|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
06-29-2005, 06:07 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 50
OS: XP
|
Problems....
Okay, so recently a site gave me a whole bunch of spyware. luckily my anti-spyware removed most of it. so i scanned my whole computer and i found 5 viruses, they are a group of viruses in which every 5 minutes they restore eachother and make sure that they are all there. i can remove 4 of them but one is in the directory repair under windows, its called urlps.dll when i try to remove it i cant remove it because it says its already running, so i open up task manager and nothing called urlps.dll or urlps.exe is running? what should i do? ( i have to have the option show invisible files and folders on to see it )
okay, so i started in safe mode and it says it is still running screenshot here : http://triplehelix.info/suitcasehero/untitled.JPG HiJackThis LogFile Logfile of HijackThis v1.99.1 Scan saved at 8:05:35 PM, on 6/30/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Alias\Maya6.5\docs\wrapper.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\Program Files\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\windows\ffpext\ffpsrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Tim Willis\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gbxforums.gearboxsoftware.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gbxforums.gearboxsoftware.com O1 - Hosts: er.digitalpartners.com127.0.0.1 oas.uniontrib.com127.0.0.1 ads.statesmanjournal.com127.0.0.1 ads.centralohio.comr.digitalpartners.com O1 - Hosts: .com127.0.0.1 O1 - Hosts: 127.0. O1 - Hosts: om O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\repair\urlps.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [ffpsrv] c:\windows\ffpext\ffpsrv.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A95FE4A-0CD3-4698-A0F4-D2264C6E7046} (HPActiveChat Class) - http://isupport4.hp.com/awebui/jsp/a...ActiveChat.CAB O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O20 - Winlogon Notify: urlps - C:\WINDOWS\repair\urlps.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya6.5\docs\Wrapper.conf (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Thankyou 
|
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
06-29-2005, 06:41 PM
|
#2 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 50
OS: XP
|
new one after adaware se proffessional scan
Logfile of HijackThis v1.99.1 Scan saved at 8:42:03 PM, on 6/30/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Alias\Maya6.5\docs\wrapper.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\Program Files\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\windows\ffpext\ffpsrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HJT\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gbxforums.gearboxsoftware.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gbxforums.gearboxsoftware.com O1 - Hosts: er.digitalpartners.com127.0.0.1 oas.uniontrib.com127.0.0.1 ads.statesmanjournal.com127.0.0.1 ads.centralohio.comr.digitalpartners.com O1 - Hosts: .com127.0.0.1 O1 - Hosts: 127.0. O1 - Hosts: om O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\repair\urlps.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [ffpsrv] c:\windows\ffpext\ffpsrv.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A95FE4A-0CD3-4698-A0F4-D2264C6E7046} (HPActiveChat Class) - http://isupport4.hp.com/awebui/jsp/a...ActiveChat.CAB O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O20 - Winlogon Notify: urlps - C:\WINDOWS\repair\urlps.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya6.5\docs\Wrapper.conf (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
|
|
|
06-29-2005, 07:44 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 22
OS: XP
|
I will make a suggestion but be careful since I haven't had to try this.
For Windows XP Start - Run - Type msconfig - OK - Click General Tab - Click - Diagnostic Startup Load basic devices and Services - Click Apply. Go and see if file will delete that you wanted deleted. Are you sure this file is not needed? I looked for this file on my PC and I couldn't find it, but that doesn't mean much. cg |
|
|
|
|
06-30-2005, 11:15 AM
|
#7 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,446
OS: N/A
|
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.
During the course of disinfection, I may ask you to fix a program that you wish to retain. Please post back to inform me. Enable the viewing of Hidden files
~~~~~~~~~~~~~~~ We require some additional files/programs for this fix. Please download the following files :- Do not run any of the files unless instructed to do so CleanUp! - Install KillBox v2.0.0.175 - Save to Desktop. Process Explorer.zip - Unzip to Desktop Vundo.reg - Right click on this & choose "Save As...". Save it to your Desktop & name it as "Vundo.reg". Unplug your computer from the Internet when you have finished downloading. ~~~~~~~~~~~~~~~ Some Anti-Spyware Programmes are known to intefere with HJT fixes. If you have these programmes, please disable them by doing so ... Search & Destroy Spybot's TeaTimer
~~~~~~~~~~~~~~~ Using KillBox Copy to clipboard, all the items below by highlighting them & pressing [CTRL]+[C] on your keyboard.
Start KillBox.
* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try Killbox again. ~~~~~~~~~~~~~~~ Reboot to Safe Mode
~~~~~~~~~~~~~~~ Run Process Explorer by double clicking procexp.exe.
~~~~~~~~~~~~~~~ Run a scan with HiJackThis & select(tick) the following & click "Fix checked" : O1 - Hosts: er.digitalpartners.com127.0.0.1 oas.uniontrib.com127.0.0.1 ads.statesmanjournal.com127.0.0.1 ads.centralohio.comr.digitalpartners.com O1 - Hosts: .com127.0.0.1 O1 - Hosts: 127.0. O1 - Hosts: om O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\repair\urlps.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [ffpsrv] c:\windows\ffpext\ffpsrv.exe O20 - Winlogon Notify: urlps - C:\WINDOWS\repair\urlps.dll ~~~~~~~~~~~~~~~ Run Vundo.reg by double clicking on it. Answer "YES" when prompted to merge with the registry ~~~~~~~~~~~~~~~ Using KillBox Copy to clipboard, all the items below by highlighting them & pressing [CTRL]+[C] on your keyboard.
Start KillBox.
~~~~~~~~~~~~~~~ Reboot to Normal Mode. Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
~~~~~~~~~~~~~~~ Do an online scan at one of the following sites:Take note the names and locations of any file it detects but fails to clean. * Turn off the real time scanner of any existing antivirus program while performing the online scan Reboot Again & Run a new scan with HiJackThis. Save the log file and post the contents in your next reply. In your next post, please include:
Please provide details of any problems you encountered whilst performing the above steps. Tell me how your computer behaves now
__________________
Question - what have you done for the community today? |
|
|
|
|
06-30-2005, 12:31 PM
|
#8 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 50
OS: XP
|
Thankyou!!!
Still i have problems, Pop-Ups and more stuff still cloud my computer please help HiJackThis Log Logfile of HijackThis v1.99.1 Scan saved at 2:29:35 PM, on 7/1/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Alias\Maya6.5\docs\wrapper.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\Program Files\Object Desktop\WindowBlinds\wbload.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gbxforums.gearboxsoftware.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gbxforums.gearboxsoftware.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9A95FE4A-0CD3-4698-A0F4-D2264C6E7046} (HPActiveChat Class) - http://isupport4.hp.com/awebui/jsp/a...ActiveChat.CAB O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya6.5\docs\Wrapper.conf (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe AnalyZer ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 2:29:35 PM, on 7/1/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe C:\Program Files\Alias\Maya6.5\docs\wrapper.exe C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\Program Files\Object Desktop\WindowBlinds\wbload.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gbxforums.gearboxsoftware.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gbxforums.gearboxsoftware.com O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9A95FE4A-0CD3-4698-A0F4-D2264C6E7046} (HPActiveChat Class) - http://isupport4.hp.com/awebui/jsp/a...ActiveChat.CAB O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya6.5\docs\Wrapper.conf (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe End of KRC HijackThis Analyzer Log. ==================================================================== Last edited by Suitcasehero; 06-30-2005 at 12:41 PM. |
|
|
|
|
06-30-2005, 12:42 PM
|
#9 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,446
OS: N/A
|
Please post the list of files detected by online scan.
Thanks
__________________
Question - what have you done for the community today? |
|
|
|
|
06-30-2005, 01:42 PM
|
#10 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 50
OS: XP
|
Sorry About that,
I ran Tren Micro Results: We have detected 2 infected file(s) with 3 virus(es) on your computer. Only 0 out of 0 infected files are displayed. Detected File Associated Virus Name C:\Documents and Settings\*** *******\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-34ef1c5a-30301533.zip - BlackBox.class JAVA_BYTEVER.B - VB.class JAVA_BYTEVER.B C:\HJT\backups\backup-20050701-140727-989.dll TROJ_AGENT.FZ I think it fixed em :) New Hijkact This Log Logfile of HijackThis v1.99.1 Scan saved at 3:46:50 PM, on 7/1/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Alias\Maya6.5\docs\wrapper.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\Program Files\Object Desktop\WindowBlinds\wbload.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gbxforums.gearboxsoftware.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gbxforums.gearboxsoftware.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9A95FE4A-0CD3-4698-A0F4-D2264C6E7046} (HPActiveChat Class) - http://isupport4.hp.com/awebui/jsp/a...ActiveChat.CAB O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya6.5\docs\Wrapper.conf (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe New Hijkact This Analyzer Log ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 3:46:50 PM, on 7/1/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe C:\Program Files\Alias\Maya6.5\docs\wrapper.exe C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\Program Files\Object Desktop\WindowBlinds\wbload.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gbxforums.gearboxsoftware.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gbxforums.gearboxsoftware.com O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9A95FE4A-0CD3-4698-A0F4-D2264C6E7046} (HPActiveChat Class) - http://isupport4.hp.com/awebui/jsp/a...ActiveChat.CAB O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya6.5\docs\Wrapper.conf (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe End of KRC HijackThis Analyzer Log. ==================================================================== Last edited by Suitcasehero; 06-30-2005 at 01:43 PM. |
|
|
|
|
06-30-2005, 01:52 PM
|
#11 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,446
OS: N/A
|
Your log is clean. Well done
 Do you have any more problems with your computer? If not, you should be set to go. However, there still remains a few bits of housekeeping ... Reset hidden/system files and folders
Clear Java Cache Use the instructions outlined here for clearing your Java cache > http://www.elluminate.com/support/fa...lear_cache.jsp Create a new System Restore point
Enable Windows Auto Update
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
If you do not have a firewall, here are 3 free ones available for personal use:and a good antivirus like the one you are currently using. It is critical to have both a firewall and an anti-virus application and to keep them updated. In light of your recent hiccup, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles Have a safe & happy computing day. Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Question - what have you done for the community today? |
|
|
|
|
06-30-2005, 01:59 PM
|
#13 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,446
OS: N/A
|
Sorry..I forgot about your earlier comments about pop ups.
Please Download Mwav Virus Checker -> (Use Link 3) - Save on Desktop Run Mwav.exe by double clicking on it.
** If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files.
__________________
Question - what have you done for the community today? |
|
|
|
|
06-30-2005, 02:13 PM
|
#14 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 50
OS: XP
|
Object "BearShare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BearShare Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Quicken Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\muvee Technologies\Mainconcept\mpgvout.001". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\muvee Technologies\Mainconcept\mpgvout.002". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\muvee Technologies\Mainconcept\mpgvout.003". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\muvee Technologies\Mainconcept\mpgvout.004". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\audio\American Folk.mp3". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\common\VIEW\ALBUM.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\common\VIEW\HTML\M_ONPRT.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\common\VIEW\GRAPHICS\SEPRATR1.GIF". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\common\VIEW\INCLUDE\FRAMES.JS". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\common\VIEW\STYLE\MF.CSS". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\print\common\GRAPHICS\CDLOGO.JPG". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\creator\enu\creator.xml". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\creator\enu\GRAPHICS\prodLogo.bmp". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\creator\enu\HELPFILES\mdHelp.chm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\enu\PLAYBACK.XML". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\enu\VIEW\HELP\SUPPORT.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\enu\VIEW\HELP\GRAPHICS\HELPLOGO.JPG". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\enu\VIEW\GRAPHICS\M_F_LOGO.JPG". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\print\enu\print.xml". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\COPYING.TXT". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\ENU\VIEW\HELP\BROWSE.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\ENU\VIEW\RESOURCE\RESOURCE.JS". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\PDFCASE.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\GRAPHICS\3_H_DOTS.GIF". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\HTML\CLIP.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\HELP\GRAPHICS\FRAME.GIF". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\HELP\STYLE\HELPSTYL.CSS". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\INCLUDE\CONTROLS.JS". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\PLUGIN\HPODPCFC.CAB". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\PLUGIN\PRINT\Templates.zip". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\print\creator\common\ENGLOGC.TXT". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\print\creator\common\graphics\CDLOGOHP.JPG". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\print\creator\enu\print.xml". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\print\creator\common\templates\A4\BOTTOM.XML". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\print\creator\common\templates\US\BOTTOM.XML". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\sdk\common\HOMEPAGE.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\sdk\graphics\HomePageBkgnd480.jpg". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\GlobalSCAPE\CuteFTP Professional\CuteFTP6.chm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\AcMPolygonCom.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMswp80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMskin80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMshl80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMsbool80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMrem80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMrbi80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMofst80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMlop80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMlopt80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMlaw80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMkern80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMintr80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMihl80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMga80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMfct80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMeulr80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMct80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMcstr80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMcovr80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMbool80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMblnd80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMbase80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMahl80A.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0DED49D5-A8B7-4d5d-97A1-12B0C195874D}" refers to invalid object "BdaPlgin.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{117A2298-A910-41E9-B6A6-5D31B8F609EB}" refers to invalid object "AcMPolygonCOM.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{202972a5-af58-47e2-baf8-98721d79bf17}" refers to invalid object "Sys32Sch.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2D29F8DF-372D-4027-B638-8938F1587691}" refers to invalid object "AcMPolygonCOM.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{31743B95-65BA-4506-90D7-0993260046BB}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{35CB7E75-AB34-4603-B7F6-917BC900B432}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{4A2283D1-E172-466A-AF34-70F018A4B777}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{51A29C4D-2D12-45F3-AA8A-1A3211BF0FD6}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{661E7E70-87C2-4169-995B-0F00701E7EF7}" refers to invalid object "C:\Program Files\CallerID-Events\EzTapi.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{67DC472E-46F6-4400-8243-51AD668F8AC2}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{762CD98D-A133-4ED3-8B01-C1E3D50E9728}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{77325207-BB75-4AF8-AD10-2E5BC36EBD3E}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{8DCDC4FA-5B77-4C9C-AE02-8F2B0219A651}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{9234B52C-4E84-4F7D-98D9-72F17866EB8B}" refers to invalid object "C:\Program Files\CallerID-Events\EzWave.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{92FA2C24-253C-11d2-90FB-006008A1F441}" refers to invalid object "a3dapi.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{953BD761-A60E-4762-80D4-B1491C881FDE}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A6BD4C7E-D718-4498-ACEE-EE3FD2437BEF}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{ADA168D4-57F1-40E4-873D-45D11F819448}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C1909134-89F8-4730-9056-0C5AD53688BA}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C5EA7411-C155-450C-ADE2-44CCFE3BC8FA}" refers to invalid object "C:\Program Files\CallerID-Events\EzWave.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D0759737-78C7-4244-9F3F-53349B78FE99}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{E0D8BF50-2FF0-4C91-A365-2EDAA66AC8AF}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{EBDF591F-83B5-4F7E-952F-D1DBB997323F}" refers to invalid object "C:\Program Files\CallerID-Events\EzMailSender.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F343D726-651F-46EF-AB83-87BE1B57C677}" refers to invalid object "C:\Program Files\CallerID-Events\dix.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F7688668-3C20-4129-8BC8-1D5970C607B4}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{FCF1C122-B007-4E98-A160-82D672FFC0BD}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{FD0A5AF3-B41D-11d2-9C95-00C04F7971E0}" refers to invalid object "BdaPlgin.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{FDE5E634-B080-4D07-932C-EACA1382A834}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\ADODB.Signer.2" refers to invalid object "{24C0165C-174E-21B6-6FBF-426D9F536385}". Action Taken: No Action Taken. Entry "HKCR\BDATuner.Microsoft.2" refers to invalid object "{66A4DB26-9758-DC01-6058-3E5CC130F02D}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlApple.CddbFullName.1" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlApple.FullName" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken. Entry "HKCR\ClientDataProj.CorpubPublish.3" refers to invalid object "{140824A8-1A7B-A304-9799-BFFC9385D916}". Action Taken: No Action Taken. Entry "HKCR\CMSnapinAbout.Store" refers to invalid object "{1480F472-1E0F-F778-9029-425F2DBDBC97}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\DMBar.ToolBandObj" refers to invalid object "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}". Action Taken: No Action Taken. Entry "HKCR\DMBar.ToolBandObj.1" refers to invalid object "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}". Action Taken: No Action Taken. Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken. Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken. Entry "HKCR\FPXMIXFilter.CEALG.1" refers to invalid object "{A2C1D4CD-1099-4A86-FD34-CD05E3CFC5BC}". Action Taken: No Action Taken. Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\MSEvents.MSEvents" refers to invalid object "{B8B55274-0F9A-41E5-9067-A3539BD9E860}". Action Taken: No Action Taken. Entry "HKCR\MSEvents.MSEvents.1" refers to invalid object "{B8B55274-0F9A-41E5-9067-A3539BD9E860}". Action Taken: No Action Taken. Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken. File C:\WINDOWS\system32\lncom_.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. not finished running it but ive got to go ill post the rest l8ter For Some Odd reason i dont think im clean at all.... Last edited by Suitcasehero; 06-30-2005 at 02:27 PM. |
|
|
|
|
06-30-2005, 04:40 PM
|
#15 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 50
OS: XP
|
Finished Log
Object "BearShare Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "BearShare Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Quicken Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\muvee Technologies\Mainconcept\mpgvout.001". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\muvee Technologies\Mainconcept\mpgvout.002". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\muvee Technologies\Mainconcept\mpgvout.003". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\muvee Technologies\Mainconcept\mpgvout.004". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\audio\American Folk.mp3". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\common\VIEW\ALBUM.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\common\VIEW\HTML\M_ONPRT.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\common\VIEW\GRAPHICS\SEPRATR1.GIF". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\common\VIEW\INCLUDE\FRAMES.JS". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\common\VIEW\STYLE\MF.CSS". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\print\common\GRAPHICS\CDLOGO.JPG". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\creator\enu\creator.xml". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\creator\enu\GRAPHICS\prodLogo.bmp". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\creator\enu\HELPFILES\mdHelp.chm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\enu\PLAYBACK.XML". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\enu\VIEW\HELP\SUPPORT.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\enu\VIEW\HELP\GRAPHICS\HELPLOGO.JPG". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\enu\VIEW\GRAPHICS\M_F_LOGO.JPG". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\print\enu\print.xml". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\COPYING.TXT". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\ENU\VIEW\HELP\BROWSE.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\ENU\VIEW\RESOURCE\RESOURCE.JS". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\PDFCASE.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\GRAPHICS\3_H_DOTS.GIF". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\HTML\CLIP.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\HELP\GRAPHICS\FRAME.GIF". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\HELP\STYLE\HELPSTYL.CSS". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\INCLUDE\CONTROLS.JS". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\PLUGIN\HPODPCFC.CAB". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\PLUGIN\PRINT\Templates.zip". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\print\creator\common\ENGLOGC.TXT". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\print\creator\common\graphics\CDLOGOHP.JPG". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\print\creator\enu\print.xml". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\print\creator\common\templates\A4\BOTTOM.XML". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\print\creator\common\templates\US\BOTTOM.XML". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\sdk\common\HOMEPAGE.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\sdk\graphics\HomePageBkgnd480.jpg". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\GlobalSCAPE\CuteFTP Professional\CuteFTP6.chm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\AcMPolygonCom.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMswp80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMskin80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMshl80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMsbool80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMrem80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMrbi80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMofst80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMlop80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMlopt80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMlaw80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMkern80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMintr80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMihl80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMga80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMfct80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMeulr80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMct80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMcstr80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMcovr80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMbool80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMblnd80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMbase80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMahl80A.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0DED49D5-A8B7-4d5d-97A1-12B0C195874D}" refers to invalid object "BdaPlgin.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{117A2298-A910-41E9-B6A6-5D31B8F609EB}" refers to invalid object "AcMPolygonCOM.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{202972a5-af58-47e2-baf8-98721d79bf17}" refers to invalid object "Sys32Sch.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2D29F8DF-372D-4027-B638-8938F1587691}" refers to invalid object "AcMPolygonCOM.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{31743B95-65BA-4506-90D7-0993260046BB}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{35CB7E75-AB34-4603-B7F6-917BC900B432}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{4A2283D1-E172-466A-AF34-70F018A4B777}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{51A29C4D-2D12-45F3-AA8A-1A3211BF0FD6}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{661E7E70-87C2-4169-995B-0F00701E7EF7}" refers to invalid object "C:\Program Files\CallerID-Events\EzTapi.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{67DC472E-46F6-4400-8243-51AD668F8AC2}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{762CD98D-A133-4ED3-8B01-C1E3D50E9728}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{77325207-BB75-4AF8-AD10-2E5BC36EBD3E}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{8DCDC4FA-5B77-4C9C-AE02-8F2B0219A651}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{9234B52C-4E84-4F7D-98D9-72F17866EB8B}" refers to invalid object "C:\Program Files\CallerID-Events\EzWave.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{92FA2C24-253C-11d2-90FB-006008A1F441}" refers to invalid object "a3dapi.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{953BD761-A60E-4762-80D4-B1491C881FDE}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A6BD4C7E-D718-4498-ACEE-EE3FD2437BEF}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{ADA168D4-57F1-40E4-873D-45D11F819448}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C1909134-89F8-4730-9056-0C5AD53688BA}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C5EA7411-C155-450C-ADE2-44CCFE3BC8FA}" refers to invalid object "C:\Program Files\CallerID-Events\EzWave.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D0759737-78C7-4244-9F3F-53349B78FE99}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{E0D8BF50-2FF0-4C91-A365-2EDAA66AC8AF}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{EBDF591F-83B5-4F7E-952F-D1DBB997323F}" refers to invalid object "C:\Program Files\CallerID-Events\EzMailSender.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F343D726-651F-46EF-AB83-87BE1B57C677}" refers to invalid object "C:\Program Files\CallerID-Events\dix.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F7688668-3C20-4129-8BC8-1D5970C607B4}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{FCF1C122-B007-4E98-A160-82D672FFC0BD}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{FD0A5AF3-B41D-11d2-9C95-00C04F7971E0}" refers to invalid object "BdaPlgin.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{FDE5E634-B080-4D07-932C-EACA1382A834}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\ADODB.Signer.2" refers to invalid object "{24C0165C-174E-21B6-6FBF-426D9F536385}". Action Taken: No Action Taken. Entry "HKCR\BDATuner.Microsoft.2" refers to invalid object "{66A4DB26-9758-DC01-6058-3E5CC130F02D}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlApple.CddbFullName.1" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlApple.FullName" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken. Entry "HKCR\ClientDataProj.CorpubPublish.3" refers to invalid object "{140824A8-1A7B-A304-9799-BFFC9385D916}". Action Taken: No Action Taken. Entry "HKCR\CMSnapinAbout.Store" refers to invalid object "{1480F472-1E0F-F778-9029-425F2DBDBC97}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\DMBar.ToolBandObj" refers to invalid object "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}". Action Taken: No Action Taken. Entry "HKCR\DMBar.ToolBandObj.1" refers to invalid object "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}". Action Taken: No Action Taken. Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken. Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken. Entry "HKCR\FPXMIXFilter.CEALG.1" refers to invalid object "{A2C1D4CD-1099-4A86-FD34-CD05E3CFC5BC}". Action Taken: No Action Taken. Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\MSEvents.MSEvents" refers to invalid object "{B8B55274-0F9A-41E5-9067-A3539BD9E860}". Action Taken: No Action Taken. Entry "HKCR\MSEvents.MSEvents.1" refers to invalid object "{B8B55274-0F9A-41E5-9067-A3539BD9E860}". Action Taken: No Action Taken. Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken. File C:\WINDOWS\system32\lncom_.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\A1Clean\Undo20050630Temp.zip tagged as not-a-virus:CrackTool.Win32.HotHook. No Action Taken. File C:\Program Files\AIM\aim95.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\AIM\unwise32.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\FlashGet\patch.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken. File C:\Program Files\GameSpy Arcade\ArcadeInstallFull201.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Plugins\vx2cleaner\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Microsoft Games\Halo\GSArcade.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Microsoft Games\Halo Custom Edition\GSArcade.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\04321840.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0A9B6439.dll infected by "Trojan.Win32.Small.ef" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0B2B0EF8.def infected by "Trojan-Downloader.Win32.IstBar.kc" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\239E5FBE.exe infected by "Trojan-Downloader.Win32.INService.i" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\269E54DC.exe infected by "Flooder.Win32.VB.at" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\2A721549.exe infected by "Backdoor.Win32.Prorat.19.i" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\316336D5.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\318130B4.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\31845AB1.cla infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\318704AD.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\39721E0C.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\39764809.cla infected by "Trojan.Java.ClassLoader.Dummy.a" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\39764809.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\42A61DD6.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\42A947D3.cla infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\4E9727E9.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\52572637.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\56663988.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\56843368.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\56875D64.cla infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\568A0761.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\57340EA6.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\573738A2.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\5B0C4A5E.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\632754C5.dll infected by "Trojan-Downloader.Win32.ConHook.b" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6A996E64.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6A996E64.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6ABD3C3C.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6AC63A32.cla infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6ACA642E.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6C0078D9.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6C0078D9.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6C0322D5.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6E5D4611.exe infected by "Backdoor.Win32.Agent.jn" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\7C4660FE.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\7CF63C3C.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\7CFD1034.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\7D03642D.cla infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\7D240809.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Object Desktop\WindowBlinds\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\TechSmith\Camtasia Studio 2\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\SWSETUP\MSZONE\ZoneDeluxeGames.msi tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP224\A0076071.exe infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP224\A0076080.dll infected by "Trojan.Win32.Agent.cs" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP224\A0076129.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP224\A0076149.dll infected by "Trojan.Win32.Agent.cs" Virus! Action Taken: No Action Taken. File C:\WINDOWS\iqik\wu tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\system32\lncom_.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\A1Clean\Undo20050630Temp.zip tagged as not-a-virus:CrackTool.Win32.HotHook. No Action Taken. File C:\Program Files\AIM\aim95.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\AIM\unwise32.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\FlashGet\patch.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken. File C:\Program Files\GameSpy Arcade\ArcadeInstallFull201.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. I still think im infected..... |
|
|
|
|
06-30-2005, 05:26 PM
|
#16 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 50
OS: XP
|
Nevermind :) it wasnt finished
Object "BearShare Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "BearShare Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Quicken Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\muvee Technologies\Mainconcept\mpgvout.001". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\muvee Technologies\Mainconcept\mpgvout.002". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\muvee Technologies\Mainconcept\mpgvout.003". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\muvee Technologies\Mainconcept\mpgvout.004". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\audio\American Folk.mp3". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\common\VIEW\ALBUM.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\common\VIEW\HTML\M_ONPRT.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\common\VIEW\GRAPHICS\SEPRATR1.GIF". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\common\VIEW\INCLUDE\FRAMES.JS". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\common\VIEW\STYLE\MF.CSS". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\print\common\GRAPHICS\CDLOGO.JPG". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\creator\enu\creator.xml". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\creator\enu\GRAPHICS\prodLogo.bmp". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\creator\enu\HELPFILES\mdHelp.chm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\enu\PLAYBACK.XML". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\enu\VIEW\HELP\SUPPORT.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\enu\VIEW\HELP\GRAPHICS\HELPLOGO.JPG". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\playback\enu\VIEW\GRAPHICS\M_F_LOGO.JPG". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\print\enu\print.xml". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\COPYING.TXT". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\ENU\VIEW\HELP\BROWSE.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\ENU\VIEW\RESOURCE\RESOURCE.JS". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\PDFCASE.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\GRAPHICS\3_H_DOTS.GIF". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\HTML\CLIP.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\HELP\GRAPHICS\FRAME.GIF". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\HELP\STYLE\HELPSTYL.CSS". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\INCLUDE\CONTROLS.JS". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\PLUGIN\HPODPCFC.CAB". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\PLUGIN\PRINT\Templates.zip". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\print\creator\common\ENGLOGC.TXT". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\print\creator\common\graphics\CDLOGOHP.JPG". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\print\creator\enu\print.xml". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\print\creator\common\templates\A4\BOTTOM.XML". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\print\creator\common\templates\US\BOTTOM.XML". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\sdk\common\HOMEPAGE.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\HP\Memories Disc\2.0\sdk\graphics\HomePageBkgnd480.jpg". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\GlobalSCAPE\CuteFTP Professional\CuteFTP6.chm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\AcMPolygonCom.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMswp80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMskin80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMshl80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMsbool80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMrem80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMrbi80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMofst80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMlop80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMlopt80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMlaw80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMkern80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMintr80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMihl80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMga80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMfct80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMeulr80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMct80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMcstr80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMcovr80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMbool80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMblnd80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMbase80A.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\3dsmax\ASMahl80A.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0DED49D5-A8B7-4d5d-97A1-12B0C195874D}" refers to invalid object "BdaPlgin.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{117A2298-A910-41E9-B6A6-5D31B8F609EB}" refers to invalid object "AcMPolygonCOM.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{202972a5-af58-47e2-baf8-98721d79bf17}" refers to invalid object "Sys32Sch.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2D29F8DF-372D-4027-B638-8938F1587691}" refers to invalid object "AcMPolygonCOM.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{31743B95-65BA-4506-90D7-0993260046BB}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{35CB7E75-AB34-4603-B7F6-917BC900B432}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{4A2283D1-E172-466A-AF34-70F018A4B777}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{51A29C4D-2D12-45F3-AA8A-1A3211BF0FD6}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{661E7E70-87C2-4169-995B-0F00701E7EF7}" refers to invalid object "C:\Program Files\CallerID-Events\EzTapi.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{67DC472E-46F6-4400-8243-51AD668F8AC2}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{762CD98D-A133-4ED3-8B01-C1E3D50E9728}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{77325207-BB75-4AF8-AD10-2E5BC36EBD3E}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{8DCDC4FA-5B77-4C9C-AE02-8F2B0219A651}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{9234B52C-4E84-4F7D-98D9-72F17866EB8B}" refers to invalid object "C:\Program Files\CallerID-Events\EzWave.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{92FA2C24-253C-11d2-90FB-006008A1F441}" refers to invalid object "a3dapi.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{953BD761-A60E-4762-80D4-B1491C881FDE}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A6BD4C7E-D718-4498-ACEE-EE3FD2437BEF}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{ADA168D4-57F1-40E4-873D-45D11F819448}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C1909134-89F8-4730-9056-0C5AD53688BA}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C5EA7411-C155-450C-ADE2-44CCFE3BC8FA}" refers to invalid object "C:\Program Files\CallerID-Events\EzWave.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D0759737-78C7-4244-9F3F-53349B78FE99}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{E0D8BF50-2FF0-4C91-A365-2EDAA66AC8AF}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{EBDF591F-83B5-4F7E-952F-D1DBB997323F}" refers to invalid object "C:\Program Files\CallerID-Events\EzMailSender.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F343D726-651F-46EF-AB83-87BE1B57C677}" refers to invalid object "C:\Program Files\CallerID-Events\dix.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F7688668-3C20-4129-8BC8-1D5970C607B4}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{FCF1C122-B007-4E98-A160-82D672FFC0BD}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{FD0A5AF3-B41D-11d2-9C95-00C04F7971E0}" refers to invalid object "BdaPlgin.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{FDE5E634-B080-4D07-932C-EACA1382A834}" refers to invalid object "C:\Program Files\CallerID-Events\GUIX.ocx". Action Taken: No Action Taken. Entry "HKCR\ADODB.Signer.2" refers to invalid object "{24C0165C-174E-21B6-6FBF-426D9F536385}". Action Taken: No Action Taken. Entry "HKCR\BDATuner.Microsoft.2" refers to invalid object "{66A4DB26-9758-DC01-6058-3E5CC130F02D}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlApple.CddbFullName.1" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlApple.FullName" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken. Entry "HKCR\ClientDataProj.CorpubPublish.3" refers to invalid object "{140824A8-1A7B-A304-9799-BFFC9385D916}". Action Taken: No Action Taken. Entry "HKCR\CMSnapinAbout.Store" refers to invalid object "{1480F472-1E0F-F778-9029-425F2DBDBC97}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\DMBar.ToolBandObj" refers to invalid object "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}". Action Taken: No Action Taken. Entry "HKCR\DMBar.ToolBandObj.1" refers to invalid object "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}". Action Taken: No Action Taken. Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken. Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken. Entry "HKCR\FPXMIXFilter.CEALG.1" refers to invalid object "{A2C1D4CD-1099-4A86-FD34-CD05E3CFC5BC}". Action Taken: No Action Taken. Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\MSEvents.MSEvents" refers to invalid object "{B8B55274-0F9A-41E5-9067-A3539BD9E860}". Action Taken: No Action Taken. Entry "HKCR\MSEvents.MSEvents.1" refers to invalid object "{B8B55274-0F9A-41E5-9067-A3539BD9E860}". Action Taken: No Action Taken. Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken. File C:\WINDOWS\system32\lncom_.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\A1Clean\Undo20050630Temp.zip tagged as not-a-virus:CrackTool.Win32.HotHook. No Action Taken. File C:\Program Files\AIM\aim95.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\AIM\unwise32.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\FlashGet\patch.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken. File C:\Program Files\GameSpy Arcade\ArcadeInstallFull201.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Plugins\vx2cleaner\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Microsoft Games\Halo\GSArcade.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Microsoft Games\Halo Custom Edition\GSArcade.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\04321840.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0A9B6439.dll infected by "Trojan.Win32.Small.ef" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0B2B0EF8.def infected by "Trojan-Downloader.Win32.IstBar.kc" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\239E5FBE.exe infected by "Trojan-Downloader.Win32.INService.i" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\269E54DC.exe infected by "Flooder.Win32.VB.at" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\2A721549.exe infected by "Backdoor.Win32.Prorat.19.i" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\316336D5.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\318130B4.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\31845AB1.cla infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\318704AD.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\39721E0C.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\39764809.cla infected by "Trojan.Java.ClassLoader.Dummy.a" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\39764809.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\42A61DD6.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\42A947D3.cla infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\4E9727E9.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\52572637.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\56663988.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\56843368.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\56875D64.cla infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\568A0761.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\57340EA6.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\573738A2.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\5B0C4A5E.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\632754C5.dll infected by "Trojan-Downloader.Win32.ConHook.b" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6A996E64.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6A996E64.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6ABD3C3C.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6AC63A32.cla infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6ACA642E.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6C0078D9.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6C0078D9.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6C0322D5.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6E5D4611.exe infected by "Backdoor.Win32.Agent.jn" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\7C4660FE.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\7CF63C3C.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\7CFD1034.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\7D03642D.cla infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\7D240809.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Object Desktop\WindowBlinds\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\TechSmith\Camtasia Studio 2\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\SWSETUP\MSZONE\ZoneDeluxeGames.msi tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP224\A0076071.exe infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP224\A0076080.dll infected by "Trojan.Win32.Agent.cs" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP224\A0076129.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP224\A0076149.dll infected by "Trojan.Win32.Agent.cs" Virus! Action Taken: No Action Taken. File C:\WINDOWS\iqik\wu tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\system32\lncom_.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\A1Clean\Undo20050630Temp.zip tagged as not-a-virus:CrackTool.Win32.HotHook. No Action Taken. File C:\Program Files\AIM\aim95.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\AIM\unwise32.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\FlashGet\patch.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken. File C:\Program Files\GameSpy Arcade\ArcadeInstallFull201.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Plugins\vx2cleaner\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Microsoft Games\Halo\GSArcade.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Microsoft Games\Halo Custom Edition\GSArcade.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\04321840.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0A9B6439.dll infected by "Trojan.Win32.Small.ef" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0B2B0EF8.def infected by "Trojan-Downloader.Win32.IstBar.kc" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\239E5FBE.exe infected by "Trojan-Downloader.Win32.INService.i" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\269E54DC.exe infected by "Flooder.Win32.VB.at" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\2A721549.exe infected by "Backdoor.Win32.Prorat.19.i" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\316336D5.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\318130B4.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\31845AB1.cla infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\318704AD.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\39721E0C.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\39764809.cla infected by "Trojan.Java.ClassLoader.Dummy.a" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\39764809.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\42A61DD6.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\42A947D3.cla infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\4E9727E9.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\52572637.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\56663988.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\56843368.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\56875D64.cla infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\568A0761.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\57340EA6.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\573738A2.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\5B0C4A5E.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\632754C5.dll infected by "Trojan-Downloader.Win32.ConHook.b" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6A996E64.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6A996E64.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6ABD3C3C.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6AC63A32.cla infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6ACA642E.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6C0078D9.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6C0078D9.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6C0322D5.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\6E5D4611.exe infected by "Backdoor.Win32.Agent.jn" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\7C4660FE.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\7CF63C3C.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\7CFD1034.cla infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\7D03642D.cla infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\7D240809.cla infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Program Files\Object Desktop\WindowBlinds\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\TechSmith\Camtasia Studio 2\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\SWSETUP\MSZONE\ZoneDeluxeGames.msi tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP224\A0076071.exe infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP224\A0076080.dll infected by "Trojan.Win32.Agent.cs" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP224\A0076129.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP224\A0076149.dll infected by "Trojan.Win32.Agent.cs" Virus! Action Taken: No Action Taken. File C:\WINDOWS\iqik\wu tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\system32\lncom_.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Viruses: 123  Errors: 125
|
|
|
|
|
06-30-2005, 07:08 PM
|
#17 (permalink) | |
|
Registered User
Join Date: Jun 2005
Posts: 50
OS: XP
|
Quote:
|
|
|
|
|
|
06-30-2005, 10:57 PM
|
#18 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,446
OS: N/A
|
Please be advised that you're not supposed to "bump" unless 24 hours has passed since your last post.
Analysts work from the back of the list & unneccesary bumping only serves only to prolong the wait.
__________________
Question - what have you done for the community today? |
|
|
|
|
07-01-2005, 09:02 AM
|
#20 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,446
OS: N/A
|
Nothing worth noting with Mwav's logs.
Please download SilentRunners.vbs - Right click & choose "Save As...". Save it as SilentRunners.vbs to Desktop. Make sure you disable any programs that may block/disable scripts (like your anti-virus or anti-spyware programs. Double-click SilentRunners to run it. This will take a few minutes, and will create a file called "Startup Programs". Post ALL its contents here in your next reply.
__________________
Question - what have you done for the community today? |
|
|
|
| Thread Tools | |
|
|
