Need to reinstall IE [HijackThis log]

Need to reinstall IE

I would like to reinstall IE and wondered if there is anything I should save before I do so. I suddenly have picked up a virus and I continually am getting pop ups, etc. I am using SpyBot on a regular basis to rid many of the pop ups. But naturally with the virus there, the pop ups will continue. I also use the registry to delete from there. I am assuming that by reinstalling IE this will help with my problem. I am using Win98.
Any suggestions.
Thanks Claire

 

Hello Claire,
No, first clean out the virus, then later if the virus did any damage to system files, IE can be reinstalled if need be.

Follow the directions in this sticky thread http://www.windowsbbs.com/showthread.php?t=37074

1st use the on-line scans and then follow the directions for posting the HijackThis log.

Regards - Charles

 

As Charles said, removing IE from an infected machine will give you an infected machine without IE.

Spybot does a nice job with lots of spyware. Add Ad-aware and the Microsoft Anti-spyware and you will take care of almost all the spyware you might run across.

However, none of them are designed to deal with a virus and none of them do. You need specific anti-virus software to do that. Are you using any?

 

latest on popups

Well here is the logfile from HiJack. Prior to this I was running Wal-Mart Connect which uses IE as its browser. All popups come up with Site name and IE in the page. The popups are showing on the screen as well as the address in the lower bar which I usually click on and close so I can get it off the screen. Most of the time they come up on the screen whatever site I might be accessing at the time.
One particular one is Miami Real Estate which takes up the entire screen. Then I do a ctrl-alt-delete and have to click on Miami Real Estate and end task to get back to where I was.
Somtimes there can be 3 or 4 popups at a time that just keep a-coming up.
I have run Spybot, Ad-aware and Hijack as of now 5-12 2:45p.m.
****************************************************

Logfile of HijackThis v1.99.1
Scan saved at 2:32:37 PM, on 5/12/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\COMMON FILES\SOFT602\PDFSAVER.EXE
C:\WINDOWS\XHRMY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\PROGRAM FILES\LEXMARK\PHOTO CARD READER\LXBLKSK.EXE
C:\WINDOWS\SYSTEM\WINUPDT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\PRKRNA.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\ALL USERS\APPLICATION DATA\MSW\BMAN1.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE
C:\WINDOWS\SYSTEM\ELITEXIJ32.EXE
C:\WINDOWS\SYSTEM\PS1.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\ALL USERS\APPLICATION DATA\MSW\BMAN.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\PWERUF.EXE
C:\WINDOWS\SYSTEM\DEIFPI.EXE
C:\WINDOWS\ALL USERS\START MENU\PROGRAMS\STARTUP\YACSMON.EXE
C:\WINDOWS\SYSTEM\DEIFPI.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES1.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\NEW-EXE\BLOCK-ADS\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.angelfire.com/ms2/xstlion/MYOPERAHOTLISTSEPT04.HTML
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR51.DLL
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe "
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe "
O4 - HKLM\..\Run: [STOPzilla] "C:\NEW-EXE\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [xhrmy] C:\WINDOWS\Xhrmy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe "
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\LEXMARK\PHOTOC~1\LXBLKsk.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdt.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\prkrna.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\CFGMGR51.DLL,DllRun
O4 - HKLM\..\Run: [BMan] C:\WINDOWS\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe "
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [checkrun] C:\WINDOWS\SYSTEM\ELITEXIJ32.EXE
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\SYSTEM\ps1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\PWERUF.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\JULOBS.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [DEIFPI] C:\WINDOWS\SYSTEM\DEIFPI.exe
O4 - HKCU\..\RunOnce: [DEIFPI] C:\WINDOWS\SYSTEM\DEIFPI.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: kdid.exe
O4 - Global Startup: YacsMon.exe
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Blink - {DB02A810-984C-11d3-84DC-006008593AC7} - C:\WINDOWS\SYSTEM\BLINKNAV.DLL
O9 - Extra button: MaxManager - {34490430-8ADB-11d3-9A5E-005004D2F1FC} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: &MaxManager - {34490430-8ADB-11d3-9A5E-005004D2F1FC} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mng: c:\progra~1\intern~1\PLUGINS\NpHcd32.dll
O12 - Plugin for .hlq: C:\PROGRA~1\INTERN~1\PLUGINS\nphcd32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {4E7BD74F-2B8D-469E-A3FA-F363B384B77D} (MapQuest) - http://cdn.mapquest.com/mqtoolbar/mqgold1.cab
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\SYSTEM\LMF32V.DLL

 

Hi Claire,

Ok, great.

FYI, this thread will be moved to the virus removal section by one of the Mods and analyzed there.

Were there any results from the on-line scans?

Regards - Charles

 

Using Ad-Aware the program showed 570 critical objects. I proceeded as recommended so I assume this should have taken care of some of the problems. Hopefully the folks at the other forum can recommend something from the Hijack results.
Thanks again for your efforts. Claire

 

Charles
Just wondered if you could check to see if anyone has looked at my results from Hijack. I have not heard a word from anyone.
Now I am getting something else before I even go on the internet.
There are two illegal operations: one at Wintask and the other says Exp. What could this be referring to?
As far as the popups, even if I am not on the internet, like playing a game offline, I am getting a flash up in the left hand corner of the screen as tho it was trying to do a popup. It does let me continue with the game. Could this have anything to do with the illegal operations I mentioned above.
Looks like I am getting problems galore and possibly spreading.
Claire

 

Hi Claire,

Run the on-line scans linked to from here: http://www.windowsbbs.com/links.php and post the results. Also run another HJT log please to see the results of the Ad-Aware run.

Regards - Charles

 

Here is the Hijack log as of today.
At Ad-aware it showed Get Miraar as malware. It showed it being in many of the registry areas. There were 80 critical obj. which were quarantined which is a total now of 826 since I started this.
So some of this is being eliminated.
Claire
__________------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:31:03 PM, on 5/16/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\LXBYPPLS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\COMMON FILES\SOFT602\PDFSAVER.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\WINDOWS\SYSTEM\WINUPDT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\PRKRNA.EXE
C:\WINDOWS\ALL USERS\APPLICATION DATA\MSW\BMAN1.EXE
C:\WINDOWS\SYSTEM\ELITEXIJ32.EXE
C:\WINDOWS\SYSTEM\PS1.EXE
C:\WINDOWS\ALL USERS\APPLICATION DATA\MSW\BMAN.EXE
C:\WINDOWS\SYSTEM\PWERUF.EXE
C:\WINDOWS\SYSTEM\JULOBS.EXE
C:\WINDOWS\SYSTEM\DXDCAN.EXE
C:\WINDOWS\ALL USERS\START MENU\PROGRAMS\STARTUP\YACSMON.EXE
C:\WINDOWS\SYSTEM\DXDCAN.EXE
C:\NEW-EXE\BLOCK-ADS\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.angelfire.com/ms2/xstlion/MYOPERAHOTLISTSEPT04.HTML
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F1 - win.ini: run=lxbyppls.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR51.DLL
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe "
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe "
O4 - HKLM\..\Run: [STOPzilla] "C:\NEW-EXE\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe "
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdt.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\prkrna.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\CFGMGR51.DLL,DllRun
O4 - HKLM\..\Run: [BMan] C:\WINDOWS\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe "
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [checkrun] C:\WINDOWS\SYSTEM\ELITEXIJ32.EXE
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\SYSTEM\ps1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\PWERUF.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\JULOBS.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [ErrorGuard] C:\NEW-EXE\ERRORGUARD\ERRORGUARD.Exe
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\PROGRAM FILES\WEIRDONTHEWEB\WEIRDONTHEWEB.EXE "
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [DXDCAN] C:\WINDOWS\SYSTEM\DXDCAN.exe
O4 - HKCU\..\RunOnce: [DXDCAN] C:\WINDOWS\SYSTEM\DXDCAN.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: kdid.exe
O4 - Global Startup: YacsMon.exe
O9 - Extra button: Blink - {DB02A810-984C-11d3-84DC-006008593AC7} - C:\WINDOWS\SYSTEM\BLINKNAV.DLL
O9 - Extra button: MaxManager - {34490430-8ADB-11d3-9A5E-005004D2F1FC} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: &MaxManager - {34490430-8ADB-11d3-9A5E-005004D2F1FC} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mng: c:\progra~1\intern~1\PLUGINS\NpHcd32.dll
O12 - Plugin for .hlq: C:\PROGRA~1\INTERN~1\PLUGINS\nphcd32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {4E7BD74F-2B8D-469E-A3FA-F363B384B77D} (MapQuest) - http://cdn.mapquest.com/mqtoolbar/mqgold1.cab

 

You should print this out or save it to text where you can access it in safe mode.

Copy the contents of the quote box below to a blank notepad.
Close it, saving to your desktop as:

File name: delfiles.bat
Save As Type: All Files

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

F1 - win.ini: run=lxbyppls.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR51.DLL
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdt.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\prkrna.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\CFGMGR51.DLL,DllRun
O4 - HKLM\..\Run: [BMan] C:\WINDOWS\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe "
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [checkrun] C:\WINDOWS\SYSTEM\ELITEXIJ32.EXE
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\SYSTEM\ps1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\PWERUF.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\JULOBS.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [ErrorGuard] C:\NEW-EXE\ERRORGUARD\ERRORGUARD.Exe
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\PROGRAM FILES\WEIRDONTHEWEB\WEIRDONTHEWEB.EXE "
O4 - HKCU\..\Run: [DXDCAN] C:\WINDOWS\SYSTEM\DXDCAN.exe
O4 - HKCU\..\RunOnce: [DXDCAN] C:\WINDOWS\SYSTEM\DXDCAN.exe
O4 - Startup: kdid.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4...23/cpbrkpie.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.8.cab

Either reboot and repeatedly tap F8 to enable the start menu and select safe mode, or go to start>run and type msconfig, hit enter. On the General tab click the advanced button. Check the box to 'enable start menu' and OK out. Restart and choose safe mode. Logon to your user account.

Double click the delfiles.bat file to run it.

Configure Windows Explorer to show hidden files and folders.

Search for and delete all of the files and folders in red above if present.
Open C:\Temp (if present), select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Windows\Applog, select all and delete.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content.
Open My Computer and right click Local Disk C:, then choose disk cleanup. Check all boxes and click OK.

If you used msconfig, uncheck the box to 'enable start menu' and click ok to reboot. Upon reboot you will be greeted with a message window from the System Configuration Utility. Check the box not to use and don't show, then click OK. If you used F8, just reboot back into Windows.

Check for updates to Ad-aware and run in full scan mode. Remove all it finds.

Reboot.

Scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.

Run another HijackThis scan and post the log.

 

I did as noted in above message until I got to Scan your post with RAV at which time I got message:
Current security settings prohibit running ActiveX controls on this page. Failed to load ActiveX control.
So I went on and ran HijackThis scan again and here is the log.

***************************************
Logfile of HijackThis v1.99.1
Scan saved at 12:54:29 PM, on 5/17/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LXBYPPLS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\COMMON FILES\SOFT602\PDFSAVER.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\BVJKENC.EXE
C:\WINDOWS\ALL USERS\START MENU\PROGRAMS\STARTUP\YACSMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\NEW-EXE\BLOCK-ADS\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.angelfire.com/ms2/xstlion/MYOPERAHOTLISTSEPT04.HTML
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F1 - win.ini: run=lxbyppls.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe "
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe "
O4 - HKLM\..\Run: [STOPzilla] "C:\NEW-EXE\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe "
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [Sysnet] C:\WINDOWS\snuninst.exe
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\WINUP2DATE.DLL,SHStart
O4 - HKLM\..\Run: [BVJKENC] C:\WINDOWS\BVJKENC.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [DXDCAN] C:\WINDOWS\SYSTEM\DXDCAN.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: YacsMon.exe
O9 - Extra button: Blink - {DB02A810-984C-11d3-84DC-006008593AC7} - C:\WINDOWS\SYSTEM\BLINKNAV.DLL
O9 - Extra button: MaxManager - {34490430-8ADB-11d3-9A5E-005004D2F1FC} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: &MaxManager - {34490430-8ADB-11d3-9A5E-005004D2F1FC} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mng: c:\progra~1\intern~1\PLUGINS\NpHcd32.dll
O12 - Plugin for .hlq: C:\PROGRA~1\INTERN~1\PLUGINS\nphcd32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4E7BD74F-2B8D-469E-A3FA-F363B384B77D} (MapQuest) - http://cdn.mapquest.com/mqtoolbar/mqgold1.cab

 

Delete the last delfiles.bat you created and create another one with the information from the quote box below.

Reboot to safe mode and run the batch file.

Scan again with HijackThis and fix the following entries.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
F1 - win.ini: run=lxbyppls.exe
O4 - HKLM\..\Run: [Sysnet] C:\WINDOWS\snuninst.exe
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\WINUP2DATE.DLL,SHStart
O4 - HKLM\..\Run: [BVJKENC] C:\WINDOWS\BVJKENC.EXE
O4 - HKCU\..\Run: [DXDCAN] C:\WINDOWS\SYSTEM\DXDCAN.exe

Reboot back into Windows.

Please download MWAV. Save it to your desktop and double click to open. Check the boxes for Memory, Registry, Startup Folders, System Folders, Services, Drive, All Local Drives and Scan All Files, then click scan. When it completes, copy the lower window labled Virus Log Information and post it here. Takes quite a long time for it to finish, so be patient.

Please post a new HijackThis log also.

 

Just completed tasks based on your previous message.
Here is the Hijackthis log which was completed AFTER MWAV scan.
--------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:39:34 PM, on 5/18/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\COMMON FILES\SOFT602\PDFSAVER.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\WINDOWS\ALL USERS\START MENU\PROGRAMS\STARTUP\YACSMON.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\NEW-EXE\BLOCK-ADS\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.angelfire.com/ms2/xstlion/MYOPERAHOTLISTSEPT04.HTML
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe "
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe "
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: YacsMon.exe
O9 - Extra button: Blink - {DB02A810-984C-11d3-84DC-006008593AC7} - C:\WINDOWS\SYSTEM\BLINKNAV.DLL
O9 - Extra button: MaxManager - {34490430-8ADB-11d3-9A5E-005004D2F1FC} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: &MaxManager - {34490430-8ADB-11d3-9A5E-005004D2F1FC} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4E7BD74F-2B8D-469E-A3FA-F363B384B77D} (MapQuest) - http://cdn.mapquest.com/mqtoolbar/mqgold1.cab

-----------------------------------------------
Now here is the Virus Log Information from MWAV(quite long)
This is part 1 of the log:

Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ElitebarBHO Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "DealHelper Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Quicken Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xhrmy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "EliteBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Prutect Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AdRotator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\cpbrkpie.ocx ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\SONYCD~1.DLL ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\ERICDA~1.DLL ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\ERICFO~1.DLL ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\NOKIAG~1.DLL ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\NOKIAH~1.DLL ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\NOKIAT~1.DLL ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\NULLFO~1.DLL ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\SMARTL~1.DLL ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\07_07F~1.DLL ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\SAMCDM~1.DLL ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\CDMA1F~1.DLL ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\MITSUB~1.DLL ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Fonts\Taxlinet.ttf ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\BACKUP.EXE ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\ENG.MIF ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\ENG.MLK ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\ENG.LHS ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\ENG.LFI ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton\BTNMED_D.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton\BTNMED_N.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton\BTNMED_R.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton\BTNMED_X.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton\BTNNEW_D.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton\BTNNEW_N.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton\BTNNEW_R.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton\BTNNEW_X.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton_blue\BTNMED_D.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton_blue\BTNMED_N.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton_blue\BTNMED_R.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton_blue\BTNMED_X.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton_blue\BTNNEW_D.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton_blue\BTNNEW_N.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton_blue\BTNNEW_R.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton_blue\BTNNEW_X.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton_blue\LIST_N.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\oyButton_blue\LIST_X.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\ConsumerImaging\Res\UI\IOMEGAAD.JPG ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\Media Browser\TBROWSER.DLL ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\PHOTOS~1.APL ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\Importers\TWAIN_32.8BA ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\BMP8B.8BI ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\GIF8B.8BI ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\PHOTOS~1.8BI ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\PNG8B.8BI ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\TIFF.8BI ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\WMFFOR~1.8BI ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object " ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UTS01\Tc_ascii.ttf ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UTS01\Taxlinet.ttf ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UTS01\Taxlinet.fon ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UTS01\Invoice.dat ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UTS01\password.01 ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Polaroid\PhotoMAX SE\Digital 320\DSCDRV~1.DLL ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Polaroid\PhotoMAX SE\Digital 320\320POPUP.RTF ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Polaroid\PhotoMAX SE\Digital 320\POLARO~1.EXE ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\FirstNoel.scr ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\FirstNoel.hlp ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\cpbrkpie.ocx ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\AOL\Flasha.ocx ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\auth3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\basc3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\http3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\memf3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\meta3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\ntau3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\plus3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\rmff3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\rn5a3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\rupf3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\rupr3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\sdpp3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\smlf3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\smlr3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\smmr3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\smpl3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Common\pnen3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common

 

Continued---part 2 from the Mwav scan
Files\Real\Plugins\ExtResources\core3260.xrs ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\pnxr3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Update\setu3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Update\nddeserv.exe ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Update\rnqu3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Update\rnuninst.exe ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Update\rpup3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Update\upgr3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Update\upgrdhlp.exe ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Common\pnrs3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Common\pngu3266.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Common\rner3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Common\rpcl3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Common\rpmn3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Common\rppr3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Common\rput3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\rare3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Codecs\cokr3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Codecs\cook3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Codecs\ddnt3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Codecs\dnet3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Codecs\dspr3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Codecs\sipr3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\rvre3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Codecs\drv13260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Codecs\drv23260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Codecs\drv33260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Codecs\rnco3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Codecs\rv103260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Codecs\rv203260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Codecs\rv303260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\swff3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\swfr3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Common\embd3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\rtff3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\rtre3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\pxcg3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\pxcj3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\pxcp3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\pxff3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\pxre3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\pxgf3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\pxgr3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\ppff3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\audp3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\vidp3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\Dbc_hbrf.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\Dbc_hbrr.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\pxjf3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\pxjr3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\mp3f3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\mp3r3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\mp3m3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Update\rnat3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\pxpf3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Plugins\pxpr3260.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Common\rjbviz.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Visualizations\Annabelle.rpv ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Visualizations\CosmicBelt.rpv ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Visualizations\Fire.rpv ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Visualizations\FreqBands.rpv ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\Visualizations\Nebula.rpv ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Microsoft Works\WKSv7std.sbs ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UTS02\Taxlinet.ttf ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UTS02\Tc_ascii.ttf ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UTS02\Taxlinet.fon ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UTS02\u2ltw.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UTS02\Riched20.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UTS02\gdiprn32.dll ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UTS02\C4DLL.DLL ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UTS02\password.02 ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UTS02\Invoice.dat ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UTS02\sstorage.02 ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UTS02\swflash.inf ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe ". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2342DB04-08CE-4CF6-976D-BD9EFA960EFB}" refers to invalid object "C:\SYSFWB\6937172824\IEFWBAR.DLL ". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC}" refers to invalid object "C:\SYSFWB\6937172824\IEFWBAR.DLL ". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF}" refers to invalid object "C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll ". Action Taken: No Action Taken.

 

Continued----Part 3 from scan(the end)
File C:\WINDOWS\ribbon_wave_animated.exe tagged as "not-a-virus:AdWare.IGetNet ". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall5_64.exe tagged as "not-a-virus:AdWare.NewDotNet ". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_10.exe tagged as "not-a-virus:AdWare.NewDotNet ". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_22.exe tagged as "not-a-virus:AdWare.NewDotNet ". Action Taken: No Action Taken.
File C:\WINDOWS\iupldaifnhv.exe infected by "Backdoor.Win32.Agobot.ro" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.NewDotNet ". Action Taken: No Action Taken.
File C:\WINDOWS\aqkqv.dat infected by "Trojan-Downloader.Win32.Qoologic.l" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\iprpgei.dll infected by "Trojan-Downloader.Win32.Qoologic.l" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\ncmcoxn.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\knuna.dll infected by "Trojan-Downloader.Win32.Qoologic.l" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Helper101.dll infected by "Trojan-Clicker.Win32.Delf.r" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\cfgmgr51.dll tagged as "not-a-virus:AdWare.BookedSpace.e ". Action Taken: No Action Taken.
File C:\WINDOWS\zeta.exe tagged as "not-a-virus:AdWare.BargainBuddy.n ". Action Taken: No Action Taken.
File C:\WINDOWS\lmsgegfk.exe tagged as "not-a-virus:AdWare.BookedSpace.e ". Action Taken: No Action Taken.
File C:\WINDOWS\autoheal.exe tagged as "not-a-virus:AdWare.BargainBuddy.n ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\nsv12.dll tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.e ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\dist001.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\N0.exe infected by "Trojan-Downloader.Win32.Small.rg" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\HLInstaller1.exe tagged as "not-a-virus:AdWare.MDH.a ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\InstaFinder_inst.exe tagged as "not-a-virus:AdWare.InstaFinder.a ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\HyperLinker1.exe tagged as "not-a-virus:AdWare.MDH.a ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\GSM3-0511.exe infected by "Trojan.Win32.Registrator.b" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\wmconfig.cpl infected by "Trojan-Dropper.Win32.Small.wc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\elitezpz32.exe infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\temperror32.dat infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\skytown.exe infected by "Trojan-Spy.Win32.VB.eh" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\rpcper.exe infected by "Trojan-Spy.Win32.VB.eh" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\MQEXDLM.SRG tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\javexulm.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\deifpi.exe infected by "Trojan-Spy.Win32.VB.eh" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\exdl2.exe tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\exdl1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\angelex.exe tagged as "not-a-virus:AdWare.BargainBuddy.n ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\SYSTEM\main.exe infected by "Trojan-Downloader.Win32.Agent.hw" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\javex80.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\psis80ex.ax tagged as "not-a-virus:AdWare.BargainBuddy.l ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\exp.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\netut80ex.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\exul1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\wintask.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\SahAgent.exe tagged as "not-a-virus:AdWare.ShopAtHome.b ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\SahHtml.exe tagged as "not-a-virus:AdWare.Sahat.i ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\installer_MARKETING18.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\wrapperouter.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\exdl3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\mac80ex.idf tagged as "not-a-virus:AdWare.BargainBuddy.n ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\exul3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\bs51-eginwl51-vb.exe tagged as "not-a-virus:AdWare.BookedSpace.e ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\dun.exe tagged as "not-a-virus:AdWare.DealHelper.x ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\thin-138-1-x-x.exe tagged as "not-a-virus:AdWare.BetterInternet ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\HookPopup.dll tagged as "not-a-virus:AdWare.DealHelper.ab ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\EDow_AS2.exe tagged as "not-a-virus:AdWare.Wintol.ab ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\cxtpls_loader.exe infected by "Trojan-Downloader.Win32.Apropo.ab" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\246765-ventura-hot.exe tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.e ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\exul2.exe tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\nsv12.dll tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.e ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\dist001.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\N0.exe infected by "Trojan-Downloader.Win32.Small.rg" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\HLInstaller1.exe tagged as "not-a-virus:AdWare.MDH.a ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\InstaFinder_inst.exe tagged as "not-a-virus:AdWare.InstaFinder.a ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\HyperLinker1.exe tagged as "not-a-virus:AdWare.MDH.a ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\GSM3-0511.exe infected by "Trojan.Win32.Registrator.b" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\Cache\installer_MARKETING17.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\Cache\dist006.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\Cache\AUNIcons.exe infected by "Trojan-Downloader.Win32.Agent.jq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\Cache\cxtpls_loader.exe infected by "Trojan-Downloader.Win32.Apropo.ab" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\Cache\wrapperouter.exe tagged as "not-a-virus:AdWare.VirtualBouncer.c ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\Cache\adl_ibis_AS2.exe tagged as "not-a-virus:AdWare.Wintol.ab ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\Cache\WebRebates_Auto_InstallSilent.exe tagged as "not-a-virus:AdWare.WebRebates.g ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\Cache\installer.exe infected by "Trojan-Dropper.Win32.Small.wc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\Cache\HelperInstall.exe infected by "Trojan-Dropper.Win32.Delf.z" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\Cache\bs51-egihsg51-va.exe tagged as "not-a-virus:AdWare.BookedSpace.e ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\Cache\pi1_51.exe infected by "Trojan-Downloader.Win32.Small.afq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\Cache\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\Cache\thin-138-1-3-x.exe tagged as "not-a-virus:AdWare.BetterInternet ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\Cache\thin-144-1-x-x.exe tagged as "not-a-virus:AdWare.BetterInternet ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\wmconfig.cpl infected by "Trojan-Dropper.Win32.Small.wc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\elitezpz32.exe infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\temperror32.dat infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\skytown.exe infected by "Trojan-Spy.Win32.VB.eh" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\rpcper.exe infected by "Trojan-Spy.Win32.VB.eh" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\MQEXDLM.SRG tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\javexulm.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\deifpi.exe infected by "Trojan-Spy.Win32.VB.eh" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\exdl2.exe tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\exdl1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\angelex.exe tagged as "not-a-virus:AdWare.BargainBuddy.n ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\SYSTEM\main.exe infected by "Trojan-Downloader.Win32.Agent.hw" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\javex80.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\psis80ex.ax tagged as "not-a-virus:AdWare.BargainBuddy.l ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\exp.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\netut80ex.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\exul1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\wintask.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\SahAgent.exe tagged as "not-a-virus:AdWare.ShopAtHome.b ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\SahHtml.exe tagged as "not-a-virus:AdWare.Sahat.i ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\installer_MARKETING18.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\wrapperouter.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\exdl3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\mac80ex.idf tagged as "not-a-virus:AdWare.BargainBuddy.n ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\exul3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\bs51-eginwl51-vb.exe tagged as "not-a-virus:AdWare.BookedSpace.e ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\dun.exe tagged as "not-a-virus:AdWare.DealHelper.x ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\thin-138-1-x-x.exe tagged as "not-a-virus:AdWare.BetterInternet ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\HookPopup.dll tagged as "not-a-virus:AdWare.DealHelper.ab ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\EDow_AS2.exe tagged as "not-a-virus:AdWare.Wintol.ab ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\cxtpls_loader.exe infected by "Trojan-Downloader.Win32.Apropo.ab" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\246765-ventura-hot.exe tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.e ". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\exul2.exe tagged as "not-a-virus:AdWare.BargainBuddy.q ". Action Taken: No Action Taken.
File C:\WINDOWS\COMMAND\EBD\EBD.CAB tagged as not-a-virus:Tool.DOS.Restart. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe tagged as "not-a-virus:AdWare.ShopAtHome.b ". Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\SAHUninstall_.exe tagged as "not-a-virus:AdWare.Sahat.p ". Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\SahHtml_.exe tagged as "not-a-virus:AdWare.Sahat.i ". Action Taken: No Action Taken.
File C:\WINDOWS\ribbon_wave_animated.exe tagged as "not-a-virus:AdWare.IGetNet ". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall5_64.exe tagged as "not-a-virus:AdWare.NewDotNet ". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_10.exe tagged as "not-a-virus:AdWare.NewDotNet ". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_22.exe tagged as "not-a-virus:AdWare.NewDotNet ". Action Taken: No Action Taken.
File C:\WINDOWS\iupldaifnhv.exe infected by "Backdoor.Win32.Agobot.ro" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.NewDotNet ". Action Taken: No Action Taken.
File C:\WINDOWS\aqkqv.dat infected by "Trojan-Downloader.Win32.Qoologic.l" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\iprpgei.dll infected by "Trojan-Downloader.Win32.Qoologic.l" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\ncmcoxn.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\knuna.dll infected by "Trojan-Downloader.Win32.Qoologic.l" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Helper101.dll infected by "Trojan-Clicker.Win32.Delf.r" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\cfgmgr51.dll tagged as "not-a-virus:AdWare.BookedSpace.e ". Action Taken: No Action Taken.
File C:\WINDOWS\zeta.exe tagged as "not-a-virus:AdWare.BargainBuddy.n ". Action Taken: No Action Taken.
File C:\WINDOWS\lmsgegfk.exe tagged as "not-a-virus:AdWare.BookedSpace.e ". Action Taken: No Action Taken.
File C:\WINDOWS\autoheal.exe tagged as "not-a-virus:AdWare.BargainBuddy.n ". Action Taken: No Action Taken.
File C:\RECYCLED\DC11\installer.exe infected by "Trojan-Dropper.Win32.Small.wc" Virus! Action Taken: No Action Taken.
File C:\RECYCLED\DC13\thin-176-1-x-x.exe tagged as "not-a-virus:AdWare.BetterInternet ". Action Taken: No Action Taken.
File C:\RECYCLED\DC9\BMan1.exe tagged as "not-a-virus:AdWare.Searcher.h ". Action Taken: No Action Taken.
File C:\RECYCLED\DC9\MSW.exe tagged as "not-a-virus:AdWare.Searcher.h ". Action Taken: No Action Taken.
File C:\RECYCLED\DC10.DLL infected by "Trojan-Clicker.Win32.Small.ez" Virus! Action Taken: No Action Taken.
File C:\Program Files\Windows Media Player\wmplayer.exe infected by "Trojan-Downloader.Win32.Small.apm" Virus! Action Taken: No Action Taken.
File C:\Program Files\Setup_2u.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Photocopier\Photocopier.exe tagged as "not-a-virus:AdWare.TimeSinc ". Action Taken: No Action Taken.
File C:\Program Files\Digital Postman\TSUNINSTALLER.EXE tagged as "not-a-virus:AdWare.TimeSink ". Action Taken: No Action Taken.
File C:\Program Files\EXE-files\pspv12.zip tagged as not-a-virus:RiskWare.PSWTool.PassView.120. No Action Taken.
File C:\Program Files\EXE-files\orgexp-XST2.1update.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\EXE-files\pspv\pspv.exe tagged as not-a-virus:RiskWare.PSWTool.PassView.120. No Action Taken.
File C:\Program Files\EXE-files\PrintDeskTopSetup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\EXE-files\XMAS-TREE.exe tagged as "not-a-virus:AdWare.Sidesearch.d ". Action Taken: No Action Taken.
File C:\Program Files\FileSubmit\1 New Year 5\TBEZA127Q.exe tagged as "not-a-virus:AdWare.ToolBar.Quick.a ". Action Taken: No Action Taken.
File C:\Program Files\FileSubmit\1 New Year 5\NNEZTA388.exe tagged as "not-a-virus:AdWare.NewDotNet ". Action Taken: No Action Taken.
File C:\Program Files\ContextPlus\cxtpls_loader.exe infected by "Trojan-Downloader.Win32.Apropo.ab" Virus! Action Taken: No Action Taken.
File C:\Program Files\pspv.zip tagged as not-a-virus:RiskWare.PSWTool.PassView.120. No Action Taken.
File C:\Needles\Setup_2u.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WIN98\WIN98_59.CAB tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\NEW-EXE\1ny5th.exe tagged as "not-a-virus:AdWare.ToolBar.Quick.a ". Action Taken: No Action Taken.
File C:\NEW-EXE\BLOCK-ADS\hijackthis\backups\backup-20050517-105006-210.dll tagged as "not-a-virus:AdWare.BookedSpace.e ". Action Taken: No Action Taken.
File C:\NEW-EXE\BLOCK-ADS\hijackthis\backups\backup-20050517-105007-469-kdid.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus! Action Taken: No Action Taken.
File C:\NEW-EXE\BLOCK-ADS\hijackthis\backups\backup-20050517-105007-328.dll tagged as "not-a-virus:AdWare.Coupons ". Action Taken: No Action Taken.
File C:\command.exe infected by "Trojan-Dropper.Win32.Delf.ev" Virus! Action Taken: No Action Taken.

 

Please download the trial version of ewido security suite.

• Install ewido security suite and start the program from the icon on your desktop.
• The program will prompt you to update. Click the OK button
• The program will now go to the main screen
• On the left hand side of the main screen click update
• Click on Start

The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:

• Click on scanner
• Make sure the following boxes are checked before scanning:
  • Binder
  • Crypter
  • Archives
• Click on Start Scan
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop

Reboot your machine and post back a new HJT log and the ewido.txt log file you saved.

Are you using the current version of Ad-aware....SE Personal 1.05? If not, download and install it, then update. If so, check for updates. Run Ad-aware in full scan mode. Remove all it finds.

 

Got your latest message and downloaded ewido and tried to run it but it seems it can be used on Win2000 and above. I have Win98.

Checked Adaware and it is version 1.05.

 

I'm sorry....I had forgotten about Ewido being XP and 2000 only . Please scan your PC with TrendMicro online, allowing it to clean whatever it can. Then do the Ad-aware scan. Run MWAV again and post the results. We'll do manual cleanup from there.

 

Will do as above. We are making progress as the horrible slew of popups has just about dissappeared. I assume that you have eliminated most of the virus.
I will send the results sometime later today. What a god-send you are!!!
Thanks for all your help here.
Claire

 

Here is the latest.
Could not do the scan at Trend. First I got this message:
Your current security settings prohibit running ActiveX controls on this page.
I clicked on next and I got
HouseCall ActiveX component is not ready.
Where do I go to get ActiveX setup? I assume this is within IE. If not, where?
NEXT
Should I go ahead and run Adaware and MWAV anyway?

Claire