Unsolved
This post is more than 5 years old
9 Posts
0
771
July 29th, 2005 22:00
HJT Log File
Something has happened to my laptop as it now operates painfully slow. It takes about 20 minutes to boot up, and I notice the clock in the task bar is running slow as well - about 15 minutes elapses before the clock shows one minute having gone by. I have virus software, a firewall, Adaware, Spybot, and use Firefox instead of Explorer, so I wonder if this is even a virus. I suspect it might be, because everything works, just really slow. I've done everything suggested except for reinstalling Windows, so this is my last resort. Please help. Here is the logfile:
Logfile of HijackThis v1.99.1
Scan saved at 2:58:07 PM, on 7/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\New Folder\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cox.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ryan\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39CD6702-229D-4D2C-AE11-FA5B54D41B12} - C:\WINDOWS\system32\ipbldg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 2:58:07 PM, on 7/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\New Folder\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cox.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ryan\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39CD6702-229D-4D2C-AE11-FA5B54D41B12} - C:\WINDOWS\system32\ipbldg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
No Events found!
ALgal
1.2K Posts
0
July 29th, 2005 23:00
Hello and Welcome Rchap1,
We need to do some file analysis first to determine what fix to use.
Message Edited by ALgal on 07-29-2005 07:50 PM
Rchap1
9 Posts
0
July 30th, 2005 16:00
* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________
O^E says: "There were no files found :)"
________________________________________________
1,262 items found: 1,262 files, 0 directories.
Total of file sizes: 258,806,387 bytes 246.82 M
Administrator Account = True
--------------------End log---------------------
ALgal
1.2K Posts
0
July 31st, 2005 00:00
Download mwav.exe from MicroWorld, then:
2. Click " Scan".
3. Highlight the text in the 'virus log information' pane and use the Ctrl + C keys to copy the highlighted text.
4. When it completes, post back the results from the 'Virus log information' pane.
3. When the new version has been downloaded, click " Save".
4. Click " Fix ->"
Go to Add/Remove programs and remove(uninstall) the following, if present:
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
Post back a new log, the MWAV results, and let me know how everything goes.
Rchap1
9 Posts
0
July 31st, 2005 17:00
Entry "HKCR\CLSID\{250B0184-3052-4EFB-AAA7-24429B8C0627}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\CTABRI~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2AB5EFD4-C3AE-11CF-BC11-0020AF167049}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2BE893C7-08C0-4871-9F7F-DBC325EED545}" refers to invalid object "C:\Program Files\EA SPORTS\EA SPORTS online\EASO04Patcher.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{39CD6702-229D-4D2C-AE11-FA5B54D41B12}" refers to invalid object "C:\WINDOWS\system32\ipbldg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{442D12A1-2641-11d2-90FB-006008A1F441}" refers to invalid object "a3d.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5696744A-F3BD-11D4-8A1D-001083023C0D}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5788DAE8-4B72-4BE6-89A0-1E6123E4CBC2}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\cerberus.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{639A19DD-1D97-4A6E-A0D1-01E04FED563F}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6767bce6-dab4-4236-86c6-7fa8c9d0af24}" refers to invalid object "C:\Program Files\EA SPORTS\EA SPORTS online\BrowserEngine2.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6833E5F0-F6D8-11D4-8A1F-001083023C0D}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6DA5E5A2-51C8-11D2-A5F5-0080C796E09E}" refers to invalid object ""C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2002\Bin\AugatLib.dll"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6DA5E5A5-51C8-11D2-A5F5-0080C796E09E}" refers to invalid object ""C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2002\Bin\AugatLib.dll"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6EDA439D-F7C7-11d4-8A20-001083023C0D}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{724bb6a4-e526-450f-affa-ab9b45129111}" refers to invalid object "C:\WINDOWS\System32\wmv9dmod.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{76CE1CC0-7932-11D1-9509-00A0C9925315}" refers to invalid object "C:\PROGRA~1\PCFRIE~1\main\bin\ITIVIDEO.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7BD92824-C7AF-11CF-BC19-0020AF167049}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7C9688C3-7279-474D-ABA5-A632373D2CDB}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88895560-9AA2-1069-930E-00AA0030EBC8}" refers to invalid object "C:\WINDOWS\System32\hticons.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8AD37F04-510E-11D2-A5F1-0080C796E09E}" refers to invalid object ""C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2002\Bin\AugatRegistry.dll"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8AD37F06-510E-11D2-A5F1-0080C796E09E}" refers to invalid object ""C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2002\Bin\AugatRegistry.dll"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{92FA2C24-253C-11d2-90FB-006008A1F441}" refers to invalid object "a3dapi.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9BC2D672-5719-11D2-A0E8-00A0C9DA3B35}" refers to invalid object "C:\Program Files\Citrix\ICA Client\vfmamx.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9BC2D673-5719-11D2-A0E8-00A0C9DA3B35}" refers to invalid object "C:\Program Files\Citrix\ICA Client\vfmamx.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9BC2D675-5719-11D2-A0E8-00A0C9DA3B35}" refers to invalid object "C:\Program Files\Citrix\ICA Client\vfmamx.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9BC2D676-5719-11D2-A0E8-00A0C9DA3B35}" refers to invalid object "C:\Program Files\Citrix\ICA Client\vfmamx.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A105BD70-BF56-4D10-BC91-41C88321F47C}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AED456C4-4866-4420-863F-35767EBED514}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B26F6246-4C7D-11D1-910E-00600807163F}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B4F80028-5714-4B7B-B9B1-5748B204799A}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c0-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c1-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c2-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c3-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c4-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c5-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c6-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c7-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c8-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}" refers to invalid object "C:\WINDOWS\AdRoar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{c753e185-c6ce-4f74-9178-cbba04aee20c}" refers to invalid object "C:\Program Files\EA SPORTS\Madden NFL 2004\BrowserEngine2.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D465B936-C361-4417-9AC5-35167066F84B}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{d8f1eee0-f634-11cf-8700-00a0245d918b}" refers to invalid object "a3d.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D9F99C6B-A3A6-11D4-AF64-444553546170}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DF0E9111-01DF-11D5-BA23-001083780941}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\CALPRI~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DF35A8F1-4391-4EB2-831D-01BA6C8326D4}" refers to invalid object "C:\Program Files\EA SPORTS\EA SPORTS online\2004Utils.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E36C6E70-C17C-11d2-BECE-00105AA7541B}" refers to invalid object "C:\Program Files\AvantGo Connect\malssp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E5151CBE-F61D-11D4-BA21-001083780941}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\CALPRI~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EB511AE4-87FE-4EFB-91A3-428B2F2601F7}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FD87B620-2413-11D3-BF39-00105AA7541B}" refers to invalid object "C:\PROGRA~1\AVANTG~1\AvantGo\agproxy.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\AOLCoach.TrainerOCXCtrl" refers to invalid object "{e04eae82-14ad-41cb-bf5a-45556abb8347}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\SSON.Cmpnt1" refers to invalid object "{E63F16AA-7C16-4697-826C-98B7A5092299}". Action Taken: No Action Taken.
Entry "HKCR\SSON.Cmpnt1.1" refers to invalid object "{E63F16AA-7C16-4697-826C-98B7A5092299}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
File C:\DOCUME~1\Ryan\LOCALS~1\Temp\983723.exe tagged as "not-a-virus:AdWare.AdWast.a". Action Taken: No Action Taken.
File C:\DOCUME~1\Ryan\LOCALS~1\Temp\btv_1001.exe infected by "Trojan-Downloader.Win32.RVP.e" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Ryan\LOCALS~1\Temp\cpr_in.exe infected by "Trojan-Downloader.Win32.Adroar" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Ryan\LOCALS~1\Temp\GLF58.EXE tagged as "not-a-virus:AdWare.AdWast.a". Action Taken: No Action Taken.
File C:\DOCUME~1\Ryan\LOCALS~1\Temp\GLF63.EXE infected by "Trojan-Downloader.Win32.Adroar" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Ryan\LOCALS~1\Temp\gstin.exe infected by "Trojan-Downloader.Win32.Delmed.a" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Ryan\LOCALS~1\Temp\i141.tmp tagged as "not-a-virus:AdWare.SurfSide.d". Action Taken: No Action Taken.
File C:\DOCUME~1\Ryan\LOCALS~1\Temp\SSK_B5.EXE infected by "Trojan-Downloader.Win32.Small.qn" Virus! Action Taken: No Action Taken.
Rchap1
9 Posts
0
July 31st, 2005 17:00
File C:\PROGRA~1\MyWay\myBar\1.bin\MYBAR.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.c". Action Taken: No Action Taken.
Object "MyBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MyBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MyBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "myway Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "my way speedbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\msxml3a.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\CDEngine\ACMWrapperV2.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\CDEngine\MediaPlayerV2.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\CDEngine\driversV2.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\CDEngine\CDEngine.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2002\Bin\AugatRegistry.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2002\Bin\AugatLib.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\SNDefs.dat". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}" refers to invalid object "C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1167C47F-01F9-4C08-8564-1D6C9BAAFB60}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\PATHFI~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{18DBD3E9-3E6D-4878-9AB1-82B40EA0E071}" refers to invalid object "C:\Program Files\DIGStream\Locator.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}" refers to invalid object "C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B53F360-9A1B-1069-930C-00AA0030EBC8}" refers to invalid object "C:\WINDOWS\System32\hypertrm.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E603972-CDF1-11CF-BC24-0020AF167049}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E603975-CDF1-11CF-BC24-0020AF167049}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E603978-CDF1-11CF-BC24-0020AF167049}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E60397B-CDF1-11CF-BC24-0020AF167049}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E60397E-CDF1-11CF-BC24-0020AF167049}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E60397F-CDF1-11CF-BC24-0020AF167049}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{205D2DFB-BBAD-4DC4-A0BB-CDA12A1639CE}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{224C8E61-0EA1-480B-95E3-1F08C039CA7E}" refers to invalid object "C:\WINDOWS\system32\ipbldg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{22803C10-1FD3-11D5-BE64-001083023C0D}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\g2p.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d3-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d4-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d5-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d6-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d8-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d9-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78db-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78dc-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78dd-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78de-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78df-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e0-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e1-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e2-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e3-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e4-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e5-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e6-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e7-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e8-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e9-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78ea-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78eb-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
ALgal
1.2K Posts
0
July 31st, 2005 20:00
Rchap1
9 Posts
0
July 31st, 2005 21:00
Things are still terribly slow - takes approximately 20-30 minutes to boot up. It seems like either my processor has gone kaput, or all of my memory is being used up for something else. Yet everything works, just extremely slow. My mouse pointer does not move in real time, lagging by about 10-15 seconds, making navigation tedious. I did a restart after the previous steps and went into safe mode, but that did not help.
Here is another HJT log that I just did, which doesn't seem much different from the first log:
Logfile of HijackThis v1.99.1
Scan saved at 12:11:04 PM, on 7/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\New Folder\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cox.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39CD6702-229D-4D2C-AE11-FA5B54D41B12} - C:\WINDOWS\system32\ipbldg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
ALgal
1.2K Posts
0
August 1st, 2005 07:00
Hello Rchap1
Start your computer in normal mode, and then do Ctrl +Alt+ Del to open the Windows Task Manager window. Click the tab “Processes” and you will see the header with Image Name, User Name and CPU. Double click the CPU header. You will see the processes in descending order for CPU time. Please tell me what the Image Names are for the CPU hogs.
Run HiJackThis and click "Scan", then check(tick) the following, if present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: (no name) - {39CD6702-229D-4D2C-AE11-FA5B54D41B12} - C:\WINDOWS\system32\ipbldg.dll (file missing)
O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll (file missing)
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
Now, with all windows closed except HiJackThis, click "Fix checked".
Run hijackthis
Click the tab “Open the Misc Tools Section”
Click the tab “Open ADSpy”
Uncheck the “Quick Scan (Windows base folder only)”
Click the “Scan” button under Ready
Allow the scan to finish and then click Save log tab.
Please post the ADSpy log – if nothing is found I need to know that.
Please post a new hijackthis log.
Rchap1
9 Posts
0
August 5th, 2005 02:00
I checked the task manager and the process hogging my CPU is called "System Idle Process". It is has a number of 93 under the CPU field. (I tried to end the process but wasn't able to).
Did a JJT Scan and deleted those items as suggested.
The ADS Spy scan turned up nothing, so there was no log to save.
Below is the HJT log after all of the previous steps:
Logfile of HijackThis v1.99.1
Scan saved at 5:28:00 PM, on 8/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\New Folder\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
ALgal
1.2K Posts
0
August 5th, 2005 12:00
Hello Rchap1
My “System Idle” process runs in the 90% range. Please tell me what a JJT scan is? Sometimes I do not understand abbreviations.
If you don't already have it, download, install and run AdAware SE Personal.
Next, check for, and download any available updates:
1. click "Check for updates now".
2. Click "Connect".
3. If updates(definitions) are available click "Ok", otherwise, click "Ok".
4. Click "Finish".
Next, configure AdAware to be as effective as possible:
1. Click the 'gear' in the upper-right hand corner of the AdAware Window.
2. Click Scanning, and check(tick) the following:
Scan within archives
Scan active processes
Scan registry
Deep-scan registry
Scan my IE Favorites for banned URLs
Scan my Hosts file
3. Click "Tweak".
4. Click "Scanning Engine", then check(tick) the following:
Unload recognized proceses & modules during scan
5. Click "Cleaning Engine", then check(tick) then following:
Always try to unload modules before deletion
During removal, unload Explorer and IE if necessary
Let Winodws remove files in use at next reboot
Delete quarantined objects after retoring
6. Then click "Proceed"
Now, let AdAware locate and remove anything it finds, by:
1. Click "Start".
2. Check(tick) "perform full system scan".
3. Click "Next".
Exit the program.
Download mwav.exe from MicroWorld, then:
1. Double-click the mwav.exe icon to run it (it'll self extract).
2. Click "Scan".
3. Highlight the text in the 'virus log information' pane and use the Ctrl + C keys to copy the highlighted text.
4. When it completes, post back the results from the 'Virus log information' pane.
Post back a new hijackthis log, (and the result of the MWAV scan if you have not done). How is your system performing now? Has it improved?
Rchap1
9 Posts
0
August 11th, 2005 01:00
System remains extremely slow and no improvement yet. The "JJT Scan" was a typo and I meant HJT Scan - for HiJackThis.
I already had Adaware software and ran it. I made sure it was the most updated version and a scan revealed a few items, which were removed. Still no improvement.
I did the same with Spybot Search and Destroy. Again a few items were found and removed, but still no improvement.
Ran MWAV again. For some reason, the same stuff reappears. Here's the log:
Object "MyBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MyBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "myway Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "my way speedbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\msxml3a.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\CDEngine\ACMWrapperV2.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\CDEngine\MediaPlayerV2.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\CDEngine\driversV2.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\CDEngine\CDEngine.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2002\Bin\AugatRegistry.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2002\Bin\AugatLib.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\SNDefs.dat". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}" refers to invalid object "C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}" refers to invalid object "C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}" refers to invalid object "C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1167C47F-01F9-4C08-8564-1D6C9BAAFB60}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\PATHFI~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{18DBD3E9-3E6D-4878-9AB1-82B40EA0E071}" refers to invalid object "C:\Program Files\DIGStream\Locator.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}" refers to invalid object "C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B53F360-9A1B-1069-930C-00AA0030EBC8}" refers to invalid object "C:\WINDOWS\System32\hypertrm.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E603972-CDF1-11CF-BC24-0020AF167049}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E603975-CDF1-11CF-BC24-0020AF167049}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E603978-CDF1-11CF-BC24-0020AF167049}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E60397B-CDF1-11CF-BC24-0020AF167049}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E60397E-CDF1-11CF-BC24-0020AF167049}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E60397F-CDF1-11CF-BC24-0020AF167049}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{205D2DFB-BBAD-4DC4-A0BB-CDA12A1639CE}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{224C8E61-0EA1-480B-95E3-1F08C039CA7E}" refers to invalid object "C:\WINDOWS\system32\ipbldg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{22803C10-1FD3-11D5-BE64-001083023C0D}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\g2p.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d3-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d4-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d5-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d6-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d8-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d9-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78db-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78dc-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78dd-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78de-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78df-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e0-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e1-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e2-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e3-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e4-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e5-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e6-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e7-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e8-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e9-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78ea-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78eb-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{250B0184-3052-4EFB-AAA7-24429B8C0627}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\CTABRI~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2AB5EFD4-C3AE-11CF-BC11-0020AF167049}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2BE893C7-08C0-4871-9F7F-DBC325EED545}" refers to invalid object "C:\Program Files\EA SPORTS\EA SPORTS online\EASO04Patcher.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{442D12A1-2641-11d2-90FB-006008A1F441}" refers to invalid object "a3d.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5696744A-F3BD-11D4-8A1D-001083023C0D}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5788DAE8-4B72-4BE6-89A0-1E6123E4CBC2}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\cerberus.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{639A19DD-1D97-4A6E-A0D1-01E04FED563F}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6767bce6-dab4-4236-86c6-7fa8c9d0af24}" refers to invalid object "C:\Program Files\EA SPORTS\EA SPORTS online\BrowserEngine2.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6833E5F0-F6D8-11D4-8A1F-001083023C0D}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6DA5E5A2-51C8-11D2-A5F5-0080C796E09E}" refers to invalid object ""C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2002\Bin\AugatLib.dll"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6DA5E5A5-51C8-11D2-A5F5-0080C796E09E}" refers to invalid object ""C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2002\Bin\AugatLib.dll"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6EDA439D-F7C7-11d4-8A20-001083023C0D}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{724bb6a4-e526-450f-affa-ab9b45129111}" refers to invalid object "C:\WINDOWS\System32\wmv9dmod.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{76CE1CC0-7932-11D1-9509-00A0C9925315}" refers to invalid object "C:\PROGRA~1\PCFRIE~1\main\bin\ITIVIDEO.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7BD92824-C7AF-11CF-BC19-0020AF167049}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7C9688C3-7279-474D-ABA5-A632373D2CDB}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88895560-9AA2-1069-930E-00AA0030EBC8}" refers to invalid object
Rchap1
9 Posts
0
August 11th, 2005 01:00
Logfile of HijackThis v1.99.1
Scan saved at 7:38:20 PM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\New Folder\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Rchap1
9 Posts
0
August 11th, 2005 01:00
"C:\WINDOWS\System32\hticons.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8AD37F04-510E-11D2-A5F1-0080C796E09E}" refers to invalid object ""C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2002\Bin\AugatRegistry.dll"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8AD37F06-510E-11D2-A5F1-0080C796E09E}" refers to invalid object ""C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2002\Bin\AugatRegistry.dll"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{92FA2C24-253C-11d2-90FB-006008A1F441}" refers to invalid object "a3dapi.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5}" refers to invalid object "C:\DOCUME~1\Ryan\LOCALS~1\Temp\CmdLineExt03.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9BC2D672-5719-11D2-A0E8-00A0C9DA3B35}" refers to invalid object "C:\Program Files\Citrix\ICA Client\vfmamx.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9BC2D673-5719-11D2-A0E8-00A0C9DA3B35}" refers to invalid object "C:\Program Files\Citrix\ICA Client\vfmamx.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9BC2D675-5719-11D2-A0E8-00A0C9DA3B35}" refers to invalid object "C:\Program Files\Citrix\ICA Client\vfmamx.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9BC2D676-5719-11D2-A0E8-00A0C9DA3B35}" refers to invalid object "C:\Program Files\Citrix\ICA Client\vfmamx.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A105BD70-BF56-4D10-BC91-41C88321F47C}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AED456C4-4866-4420-863F-35767EBED514}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B26F6246-4C7D-11D1-910E-00600807163F}" refers to invalid object "C:\WINDOWS\System32\XCDZIP35.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B4F80028-5714-4B7B-B9B1-5748B204799A}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c0-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c1-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c2-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c3-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c4-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c5-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c6-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c7-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c8-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{c753e185-c6ce-4f74-9178-cbba04aee20c}" refers to invalid object "C:\Program Files\EA SPORTS\Madden NFL 2004\BrowserEngine2.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D465B936-C361-4417-9AC5-35167066F84B}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{d8f1eee0-f634-11cf-8700-00a0245d918b}" refers to invalid object "a3d.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D9F99C6B-A3A6-11D4-AF64-444553546170}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DF0E9111-01DF-11D5-BA23-001083780941}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\CALPRI~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DF35A8F1-4391-4EB2-831D-01BA6C8326D4}" refers to invalid object "C:\Program Files\EA SPORTS\EA SPORTS online\2004Utils.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E36C6E70-C17C-11d2-BECE-00105AA7541B}" refers to invalid object "C:\Program Files\AvantGo Connect\malssp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E5151CBE-F61D-11D4-BA21-001083780941}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\CALPRI~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EB511AE4-87FE-4EFB-91A3-428B2F2601F7}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FD87B620-2413-11D3-BF39-00105AA7541B}" refers to invalid object "C:\PROGRA~1\AVANTG~1\AvantGo\agproxy.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}" refers to invalid object "C:\WINDOWS\System32\MSCOMCT2.OCX". Action Taken: No Action Taken.
Entry "HKCR\AdRoar.Band" refers to invalid object "{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}". Action Taken: No Action Taken.
Entry "HKCR\AdRoar.Band.1" refers to invalid object "{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\AOLCoach.TrainerOCXCtrl" refers to invalid object "{e04eae82-14ad-41cb-bf5a-45556abb8347}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\SSON.Cmpnt1" refers to invalid object "{E63F16AA-7C16-4697-826C-98B7A5092299}". Action Taken: No Action Taken.
Entry "HKCR\SSON.Cmpnt1.1" refers to invalid object "{E63F16AA-7C16-4697-826C-98B7A5092299}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
ALgal
1.2K Posts
0
August 11th, 2005 14:00
Reboot your computer, and try using different programs and make sure everything is running ok. If your still experiencing problems, post back any concerns or problems you may be having and wait for any advice before continuing with the cleanup.
Download, install and run Cleanup! from Steven Gould, then:
If everything is running ok, let's do the final cleanup...
1. Run " Disk Cleanup" and allow it to remove everything it finds. Click Start ==>Run ==> Enter "cleanmgr" without the quotes.
If you have some extra time, let's review ways to help avoid an 'infected' system both now, and in the future.
-
Change your passwords now and on a regular basis.
-
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
b. Change the Download unsigned ActiveX controls to Disable
c. Change the Initialise and script ActiveX controls not marked as safe to Disable
d. Change the Installation of desktop items to Prompt
e. Change the Launching programs and files in an IFRAME to Prompt
f. Change the Navigate sub-frames across different domains to Prompt
g. When all these settings have been made, click on the OK button.
h. If it prompts you as to whether or not you want to save the settings, press the Yes button.
-
Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti-virus programs:
Computer Safety On line - Anti-Virus - http://forum.malwareremoval.com/viewtopic.php?p=53#53
-
Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out
-
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
Computer Safety On line - Software Firewalls http://forum.malwareremoval.com/viewtopic.php?p=56#56
-
Test your firewall
You can visit the following website and test to see if your firewall is working
http://hackerwatch.org/probe
This can be useful to AOL users who do not use the AOL provided firewall and the AOL 9.0 startup screen does not detect your firewall and you wonder if your firewall is working!
-
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
-
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
Instructions for - Spybot S & D and Ad-aware http://forum.malwareremoval.com/viewtopic.php?t=13
-
Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
Instructions for - Spybot S & D and Ad-aware http://forum.malwareremoval.com/viewtopic.php?t=13
-
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
Computer Safety on line - Anti-Malware http://forum.malwareremoval.com/viewtopic.php?p=54#54
-
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
If your having any more problems, post back.
Have safe and happy surfing.