Pop-ups from AUBrowse...

Jae · 6th May 2005

Hi,

I've getting this pop-up from AUBrowse. The pop-up is a blank screen. And it happens whether I'm checking email or just browsing. Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:37:11 PM, on 5/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\StopItBlockItSystemTray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\SDMonitor.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jae Park\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/mor...on/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/mor...on/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=21940
O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SystemTraySD] C:\WINDOWS\system32\StopItBlockItSystemTray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MonitorSD] C:\WINDOWS\system32\SDMonitor.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SysW8] C:\PROGRA~1\CLEANS~1\csta.exe startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visi.../TLIEFlash.CAB
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02CBDD6F-8599-4B91-84FF-4531C5C05098}: NameServer = 207.69.188.185 207.69.188.186
O17 - HKLM\System\CS3\Services\Tcpip\..\{02CBDD6F-8599-4B91-84FF-4531C5C05098}: NameServer = 207.69.188.185 207.69.188.186
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

**noahdfear** · 7th May 2005

Your log appears to be clean. Did you ever check the properties of the popups as mentioned in your previous thread?

Jae · 9th May 2005

Hey Dave,

Yeah, I tried right clicking on the pop-up ad, but nothing happens. It doesn't occur as often as the pop-ups from instant access, in fact, sometimes I don't get any. Other times I'll get one, then I'll close the ad, then immediately I'll get another one. I run Spy-bot and other spyware detection programs and they all tell me that I'm clean. Maybe it's fairly harmless... Not sure...

J.

Jae · 11th May 2005

Okay... I did right click on the ad, but there was no option to choose properties. Just minimize, maximize, and close...

Jae · 17th May 2005

Now my computer runs very slow for some reason. It'll freeze when I run programs and/or won't respond when I close or try to open something. I have to "end task" pretty much every time I open something. It takes five minutes to dial to an internet connection etc...

**noahdfear** · 17th May 2005

Lets get a better look at things. Please download MWAV. Save it to your desktop and double click to open. Check the boxes for Memory, Registry, Startup Folders, System Folders, Services, Drive, All Local Drives and Scan All Files, then click scan. When it completes, copy the lower window labled Virus Log Information and post it here. Takes quite a long time for it to finish, so be patient.

Jae · 20th May 2005

This may sound completely idiotic, but I can't seem to copy what's in the Virus Log window. Highlight and right click, but nothing. Maybe I have to purchase the rest of the software before they let me do this... not sure.

**noahdfear** · 20th May 2005

Hmm.....just left click in the lower results window to make it the active window. Then press Ctrl+A. It should highlight everything. Then Press Ctrl+C to copy, and in a reply window here, press Ctrl+V to paste.

If the list is rather large, that may be the problem also. Often times, many of the entries will be duplicate, so it's not necessary to copy the whole window.

Jae · 22nd May 2005

Thanks for that lesson in basic computing...

Here is the MWAV Virus Log:

Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\corecomp.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\IScript\iscript.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Common\trdr3260.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Common\rpmn3260.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Common\rppr3260.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Common\rput3260.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\msxml3a.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Twunk_16.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Twunk_32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Dell Computer\Dell Picture Studio v2.0\DPAPRE4DPSPRE7\index.html". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Dell Computer\Dell Picture Studio v2.0\DPAPRE4DPSPRE8\index.html". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Dell Computer\Dell Picture Studio v2.0\DPAPRE4DPSTBY7\index.html". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Dell Computer\Dell Picture Studio v2.0\DPAPRE4DPSTBY8\index.html". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Dell Computer\Dell Picture Studio v2.0\DPASTA4DPSPRE8\index.html". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Dell Computer\Dell Picture Studio v2.0\DPASTA4DPSTBY8\index.html". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DELL\High Speed Internet Offers\Consumer\html\index.htm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\Setup.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe" . Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\IGDI.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\IsProBE.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\objectps.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\DellSupport.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\EGDACCESS_1058.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\Setup.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe" . Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\IGDI.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00014C0D-B007-4448-B89B-4EC3E857961D}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{10F34E64-BBB2-11D6-8A17-00E029570A3E}" refers to invalid object "C:\Program Files\America Online 9.0\sa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1167C47F-01F9-4C08-8564-1D6C9BAAFB60}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Pathfinder.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}" refers to invalid object "C:\Program Files\America Online 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{189504B8-50D1-4AA8-B4D6-95C8F58A6414}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\sb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B28020D-9DE7-11D4-A2D4-001083025146}" refers to invalid object "C:\Program Files\America Online 9.0\axclntbrg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{205D2DFB-BBAD-4DC4-A0BB-CDA12A1639CE}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d5-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78df-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e0-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e1-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e2-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{26D73573-F1B3-48C9-A989-E6CE071957A1}" refers to invalid object "C:\WINDOWS\system32\EGDACCESS_1057.dll". Action Taken: No Action Taken.

Jae · 22nd May 2005

Here's the 2nd half:

Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3D48B387-E74A-4651-A2ED-7FC490964319}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4634A8A8-E78E-4fed-9751-52307590D7F1}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E97BE17-3300-4A4F-B380-5988DD771F1F}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Ares.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5145942E-41DF-4658-B7C4-089F48E84A75}" refers to invalid object "C:\Program Files\America Online 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{51B21D54-F57F-4ca1-93FF-D986E9F0A388}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5788DAE8-4B72-4BE6-89A0-1E6123E4CBC2}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Cerberus.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{60A07B6D-B66C-4339-BD52-EC9520FDCE6A}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{63603526-954A-42eb-8BEB-8E4BF2F636CB}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{639A19DD-1D97-4A6E-A0D1-01E04FED563F}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{741506D7-C215-48A1-8211-4CEFF2E8FE2C}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{756A2CB8-EC02-4DC8-8588-296C611A5365}" refers to invalid object "C:\Program Files\Common Files\aolshare\Coach\Player\coachdm2.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}" refers to invalid object "C:\Program Files\America Online 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{777C89DF-5C36-11D5-ABAF-00B0D02332EB}" refers to invalid object "C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{777C8A05-5C36-11D5-ABAF-00B0D02332EB}" refers to invalid object "C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\Objps7.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{777C8A16-5C36-11D5-ABAF-00B0D02332EB}" refers to invalid object "C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7C9688C3-7279-474D-ABA5-A632373D2CDB}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{80373D03-D993-11D3-A2CE-00108335731F}" refers to invalid object "C:\Program Files\America Online 9.0\MIMEHook.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{84CBABC2-D3BE-4EEF-8394-121FAC215CEF}" refers to invalid object "C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPPIC~2.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8AB5F344-B600-11D6-8A15-00E029570A3E}" refers to invalid object "C:\Program Files\America Online 9.0\sa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8BBDA254-CE76-11D3-A2CE-00108335731F}" refers to invalid object "C:\Program Files\America Online 9.0\MIMEHook.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{943742F6-3A40-43FF-97F4-A1750D97B200}" refers to invalid object "C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPPIC~2.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{98BFD494-F6AD-4794-9038-832C0654CC43}" refers to invalid object "C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPUPF.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99720901-B635-43bd-83E6-D084A990F15A}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9DC1221E-0B36-445a-A2D1-FCA92E502834}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A105BD70-BF56-4D10-BC91-41C88321F47C}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AA7E2086-CB55-11D2-8094-00104B1F9838}" refers to invalid object "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AA7E2087-CB55-11D2-8094-00104B1F9838}" refers to invalid object "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AD41621C-A2DD-487D-A24B-8BE40116A5A3}" refers to invalid object "C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPPIC~2.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AED456C4-4866-4420-863F-35767EBED514}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B4087707-EFB7-46C0-830E-714899CCE724}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B4F80028-5714-4B7B-B9B1-5748B204799A}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}" refers to invalid object "C:\Program Files\America Online 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c4-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c5-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c6-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c7-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c8-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{c0164c20-33c8-4f60-bfd1-557e08a93f58}" refers to invalid object "C:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C28BC286-884C-4a63-8A9C-6F7F5711034F}" refers to invalid object "C:\Program Files\America Online 9.0\Media\NmpX\nmpx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C8B29238-05AD-421E-8B44-1C11C43FAE1C}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C9CD1A93-D7B4-11D2-80C5-00104B1F6CEA}" refers to invalid object "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CD34B69E-6117-4eaf-B5B4-F9FD659BF00D}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D465B936-C361-4417-9AC5-35167066F84B}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D9F99C6B-A3A6-11D4-AF64-444553546170}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}" refers to invalid object "C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPPIC~4.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E13046F7-A5DF-4574-BD7A-6DC12EC10FF5}" refers to invalid object "C:\Program Files\America Online 9.0\ebrowser.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E3852604-B619-11d6-94EC-00047521F020}" refers to invalid object "C:\Program Files\America Online 9.0\Media\NmpXChat\nmpxchat.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E7D06080-238B-11D3-80D7-00104B1F6CEA}" refers to invalid object "C:\Program Files\Common Files\InstallShield\IScript\iscript.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E981D791-F499-4837-A483-5AB22F1C548F}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E9DD2392-EF9B-4963-BEDF-F86C0A2B762A}" refers to invalid object "C:\Program Files\America Online 9.0\AMH.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EB511AE4-87FE-4EFB-91A3-428B2F2601F7}" refers to invalid object "C:\Program Files\America Online 9.0\Media\Phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ec48db94-98df-4c2f-932f-bbc28af0a316}" refers to invalid object "C:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F091791F-D50D-4ace-9D82-05C42DBB9897}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303}" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\objectps.dll". Action Taken: No Action Taken.
Entry "HKCR\CoachDM.WebCoachDownload" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\CoachDM.WebCoachDownload.1" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\COMCTL.ImageListCtrl" refers to invalid object "{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}". Action Taken: No Action Taken.
Entry "HKCR\COMCTL.ImageListCtrl.1" refers to invalid object "{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}". Action Taken: No Action Taken.
Entry "HKCR\COMCTL.ListViewCtrl" refers to invalid object "{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}". Action Taken: No Action Taken.
Entry "HKCR\COMCTL.ListViewCtrl.1" refers to invalid object "{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}". Action Taken: No Action Taken.
Entry "HKCR\COMCTL.SBarCtrl" refers to invalid object "{6B7E638F-850A-101B-AFC0-4210102A8DA7}". Action Taken: No Action Taken.
Entry "HKCR\COMCTL.SBarCtrl.1" refers to invalid object "{6B7E638F-850A-101B-AFC0-4210102A8DA7}". Action Taken: No Action Taken.
Entry "HKCR\COMCTL.Slider" refers to invalid object "{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}". Action Taken: No Action Taken.
Entry "HKCR\COMCTL.Slider.1" refers to invalid object "{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}". Action Taken: No Action Taken.
Entry "HKCR\COMCTL.TabStrip" refers to invalid object "{9ED94440-E5E8-101B-B9B5-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\COMCTL.TabStrip.1" refers to invalid object "{9ED94440-E5E8-101B-B9B5-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\COMCTL.Toolbar" refers to invalid object "{612A8624-0FB3-11CE-8747-524153480004}". Action Taken: No Action Taken.
Entry "HKCR\COMCTL.Toolbar.1" refers to invalid object "{612A8624-0FB3-11CE-8747-524153480004}". Action Taken: No Action Taken.
Entry "HKCR\MSComCtl2.Animation" refers to invalid object "{B09DE715-87C1-11D1-8BE3-0000F8754DA1}". Action Taken: No Action Taken.
Entry "HKCR\MSComCtl2.Animation.2" refers to invalid object "{B09DE715-87C1-11D1-8BE3-0000F8754DA1}". Action Taken: No Action Taken.
Entry "HKCR\MSComCtl2.DTPicker" refers to invalid object "{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}". Action Taken: No Action Taken.
Entry "HKCR\MSComCtl2.DTPicker.2" refers to invalid object "{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}". Action Taken: No Action Taken.
Entry "HKCR\MSComCtl2.FlatScrollBar" refers to invalid object "{FE38753A-44A3-11D1-B5B7-0000C09000C4}". Action Taken: No Action Taken.
Entry "HKCR\MSComCtl2.FlatScrollBar.2" refers to invalid object "{FE38753A-44A3-11D1-B5B7-0000C09000C4}". Action Taken: No Action Taken.
Entry "HKCR\MSComCtl2.MonthView" refers to invalid object "{232E456A-87C3-11D1-8BE3-0000F8754DA1}". Action Taken: No Action Taken.
Entry "HKCR\MSComCtl2.MonthView.2" refers to invalid object "{232E456A-87C3-11D1-8BE3-0000F8754DA1}". Action Taken: No Action Taken.
Entry "HKCR\MSComCtl2.UpDown" refers to invalid object "{603C7E80-87C2-11D1-8BE3-0000F8754DA1}". Action Taken: No Action Taken.
Entry "HKCR\MSComCtl2.UpDown.2" refers to invalid object "{603C7E80-87C2-11D1-8BE3-0000F8754DA1}". Action Taken: No Action Taken.
Entry "HKCR\Pugi.Reactivator" refers to invalid object "{6C31790D-1EDF-4b05-83DC-925B3A8E2318}". Action Taken: No Action Taken.
Entry "HKCR\Pugi.Reactivator.1" refers to invalid object "{6C31790D-1EDF-4b05-83DC-925B3A8E2318}". Action Taken: No Action Taken.
Entry "HKCR\TabDlg.SSTab" refers to invalid object "{BDC217C5-ED16-11CD-956C-0000C04E4C0A}". Action Taken: No Action Taken.
Entry "HKCR\TabDlg.SSTab.1" refers to invalid object "{BDC217C5-ED16-11CD-956C-0000C04E4C0A}". Action Taken: No Action Taken.
File C:\WINDOWS\system32\msclock32.dll tagged as "not-a-virus:AdWare.NaviPromo.c". Action Taken: No Action Taken.
File C:\WINDOWS\system32\msplock32.dll tagged as "not-a-virus:AdWare.NaviPromo.c". Action Taken: No Action Taken.
File C:\Program Files\Dell\Media Experience\Extension\WTGames\InstallWT.exe tagged as "not-a-virus:AdWare.WinAD". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000209.dll tagged as "not-a-virus:****-Dialer.Win32.InstantAccess". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\msclock32.dll tagged as "not-a-virus:AdWare.NaviPromo.c". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\msplock32.dll tagged as "not-a-virus:AdWare.NaviPromo.c". Action Taken: No Action Taken.

BTW, the results indicated that there were 7 viruses found, if that helps. Also, there were 157 errrors, wondering if these are things I need to correct as well...

Thanks.

**noahdfear** · 22nd May 2005

Hi Jae,

Actually only two files there that need to go.

C:\WINDOWS\SYSTEM32\msclock32.dll
C:\WINDOWS\SYSTEM32\msplock32.dll

There's one in System Restore that can be purged by toggling SR off and back on. The rest are registry entries only. Those could be cleaned out with RegSeeker.

The way I use it is to do a 'clean registry' scan, check the backup box when it finishes, select all and delete. Then check installed programs, Add/Remove Programs applet, basic Windows applications, etc, to make sure everything is still working as it should. If RegSeeker breaks something, you can replace the backup and be back where you started. If all is well, run another scan and do the same. Repeat until it comes up clean.

Let me know if the above helps.

Jae · 13th June 2005

Dave,

I followed your instructions from the last post. My computer is running just a tad bit faster than it was, but still I'm experiencing a lot of freeze-ups when I run a program, and am still having to "end task" pretty often. Here's the latest MWAV log. Will you take a look at it and tell me if there's anything I need to fix... Thanks.

Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
File C:\Program Files\Dell\Media Experience\Extension\WTGames\InstallWT.exe tagged as "not-a-virus:AdWare.WinAD". Action Taken: No Action Taken.

**noahdfear** · 14th June 2005

Use RegSeeker's 'Find in registry feature to search for this string.

88E729D6-BDC1-11D1-BD2A-00C04FB9603F

You should find an entry in HKCR\CLSID. Delete it!

Open My Computer and right click Local Disk C:, then choose properties. If Indexing is checked, uncheck it and click apply. Apply to all folders and sub-folders. Then click tools and defragment the drive.

If this is a stand-alone computer (not networked), click Tools on any Windows Explorer menu, then Folder Options. Click the view tab and uncheck 'Automatically search for network folders and printers'. Click OK to close the window.

Reboot and let us know if it's acting any better.

Leanna · 24th June 2005

Dear Dave,
I have the same problem as Jae. I found this discussion you are having with him on a Google search. This AUBrowse pop-up is driving me nuts. I comes on every day at about 2:00. I can not tell what it is doing, if anything. A friend told me to get HijackThis, but I have no idea how to read the log. I see that you started this thread with Jae's HJT log.

Could you please help me too?
Thank you in advance,
Leanna

**noahdfear** · 25th June 2005

Welcome to WindowsBBS Leanna!

I would be more than happy to 'try' to help with those popups. Please read the Welcome sticky at the top of this forum, follow the suggestions there for running Ad-aware, Spybot and an online virus scan if you haven't already, then download HijackThis and post a log.

Just so you know, I will be moving this to a new topic of it's own named AUBrowse popups once you post a log.