-FAC4-41c1-ABA3-051B6F112B83}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACDayBoxViewCtrl" refers to invalid object "{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACDayBoxViewCtrl.5" refers to invalid object "{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACDictionary" refers to invalid object "{9F62797E-1249-4596-9FF7-AC6D851A542A}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACDictionary.5" refers to invalid object "{9F62797E-1249-4596-9FF7-AC6D851A542A}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACEventConflictCtrl" refers to invalid object "{B3E7BCF9-05C8-4233-BA88-37FDA4AD3147}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACEventConflictCtrl.5" refers to invalid object "{B3E7BCF9-05C8-4233-BA88-37FDA4AD3147}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACMonthViewCtrl" refers to invalid object "{0FE9096F-7F7A-4e40-857C-E48A53440DFE}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACMonthViewCtrl.5" refers to invalid object "{0FE9096F-7F7A-4e40-857C-E48A53440DFE}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACMPickerCtrl" refers to invalid object "{DA3C177A-D1DA-47f2-BBF0-E9710CA7253F}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACMPickerCtrl.5" refers to invalid object "{DA3C177A-D1DA-47f2-BBF0-E9710CA7253F}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACToolBarCtrl" refers to invalid object "{F4F30C01-A7B4-492e-943E-58A7CF2D9DD6}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACToolBarCtrl.5" refers to invalid object "{F4F30C01-A7B4-492e-943E-58A7CF2D9DD6}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACTopToolBarCtrl" refers to invalid object "{09E6F477-C3C3-4636-8BFD-2DDB36147FEC}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACTopToolBarCtrl.5" refers to invalid object "{09E6F477-C3C3-4636-8BFD-2DDB36147FEC}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACWebDlgHelper" refers to invalid object "{6AD3B5BD-9A96-4ca2-9455-2034D05EB134}". Action Taken: No Action Taken.

Entry "HKCR\AolCalSvr.ACWebDlgHelper.5" refers to invalid object "{6AD3B5BD-9A96-4ca2-9455-2034D05EB134}". Action Taken: No Action Taken.

Entry "HKCR\Ares.AresPlayer" refers to invalid object "{4E97BE17-3300-4A4F-B380-5988DD771F1F}". Action Taken: No Action Taken.

Entry "HKCR\Ares.AresPlayer.1" refers to invalid object "{4E97BE17-3300-4A4F-B380-5988DD771F1F}". Action Taken: No Action Taken.

Entry "HKCR\AxTrack" refers to invalid object "{5145942E-41DF-4658-B7C4-089F48E84A75}". Action Taken: No Action Taken.

Entry "HKCR\AxTrack.CoAxTrack" refers to invalid object "{B9F3009B-976B-41C4-A992-229DCCF3367C}". Action Taken: No Action Taken.

Entry "HKCR\AxTrack.CoAxTrack.1" refers to invalid object "{B9F3009B-976B-41C4-A992-229DCCF3367C}". Action Taken: No Action Taken.

Entry "HKCR\AxTrack.CoAxTrackMk" refers to invalid object "{5145942E-41DF-4658-B7C4-089F48E84A75}". Action Taken: No Action Taken.

Entry "HKCR\AxTrack.CoAxTrackMk.1" refers to invalid object "{5145942E-41DF-4658-B7C4-089F48E84A75}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControl.CddbTrackManager" refers to invalid object "{00014C0D-B007-4448-B89B-4EC3E857961D}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControl.CddbTrackManager.1" refers to invalid object "{00014C0D-B007-4448-B89B-4EC3E857961D}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CDDBAOLControl.1" refers to invalid object "{229b78d5-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CDDBControl" refers to invalid object "{229b78d5-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbCredit" refers to invalid object "{229b78e2-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbCredit.1" refers to invalid object "{229b78e2-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbDisc" refers to invalid object "{229b78d5-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbDisc.1" refers to invalid object "{229b78d5-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbFullName.1" refers to invalid object "{229b78e1-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbID3Tag" refers to invalid object "{bc8a96c6-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbID3Tag.1" refers to invalid object "{bc8a96c6-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbID3TagManager" refers to invalid object "{bc8a96c5-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbID3TagManager.1" refers to invalid object "{bc8a96c5-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbInfoWindow" refers to invalid object "{bc8a96c7-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbInfoWindow.1" refers to invalid object "{bc8a96c7-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbSegment" refers to invalid object "{229b78df-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbSegment.1" refers to invalid object "{229b78df-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbUIOptions" refers to invalid object "{bc8a96c8-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbUIOptions.1" refers to invalid object "{bc8a96c8-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbURL" refers to invalid object "{229b78e0-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbURL.1" refers to invalid object "{229b78e0-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbURLManager" refers to invalid object "{bc8a96c4-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.CddbURLManager.1" refers to invalid object "{bc8a96c4-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\CDDBControlAOL.FullName" refers to invalid object "{229b78e1-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Entry "HKCR\Cerberus.CerberusCDPlayer" refers to invalid object "{5788DAE8-4B72-4BE6-89A0-1E6123E4CBC2}". Action Taken: No Action Taken.

Entry "HKCR\Cerberus.CerberusCDPlayer.1" refers to invalid object "{5788DAE8-4B72-4BE6-89A0-1E6123E4CBC2}". Action Taken: No Action Taken.

Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.

Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.

Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.

Entry "HKCR\FE.FlashEngine" refers to invalid object "{2BAE89B0-68EF-4fab-AFF7-1E486D93F9EB}". Action Taken: No Action Taken.

Entry "HKCR\FE.FlashEngine.1" refers to invalid object "{2BAE89B0-68EF-4fab-AFF7-1E486D93F9EB}". Action Taken: No Action Taken.

Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.

Entry "HKCR\Pathfinder.PathfinderDownload" refers to invalid object "{1167C47F-01F9-4C08-8564-1D6C9BAAFB60}". Action Taken: No Action Taken.

Entry "HKCR\Pathfinder.PathfinderDownload.1" refers to invalid object "{1167C47F-01F9-4C08-8564-1D6C9BAAFB60}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Engine_Ares" refers to invalid object "{E981D791-F499-4837-A483-5AB22F1C548F}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Engine_Ares.1" refers to invalid object "{E981D791-F499-4837-A483-5AB22F1C548F}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Engine_Cerberus" refers to invalid object "{EB511AE4-87FE-4EFB-91A3-428B2F2601F7}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Engine_Cerberus.1" refers to invalid object "{EB511AE4-87FE-4EFB-91A3-428B2F2601F7}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Engine_QuickTime" refers to invalid object "{57C368A7-F2E9-48C6-B0E2-C201751383C1}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Engine_QuickTime.1" refers to invalid object "{57C368A7-F2E9-48C6-B0E2-C201751383C1}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Engine_Real" refers to invalid object "{205D2DFB-BBAD-4DC4-A0BB-CDA12A1639CE}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Engine_Real.1" refers to invalid object "{205D2DFB-BBAD-4DC4-A0BB-CDA12A1639CE}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Engine_Winamp" refers to invalid object "{AED456C4-4866-4420-863F-35767EBED514}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Engine_Winamp.1" refers to invalid object "{AED456C4-4866-4420-863F-35767EBED514}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Engine_WMP" refers to invalid object "{D465B936-C361-4417-9AC5-35167066F84B}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Engine_WMP.1" refers to invalid object "{D465B936-C361-4417-9AC5-35167066F84B}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Phobos" refers to invalid object "{D9F99C6B-A3A6-11D4-AF64-444553546170}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Phobos.1" refers to invalid object "{D9F99C6B-A3A6-11D4-AF64-444553546170}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Player" refers to invalid object "{7C9688C3-7279-474D-ABA5-A632373D2CDB}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Player.1" refers to invalid object "{7C9688C3-7279-474D-ABA5-A632373D2CDB}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Playlist" refers to invalid object "{A105BD70-BF56-4D10-BC91-41C88321F47C}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Playlist.1" refers to invalid object "{A105BD70-BF56-4D10-BC91-41C88321F47C}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.SupportedType" refers to invalid object "{639A19DD-1D97-4A6E-A0D1-01E04FED563F}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.SupportedType.1" refers to invalid object "{639A19DD-1D97-4A6E-A0D1-01E04FED563F}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Track" refers to invalid object "{B4F80028-5714-4B7B-B9B1-5748B204799A}". Action Taken: No Action Taken.

Entry "HKCR\Phobos.Track.1" refers to invalid object "{B4F80028-5714-4B7B-B9B1-5748B204799A}". Action Taken: No Action Taken.

Entry "HKCR\SA.DataCache" refers to invalid object "{10F34E64-BBB2-11D6-8A17-00E029570A3E}". Action Taken: No Action Taken.

Entry "HKCR\SA.DataCache.1" refers to invalid object "{10F34E64-BBB2-11D6-8A17-00E029570A3E}". Action Taken: No Action Taken.

Entry "HKCR\SA.SATBMgr" refers to invalid object "{8AB5F344-B600-11D6-8A15-00E029570A3E}". Action Taken: No Action Taken.

Entry "HKCR\SA.SATBMgr.1" refers to invalid object "{8AB5F344-B600-11D6-8A15-00E029570A3E}". Action Taken: No Action Taken.

Entry "HKCR\Sb.SuperBuddy" refers to invalid object "{189504B8-50D1-4AA8-B4D6-95C8F58A6414}". Action Taken: No Action Taken.

Entry "HKCR\Sb.SuperBuddy.1" refers to invalid object "{189504B8-50D1-4AA8-B4D6-95C8F58A6414}". Action Taken: No Action Taken.

Entry "HKCR\Sb.SuperBuddyData" refers to invalid object "{A98ABF1C-107C-44E7-9254-2C3FF435D0C2}". Action Taken: No Action Taken.

Entry "HKCR\Sb.SuperBuddyData.1" refers to invalid object "{A98ABF1C-107C-44E7-9254-2C3FF435D0C2}". Action Taken: No Action Taken.

Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.

Entry "HKCR\WinAmpXChat.IWinAmpActiveXChat" refers to invalid object "{E3852604-B619-11d6-94EC-00047521F020}". Action Taken: No Action Taken.

Entry "HKCR\WinAmpXChat.IWinAmpActiveXChat.1" refers to invalid object "{E3852604-B619-11d6-94EC-00047521F020}". Action Taken: No Action Taken.

Entry "HKCR\Xanthe.XantheQuickTimePlayer" refers to invalid object "{1CB749C0-81EC-484E-B82C-ADD141FC6415}". Action Taken: No Action Taken.

Entry "HKCR\Xanthe.XantheQuickTimePlayer.1" refers to invalid object "{1CB749C0-81EC-484E-B82C-ADD141FC6415}". Action Taken: No Action Taken.

Entry "HKCR\YGPPicInfo.IImageInfo" refers to invalid object "{AD41621C-A2DD-487D-A24B-8BE40116A5A3}". Action Taken: No Action Taken.

Entry "HKCR\YGPPicInfo.IImageInfo.1" refers to invalid object "{AD41621C-A2DD-487D-A24B-8BE40116A5A3}". Action Taken: No Action Taken.

Entry "HKCR\YGPPicInfo.PictureInfo" refers to invalid object "{943742F6-3A40-43FF-97F4-A1750D97B200}". Action Taken: No Action Taken.

Entry "HKCR\YGPPicInfo.PictureInfo.1" refers to invalid object "{943742F6-3A40-43FF-97F4-A1750D97B200}". Action Taken: No Action Taken.

Entry "HKCR\YGPPicInfo.PictureInfos" refers to invalid object "{84CBABC2-D3BE-4EEF-8394-121FAC215CEF}". Action Taken: No Action Taken.

Entry "HKCR\YGPPicInfo.PictureInfos.1" refers to invalid object "{84CBABC2-D3BE-4EEF-8394-121FAC215CEF}". Action Taken: No Action Taken.

#4 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:05:57 AM

Posted 02 November 2005 - 10:57 PM

Next, download CleanUp 4.0, install and run it. Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Download CleanUp 4.0, install and run it. This program will clean out all your temporary internet files.

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

When Spy Sweeper has updated, reboot to safe mode.

Boot into Safe Mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Open Spy Sweeper and click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove to remove any items found. Save the log.

Exit Spy Sweeper.

Reboot to normal mode and post the results from Spy Sweeper along with a new Hijack This log.

#5 Revans

Revans
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 05 November 2005 - 10:58 AM

Here are my new log's. Please note that I was unable to run "Spy Sweep" in safe mode, So I ran it in normal mode.

Logfile of HijackThis v1.99.1
Scan saved at 10:52:41 AM, on 05/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128993800593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...598/mcfscan.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


********
10:39 AM: | Start of Session, November 5, 2005 |
10:39 AM: Spy Sweeper started
10:39 AM: Sweep initiated using definitions version 567
10:39 AM: Starting Memory Sweep
10:41 AM: Memory Sweep Complete, Elapsed Time: 00:02:38
10:41 AM: Starting Registry Sweep
10:41 AM: Found Adware: cws-aboutblank
10:41 AM: HKCR\clsid\{5a3e5c8d-f226-ccf0-347e-3ab510c1a210}\ (33 subtraces) (ID = 113030)
10:41 AM: HKLM\software\classes\clsid\{5a3e5c8d-f226-ccf0-347e-3ab510c1a210}\ (33 subtraces) (ID = 114612)
10:41 AM: Found Adware: cws_ns3
10:41 AM: HKCR\clsid\{69a88c5e-04e5-741d-6ca2-9cb5374eb263}\ (2 subtraces) (ID = 118242)
10:41 AM: HKCR\clsid\{c74df792-dd4b-4b33-4d25-bb3e8a211bb3}\ (2 subtraces) (ID = 118996)
10:41 AM: HKLM\software\classes\clsid\{69a88c5e-04e5-741d-6ca2-9cb5374eb263}\ (2 subtraces) (ID = 120099)
10:41 AM: HKLM\software\classes\clsid\{c74df792-dd4b-4b33-4d25-bb3e8a211bb3}\ (2 subtraces) (ID = 120833)
10:41 AM: Found Adware: cws_tiny0
10:41 AM: HKCR\clsid\{286ece71-3f17-089b-f6bd-0e16d255ae8a}\ (2 subtraces) (ID = 123907)
10:41 AM: Registry Sweep Complete, Elapsed Time:00:00:16
10:42 AM: Starting Cookie Sweep
10:42 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:42 AM: Starting File Sweep
10:48 AM: File Sweep Complete, Elapsed Time: 00:06:23
10:48 AM: Full Sweep has completed. Elapsed time 00:09:21
10:48 AM: Traces Found: 83
10:50 AM: Removal process initiated
10:50 AM: Quarantining All Traces: cws_ns3
10:50 AM: Quarantining All Traces: cws-aboutblank
10:50 AM: Quarantining All Traces: cws_tiny0
10:51 AM: Removal process completed. Elapsed time 00:00:34
********
10:30 AM: | Start of Session, November 5, 2005 |
10:30 AM: Spy Sweeper started
10:31 AM: Your spyware definitions have been updated.

#6 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:05:57 AM

Posted 05 November 2005 - 12:23 PM

I notice that you are using more than one antivirus program. This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you either (1) configure only one antivirus program to enable automatic realtime scanning, and leave the rest disabled most of the time, or (2) go to Start -> Control Panel -> Add/Remove Programs and uninstall all but one antivirus program.

Restart your computer. Then, please run the Housecall online virus scan located at:
http://housecall.trendmicro.com/housecall/start_corp.asp
Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system.
When the scan is finished, please restart your computer.

Then please run the Panda scan here:
Active Scan Choose to "Disinfect automatically," and follow the prompts. Delete any viruses found, and restart your computer.
Have it delete anything it finds and post the scan report along with a new Hijack This log.

Finally, please run the WindowSecurity trojan scan here:
http://www.windowsecurity.com/trojanscan/
Remove any trojans found, and restart your computer.

Then, post another Hijack This log and let me know if you have difficulty with any of the scans.

What kind of error message did you get when you tried to Spy Sweeper in Safe Mode?

#7 Revans

Revans
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 06 November 2005 - 09:49 AM

I tried the Housecall, Panda & WindowSecurity scan's with no viruses found. I also did not have the option to save the log files.

For Spy sweeper - the error I received in safe mode was "Authentication failure during install" then suggested reinstall but it work fine in normal mode????

here is my new log file

Thanks

Revans


Logfile of HijackThis v1.99.1
Scan saved at 9:43:26 AM, on 06/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128993800593
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...598/mcfscan.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#8 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:05:57 AM

Posted 06 November 2005 - 03:17 PM

I would like for you to uninstall Spy Sweeper and re-install it. It is important that it runs in safe mode. So, please do that and run it again, restart your computer in normal mode and post the report along with a new Hijack This log.

#9 Revans

Revans
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 06 November 2005 - 08:57 PM

Ok I got spy sweeper to work properly, logs attached

Thanks

8:27 PM: | Start of Session, November 6, 2005 |
8:27 PM: Spy Sweeper started
8:27 PM: Sweep initiated using definitions version 567
8:27 PM: Starting Memory Sweep
8:28 PM: Memory Sweep Complete, Elapsed Time: 00:01:04
8:28 PM: Starting Registry Sweep
8:29 PM: Registry Sweep Complete, Elapsed Time:00:00:22
8:29 PM: Starting Cookie Sweep
8:29 PM: Found Spy Cookie: centrport net cookie
8:29 PM: roy evans@centrport[2].txt (ID = 2374)
8:29 PM: Found Spy Cookie: questionmarket cookie
8:29 PM: roy evans@questionmarket[1].txt (ID = 3217)
8:29 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
8:29 PM: Starting File Sweep
8:34 PM: File Sweep Complete, Elapsed Time: 00:05:48
8:34 PM: Full Sweep has completed. Elapsed time 00:07:22
8:34 PM: Traces Found: 2
8:47 PM: Removal process initiated
8:47 PM: Quarantining All Traces: centrport net cookie
8:47 PM: Quarantining All Traces: questionmarket cookie
8:47 PM: Removal process completed. Elapsed time 00:00:01
8:48 PM: Deletion from quarantine initiated
8:48 PM: Processing: centrport net cookie
8:48 PM: Processing: cws_ns3
8:48 PM: Processing: cws_tiny0
8:48 PM: Processing: cws-aboutblank
8:48 PM: Processing: questionmarket cookie
8:48 PM: Deletion from quarantine completed. Elapsed time 00:00:00





Logfile of HijackThis v1.99.1
Scan saved at 8:54:54 PM, on 06/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128993800593
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...598/mcfscan.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#10 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:05:57 AM

Posted 06 November 2005 - 10:11 PM

How is everything running now?

#11 Revans

Revans
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 07 November 2005 - 08:50 PM

I just ran AD-Aware and still had a few spyware files on my computer.

When I run my virus software, I get zero viruses detected. Which is good, but it has not really helped me in the past. I find it only detects the most common viruses.

Revans

#12 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:05:57 AM

Posted 08 November 2005 - 09:49 AM

Please download SilentRunners from here: http://www.silentrunners.org/Silent%20Runners.zip
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. Please post the entire contents of this logfile for me to see.

#13 Revans

Revans
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 08 November 2005 - 09:51 PM

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"DellSupport" = ""C:\Program Files\Dell Support\DSAgnt.exe" /startup" ["Gteko Ltd."]
"Start WingMan Profiler" = (empty string)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."]
"RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"MMTray" = ""C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"" ["Musicmatch, Inc."]
"Share-to-Web Namespace Daemon" = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"]
"VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" ["McAfee, Inc."]
"VirusScan Online" = ""c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" ["McAfee, Inc."]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"MCUpdateExe" = "c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" ["McAfee, Inc"]
"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]
"_AntiSpyware" = "c:\progra~1\mcafee\MCAFEE~1\MssCli.exe" ["McAfee, Inc."]
"MimBoot" = "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" ["Musicmatch, Inc."]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray" ["Webroot Software, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "DriveLetterAccess" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Share-to-Web Upload Folder"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}" = "McAfee AntiSpyware Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "c:\progra~1\mcafee\MCAFEE~1\mssshell.dll" ["McAfee, Inc."]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{F2A0229A-C4CA-4789-B606-973D24DCDD1C}" = "McAfee AntiSpyware Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "c:\progra~1\mcafee\MCAFEE~1\mssshell.dll" ["McAfee, Inc."]
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e" [file not found], [MS], [file not found], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Roy Evans\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\SS3DFO.SCR" [MS]


Startup items in "Roy Evans" & "All Users" startup folders:
-----------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"McAfee AntiSpyware" -> launches: "c:\progra~1\mcafee\MCAFEE~1\mcspy.exe /cmd:Schedule" ["McAfee, Inc."]
"McAfee.com Scan for Viruses - My Computer (1) (EVANS-Roy Evans)" -> launches: "c:\program files\mcafee.com\vso\mcmnhdlr.exe /runtask:1" ["McAfee, Inc."]
"McAfee.com Scan for Viruses - My Computer (EVANS-Roy Evans)" -> launches: "c:\program files\mcafee.com\vso\mcmnhdlr.exe /runtask:0" ["McAfee, Inc."]
"McAfee.com Update Check (EVANS-Roy Evans)" -> launches: "C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe /Schedule" ["McAfee, Inc"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"
-> {CLSID}\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

#14 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:05:57 AM

Posted 09 November 2005 - 10:03 AM

Download and save blacklight to your desktop. Doubleclick blbeta.exe, accept
the agreement, leave [X]scan through Windows Explorer checked, click scan >
next.

http://www.f-secure.com/blacklight/try.shtml

You'll see a list of all the items it found. There will also be a log on
your desktop with the name fsbl.xxxxxxx.log (where xxxxxxx represents
numbers) The application finds both bad files and legitimate files such as "wbemtest.
exe", so don't choose the rename option yet! Copy and paste the log it
generated in your next reply.

Post another hijack this and the blacklight log!

#15 Revans

Revans
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 09 November 2005 - 08:21 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:19:05 PM, on 09/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Dell Support\DSAgnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128993800593
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...598/mcfscan.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

11/09/05 20:17:33 [Info]: BlackLight Engine 1.0.25 initialized
11/09/05 20:17:33 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/09/05 20:17:33 [Note]: 4019 4
11/09/05 20:17:33 [Note]: 4005 0
11/09/05 20:17:35 [Note]: 4006 0
11/09/05 20:17:36 [Note]: 4011 1048
11/09/05 20:17:36 [Note]: FSRAW library version 1.7.1013
11/09/05 20:18:26 [Note]: 4007 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users