Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Majic Mushroom

Pages: [1]
1
Tech Clinic / Desktop Jacked
« on: May 31, 2005, 12:48:18 AM »
Well thank you Cretemonster. After doing what you've said It appears that i have momentarly recovered my real desktop. However the Stupid Spy Sheriff Program, the cause of this desktop.Html hijack,always installs itself on my cpu no matter how many times I uninstall it.
heres the HJT log:

Logfile of HijackThis v1.99.0
Scan saved at 10:44:27 PM, on 5/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\GhostSurf 2005\DeleteSatellite.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Windows\Creator\Remind_XP.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Atmmqdk\Whcpqki.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\GhostSurf 2005\DeleteSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\Gaming\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2005\SCActiveBlock.dll
O2 - BHO: (no name) - {2509336E-A90F-3345-5E04-5BEEC7962994} - (no file)
O2 - BHO: (no name) - {E32BF672-6423-A618-5F46-6534984AD748} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2005\DeleteSatellite.exe"
O4 - HKLM\..\Run: [GhostSurf Reminder] "C:\Program Files\GhostSurf 2005\Privacy Control Center.exe" reminder
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [xhrmy] C:\WINDOWS\Xhrmy.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [sljmabyv] C:\WINDOWS\System32\sljmabyv.exe
O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Kzewlrf] C:\Program Files\Atmmqdk\Whcpqki.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [I/O Controllers] svcnet.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DllCacher] C:\WINDOWS\System32\dllcache.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2005\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: AutoTBar.exe
O4 - Startup: Organize.lnk = ?
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: winlogin.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - AppInit_DLLs: j7ow4kwxkfceg1l.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.
dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.
d
ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Tenebril antispyware satellite - Tenebril Inc. - C:\Program Files\GhostSurf 2005\DeleteSvc.exe
O23 - Service: gyotoegnnkkl - Unknown - C:\WINDOWS\System32\dtxptyex5.exe

2
Tech Clinic / Desktop Jacked
« on: May 28, 2005, 07:22:10 PM »
Well I finally got a program to clean my cpu up and everything. Yet just today I was searching online and My internet shutdown and my desktop changed to this ugly Bright Blue backround with a message in the middle that says:
"System Stopped
System has been stopped due to a serious malfunction.
Spyware activity has been detected.
It is recommended to use spyware removal tool to prevent data loss.
Do not use the computer before all spyware removed."

Also whenever I turn on my CPU this annoying Program called SPY Sheriff Loads and starts to scan my CPU despite the fact that I've already uninstalled and deleted it.

Heres a Hijack this Log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\mwavscan.com
C:\DOCUME~1\Owner\LOCALS~1\Temp\kavss.exe
C:\Documents and Settings\Owner\Desktop\Gaming\HijackThis.exe

R3 - Default URLSearchHook is missing
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2005\SCActiveBlock.dll
O2 - BHO: (no name) - {2509336E-A90F-3345-5E04-5BEEC7962994} - (no file)
O2 - BHO: (no name) - {E32BF672-6423-A618-5F46-6534984AD748} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2005\DeleteSatellite.exe"
O4 - HKLM\..\Run: [GhostSurf Reminder] "C:\Program Files\GhostSurf 2005\Privacy Control Center.exe" reminder
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2005\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [aw5nRfGEU] ir4cm32.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O20 - AppInit_DLLs: j7ow4kwxkfceg1l.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.
dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.
d
ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O21 - SSODL: System - {B4E841EB-24E6-404C-AF0E-B544B655B9A8} - vr_sys.dll (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Tenebril antispyware satellite - Tenebril Inc. - C:\Program Files\GhostSurf 2005\DeleteSvc.exe


And heres a MicroWorld AntiVirus Log:

File C:\WINDOWS\System32\j7ow4kwxkfceg1l.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
.
dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.
d
ll infected by "Trojan.Win32.Krepper.ae" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System\svchost.dll infected by "Trojan-Proxy.Win32.Agent.ex" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\j7ow4kwxkfceg1l.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
.
dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.
d
ll infected by "Trojan.Win32.Krepper.ae" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\drivers\hgnykfzy.sys infected by "Trojan.Win32.Agent.aw" Virus! Action Taken: No Action Taken.
Object "BroadcastPC Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "CoolWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "DyFuCA Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Quicken Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xhrmy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\HP\Digital Imaging\hpis\temp\Install.wse.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\HP\Digital Imaging\hpis\temp\config.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\HP\Digital Imaging\hpis\temp\templates.zip". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\msxml3a.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\RedHawke\ORD Mandell\RH-ORDMandellReadme.txt". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ipreg32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0514B040-84EA-11D0-A8BF-00A0C9008A48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B56A7D7D-6927-48C8-A975-17DF180C71AC}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BFFFD262-7705-11D0-B5DC-444553540000}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5665-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA566B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5671-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5677-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA567D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5683-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5689-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA568F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5695-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA569B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56A1-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56A7-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56AD-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56B3-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56B9-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56BF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56C5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56CB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56D1-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56D7-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56DD-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56E3-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56E9-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56EF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56F5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56FB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5701-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5707-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA570D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5713-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA571F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA572B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5731-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5737-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA573D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5749-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA574F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5755-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA575B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5767-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5791-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA57DF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA57E5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA57EB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\BackWeb.ClientExt.1" refers to invalid object "{02EB961B-BB6D-44b6-B5F6-BC6D1506EF2F}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\DAIE.DownloadAcceleratorIE" refers to invalid object "{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}". Action Taken: No Action Taken.
Entry "HKCR\DAIE.DownloadAcceleratorIE.1" refers to invalid object "{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
Entry "HKCR\ImageReady.Application.1" refers to invalid object "{52F2F130-2BC5-11D2-8FB7-000000000000}". Action Taken: No Action Taken.
Entry "HKCR\JavaPlugin" refers to invalid object "{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}". Action Taken: No Action Taken.
Entry "HKCR\JavaPlugin.142" refers to invalid object "{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Popup.Pop" refers to invalid object "{A9AEE0DD-89E1-40EE-8749-A18650CC2175}". Action Taken: No Action Taken.
Entry "HKCR\Popup.Pop.1" refers to invalid object "{A9AEE0DD-89E1-40EE-8749-A18650CC2175}". Action Taken: No Action Taken.
Entry "HKCR\RealDownloadExpress.IE" refers to invalid object "{56336BCB-3D8A-11d6-A00B-0050DA18DE71}". Action Taken: No Action Taken.
Entry "HKCR\RealDownloadExpress.IE.1" refers to invalid object "{56336BCB-3D8A-11d6-A00B-0050DA18DE71}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.
Entry "HKCR\SWCtl.SWCtl" refers to invalid object "{166B1BCA-3F9C-11CF-8075-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\SWCtl.SWCtl.1" refers to invalid object "{166B1BCA-3F9C-11CF-8075-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\SWCtl.SWCtl.7" refers to invalid object "{166B1BCA-3F9C-11CF-8075-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\SWCtl.SWCtl.8" refers to invalid object "{166B1BCA-3F9C-11CF-8075-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\SWCtl.SWCtl.8.5" refers to invalid object "{166B1BCA-3F9C-11CF-8075-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\SWCtl.SWCtl.8.5.1" refers to invalid object "{166B1BCA-3F9C-11CF-8075-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\WINDOWS\HLInstaller3.exe tagged as "not-a-virus:AdWare.MDH.a". Action Taken: No Action Taken.
File C:\WINDOWS\zona02.exe infected by "Trojan.Win32.Regger.j" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\3vsgf6i3jfv9.dll infected by "Trojan-Downloader.Win32.Small.rr" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\abc.exe infected by "Trojan-PSW.Win32.LdPinch.os" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\cp.exe infected by "Trojan-Downloader.Win32.Agent.ic" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\sysdebug32.exe infected by "Trojan-Clicker.Win32.VB.dn" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\tcposmod.exe infected by "Backdoor.Win32.DSSdoor.b" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\vxgamet1.exe infected by "Trojan-Downloader.Win32.Small.aqt" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\6QJJ947V\AproposClientInstaller[1].exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\6QJJ947V\package_adp_SIAC[1].exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\6QJJ947V\page1[1].htm infected by "Trojan-Downloader.JS.Psyme.an" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\6QJJ947V\prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.k" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\6QJJ947V\prompt[2].php infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\6QJJ947V\vxxv[2].php infected by "Trojan-Clicker.JS.Linker.j" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\87YVQW46\optimize313[1].exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\87YVQW46\web[4].htm infected by "Trojan-Downloader.VBS.Psyme.ap" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\87YVQW46\win32[1].exe infected by "Trojan-Downloader.Win32.Small.agq" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\JRYOMRMP\prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\JRYOMRMP\web[1].htm infected by "Trojan-Downloader.VBS.Small.p" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\JRYOMRMP\web[2].htm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\PHW6JAFY\abc[1].exe infected by "Trojan-PSW.Win32.LdPinch.os" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\PHW6JAFY\counter[1].htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\PHW6JAFY\index[18].htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\PHW6JAFY\tct101[1].dll infected by "Trojan-Downloader.Win32.Dyfuca.eg" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\PHW6JAFY\ysb_prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\PHW6JAFY\z[1].exe infected by "Trojan.Win32.WebSearch.j" Virus! Action Taken: No Action Taken.

Please help thanks

Pages: [1]