Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer...really Annoying


  • Please log in to reply
12 replies to this topic

#1 PanakAttack

PanakAttack

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 02 November 2005 - 07:06 PM

My computer is acting up again...do I need a clean up?


Logfile of HijackThis v1.99.1
Scan saved at 7:04:07 PM, on 11/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\Spyware Programs\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.com/teleport/hotdate/MaxisHotDateTeleX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124485343359
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F1A616D-597E-4FDB-A543-E5E668DB373B}: NameServer = 71.242.0.12 151.197.0.38
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:03:19 PM

Posted 03 November 2005 - 10:23 AM

Welcome to the forum.

Please download the free MWAV antivirus tool from here.
Save it to the desktop and run it. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window.

Edited by viccy, 03 November 2005 - 10:23 AM.


#3 PanakAttack

PanakAttack
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 03 November 2005 - 09:46 PM

Object "network1.popups Adware" found in File System! Action Taken: No Action Taken.
Object "addestroyer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "network1.popups Adware" found in File System! Action Taken: No Action Taken.
Object "network1.popups Adware" found in File System! Action Taken: No Action Taken.
Object "network1.popups Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "surfsidekick Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "delfin media viewer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "imesh Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "surfsidekick Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "abetterinternet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bargainbuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "weatherbug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "inetspeak Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "unknown toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "unknown toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor.topicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "delfin media viewer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "startsurfing Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ActiveX.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaAccX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\mm63.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinServAdX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\system32\objsafe.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinServAdX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\Install.wse.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\config.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\templates.zip". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaAccX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\objsafe.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\mm63.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\m67m.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ActiveX.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\AOL\AOL Toolbar\bullet.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bantam.dll" refers to invalid object "bantam.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bdeadmin.hlp" refers to invalid object "bdeadmin.hlp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\blw32.dll" refers to invalid object "blw32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\disp.dll" refers to invalid object "disp.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idapi32.dll" refers to invalid object "idapi32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idasci32.dll" refers to invalid object "idasci32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idbat32.dll" refers to invalid object "idbat32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idda3532.dll" refers to invalid object "idda3532.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddao32.dll" refers to invalid object "iddao32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddbas32.dll" refers to invalid object "iddbas32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddr32.dll" refers to invalid object "iddr32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idodbc32.dll" refers to invalid object "idodbc32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idpdx32.dll" refers to invalid object "idpdx32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idqbe32.dll" refers to invalid object "idqbe32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idr20009.dll" refers to invalid object "idr20009.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idsql32.dll" refers to invalid object "idsql32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\None" refers to invalid object "C:\Program Files\Broadcom\DrvInst\Broadcom Driver Installer". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Park2000" refers to invalid object "C:\Program Files\Bullfrog\SimCoaster\Park2000". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SoundMAX" refers to invalid object "C:\Program Files\Analog Devices\SoundMAX\SoundMAX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\sqlint32.dll" refers to invalid object "sqlint32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\WMPLYR\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\VSRCPLIN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\DELLCUSTOM\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\AUDP\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\AUSTRM\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\CDBURNING\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\RMJPLN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\CDEXTRACT\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\CDINFO\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\CDROMS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\COMMON\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\DATACACHE\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\DEVICES\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\FIRSTRUN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\DTDRPLINDIR\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\EPLUGINS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\FAUST\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\FFTRANSCDIR\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\FIRSTRUN_LOCALGUIDE\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\FLASH\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\FREE\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\GEMSETUP\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\GEMXMLBIN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\HOWTO\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\HOWTOHANDLER\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\JSCRIPT\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\MinAim\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\MINHELP\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\MP3\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\MP3PL\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\MP3PLN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\MSGIMG\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\MSGROOT\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\MSGUI\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\MULTICST\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\PDBURNDEVICEINI\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\PDBURNENGINE\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\PDBURNPLUGINS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\PDBURNRPPLUGINS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\PDBURNSUPPORT\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\PDMGR\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\PLAYER\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\PLAYERPLUGINS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\PLAYERPLUGOCX\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\PLAYERUNINST\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\PLINS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\PLSHARED\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\PLUS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\RACODECS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\RJBRES\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\RJBVIZ\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\RJDLG\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\RJMPMED\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\RJMPZIP\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\RMXPLN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\RNADMIN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\RTPLINS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\RV9CODECS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\RVCODECS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\SECURITY\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\SKINS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\TDWNMGR\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\TEMPLATES\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\TFILESYS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\UI\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\UPDATE\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\VIDP\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\VIZ\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Real\RealOne Player\Setup\VMPG\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary File Cache\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".aac". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bk1". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bk2". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bk3". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bk4". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cfg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".enu". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MSW". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ptn". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sdp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".soe". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AdBehavior". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DivX Player". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{0552A36D-0D7E-4FF5-8FDB-6629ABA7C779}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833987". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840987". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841356". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841533". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB873376". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB889293-IE6SP1-20041111.235619". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuickTime". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "salm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WeatherBug". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WildTangent CDA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WinDH". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{032B93E8-D9A1-48D2-AA51-D057ABBA9E52}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{106E7A1C-22DA-42D7-8E74-37772A9C89FB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{438852BE-D270-4B2E-8E8C-DF813E3313EF}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{66D08203-FB46-4D27-A609-FFE9A77FAA1F}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600137}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600205}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314B00527}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C602034B-0E04-4A4C-994B-9BE7AEFF5931}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EDCD4CE3-DE92-49A9-87F9-FE09B2FBA16C}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EE9B31BB-1958-48CB-A298-57E3BE72FF2B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F891AAF3-DE9F-4445-85CF-6E41261A7F5A}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{045ED51A-6095-11D3-9F67-000000000000}" refers to invalid object "C:\PROGRA~1\COMMON~1\ESRI\MAPOBJ~1.0\MOLT20.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0A1F80CF-9273-C95D-027A-BEFE8FE6C71A}" refers to invalid object "C:\WINDOWS\system32\dwkeq\ulqjwgrr.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0A346871-C8AA-4D8D-B665-4906C9BF371C}" refers to invalid object "C:\Program Files\AVSMedia\VideoConverter3\NCTVideoCompress.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0A99FD75-B264-48FC-AE49-924A646964B8}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\AOLTOO~1\smartbox.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0E5161C0-9325-E514-3CB9-EEE9FAE585E1}" refers to invalid object "C:\WINDOWS\system32\tkqq\gsxmwl.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1165B92F-AB41-A71A-683C-A54F9D92F83D}" refers to invalid object "C:\WINDOWS\system32\nrsbbi\obueoqso.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{12F0432F-1314-DF88-6BE3-A4409B32B9C3}" refers to invalid object "C:\WINDOWS\system32\bakbg\ofcbooc.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B438804-AB71-AB0C-B41D-7DB6F2E5F6DC}" refers to invalid object "C:\WINDOWS\system32\kste\rsom.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1BB7BC0A-57E8-108E-EE0A-ADEE5706592C}" refers to invalid object "C:\WINDOWS\system32\nhpmknh\lsvofcqh.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1F4AEBC2-AF4D-6532-8978-2C71ADF76BD1}" refers to invalid object "C:\WINDOWS\system32\jbbeby\gtkrt.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{21B98DFC-CAB0-9057-AE74-98CA44351ABD}" refers to invalid object "C:\WINDOWS\system32\kdqkpk\vhrxqoc.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{297A946B-7DFC-5EC7-511A-84492B773FD6}" refers to invalid object "C:\WINDOWS\system32\itfhk\wjgrd.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2CA511C5-C677-4e33-A018-EADF07E08299}" refers to invalid object "C:\PROGRA~1\FUNBAR~1\funbar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{33923487-B058-1DB5-3588-DD5FA4471C28}" refers to invalid object "C:\WINDOWS\system32\auqcsu\osuhsf.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{35369238-BD52-4B1F-925A-276A3064A02D}" refers to invalid object "C:\WINDOWS\System32\ukwex.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{35B583A5-9796-F64F-5776-8DC7C38F67BA}" refers to invalid object "C:\WINDOWS\system32\mbepuo\orxkd.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{371BC196-A5F8-1C4B-CD4C-D17749FEFFC8}" refers to invalid object "C:\WINDOWS\system32\bvhfdvn\mlphhdd.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{373BE6FA-F75D-6FE5-6203-D0C98DB25AAA}" refers to invalid object "C:\WINDOWS\system32\iqgx\rkve.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3ED54087-1700-4947-9722-B11D5DCD3A82}" refers to invalid object "C:\PROGRA~1\HEWLET~1\MEMORI~1\hpodlog.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{40D41A8B-D79B-43d7-99A7-9EE0F344C385}" refers to invalid object "C:\Program Files\AIM Toolbar\AIMBar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{410BA3F7-3CCF-8A53-505A-68C8EBDFCDC7}" refers to invalid object "C:\WINDOWS\system32\kxoschw\yohrssry.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{41943F8B-42FB-4638-5123-EC7E50EF2801}" refers to invalid object "C:\WINDOWS\system32\vyhopkrw\nmiifyto.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{45BACEB7-EDD0-95D5-27B6-9212DBF0F334}" refers to invalid object "C:\WINDOWS\system32\dhcdx\coejfyw.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4A76001B-6470-93C1-04A6-ED4F6535DEEB}" refers to invalid object "C:\WINDOWS\system32\thvktt\gckuhiom.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{51199831-E5A6-F20C-36B8-B150B5770D56}" refers to invalid object "C:\WINDOWS\system32\uvnwxp\bjpnljoo.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5EFDCA3B-441B-404B-D8BE-F795E3DF3EB2}" refers to invalid object "C:\WINDOWS\system32\jeadq\tlnhj.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{61EBF2FF-7755-E03B-8561-F1A101B8ABB1}" refers to invalid object "C:\WINDOWS\system32\clhgh\bisgov.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{64600511-B15B-22FD-572D-BCB969219820}" refers to invalid object "C:\WINDOWS\ZServ.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{660B82AF-A571-4A19-AC54-5E6E63969676}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\AOLTOO~1\smartbox.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{683E3CB8-7A38-1D32-FD2D-C64A153E7BA4}" refers to invalid object "C:\WINDOWS\system32\llrrocdx\gpobsw.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6B097A92-7C7D-6014-C9C6-48A15758DB55}" refers to invalid object "C:\WINDOWS\system32\nltvoll\pufamyj.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\m67m.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{73D5EE32-8BCF-8292-0DE0-A35220A04A5E}" refers to invalid object "C:\WINDOWS\system32\dgadncag\kjcfgyb.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{755CF0A5-7CD4-11D3-9F75-00C04F796AAD}" refers to invalid object "C:\PROGRA~1\COMMON~1\ESRI\MAPOBJ~1.0\MOLT20.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{755CF0A7-7CD4-11D3-9F75-00C04F796AAD}" refers to invalid object "C:\PROGRA~1\COMMON~1\ESRI\MAPOBJ~1.0\MOLT20.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{755CF0A9-7CD4-11D3-9F75-00C04F796AAD}" refers to invalid object "C:\PROGRA~1\COMMON~1\ESRI\MAPOBJ~1.0\MOLT20.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{755CF0AD-7CD4-11D3-9F75-00C04F796AAD}" refers to invalid object "C:\PROGRA~1\COMMON~1\ESRI\MAPOBJ~1.0\MOLT20.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{755CF0AF-7CD4-11D3-9F75-00C04F796AAD}" refers to invalid object "C:\PROGRA~1\COMMON~1\ESRI\MAPOBJ~1.0\MOLT20.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{755CF0B1-7CD4-11D3-9F75-00C04F796AAD}" refers to invalid object "C:\PROGRA~1\COMMON~1\ESRI\MAPOBJ~1.0\MOLT20.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{755CF0B4-7CD4-11D3-9F75-00C04F796AAD}" refers to invalid object "C:\PROGRA~1\COMMON~1\ESRI\MAPOBJ~1.0\MOLT20.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{755CF0B6-7CD4-11D3-9F75-00C04F796AAD}" refers to invalid object "C:\PROGRA~1\COMMON~1\ESRI\MAPOBJ~1.0\MOLT20.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{755CF0BF-7CD4-11D3-9F75-00C04F796AAD}" refers to invalid object "C:\PROGRA~1\COMMON~1\ESRI\MAPOBJ~1.0\MOLT20.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{755CF0C1-7CD4-11D3-9F75-00C04F796AAD}" refers to invalid object "C:\PROGRA~1\COMMON~1\ESRI\MAPOBJ~1.0\MOLT20.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{75F8104B-4EA9-2A66-4F0D-1222DC386C5B}" refers to invalid object "C:\WINDOWS\system32\pknaiqs\mbistgyv.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78FB91D6-84C9-260C-412A-D77E5F584C40}" refers to invalid object "C:\WINDOWS\system32\wvungxr\toxg.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7B1D2334-167D-6D57-ADB2-94397F8BB476}" refers to invalid object "C:\WINDOWS\system32\smim\tniekj.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{844E71B2-EB95-EB77-75C4-665D41D960E7}" refers to invalid object "C:\WINDOWS\system32\geblu\crdj.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{886400EE-867A-3A14-4B57-1CF1CCEA3B1A}" refers to invalid object "C:\WINDOWS\system32\lodnpqfx\rejom.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{890F1ED4-6E97-4FD7-98C6-1C2D0C4D6D25}" refers to invalid object "C:\PROGRA~1\VIDEOR~1\VIDEOR~1.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8D5227B0-1475-11CF-B3A0-A1B057B7D2EA}" refers to invalid object "C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9188CB17-0EC6-FE64-7BB0-F58F9513B05F}" refers to invalid object "C:\WINDOWS\system32\efxgm\wcgqrjq.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{966A8AD1-1529-25FD-CB2E-E6FF3F697778}" refers to invalid object "C:\WINDOWS\system32\yawnnf\khwydj.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9775A9D5-B306-F010-E95B-A214BCFA6D00}" refers to invalid object "C:\WINDOWS\system32\fsrsnt\rmfqfil.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9824EE63-01DC-11D0-9BEA-00A0246FD2EF}" refers to invalid object "C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A262D789-C628-10D5-B4C3-FCDA386349A8}" refers to invalid object "C:\WINDOWS\system32\ydsr\lmkqo.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A2E89C3A-6D78-1141-D356-C9D33BE8DFD4}" refers to invalid object "C:\WINDOWS\system32\vmugn\quil.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A40136B0-C2DB-4E27-6726-E684AA8E6318}" refers to invalid object "C:\WINDOWS\system32\gpmi\ygeahf.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ABC866D9-7C46-11D3-9F75-00C04F796AAD}" refers to invalid object "C:\PROGRA~1\COMMON~1\ESRI\MAPOBJ~1.0\MOLT20.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ABC866DB-7C46-11D3-9F75-00C04F796AAD}" refers to invalid object "C:\PROGRA~1\COMMON~1\ESRI\MAPOBJ~1.0\MOLT20.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ABC866DF-7C46-11D3-9F75-00C04F796AAD}" refers to invalid object "C:\PROGRA~1\COMMON~1\ESRI\MAPOBJ~1.0\MOLT20.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ABE87EEF-13D2-B271-11CE-40290628B38A}" refers to invalid object "C:\WINDOWS\system32\efjlbjyi\hhtv.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AE12E3E7-8043-4561-89FA-6F363D5B6122}" refers to invalid object "C:\WINDOWS\System32\ecljx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AE4C485D-2B43-C138-EE30-4636BD527E75}" refers to invalid object "C:\WINDOWS\system32\aoqlypm\brhjj.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B292D2F0-C6F5-EA32-FC6B-C2B94084156D}" refers to invalid object "C:\WINDOWS\system32\utlduva\cfrbnly.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\actsetup.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BDECD0A3-5CD6-FA21-5AF2-2918870B56FB}" refers to invalid object "C:\WINDOWS\system32\ehljhra\qoxryo.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5E6458A-5380-9832-8A3A-200272A1C118}" refers to invalid object "C:\WINDOWS\system32\itmbu\vqrrgb.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C7DCB204-E3AD-6839-ED00-B06929EC24FA}" refers to invalid object "C:\WINDOWS\system32\spnljl\qurxr.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D2112AFF-FF73-C3C1-0608-F58F37C3C091}" refers to invalid object "C:\WINDOWS\system32\ywyh\ppdtni.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D4CED948-FBF9-2E21-6564-4F3621EC95E5}" refers to invalid object "C:\WINDOWS\system32\obhlcwn\cpvlpls.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}" refers to invalid object "C:\WINDOWS\system32\SWLAD1.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D80D7AD3-BE4E-7B4F-CA69-230F661C1146}" refers to invalid object "C:\WINDOWS\system32\wjgg\ambuardh.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE7CB360-F635-449D-BBB1-0D844F2A269D}" refers to invalid object "C:\Program Files\Common Files\AOL\AOL Toolbar\AOLHelper.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4618F6F-0C5E-770C-A9AB-57985804B7E2}" refers to invalid object "C:\WINDOWS\system32\ltqcm\jaixcytw.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F481A4C3-5EB3-CAA6-4E62-56EA9CC812C4}" refers to invalid object "C:\WINDOWS\system32\hojnn\kdvih.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F54C1427-6F9F-8F71-100C-4C98317E5D43}" refers to invalid object "C:\WINDOWS\system32\vxaa\hrtewcg.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{00B3B6B8-6D47-4279-B984-7282DDBE87A4}" refers to invalid object "C:\Program Files\Hewlett-Packard\Memories Disc\hpodlog.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{39699FC2-0184-11D2-AB4E-00A0C969F20B}" refers to invalid object "C:\Program Files\FMV5\setfcnam.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3CA12D40-90E0-4E18-A5EA-9C27B38A9228}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\actsetup.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{466C63AC-F26E-49F1-861A-E07DA768A46A}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\m67m.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5FE16E42-47D1-471A-BEFF-9C650F9F43BB}" refers to invalid object "C:\Program Files\Common Files\AOL\AOL Toolbar\AOLHelper.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{60ACE49B-F247-4E12-B740-EF8DB1941D0F}" refers to invalid object "C:\Program Files\ewido\security suite\context.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{ABB1251C-F0AB-4468-AF66-ABC79ABA7BC6}" refers to invalid object "C:\Program Files\AVSMedia\VideoConverter3\NCTVideoCompress.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Program Files\Messenger\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{F99B46D1-9DE1-432B-8E89-D1D751341F8C}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\AOLTOO~1\smartbox.dll". Action Taken: No Action Taken.
Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\bittorrent\shell\open\command" refers to invalid object ""C:\Program Files\MusicMaster\MusicMaster.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\Context.test" refers to invalid object "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}". Action Taken: No Action Taken.
Entry "HKCR\Context.test.1" refers to invalid object "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}". Action Taken: No Action Taken.
Entry "HKCR\ed2k\shell\open\command" refers to invalid object ""C:\Program Files\MusicMaster\MusicMaster.exe" "%L"". Action Taken: No Action Taken.
Entry "HKCR\gnet\shell\open\command" refers to invalid object ""C:\Program Files\MusicMaster\MusicMaster.exe" "%L"". Action Taken: No Action Taken.
Entry "HKCR\gnutella\shell\open\command" refers to invalid object ""C:\Program Files\MusicMaster\MusicMaster.exe" "%L"". Action Taken: No Action Taken.
Entry "HKCR\GTDOWNLS.GTDownloaderCtrl" refers to invalid object "{FC6703A7-5B7E-4f58-BE6D-2693AA3906AE}". Action Taken: No Action Taken.
Entry "HKCR\JascPaintShopPhotoAlbumAlbum\shell\open\command" refers to invalid object "C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\JascPaintShopPhotoAlbumAudio\shell\open\command" refers to invalid object "C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\JascPaintShopPhotoAlbumImage\shell\open\command" refers to invalid object "C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\JascPaintShopPhotoAlbumUploadAlbum\shell\open\command" refers to invalid object "C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mp2p\shell\open\command" refers to invalid object ""C:\Program Files\MusicMaster�

#4 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:03:19 PM

Posted 03 November 2005 - 11:17 PM

Next, download CleanUp 4.0 . Install and run it. Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.
Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

When Spy Sweeper has updated, reboot to safe mode.

Boot into Safe Mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Open Spy Sweeper and click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove to remove any items found. Save the log.

Exit Spy Sweeper.

Reboot to normal mode and post the results from Spy Sweeper along with a new Hijack This log.

#5 PanakAttack

PanakAttack
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 05 November 2005 - 12:40 PM

********
12:07 PM: | Start of Session, Saturday, November 05, 2005 |
12:07 PM: Spy Sweeper started
12:07 PM: Sweep initiated using definitions version 567
12:07 PM: Starting Memory Sweep
12:08 PM: Memory Sweep Complete, Elapsed Time: 00:00:59
12:08 PM: Starting Registry Sweep
12:08 PM: Found Adware: addestroyer
12:08 PM: HKCR\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b}\ (13 subtraces) (ID = 102729)
12:08 PM: HKLM\software\classes\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b}\ (13 subtraces) (ID = 102738)
12:08 PM: Found Adware: apropos
12:08 PM: HKLM\software\aprps\ (8 subtraces) (ID = 103741)
12:08 PM: Found Adware: blazefind
12:08 PM: HKLM\software\classes\winservadx.installer\ (3 subtraces) (ID = 104512)
12:08 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winservadx.dll\ (2 subtraces) (ID = 104527)
12:08 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\winservadx.dll (ID = 104542)
12:08 PM: HKCR\winservadx.installer\ (3 subtraces) (ID = 104577)
12:08 PM: Found Adware: bookedspace
12:08 PM: HKLM\software\configuration manager\cfgmgr52\ (159 subtraces) (ID = 104873)
12:08 PM: Found Adware: delfin
12:08 PM: HKLM\software\vidctrl\ (3 subtraces) (ID = 124897)
12:09 PM: Found Adware: hi5 toolbar
12:09 PM: HKCR\toolbar.toolbarobj\ (5 subtraces) (ID = 127131)
12:09 PM: HKCR\toolbar.toolbarobj.1\ (3 subtraces) (ID = 127132)
12:09 PM: Found Adware: odysseus marketing
12:09 PM: HKCR\actsetup.actsetupobj.1\ (3 subtraces) (ID = 136315)
12:09 PM: HKCR\appid\actsetup.dll\ (ID = 136317)
12:09 PM: HKCR\clsid\{bab3e70b-a847-4a88-acfc-778fccc00287}\ (23 subtraces) (ID = 136318)
12:09 PM: HKCR\interface\{bf24078b-dcea-4b4c-a56d-589592c500fc}\ (8 subtraces) (ID = 136319)
12:09 PM: HKLM\software\classes\actsetup.actsetupobj.1\ (3 subtraces) (ID = 136320)
12:09 PM: HKLM\software\classes\actsetup.actsetupobj.1\clsid\ (1 subtraces) (ID = 136321)
12:09 PM: HKLM\software\classes\appid\actsetup.dll\ (ID = 136323)
12:09 PM: HKLM\software\classes\clsid\{bab3e70b-a847-4a88-acfc-778fccc00287}\ (23 subtraces) (ID = 136324)
12:09 PM: HKLM\software\classes\interface\{bf24078b-dcea-4b4c-a56d-589592c500fc}\ (8 subtraces) (ID = 136325)
12:09 PM: HKLM\software\classes\typelib\{3ca12d40-90e0-4e18-a5ea-9c27b38a9228}\ (9 subtraces) (ID = 136326)
12:09 PM: HKCR\typelib\{3ca12d40-90e0-4e18-a5ea-9c27b38a9228}\ (9 subtraces) (ID = 136329)
12:09 PM: Found Adware: relatedlinks bho
12:09 PM: HKLM\software\microsoft\windows\currentversion\uninstall\relatedlinks\ (2 subtraces) (ID = 139388)
12:09 PM: Found Adware: media-motor
12:09 PM: HKCR\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\ (23 subtraces) (ID = 140032)
12:09 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\inprocserver32\ (2 subtraces) (ID = 140081)
12:09 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\miscstatus\ (3 subtraces) (ID = 140082)
12:09 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\progid\ (1 subtraces) (ID = 140083)
12:09 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\toolboxbitmap32\ (1 subtraces) (ID = 140084)
12:09 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\typelib\ (1 subtraces) (ID = 140085)
12:09 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\version\ (1 subtraces) (ID = 140086)
12:09 PM: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140131)
12:09 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\m67m.ocx (ID = 140199)
12:09 PM: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140223)
12:09 PM: Found Adware: screensavers
12:09 PM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140550)
12:09 PM: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 140551)
12:09 PM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140555)
12:09 PM: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 140556)
12:09 PM: HKLM\software\microsoft\code store database\distribution units\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (9 subtraces) (ID = 140566)
12:09 PM: HKLM\software\screensavers.com\ (ID = 140569)
12:09 PM: Found Trojan Horse: sdbot
12:09 PM: HKU\.default\software\microsoft\windows\currentversion\run\ || microsoft windows update (ID = 140586)
12:09 PM: HKU\.default\software\microsoft\windows\currentversion\run\ || svphost.exe (ID = 140587)
12:09 PM: HKU\.default\software\microsoft\windows\currentversion\runonce\ || microsoft windows update (ID = 140592)
12:09 PM: Found Adware: surfsidekick
12:09 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
12:09 PM: Found Adware: websearch toolbar
12:09 PM: HKCR\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\ (7 subtraces) (ID = 146339)
12:09 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\ (7 subtraces) (ID = 146402)
12:09 PM: Found Adware: winad
12:09 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\ (2 subtraces) (ID = 147191)
12:09 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaaccx.dll (ID = 147221)
12:09 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\ (7 subtraces) (ID = 155047)
12:09 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\implemented categories\ (5 subtraces) (ID = 155058)
12:09 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\implemented categories\{7dd95801-9882-11cf-9fa9-00aa006c42c4}\ (1 subtraces) (ID = 155060)
12:09 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\implemented categories\{7dd95802-9882-11cf-9fa9-00aa006c42c4}\ (1 subtraces) (ID = 155062)
12:09 PM: Found Adware: dealhelper
12:09 PM: HKLM\software\ddate\ (1 subtraces) (ID = 636618)
12:09 PM: Found Trojan Horse: alwaysupdatednews
12:09 PM: HKU\S-1-5-21-1644491937-796845957-682003330-1003\software\aun\ (4 subtraces) (ID = 103544)
12:09 PM: HKU\S-1-5-21-1644491937-796845957-682003330-1003\software\aprps\ (7 subtraces) (ID = 103740)
12:09 PM: Found Adware: browseraid
12:09 PM: HKU\S-1-5-21-1644491937-796845957-682003330-1003\software\a70f6a1d-0195-42a2-934c-d8ac0f7c08eb\ (1 subtraces) (ID = 105078)
12:09 PM: Found Adware: clearsearch
12:09 PM: HKU\S-1-5-21-1644491937-796845957-682003330-1003\software\microsoft\internet explorer\new windows\allow\ || 69.28.210.175 (ID = 105744)
12:09 PM: Found Adware: drsnsrch.com hijack
12:09 PM: HKU\S-1-5-21-1644491937-796845957-682003330-1003\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
12:09 PM: Found Trojan Horse: trojan-downloader-pacisoft
12:09 PM: HKU\S-1-5-21-1644491937-796845957-682003330-1003\software\ps1\ (16 subtraces) (ID = 136529)
12:09 PM: HKU\S-1-5-21-1644491937-796845957-682003330-1003\software\surfsidekick3\ (3 subtraces) (ID = 143412)
12:09 PM: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || microsoft windows update (ID = 140604)
12:09 PM: HKU\S-1-5-18\software\microsoft\windows\currentversion\runonce\ || microsoft windows update (ID = 140628)
12:09 PM: Registry Sweep Complete, Elapsed Time:00:00:18
12:09 PM: Starting Cookie Sweep
12:09 PM: Found Spy Cookie: atwola cookie
12:09 PM: owner@atwola[1].txt (ID = 2255)
12:09 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:09 PM: Starting File Sweep
12:09 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
12:09 PM: Found Trojan Horse: lzio
12:09 PM: serc.exe (ID = 69011)
12:10 PM: qtini.exe (ID = 69011)
12:10 PM: rfnofsfq.exe (ID = 69011)
12:10 PM: Found Adware: exact cashback/bargain buddy
12:10 PM: ub.dat (ID = 50877)
12:10 PM: Found Adware: adlogix
12:10 PM: ukwexb.xml (ID = 49280)
12:10 PM: ukwexa.xml (ID = 49162)
12:10 PM: ecljxa.xml (ID = 49218)
12:10 PM: ecljxb.xml (ID = 49280)
12:10 PM: ecljxe.xml (ID = 49219)
12:10 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
12:10 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
12:10 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
12:10 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
12:10 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
12:10 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
12:10 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
12:10 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
12:10 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
12:10 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
12:11 PM: m67m.inf (ID = 74028)
12:11 PM: sinstaller.inf (ID = 74756)
12:12 PM: c:\windows\cfgmgr52 (48 subtraces) (ID = -2147479590)
12:13 PM: c:\documents and settings\all users\application data\vidctrl (1 subtraces) (ID = -2147477475)
12:13 PM: c:\documents and settings\all users\application data\nsv (16 subtraces) (ID = -2147481136)
12:13 PM: wmv1920.dbd (ID = 57692)
12:13 PM: wmv0204.ddx (ID = 57680)
12:13 PM: wmv0504.ddx (ID = 57680)
12:13 PM: wmv0904.ddx (ID = 57684)
12:13 PM: wmv0412.ddx (ID = 57680)
12:13 PM: wmv0106.ddx (ID = 57679)
12:13 PM: wmv2007.dbd (ID = 57693)
12:13 PM: wmv1125.ddx (ID = 57685)
12:13 PM: wmv1909.ddx (ID = 57684)
12:13 PM: wmv1215.dbd (ID = 57687)
12:13 PM: wmv0315.ddx (ID = 57680)
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs7d776d48-6466-4a75-adf8-b2777fa8cf96.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsf09ad763-aa51-4ff3-9111-5f2c18e32f28.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs01e3c223-ff13-4503-b29e-66c39076e117.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsb1f113b4-5cd1-4746-ac5a-8265fccf80ac.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs6cc47139-43bb-4811-87fa-ce27d31f3d6a.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsb332a33c-8109-4af2-9b80-30c91af87bf0.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs3ccd17ab-bab1-4e4a-97b3-ebb767088276.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs7352800b-a73d-40b4-aa9c-c1e06e868e01.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs548f49a1-a65f-4c0a-a62c-8906c2c7b53b.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs016b7ada-7c21-41e4-8995-1e19e071290c.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsaf181dd2-acb8-4554-914e-261547ae6d7b.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc1a3186b-07dc-4759-a5a1-40cda6993fdf.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsac57e4c6-2983-4894-8672-eeef2f3e2784.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs2935c81a-8895-424e-8f1b-685d90b38b39.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs14f92e15-ce32-44ef-8c97-527dab1ce87f.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscseef0e9a6-9b79-4a9e-ad00-0b5f37230e5c.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs9560d51d-b3c3-4b81-aa60-c833669944cd.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs3dc648b3-fc53-483f-9292-3b886c29217a.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsbfb3f8f6-2dd0-47e7-9332-d290c4b751a8.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs64531b9e-ac76-46ed-8b0d-f9de3d3616dd.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscscfdb2aa5-983d-422c-a776-d4c51bd3163b.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs6975f0f2-c9ae-45a5-8f93-b13a98c6f729.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs16a4fa70-8ecf-45c4-8025-191ab16eaf46.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs16c5dace-1931-4067-83a3-5d6c2bbfd3c3.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs75870ac3-2ded-46e8-93bf-5e943fedfb34.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs315fab46-5e92-4e70-9f4d-0bb29fa561af.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs7eb59896-86a8-4468-b2e8-08b9d943cbef.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs802da163-f523-4390-bc68-51d929fab42c.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs0186d854-d931-4a4f-b279-924a569bbdff.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs70a47c11-885c-4abb-b93b-b1ac7e90f26f.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscscec17fa2-e993-4e42-9007-2d22c644e0de.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsa52a0d10-a965-4580-a041-cbd8099f7bfb.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs8a7ca2d2-9d6f-4aad-b9bc-56fa92a6f794.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsa695adfa-f092-4a12-bd5d-9447d57ff7c7.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsfbd7d48f-7246-4c08-b43e-6ad44379551d.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsd8246cab-2737-4a31-89b5-9f17062aca04.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs93a88d3b-ae1c-4f48-8270-4348ea4f8de0.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs28b6ab40-0c1c-45b6-a216-1cae8223cd98.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsa3d0322d-1bb9-424f-b14e-dea48251b25a.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs5cfd1394-a1c5-41eb-b074-fbeef855a0fe.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscse4e70dee-f91d-4310-bf29-c37729cf6496.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs2b5d1ac9-77af-42c7-bd29-c61e8d5593ba.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsf57beb42-67d3-4044-8d03-b1f2e1dad1ab.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs70ced8a3-13c9-429c-b64f-5a541c715203.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscscfc93b43-cabf-4ca6-8506-9806bf99912a.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs0796feec-c2a5-4c6d-9008-da702b4d39fb.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs6ebb1568-962a-4db0-b6ca-dcee6a2ee322.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsdcc08e14-0861-42c9-920a-3b93df663ca4.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs26b850d4-7881-4a04-9d76-b33d4f0952cd.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscscda704cc-e45d-4d4c-8817-5038c9818e55.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs6eb26226-6077-4631-b1a0-c37743673acb.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs63061ca3-ae2b-42cb-ab4d-d7fdf6cbb65c.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsbe31c50a-7994-4526-983e-511686b54573.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs5143b72b-d008-49a5-9c2b-4bf2358311b8.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs85a6c0d2-7760-4a23-869c-dc5c26d061c2.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs7321b65e-67b2-4353-a39f-1c8e60e5b672.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs60af6d41-57a4-427d-bb9a-573ea44fc586.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsd7d433be-9811-4259-b5af-5d904ea75304.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs98be13f6-5719-4bbb-8301-fa578190cf45.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsdf0d32c1-a8da-448f-818d-72d9a0a3244c.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs31a0bf14-0842-4e5f-8cf8-99f0c25a1005.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc5e2ca67-ef96-4165-92e0-899344335a69.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs5f1476a8-f8bd-4965-a400-ea876a7b3ee8.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs8b9ce541-782e-4c34-8111-483512e5686c.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsf6221429-dc5f-42ca-a282-6ed760b8cc5e.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs9c3622b2-782a-4f7a-b986-1f06ffe5f231.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs2a48e21e-03f8-4067-97d7-3a3f06498a59.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs66139ca5-b237-496e-a1e9-3441f3c19235.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs2235a75f-6ed9-45fc-b68c-90efc2e020d5.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsfcaa07c0-ac00-47ba-b097-2800b1683265.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs61c4616c-0b05-47dd-b312-ef4da5e980c6.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsd08a9315-03bf-4aa0-bfda-62e2216b0699.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsf930821b-3d07-49e7-b4f5-962488c74e22.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsfa587f17-42f6-4e2c-8384-e0fb2b194fcf.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs3f364d91-530a-4df6-a92d-3c233d8aefe5.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs60994d88-d79a-406a-9ddf-94aee9e02c0d.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs43d551a8-4a4a-4aff-b646-211e759090d5.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs3bf6a18b-e4d1-4785-8c15-3fa6ae50d868.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsd445580a-4caa-4dd5-8954-b7868a950ec8.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsed66067e-6b8b-4d43-9489-7405098324af.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs0b3e8d5d-0295-46d3-9478-ff28e3717bb3.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc0f6bab9-9d91-4f4d-9243-cbc01173986e.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs2904b5a1-a6b8-4653-a4c9-836bee5ed981.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs021b1e03-7a6f-43c3-a89c-f6f96b9ce662.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs0ee63a6d-1736-4476-b03f-a83aeab9f72a.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs1ae40c20-9eed-4bbb-9cdf-c23c6cee0b73.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs5d371d6e-85c5-4b13-8614-ba91a5c61b49.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsdcabee1f-9c29-4f14-931d-b8f7d4f50f89.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsa2442a5a-f300-436c-ac65-6b28b41a8079.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscscdfa5f0a-052a-4110-aff5-5c1e22886ce2.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscscbedff41-9895-4b49-b2c0-a9150d4b099e.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs0438d4ce-b2ba-4a41-9d0c-f9b3864d105b.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs3e1c1e86-6983-45bb-a2af-c333ec61cb2b.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs9b3c5eec-6039-4079-ad73-fa2ca4ec6f8c.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs6bd87dde-d557-4cdd-b46a-81663aa151de.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs35d8cad8-5f9f-4d9d-aa15-2af013d702d0.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs73c69ab1-8703-4764-9501-f1503dfbdc84.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsa0b05668-9345-47fe-ac2e-06b2a1ad68ac.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsb4e28595-70ca-4f7c-8a90-c55092096c0e.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs424e620b-75a5-432e-957e-5cc18601c36a.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc234dbfa-4c2c-49c9-aa92-f2758010268e.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsd8b633f5-6ab1-4717-801e-b6bb4bb92faf.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs9755ebb4-85f4-45e0-8c98-e314e7a296ea.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsdfb212a1-6554-4217-80f1-a6f416a4db54.tmp". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\owner\ntuser.dat". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\owner\ntuser.dat.log". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
12:15 PM: wmv1204.ddx (ID = 57680)
12:24 PM: c:\program files\screensavers.com (ID = -2147480365)
12:25 PM: File Sweep Complete, Elapsed Time: 00:16:10
12:25 PM: Full Sweep has completed. Elapsed time 00:17:34
12:25 PM: Traces Found: 586
12:27 PM: Removal process initiated
12:27 PM: Quarantining All Traces: adlogix
12:27 PM: Quarantining All Traces: clearsearch
12:27 PM: Quarantining All Traces: lzio
12:27 PM: Quarantining All Traces: sdbot
12:27 PM: Quarantining All Traces: surfsidekick
12:27 PM: Quarantining All Traces: websearch toolbar
12:27 PM: Quarantining All Traces: alwaysupdatednews
12:27 PM: Quarantining All Traces: apropos
12:27 PM: Quarantining All Traces: blazefind
12:27 PM: Quarantining All Traces: trojan-downloader-pacisoft
12:27 PM: Quarantining All Traces: addestroyer
12:27 PM: Quarantining All Traces: bookedspace
12:27 PM: Quarantining All Traces: browseraid
12:27 PM: Quarantining All Traces: dealhelper
12:27 PM: Quarantining All Traces: delfin
12:27 PM: Quarantining All Traces: drsnsrch.com hijack
12:27 PM: Quarantining All Traces: exact cashback/bargain buddy
12:27 PM: Quarantining All Traces: hi5 toolbar
12:27 PM: Quarantining All Traces: media-motor
12:27 PM: Quarantining All Traces: odysseus marketing
12:27 PM: Quarantining All Traces: relatedlinks bho
12:27 PM: Quarantining All Traces: screensavers
12:27 PM: Quarantining All Traces: winad
12:27 PM: Quarantining All Traces: atwola cookie
12:27 PM: Removal process completed. Elapsed time 00:00:16
********
11:37 AM: | Start of Session, Saturday, November 05, 2005 |
11:37 AM: Spy Sweeper started
11:38 AM: Your spyware definitions have been updated.












Logfile of HijackThis v1.99.1
Scan saved at 12:36:25 PM, on 11/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\Spyware Programs\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.com/teleport/hotdate/MaxisHotDateTeleX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124485343359
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F1A616D-597E-4FDB-A543-E5E668DB373B}: NameServer = 71.242.0.12 151.197.0.38
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:03:19 PM

Posted 05 November 2005 - 01:05 PM

Did you run Spy Sweeper in Safe Mode?

#7 PanakAttack

PanakAttack
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 05 November 2005 - 05:32 PM

yes I did

#8 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:03:19 PM

Posted 06 November 2005 - 02:14 PM

Print out these instructions.

Close Internet Explorer and keep it closed throughout the entire removal process.

Enter the control panel by clicking on the Start menu, then clicking on Run.

Now type control in the Open field and press the OK button.

Double-click on the Add/Remove Programs icon.

Look for and uninstall the following entries if found in the Add/Remove Programs window.

Surf Sidekick
Surf Sidekick 2
Surf Sidekick 3

It may prompt about whether or not you are sure you want to remove this program. Reply Yes to this prompt. It will then uninstall the program.

If there is no Add/Remove Programs entry for this programs, click on Start, then Run and type the following in the Open: field:

C:\Program Files\SurfSideKick 3\Ssk.exe /u

and press the OK button. A code will be displayed that it will ask you to enter. Enter this code and reboot. Once back to your desktop continue with the rest of the fix.

Navigate to the c:\hijackthis directory and double-click on HijackThis

When the program starts, double-click on the HijackThis icon and then click on the Scan button.

Put a checkmark next to the following entries if they exist:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
R3 - URLSearchHook: (no name) - {000AB005-FF12-42C2-8DF5-39E12E5F9C91} - (no file)
R3 - URLSearchHook: (no name) - {000AB005-FF12-42C2-8DF5-39E12E5F9C91} - C:\Program Files\SurfSideKick\SskBho.dll
O4 - HKLM\..\Run: [SurfSideKick] C:\Program Files\SurfSideKick\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick] C:\Program Files\SurfSideKick\Ssk.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O20 - AppInit_DLLs: repairs.dll
O20 - AppInit_DLLs: repairs302972943.dll

Then click the Fix button

Exit HijackThis.

Reboot your computer

Delete the following directories if they exist:

C:\PROGRAM FILES\SurfSideKick
C:\Program Files\SurfSideKick 3\

Search for the following files and if found delete them:

Sskknwrd.dll
Ssk.log
SskUpdater.exe
Ssk.exe


Download the following reg file to your desktop. When it is finished downloading double-click on it and say Yes when it asks if you would like to merge the data.

Fixssk.reg http://www.bleepingcomputer.com/files/spyware/fixssk.reg

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Next run Spy Sweeper in Safe Mode again, and post the report along with another Hijack This log.

#9 PanakAttack

PanakAttack
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 20 November 2005 - 11:11 PM

My computer is still slow...and my spy sweeper has expired...and this SurfSideKick program never existed. I can't find it anywhere...is there another method?

Logfile of HijackThis v1.99.1
Scan saved at 11:09:23 PM, on 11/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\Spyware Programs\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.com/teleport/hotdate/MaxisHotDateTeleX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124485343359
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F1A616D-597E-4FDB-A543-E5E668DB373B}: NameServer = 71.242.0.12 151.197.0.38
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#10 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:03:19 PM

Posted 25 November 2005 - 10:55 AM

Please run the Housecall online virus scan located at:
http://housecall.trendmicro.com/housecall/start_corp.asp
Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system.
When the scan is finished, please restart your computer.

Then please run the Panda scan here:
Active Scan Choose to "Disinfect automatically," and follow the prompts. Delete any viruses found, and restart your computer.
Have it delete anything it finds and post the scan report along with a new Hijack This log.

Finally, please run the WindowSecurity trojan scan here:
http://www.windowsecurity.com/trojanscan/
Remove any trojans found, and restart your computer.

Then, post another Hijack This log and let me know if you have difficulty with any of the scans.

#11 PanakAttack

PanakAttack
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 14 December 2005 - 10:02 AM

Hold on a sec...don't close this thread

#12 PanakAttack

PanakAttack
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 14 December 2005 - 05:48 PM

Incident Status Location

Spyware:spyware/media-motor Not disinfected C:\WINDOWS\ubber60.ini
Adware:adware/adurl Not disinfected C:\WINDOWS\icont.exe
Adware:adware/afaenhance Not disinfected C:\WINDOWS\VCMnet11.exe
Adware:Adware/MediaTickets Not disinfected C:\x.bat


Logfile of HijackThis v1.99.1
Scan saved at 5:47:37 PM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\Spyware Programs\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.com/teleport/hotdate/MaxisHotDateTeleX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124485343359
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F1A616D-597E-4FDB-A543-E5E668DB373B}: NameServer = 71.242.0.12 151.197.0.38
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#13 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:03:19 PM

Posted 30 December 2005 - 04:46 PM

My apologies, PanakAttack, I have been away for a couple of weeks. If you are still having problems, please post a fresh log and explain any problems you are having and I will look at it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users