Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think I Removed My Trojan, Can Someone Check?


  • This topic is locked This topic is locked
10 replies to this topic

#1 lizard1107

lizard1107

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 26 February 2007 - 03:42 PM

I had a trojan-spy.win32@mx. I removed it roughly following instructions from another thread. Can you check my log and see if I need to anything else?

Logfile of HijackThis v1.99.1
Scan saved at 1:40:41 PM, on 2/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
C:\Program Files\Micro Innovations\Wireless Laser Mouse\MOUSE32A.DAT
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE
C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUCHECK.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\unzipped\HijackThis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>;*.local
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.nmfiber.com"); (C:\Program Files\Netscape\Communicator\users\ds1035\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {BA224D00-9553-11d2-9D65-00A0CC22CBC4} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.zianet.com/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tri...uginstaller.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Protocol: bw+0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 26 February 2007 - 04:03 PM

Welcome to BC lizard1107 :thumbsup:

Turn off Logitech Desktop Messenger.
This program is not required to start automatically as you can run it when you need to.
It is advised that you disable it so that it does not take up necessary system resources.
Go to Start>All Programs>Logitech,click on Desktop Messenger.
There are two check boxes which are self descriptive.
You can choose to disable either or both check boxes.

*****************************

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

*****************************

Please make sure all hidden files are showing:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

*****************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {BA224D00-9553-11d2-9D65-00A0CC22CBC4} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tri...uginstaller.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O18 - Protocol: bw+0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3FF7C164-767C-433C-AC5D-CEE6FC271375} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


Find and delete:
C:\Program Files\Common Files\Java\ftkcpy.exe

Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.
Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

**************************

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
Also post the AVG Anti Spyware report and a new Hijackthis log please.
Let me know how its running now.

Reboot when you've finished.
Post the AVG Anti Spyware and the BitDefender Online Scanner reports,also post a new Hijackthis log into your next reply please.
Posted Image
Posted Image

#3 lizard1107

lizard1107
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 26 February 2007 - 11:15 PM

Thank you for your quick reply!!

The two boxes in the Logitech Desktop Messenger were already unchecked.




BitDefender Online Scanner



Scan report generated at: Mon, Feb 26, 2007 - 21:04:05





Scan path: A:\;C:\;F:\;G:\;







Statistics

Time
02:09:00

Files
293340

Folders
5472

Boot Sectors
2

Archives
2699

Packed Files
16793




Results

Identified Viruses
2

Infected Files
3

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
3




Engines Info

Virus Definitions
393687

Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Liz\Local Settings\Temp\28.exe\28.exe
Infected with: Dropped:Adware.BroadcastPC.D

C:\Documents and Settings\Liz\Local Settings\Temp\28.exe\28.exe
Disinfection failed

C:\Documents and Settings\Liz\Local Settings\Temp\28.exe\28.exe
Deleted

C:\Documents and Settings\Liz\Local Settings\Application Data\bp15.exe
Infected with: Trojan.Starter.G

C:\Documents and Settings\Liz\Local Settings\Application Data\bp15.exe
Disinfection failed

C:\Documents and Settings\Liz\Local Settings\Application Data\bp15.exe
Deleted

C:\System Volume Information\_restore{D95DC755-CD57-4B1C-A185-292237276269}\RP1147\A0107777.exe
Infected with: Trojan.Starter.G

C:\System Volume Information\_restore{D95DC755-CD57-4B1C-A185-292237276269}\RP1147\A0107777.exe
Disinfection failed

C:\System Volume Information\_restore{D95DC755-CD57-4B1C-A185-292237276269}\RP1147\A0107777.exe
Deleted









Logfile of HijackThis v1.99.1
Scan saved at 9:11:11 PM, on 2/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPROXY.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
C:\Program Files\Micro Innovations\Wireless Laser Mouse\MOUSE32A.DAT
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\unzipped\HijackThis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>;*.local
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.nmfiber.com"); (C:\Program Files\Netscape\Communicator\users\ds1035\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.zianet.com/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe










---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:54:22 PM 2/26/2007

+ Scan result:



C:\System Volume Information\_restore{D95DC755-CD57-4B1C-A185-292237276269}\RP1146\A0107706.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D95DC755-CD57-4B1C-A185-292237276269}\RP1146\A0107704.exe -> Dropper.Starter.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D95DC755-CD57-4B1C-A185-292237276269}\RP1146\A0107705.exe -> Trojan.Starter.g : Cleaned with backup (quarantined).


::Report end








The system still seems slow to respond but better than before.

Thank you for your help.

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 27 February 2007 - 04:06 AM

Download and scan with the free 15 day trial of Counterspy
Once installed launch Counterspy.
Click on 'Spyware Scan',then click 'Updates' at the top right.
Once any available updates have been installed,click the 'Scan Now' button.
Save the report when it's finished:
1.Once Counterspy has done scanning,the 'Scan Results' box will appear.
2.Click on 'View Results'.
3.Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to 'Remove'.
4.Then click on 'Take Action'.
5.Once everything has been removed,click on 'View Details'.
6.Copy and Paste those details into a Word/Text document,then save it to your desktop.

**************************

Download 'e Scan MWAV' from here to your desktop:
http://www.mwti.net/download/tools/mwav.exe
Disconnect from the internet,close all running programs.
Double click on the mwav icon on your desktop.
The program will start,the Licence Agreement will pop up.
Select 'I accept the agreement',then press Ok.
The program will open,leave all the settings as they are.
Now press the 'Scan & Clean' button.
The program will now start scanning your pc.
Once the scan has finished,post the results from the lower window 'Virus Log Information'.

Reboot when you've done.
Post the Counterspy report,the MWAV log,and a new Hijackthis log into your next reply please.
Let me know how your pc is running now.
Posted Image
Posted Image

#5 lizard1107

lizard1107
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 27 February 2007 - 04:04 PM

I hope this is what you wanted, it seems really long. My computer seems to be back to normal. Thank you for your help.









MWAV SCAN


Object "weatherbug Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "2antispyware Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.
Object "weatherbug Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "win32.passma Virus" found in File System! Action Taken: Entries Removed.
Object "downloader-ak Trojan-Downloader" found in File System! Action Taken: Entries Removed.
Object "broadcastpc Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "mooler Worm" found in File System! Action Taken: Entries Removed.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: Entries Removed.
Object "broadcastpc Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "broadcastpc Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "hi-wire Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "cws.smartsearch Browser Hijacker" found in File System! Action Taken: Entries Removed.
Object "spylax Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: Entries Removed.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: Entries Removed.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: Entries Removed.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: Entries Removed.
Entry "HKCR\DirectAnimation.PathControl" refers to invalid object "{D7A7D7C3-D47F-11D0-89D3-00A0C90833E6}". Action Taken: Entries Removed.
Entry "HKCR\DirectAnimation.Sequence" refers to invalid object "{4F241DB1-EE9F-11D0-9824-006097C99E51}". Action Taken: Entries Removed.
Entry "HKCR\DirectAnimation.SequencerControl" refers to invalid object "{B0A6BAE2-AAF0-11D0-A152-00A0C908DB96}". Action Taken: Entries Removed.
Entry "HKCR\DirectAnimation.SpriteControl" refers to invalid object "{FD179533-D86E-11D0-89D6-00A0C90833E6}". Action Taken: Entries Removed.
Entry "HKCR\DirectAnimation.StructuredGraphicsControl" refers to invalid object "{369303C2-D7AC-11D0-89D5-00A0C90833E6}". Action Taken: Entries Removed.
Entry "HKCR\ImportExport.OEMsgImp" refers to invalid object "{4043D27A-99EB-4FC1-87D4-44AA02AB7B09}". Action Taken: Entries Removed.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: Entries Removed.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: Entries Removed.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: Entries Removed.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: Entries Removed.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: Entries Removed.
Entry "HKCR\TSHOOT.TSHOOTCtrl.1" refers to invalid object "{4B106874-DD36-11D0-8B44-00A024DD9EFF}". Action Taken: Entries Removed.
Entry "HKCR\WMDMPDAExplorer.WMDMPDAExplorer" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: Entries Removed.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\Program Files\MusicMatch\MusicMatch Jukebox\Common\HWAudio.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\Program Files\MusicMatch\MusicMatch Jukebox\Common\HWMedia.exe". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\Program Files\MusicMatch\MusicMatch Jukebox\Common\HWReal.exe". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\Program Files\MusicMatch\MusicMatch Jukebox\Common\HWUtils.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\danim.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\ddrawex.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\DetectDigitalriver.ocx". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\opuc.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\quartz.dll". Action Taken: Entries Removed.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""C:\Program Files\MusicMatch\MusicMatch Jukebox\mmjb.exe" ". Action Taken: Entries Removed.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""C:\Program Files\MusicMatch\MusicMatch Jukebox\mmjb.exe"". Action Taken: Entries Removed.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""C:\Program Files\MusicMatch\MusicMatch Jukebox\mmjblaunch.exe"". Action Taken: Entries Removed.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""C:\Program Files\MusicMatch\MusicMatch Jukebox\ti.exe"". Action Taken: Entries Removed.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmjblaunch.exe". Action Taken: Entries Removed.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmfwlaunch.exe". Action Taken: Entries Removed.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "d:\MusicMatch\mmjblaunch.exe". Action Taken: Entries Removed.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "d:\MusicMatch\mmfwlaunch.exe". Action Taken: Entries Removed.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\PROGRA~1\F-SECU~1\backweb\4476822\632~1.62-\Program\REGISTER.EXE". Action Taken: Entries Removed.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\F-Secure Anti-Virus\backweb\4476822\6.3.2.62-4476822L\Program\PrvCnt.exe". Action Taken: Entries Removed.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\PrvCnt.exe". Action Taken: Entries Removed.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\PrvCnt.exe". Action Taken: Entries Removed.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.157-8876480SL\Program\PrvCnt.exe". Action Taken: Entries Removed.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\Kodak\Kodak Software Updater\7288971\6.3.2.62-7288971L\Program\PrvCnt.exe". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CTDetect.cpl". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\scmgrcpl50.cpl". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\Inetwh32.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\ODBCTL32.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\Rnaph.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\smmscrpt.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\smmsetup.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\setupx.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\windows\system\iosubsys\cdralvsd.vxd". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\iosubsys\CDR4VSD.VXD". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\SYMEVNT.386". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Twain_32\MYSCAN~1.DS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\PQVXD.VXD". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\unvise32.exe". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\DBMSSHRN.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CP_950.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\EXSEC32.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\MSDART32.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\SYSTEM\ole db\SQLSOLDB.HLP". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\SQLSODBC.HLP". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CLICONF.HLP". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CP_936.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CP_949.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CP_932.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CP_874.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CP_21866.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CP_28591.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CP_20866.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CP_1258.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CP_1257.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CP_1256.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CP_1255.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CP_1254.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CP_1253.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CP_1252.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CP_1251.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\CP_1250.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjbctrl.ocx". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMJBVE~1.OCX". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMFWCtrl.ocx". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMRADI~1.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\LMOUSE32.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\LMOUSE16.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\LOGILANG.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\COMNCTR.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\LGUICOM.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\EarthLink TotalAccess\mfc42.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\MusicMatch\mmjbctrl.ocx". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\MusicMatch\MMJBVE~1.OCX". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\MusicMatch\MMFWCtrl.ocx". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\MusicMatch\MMRADI~1.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\MusicMatch\MMRadioEngine.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\IoSubSys\ElbyCDIO.vxd". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\inf\pnpwide.inf". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\inf\pnpwtape.inf". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\help\pnpwhENU.hlp". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system\ssprop.vxd". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system\ssrtlw.vxd". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system\iosubsys\tfswifs.vxd". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system\iosubsys\drvwcdb.vxd". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system\drvwddm.vxd". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\DetectDigitalriver.ocx". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\LEADDIB.DRV". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\symtdi.vxd". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\symndis.vxd". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\symfw.vxd". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\symredrv.vxd". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\symdns.vxd". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\symids.vxd". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\Drivers\HPZs9X12.sys". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\hpovst08.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\inf\hpzid412.inf". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\inf\hpzipr12.inf". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\inf\hpzist12.inf". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\inf\hpzius12.inf". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\IOSUBSYS\AUDIOFS.VXD". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\DBMSSHRN.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\AOD\AolOnDesktop.exe". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP3.DIR\_ISTMP0.DIR\FileGrp\drivers\UdfReadr.sys". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-dan.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-cht.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-nld.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-fra.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ita.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-kor.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-nor.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-rus.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-esp.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-fin.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-chs.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-plk.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-csy.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-sky.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-slv.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-hun.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-tha.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-trk.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ell.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-esl.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Chs.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Cht.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Deu.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Esp.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Fra.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Ita.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Kor.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Nld.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Ptg.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\NeroCoverDesigner_fra.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\NeroBackItUp_Fra.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_deu.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_fra.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_jpn.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Digital Imaging\help\Readme.html". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\FIXMAPI.EXE". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\MAPISTUB.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Borland Shared\BDE\Idapinst.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\MDACRDME.HTM". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\MSDART32.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\DRVVFP.CHM". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\ODBCJET.CHM". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\ODBCINST.CHM". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\MSORCL32.CHM". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\SQLSOLDB.HLP". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\SQLSODBC.HLP". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CLICONF.HLP". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\MSRPJT40.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CP_936.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CP_949.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CP_932.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CP_874.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CP_21866.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CP_28591.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CP_20866.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CP_1258.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CP_1257.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CP_1256.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CP_1255.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CP_1254.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CP_1253.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CP_1252.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CP_1251.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\CP_1250.NLS". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core1.zip". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core2.zip". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core3.zip". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Photosmart Essential\unicows.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Caere\OmniPagePro10.0\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Caere\OmniPagePro10.0\Data\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Don Stephenson\Application Data\Microsoft Web Folders\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Don Stephenson\Application Data\Microsoft\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Don Stephenson\Application Data\Microsoft\Installer\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Don Stephenson\Application Data\Microsoft\Installer\{58DD5143-4417-4F43-A7DD-5B8B29CEDBEA}\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\STOMP\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\STOMP\Wizard\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\STOMP\wizard\System\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\STOMP\wizard\Explain\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\STOMP\wizard\Explain\Images\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\STOMP\Wizard\Media\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Don Stephenson\Application Data\Microsoft\Installer\{8855FF30-19CE-4CB1-A654-87B38369CCE1}\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\DLA\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\DLA\install\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\DLA\System\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Don Stephenson\Application Data\Microsoft\Installer\{B376402D-58EA-45EA-BD50-DD924EB67A70}\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\Norton SystemWorks\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Don Stephenson\Application Data\Microsoft\Installer\{71E7B3F5-CFAF-4c1e-B494-528E28707937}\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\Norton SystemWorks\Norton AntiVirus\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Don Stephenson\Application Data\Microsoft\Installer\{C6F5B6CF-609C-428E-876F-CA83176C021B}\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\Norton SystemWorks\Norton Utilities\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Acrobat 6.0\Update\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Java\Update\Base Images\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Java\Update\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_01.b08\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_02.b09\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_04.b05\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\patch-j2re1.4.2-b28\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_10.b03\". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".config". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".doc?docID=325". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kodak[1]". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".max". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mez". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".orig". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".quarantine". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r32". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rgi". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rgp". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rgs". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Instant Messenger". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AolCoach". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Battleship SURFACE THUNDER". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DirectCD". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821557". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823559". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MyCD.exe". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q328310". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329048". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329115". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329170". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329390". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329441". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329834". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810565". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810577". Action Taken

#6 lizard1107

lizard1107
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 27 February 2007 - 04:14 PM

I had to remove some of the redundant information from the log due to the length.

Counterspy Log


Scan History Details
Start Date: 2/27/2007 9:15:19 AM
End Date: 2/27/2007 10:47:01 AM
Total Time: 91 Min 42 Sec
Detected security risks

Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\liz\cookies\liz@atdmt[1].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\liz\cookies\liz@doubleclick[1].txt


BroadcastURBAN Tuner Browser Plug-in more information...
Details: BroadcastURBAN Tuner is an adware/browser hijacker program that runs as a Browser Helper Object (BHO).
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\dj
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\dj
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\dj\Gate
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\dj\Gate
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\dj\Gate
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\dj
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\dj\Registration
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\dj\Registration
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\dj
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\Gate
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\Gate
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\Gate
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\Registration
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\Registration
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\Registration
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\Registration
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\Registration
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\Registration
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\Registration
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\Registration
HKEY_USERS\S-1-5-19\SOFTWARE\HIWIRE\Registration


Weatherbug Low Risk Adware more information...
Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon.
Status: Deleted

Registry entries detected
HKEY_USERS\.DEFAULT\SOFTWARE\AWS
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\Options
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\Reg
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\Reg
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\Reg
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\Reg
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\Setup
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\Setup
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\Setup
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\Setup
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\Setup
HKEY_USERS\.DEFAULT\SOFTWARE\AWS\MiniBug\Setup
HKEY_USERS\S-1-5-20\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-20\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-20\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-20\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-20\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-20\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\Options
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\Reg
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\Reg
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\Reg
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\Reg
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\Setup
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\Setup
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\Setup
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\Setup
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\Setup
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\MiniBug\Setup
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Cam
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Cam
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\CurrentStation
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\CurrentStation
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\CurrentStation
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\CurrentStation
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\CurrentStation
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\CurrentStation
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\CurrentStation
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\CurrentStation
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\CurrentStation
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Registration
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Setup
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Setup
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Setup
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Setup
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Setup
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Setup
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Setup
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station0
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station0
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station0
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station0
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station0
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station0
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station0
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station0
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station1
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station10
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station10
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station10
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station10
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station10
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station10
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station10
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station10
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station11
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station11
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station11
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station11
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station11
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station11
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station11
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station11
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station12
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station12
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station12
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station12
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station12
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station12
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station12
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station12
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station13
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station13
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station13
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station13
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station13
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station13
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station13
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station13
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station14
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station14
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station14
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station14
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station14
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station14
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station14
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station14
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station15
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station15
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station15
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station15
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station15
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station15
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station15
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station15
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station16
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station16
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station16
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station16
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station16
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station16
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station16
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station16
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station17
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station17
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station17
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station17
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station17
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station17
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station17
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station17
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station18
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station18
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station18
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station18
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station18
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station18
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station18
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station18
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station19
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station19
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station19
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station19
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station19
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station19
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station19
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station19
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station1
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station1
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station1
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station1
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station1
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station1
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station1
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station2
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station20
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station20
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station20
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station20
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station20
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station20
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station20
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station20
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station21
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station21
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station21
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station21
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station21
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station21
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station21
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station21
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station22
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station22
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station22
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station22
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station22
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station22
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station22
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station22
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station23
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station23
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station23
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station23
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station23
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station23
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station23
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station23
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station24
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station24
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station24
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station24
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station24
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station24
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station24
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station24
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station2
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station2
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station2
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station2
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station2
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station2
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station2
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station3
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station3
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station3
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station3
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station3
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station3
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station3
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station3
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station4
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station4
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station4
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station4
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station4
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station4
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station4
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station4
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station5
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station5
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station5
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station5
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station5
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station5
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station5
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station5
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station6
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station6
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station6
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station6
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station6
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station6
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station6
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station6
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station7
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station7
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station7
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station7
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station7
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station7
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station7
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station7
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station8
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station8
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station8
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station8
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station8
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station8
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station8
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station8
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station9
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station9
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station9
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station9
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station9
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station9
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station9
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Station9
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Upgrade
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\AWS\Weather\Warning


FlashEnhancer Browser Plug-in more information...
Details: FlashEnhancer is a Browser Helper Object that displays advertising popups while surfing the web.
Status: Deleted

Files detected
C:\PROGRAM FILES\Ftk\ftk.min
C:\PROGRAM FILES\FTK

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{28168CCE-5310-4F12-AB58-9DA99A55AAEB}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{28168CCE-5310-4F12-AB58-9DA99A55AAEB}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{28168CCE-5310-4F12-AB58-9DA99A55AAEB}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{28168CCE-5310-4F12-AB58-9DA99A55AAEB}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{28168CCE-5310-4F12-AB58-9DA99A55AAEB}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{28168CCE-5310-4F12-AB58-9DA99A55AAEB}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{28168CCE-5310-4F12-AB58-9DA99A55AAEB}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{28168CCE-5310-4F12-AB58-9DA99A55AAEB}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{28168CCE-5310-4F12-AB58-9DA99A55AAEB}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\FTK
HKEY_LOCAL_MACHINE\SOFTWARE\FTK


Cookie: ad.yieldmanager Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\liz\cookies\liz@ad.yieldmanager[2].txt


Trojan.FakeAlert Trojan more information...
Details: Trojan.FakeAlert consists of files that cause false warnings of spyware on the computer. Usually the alerts are displayed in a balloon type pop-up from an icon in the system tray.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2016A466-91A2-43C6-97D8-2FD380F065EF}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2016A466-91A2-43C6-97D8-2FD380F065EF}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2016A466-91A2-43C6-97D8-2FD380F065EF}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2016A466-91A2-43C6-97D8-2FD380F065EF}\InProcServer32


Yazzle Sudoku Misc (General) more information...
Details: Yazzle Sudoku is an ad-supported numbers numbers matching game that's played on the desktop.
Status: Deleted

Files detected
C:\Documents and Settings\Liz\Local Settings\Temp\nsd1182.tmp\StartMenu.dll


Trojan-Downloader.Zlob.Media-Codec Trojan Downloader more information...
Details: Trojan-Downloader.Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Trojan-Downloader.Zlob.Media-Codec actually downloads and installs additional malware on the user's machine.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{84938242-5C5B-4A55-B6B9-A1507543B418}
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{84938242-5C5B-4A55-B6B9-A1507543B418}\iexplore
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{84938242-5C5B-4A55-B6B9-A1507543B418}\iexplore
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{84938242-5C5B-4A55-B6B9-A1507543B418}\iexplore
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{84938242-5C5B-4A55-B6B9-A1507543B418}\iexplore
HKEY_USERS\S-1-5-21-1060284298-842925246-839522115-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{84938242-5C5B-4A55-B6B9-A1507543B418}\iexplore

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 27 February 2007 - 05:31 PM

Can you reboot,post a new Hijackthis log into your next reply.
Let me know how your pc is running now.
Posted Image
Posted Image

#8 lizard1107

lizard1107
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 27 February 2007 - 08:36 PM

It's running great. The only problem I have is that start up takes forever but I'm sure that's from the programs I have on there. I had that problem prior to the trojan.


Logfile of HijackThis v1.99.1
Scan saved at 6:31:41 PM, on 2/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe
C:\Program Files\Micro Innovations\Wireless Laser Mouse\MOUSE32A.DAT
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\unzipped\HijackThis[1]\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carlsbadonline.com/therant/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>;*.local
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.nmfiber.com"); (C:\Program Files\Netscape\Communicator\users\ds1035\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE" /minimized
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.zianet.com/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 27 February 2007 - 08:46 PM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Exit Hijackthis.

*********************************

Your log is clean :thumbsup:
If all's ok,please do the following:

Revert these settings back to default:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Create a new 'System Restore' point:
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description,then click on 'Create',then click 'Close'.
The date and time is created automatically.

You should now go to Windows Update and install any available critical/high priority updates.

Read through the info found here,to help you prevent any possible future infections.
How did I get infected?
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6.0'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Posted Image
Posted Image

#10 lizard1107

lizard1107
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 27 February 2007 - 09:01 PM

Thank you, you're fabulous. :thumbsup:

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 27 February 2007 - 09:08 PM

You're most welcome :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users