My computer keeps popping up a message saying it will be shutdown in 60seconds. I know i can type shutdown -a to stop this from happening but I don't know what is causing it. Also, I am getting a message that says Services and Controller has a problem. Here is my Hijack log Please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:11 PM, on 7/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
R3 - URLSearchHook: (no name) - _{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
R3 - URLSearchHook: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Bucket Class - {00000001-C003-4A2F-9142-7CB1D78DE6C1} - C:\WINDOWS\tct101.dll (file missing)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7EFFDA64-29D2-A8D8-5BE1-6ACF80963F14} - C:\WINDOWS\System32\cdmdownld\tetxcpiisk.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SearchAssistant=
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_US_XP.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/CML/EGCOMSERVICE_1043_CML_pack_XP.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?RND=
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\System32\mszsrn32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 5091 bytes

First download the Avast Virus Cleaner (http://www.avast.com/eng/down_cleaner.html) to your desktop and run the program. That should take care of the 60 second bugger....

Next, Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...

Re-boot and post the following:

The Avast Log
The ComboFix log
A new HJT log
Tell us how the system is running....

I am no longer getting the Services message and the shutdown message is gone also. Here are the latest logs:

avast! Virus Cleaner Tool - version 1.0.211 Unicode

Creating log file: C:\Documents and Settings\Owner\Desktop\aswclnr.log

7/27/2007, 9:22:01 PM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (4.6s).
----------
Files scanning started...
No virus body found.
Files scanning finished (78193 files, 0 infected, 1803.3s).
Drives scanned: C: D:
----------




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:43 PM, on 7/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\vfind.cfexe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
R3 - URLSearchHook: (no name) - _{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
R3 - URLSearchHook: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Bucket Class - {00000001-C003-4A2F-9142-7CB1D78DE6C1} - C:\WINDOWS\tct101.dll (file missing)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7EFFDA64-29D2-A8D8-5BE1-6ACF80963F14} - C:\WINDOWS\System32\cdmdownld\tetxcpiisk.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SearchAssistant=
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_US_XP.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/CML/EGCOMSERVICE_1043_CML_pack_XP.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?RND=
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\System32\mszsrn32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 5203 bytes

"Owner" - 2007-07-27 22:05:09 - ComboFix 07-07-23.6 - Service Pack 1 NTFS

Rootkit driver huy32 is present. ... attempting disinfection
huy32 ...... driver unloaded successfully.
ADS removed - system32: deleted 53714 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\buttons\ FindIt.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\buttons\ FindItHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\buttons\ findithotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\buttons\ finditxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\buttons\ Highlight.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\buttons\ HighlightHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\buttons\ highlighthotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\buttons\ highlightxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\buttons\ logo.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\buttons\ logoxp.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\buttons\ myspacedirect.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\buttons\ myspacedropdown.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\buttons\ photobucket.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\contexts \error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\contexts \related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\SimpleUp date\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\SimpleUp date\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\SimpleUp date\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\SimpleUp date\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\SimpleUp date\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\SimpleUp date\TimerManagerConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware366\Tem929.t mp
C:\DOCUME~1\Owner\APPLIC~1\Install.dat
C:\DOCUME~1\Owner\APPLIC~1\Starware366
C:\DOCUME~1\Owner\APPLIC~1\Starware366\BrowserSear ch\BrowserSearch.xml
C:\DOCUME~1\Owner\APPLIC~1\Starware366\BrowserSear ch\BrowserSearch.xml.backup
C:\DOCUME~1\Owner\APPLIC~1\Starware366\ErrorSearch \ErrorSearchOptions.xml
C:\DOCUME~1\Owner\APPLIC~1\Starware366\ErrorSearch \ErrorSearchOptions.xml.backup
C:\DOCUME~1\Owner\APPLIC~1\Starware366\Games\Games Options.xml
C:\DOCUME~1\Owner\APPLIC~1\Starware366\Games\Games Options.xml.backup
C:\DOCUME~1\Owner\APPLIC~1\Starware366\Games\image s\active\Games0.bmp
C:\DOCUME~1\Owner\APPLIC~1\Starware366\Layouts\Too lbarLayout.xml
C:\DOCUME~1\Owner\APPLIC~1\Starware366\Layouts\Too lbarLayout.xml.backup
C:\DOCUME~1\Owner\APPLIC~1\Starware366\Manager\Man agerOptions.xml
C:\DOCUME~1\Owner\APPLIC~1\Starware366\Manager\Man agerOptions.xml.backup
C:\DOCUME~1\Owner\APPLIC~1\Starware366\Movies\imag es\active\Movies0.bmp
C:\DOCUME~1\Owner\APPLIC~1\Starware366\Movies\Movi esOptions.xml
C:\DOCUME~1\Owner\APPLIC~1\Starware366\Movies\Movi esOptions.xml.backup
C:\DOCUME~1\Owner\APPLIC~1\Starware366\MySpaceDire ctLink\MySpaceDirectLinkOptions.xml
C:\DOCUME~1\Owner\APPLIC~1\Starware366\MySpaceDire ctLink\MySpaceDirectLinkOptions.xml.backup
C:\DOCUME~1\Owner\APPLIC~1\Starware366\MySpaceDrop Down\MySpaceDropDownOptions.xml
C:\DOCUME~1\Owner\APPLIC~1\Starware366\MySpaceDrop Down\MySpaceDropDownOptions.xml.backup
C:\DOCUME~1\Owner\APPLIC~1\Starware366\Photobucket \PhotobucketOptions.xml
C:\DOCUME~1\Owner\APPLIC~1\Starware366\Photobucket \PhotobucketOptions.xml.backup
C:\DOCUME~1\Owner\APPLIC~1\Starware366\RelatedSear ch\RelatedSearchOptions.xml
C:\DOCUME~1\Owner\APPLIC~1\Starware366\RelatedSear ch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\Owner\APPLIC~1\Starware366\Screensaver sMarketingSitePager\images\active\ScreensaversMark etingSitePager0.bmp
C:\DOCUME~1\Owner\APPLIC~1\Starware366\Screensaver sMarketingSitePager\ScreensaversMarketingSitePager Options.xml
C:\DOCUME~1\Owner\APPLIC~1\Starware366\Screensaver sMarketingSitePager\ScreensaversMarketingSitePager Options.xml.backup
C:\DOCUME~1\Owner\APPLIC~1\Starware366\SearchAssis tPlus\SearchAssistPlusOptions.xml
C:\DOCUME~1\Owner\APPLIC~1\Starware366\SearchAssis tPlus\SearchAssistPlusOptions.xml.backup
C:\DOCUME~1\Owner\APPLIC~1\Starware366\SearchMatch \SearchMatchOptions.xml
C:\DOCUME~1\Owner\APPLIC~1\Starware366\SearchMatch \SearchMatchOptions.xml.backup
C:\DOCUME~1\Owner\APPLIC~1\Starware366\Toolbar\TBP roductsOptions.xml
C:\DOCUME~1\Owner\APPLIC~1\Starware366\Toolbar\TBP roductsOptions.xml.backup
C:\DOCUME~1\Owner\APPLIC~1\Starware366\ToolbarLogo \ToolbarLogoOptions.xml
C:\DOCUME~1\Owner\APPLIC~1\Starware366\ToolbarLogo \ToolbarLogoOptions.xml.backup
C:\DOCUME~1\Owner\APPLIC~1\Starware366\ToolbarSear ch\ToolbarSearchOptions.xml
C:\DOCUME~1\Owner\APPLIC~1\Starware366\ToolbarSear ch\ToolbarSearchOptions.xml.backup
C:\Program Files\Common Files\WinSoftware
C:\Program Files\Common Files\WinSoftware\PrCheck.dll
C:\Program Files\delfin
C:\Program Files\delfin\PromulGate\preference.dat
C:\Program Files\Seekmo Programs
C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTBUninstaller.exe
C:\Program Files\spysheriff
C:\Program Files\spysheriff\Uninstall.exe
C:\WINDOWS\131107750.exe
C:\WINDOWS\618734468.exe
C:\WINDOWS\DOWNLO~1\UWFX5_0001_N53L1025NetInstalle r.exe
C:\WINDOWS\hosts
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\NDNuninstall7_48.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NEW_DRV
-------\LEGACY_NWSAPAGENT
-------\new_drv
-------\NwSapAgent


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))


2007-07-27 21:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-27 20:20 <DIR> d-------- C:\!KillBox
2007-07-15 16:28 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-07-15 16:28 20,480 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-15 16:28 13,952 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-07-27 00:31:21 -------- d-----w C:\Program Files\MySpace
2007-07-27 00:30:58 -------- d-----w C:\Program Files\Keyboarding Pro
2007-07-27 00:30:24 -------- d-----w C:\Program Files\Disney Interactive
2007-07-27 00:29:47 -------- d-----w C:\Program Files\ChainCast
2007-07-27 00:28:25 -------- d-----w C:\Program Files\Arcsoft
2007-07-27 00:27:08 -------- d-----w C:\Program Files\GameFiesta
2007-07-27 00:26:55 -------- d-----w C:\Program Files\Fisher-Price
2007-05-28 00:47:58 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-09-04 12:51:44 52,896 -c--a-w C:\DOCUME~1\Owner\APPLIC~1\GDIPFONTCACHEV1.DAT
2001-08-18 12:00:00 94,784 -csh--w C:\WINDOWS\twain.dll
2001-08-18 12:00:00 46,592 -csh--w C:\WINDOWS\twain_32.dll
2007-03-23 18:48:58 56 --sh--r C:\WINDOWS\system32\B3D048C872.sys
2001-08-18 12:00:00 50,688 --sh--w C:\WINDOWS\system32\msvcirt.dll
2002-08-29 10:41:08 401,462 --sh--w C:\WINDOWS\system32\msvcp60.dll
2002-08-29 10:41:08 323,072 --sh--w C:\WINDOWS\system32\msvcrt.dll
2002-08-29 10:41:10 569,344 --sh--w C:\WINDOWS\system32\oleaut32.dll
2001-08-18 12:00:00 106,496 --sh--w C:\WINDOWS\system32\olepro32.dll
2001-08-18 12:00:00 9,728 -csh--w C:\WINDOWS\system32\regsvr32.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000001-C003-4A2F-9142-7CB1D78DE6C1}]
C:\WINDOWS\tct101.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EFFDA64-29D2-A8D8-5BE1-6ACF80963F14}]
2006-01-11 19:57 110592 --a------ C:\WINDOWS\System32\cdmdownld\tetxcpiisk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-24 16:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mszsrn32]
C:\WINDOWS\System32\mszsrn32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center UI.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center UI.lnk
backup=C:\WINDOWS\pss\hp center UI.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk
backup=C:\WINDOWS\pss\hp center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet d series) - 1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet d series) - 1.lnk
backup=C:\WINDOWS\pss\HPAiODevice(hp officejet d series) - 1.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup=C:\WINDOWS\pss\officejet 6100.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bart Station]
C:\Program Files\PeoplePC\ISP6230\BIN\PPCOLink.exe -STATION

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"C:\Program Files\Internet Optimizer\optimize.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer]
"C:\Program Files\DownloadWare\dw.exe" /H

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Search Bar Eq]
"C:\Program Files\MySearch\bar\s4bareq.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ovyvng]
C:\Program Files\Ipgorm\Pvrvbck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RapidBlaster]
C:\Program Files\RapidBlaster\rb32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seekmo]
"c:\program files\seekmo\seekmo.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SQConfigChecker]
C:\Program Files\Sqwire\cc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SQUpdatesChecker]
C:\Program Files\Sqwire\uc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
%SystemRoot%\system32\mobsync.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"C:\PROGRA~1\Save\Save.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowEnhancer]
"C:\Program Files\winex\v2\winex.EXE" /U

R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\System32\drivers\Cdr4_x p.sys
R1 Cdralw2k;Cdralw2k;C:\WINDOWS\System32\drivers\Cdra lw2k.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\System32\drivers\cdud f_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\System32\drivers\pwd_2k.s ys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\System32\drivers\sscd bhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\System32\drivers\ssrtln.s ys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\System32\driver s\UdfReadr_xp.sys
R2 ASCTRM;ASCTRM;C:\WINDOWS\System32\drivers\ASCTRM.s ys
R2 drvnddm;drvnddm;C:\WINDOWS\System32\drivers\drvndd m.sys
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol;C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys
R2 NwlnkNb;NWLink NetBIOS;C:\WINDOWS\System32\DRIVERS\nwlnknb.sys
R2 NwlnkSpx;NWLink SPX/SPXII Protocol;C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys
R2 tfsnboio;tfsnboio;C:\WINDOWS\System32\dla\tfsnboio .sys
R2 tfsncofs;tfsncofs;C:\WINDOWS\System32\dla\tfsncofs .sys
R2 tfsndrct;tfsndrct;C:\WINDOWS\System32\dla\tfsndrct .sys
R2 tfsndres;tfsndres;C:\WINDOWS\System32\dla\tfsndres .sys
R2 tfsnifs;tfsnifs;C:\WINDOWS\System32\dla\tfsnifs.sy s
R2 tfsnopio;tfsnopio;C:\WINDOWS\System32\dla\tfsnopio .sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\System32\dla\tfsnpool .sys
R2 tfsnudf;tfsnudf;C:\WINDOWS\System32\dla\tfsnudf.sy s
R2 tfsnudfa;tfsnudfa;C:\WINDOWS\System32\dla\tfsnudfa .sys
R3 ltmodem5;LT Modem Driver;C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\System32\drivers\mmc_2K.s ys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\System32\drivers\msmpu401.sys
R3 Ps2;PS2;C:\WINDOWS\System32\DRIVERS\PS2.sys
R3 usbhub;USB Root Hub (usbport);C:\WINDOWS\System32\DRIVERS\usbhub.sys
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\System32\DRIVERS\usbuhci.sys
S2 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 dot4;MS IEEE-1284.4 Driver;C:\WINDOWS\System32\DRIVERS\Dot4.sys
S3 Dot4Print;Print Class Driver for IEEE-1284.4;C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4;C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys
S3 dot4usb;Dot4USB Filter Dot4USB Filter;C:\WINDOWS\System32\DRIVERS\dot4usb.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\System32\drivers\dvd_2K.s ys
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\System32\DRIVERS\e100b325.sys
S3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\System32\DRIVERS\hidusb.sys
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12;C:\WINDOWS\System32\DRIVERS\HPZius12.sys
S3 i81x;i81x;C:\WINDOWS\System32\DRIVERS\i81xnt5.sys
S3 iAimFP0;iAimFP0;C:\WINDOWS\System32\DRIVERS\wADV01 nt.sys
S3 iAimFP1;iAimFP1;C:\WINDOWS\System32\DRIVERS\wADV02 NT.sys
S3 iAimFP2;iAimFP2;C:\WINDOWS\System32\DRIVERS\wADV05 NT.sys
S3 iAimFP3;iAimFP3;C:\WINDOWS\System32\DRIVERS\wSiINT xx.sys
S3 iAimFP4;iAimFP4;C:\WINDOWS\System32\DRIVERS\wVchNT xx.sys
S3 iAimTV0;iAimTV0;C:\WINDOWS\System32\DRIVERS\wATV01 nt.sys
S3 iAimTV1;iAimTV1;C:\WINDOWS\System32\DRIVERS\wATV02 NT.sys
S3 iAimTV3;iAimTV3;C:\WINDOWS\System32\DRIVERS\wATV04 nt.sys
S3 iAimTV4;iAimTV4;C:\WINDOWS\System32\DRIVERS\wCh7xx NT.sys
S3 PcdrNt;PcdrNt;C:\WINDOWS\System32\drivers\PcdrNt.s ys
S3 pcx1nd5;Toshiba PCX1100U USB Cable Modem networking driver;C:\WINDOWS\System32\DRIVERS\pcx1nd5.sys
S3 pcx1unic;Toshiba PCX1100U USB Cable Modem WDM driver;C:\WINDOWS\System32\DRIVERS\pcx1unic.sys
S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\System32\Drivers\RootMdm.sys
S3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\System32\DRIVERS\usbccgp.sys
S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\System32\DRIVERS\usbehci.sys
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\System32\DRIVERS\usbohci.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\System32\DRIVERS\usbprint.sys
S3 usbscan;USB Scanner Driver;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\System32\DRIVERS\wanatw4.sys


Contents of the 'Scheduled Tasks' folder
2002-07-27 03:33:50 C:\WINDOWS\tasks\Symantec NetDetect.job

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-07-27 22:11:26
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

************************************************** ************************

Completion time: 2007-07-27 22:13:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-27 22:13

--- E O F ---

Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)]

SmitFraudFix v2.207

Scan done at 22:34:03.73, Fri 07/27/2007
Run from C:\Documents and Settings\Owner\Desktop\fraug\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\APPLIC~1\EARTHL~1\6.0\SHELLE~1.N ET\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
"SystemId"=dword:afd5c4da


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 65.32.5.74
DNS Server Search Order: 65.32.5.75

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 207.69.188.185
DNS Server Search Order: 207.69.188.186
DNS Server Search Order: 207.69.188.187

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6E729CC4-F495-46D4-9428-8647400D07D3}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6EC921C5-3C67-4CAB-AC09-6D109ED61430}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6E729CC4-F495-46D4-9428-8647400D07D3}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6EC921C5-3C67-4CAB-AC09-6D109ED61430}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6E729CC4-F495-46D4-9428-8647400D07D3}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6EC921C5-3C67-4CAB-AC09-6D109ED61430}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=65.32.5.74 65.32.5.75


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

* Click here (http://support.f-secure.com/enu/home/ols3.shtml) to use the F-Secure Online Scanner
It's explained there with images how to allow the ActiveX to start the scan, so read that first.
Then click the F-Secure Online Scanner Next Generation Beta link.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.

Thanks for all the help so far - the scan is taking a while - I will post the results tomorrow.

No problem.....

Here is what it found.
It has a dialog asking me if I want to disinfect what it found.


The following items were found

Submit
Action


Page
1 / 1



Tracking Cookie

Trojan-Downloader.BAT.Ftp.w (C:\WINDOWS\SYSTEM32\.PIF)

BAT/DownloadFTP.F (C:\WINDOWS\SYSTEM32\C.BAT)

W32/Dialer.LPU (C:\WINDOWS\SYSTEM32\EGCOMSERVICE2.DL...)

Trojan-Downloader.BAT.Ftp.ab (C:\WINDOWS\SYSTEM32\I)

W32/Dialer.AGEX (C:\WINDOWS\SYSTEM32\IEACCESS2.DLL)

NetworkWorm.ACJ (C:\DOCUMENTS AND SETTINGS\OWNER\LOCA...)

NetworkWorm.ACJ (C:\DOCUMENTS AND SETTINGS\OWNER\DESK...)

Yes, fix them and then run:

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

tetxcpiisk.dll;c:\windows\system32\cdmdownld;Adwar e.SmartPops;Incurable.Moved.;

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
Just before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

SDFix: Version 1.94

Run by Owner on Sat 07/28/2007 at 01:16 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Owner\Desktop\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\d - Deleted
C:\WINDOWS\system32\TFTP2724 - Deleted
C:\WINDOWS\system32\TFTP2840 - Deleted
C:\WINDOWS\system32\TFTP3168 - Deleted
C:\WINDOWS\system32\TFTP420 - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Owner\Desktop\SDFix\backups\backups.zi p

Files with Hidden Attributes:

C:\WINDOWS\twain.dll
C:\WINDOWS\twain_32.dll
C:\WINDOWS\system32\msvcirt.dll
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\B3D048C872.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\Owner\My Documents\~WRL0001.tmp
C:\Documents and Settings\Owner\My Documents\~WRL0002.tmp
C:\Documents and Settings\Owner\My Documents\~WRL4072.tmp
C:\Program Files\InterActual\InterActual Player\iti58D.tmp
C:\Program Files\MSN\MSNCoreFiles.BAK.{FEC69D39-ADBA-4928-98F0-3571AA97ABDF}\BIT1BB.tmp
C:\Program Files\MSN\MSNCoreFiles.BAK.{FEC69D39-ADBA-4928-98F0-3571AA97ABDF}\BIT288.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Finished

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:15 PM, on 7/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
R3 - URLSearchHook: (no name) - _{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
R3 - URLSearchHook: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Bucket Class - {00000001-C003-4A2F-9142-7CB1D78DE6C1} - C:\WINDOWS\tct101.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SearchAssistant=
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_US_XP.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/CML/EGCOMSERVICE_1043_CML_pack_XP.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?RND=
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab
O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols/beta/fscax.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\System32\mszsrn32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 4945 bytes

Try running an MWavScan... It will produce a log in the LOWER WINDOW that has the bad list and you will need to use Ctrl-C to copy it and then paste it here for review.... If the list is extremely long, you can just paste the lines that begin with the word "File" since those are the ones we need to be most concerned about...

http://www.mwti.net/products/mwav/mwav.asp

It will suggest that you buy the product to fix what it finds, but that is not necessary... Just post the bad part of the scan and we will deal with it...

File C:\WINDOWS\System32\EGCOMSERVICE2.dll//UPX tagged as "not-a-virus:Dialer.Win32.E-Group.b". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Desktop\fraug\SmitfraudFix\Reboot.e xe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Take
File C:\WINDOWS\System32\.0IF infected by "Trojan-Downloader.BAT.Ftp.w" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\C.0AT infected by "Trojan.BAT.Zapchast" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Desire-uninstall.exe//PECompact tagged as "not-a-virus:Porn-Dialer.Win32.Generic". Action Taken: No Action Taken.
File C:\WINDOWS\System32\EGCOMSERVICE2.dll//UPX tagged as "not-a-virus:Dialer.Win32.E-Group.b". Action Taken: No Action Taken.
File C:\WINDOWS\System32\EGCOMSERVICE_1043.dll//UPX tagged as "not-a-virus:Dialer.Win32.E-Group.g". Action Taken: No Action Taken.
File C:\WINDOWS\System32\I.0 infected by "Trojan-Downloader.BAT.Ftp.ab" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ieaccess2.dll//UPX tagged as "not-a-virus:Porn-Dialer.Win32.Minidial.a". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Desktop\fraug\SmitfraudFix\Reboot.e xe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\DoctorWeb\Quarantine\tetxcpiisk.dll tagged as "not-a-virus:AdWare.Win32.SmartPops.d". Action Taken: No Action Taken.
File C:\hp\bin\KillWind.exe tagged as "not-a-virus:RiskTool.Win32.PsKill.p". Action Taken: No Action Taken.
File C:\Program Files\Common Files\Totem Shared\Update\dial.dll.017 tagged as "not-a-virus:Dialer.Win32.DialerOffline". Action Taken: No Action Taken.
File C:\Program Files\Common Files\Totem Shared\Update\DialerOffline.dll.010//UPX tagged as "not-a-virus:Dialer.Win32.DialerOffline". Action Taken: No Action Taken.
File C:\Program Files\MediaLoads\v1\ML.exe tagged as "not-a-virus:AdWare.Win32.DownloadWare". Action Taken: No Action Taken.
File C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL tagged as "not-a-virus:AdWare.Win32.MyWay.f". Action Taken: No Action Taken.
File C:\Program Files\MySearch\bar\1.bin\S42NS.EXE tagged as "not-a-virus:AdWare.Win32.MyWay.f". Action Taken: No Action Taken.
File C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL tagged as "not-a-virus:AdWare.Win32.MyWay.f". Action Taken: No Action Taken.
File C:\Program Files\MySearch\bar\s4bareq.exe tagged as "not-a-virus:AdWare.Win32.MyWay.t". Action Taken: No Action Taken.
File C:\Program Files\StripSaver\Dial.dll tagged as "not-a-virus:Dialer.Win32.DialerOffline". Action Taken: No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTBUninstaller.exe.vir//UPX tagged as "not-a-virus:AdWare.Win32.Agent.c". Action Taken: No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\UWFX5_0001 _N53L1025NetInstaller.exe.vir tagged as "not-a-virus:Downloader.Win32.Agent.f". Action Taken: No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall6_38.ex e.vir tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall7_22.ex e.vir tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall7_48.ex e.vir tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-48506347-2939153371-2801439982-1003\Dc7.zip/SmitfraudFix/Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
File C:\WINDOWS\system32\.0IF infected by "Trojan-Downloader.BAT.Ftp.w" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\C.0AT infected by "Trojan.BAT.Zapchast" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\cdmdownld\tetxcpiisk.exe tagged as "not-a-virus:AdWare.Win32.SmartPops.c". Action Taken: No Action Taken.
File C:\WINDOWS\system32\Desire-uninstall.exe//PECompact tagged as "not-a-virus:Porn-Dialer.Win32.Generic". Action Taken: No Action Taken.
File C:\WINDOWS\system32\EGCOMSERVICE2.dll//UPX tagged as "not-a-virus:Dialer.Win32.E-Group.b". Action Taken: No Action Taken.
File C:\WINDOWS\system32\EGCOMSERVICE_1043.dll//UPX tagged as "not-a-virus:Dialer.Win32.E-Group.g". Action Taken: No Action Taken.
File C:\WINDOWS\system32\I.0 infected by "Trojan-Downloader.BAT.Ftp.ab" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\ieaccess2.dll//UPX tagged as "not-a-virus:Porn-Dialer.Win32.Minidial.a". Action Taken: No Action Taken.

Object "dyfuca/internet optimizer variant Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "instantaccess Adware" found in File System! Action Taken: No Action Taken.
Object "minibug Adware" found in File System! Action Taken: No Action Taken.
Object "dyfuca/internet optimizer variant Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ieaccess Spyware" found in File System! Action Taken: No Action Taken.
Object "instantaccess Adware" found in File System! Action Taken: No Action Taken.
Object "minibug Adware" found in File System! Action Taken: No Action Taken.
Object "bargain buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "egroup Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dyfuca Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dyfuca Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dyfuca Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "egroup Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dyfuca.internet optimizer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "downloadware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "rapidblaster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "dyfuca Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "downloadware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "downloadware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "delfin media viewer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "egroup Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "downloadware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "seekmo Adware" found in File System! Action Taken: No Action Taken.
Object "weatherbug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "virtual bouncer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "weatherbug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "lop.com Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "instantaccess Adware" found in File System! Action Taken: No Action Taken.
Object "instantaccess Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dyfuca.internet optimizer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "downloadware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "newdotnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "rapidblaster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "seekmo Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "egroup Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "downloadware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "downloadware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "rapidblaster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "winfixer/errorsafe Adware" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "xtractor plus Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mybugfreepc Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.

Entry "HKCR\AcroExch.Document.7" refers to invalid object "{B801CA65-A1FC-11D0-85AD-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\AcroExch.XDPDoc" refers to invalid object "{B801CA65-A1FC-11D0-85AD-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\AcroPDF.PDF" refers to invalid object "{CA8A9780-280D-11CF-A24D-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\AcroPDF.PDF.1" refers to invalid object "{CA8A9780-280D-11CF-A24D-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Map.NA" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Map.NA.10" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Template.NA.10" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\ImportExport.OEMsgImp" refers to invalid object "{4043D27A-99EB-4FC1-87D4-44AA02AB7B09}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\MSCAL.Calendar" refers to invalid object "{8E27C92B-1264-101C-8A2F-040224009C02}". Action Taken: No Action Taken.
Entry "HKCR\MSCAL.Calendar.7" refers to invalid object "{8E27C92B-1264-101C-8A2F-040224009C02}". Action Taken: No Action Taken.
Entry "HKCR\PE2Detect.PE2Detect" refers to invalid object "{486E48B5-ABF2-42BB-A327-2679DF3FB822}". Action Taken: No Action Taken.
Entry "HKCR\PE2Detect.PE2Detect.1" refers to invalid object "{486E48B5-ABF2-42BB-A327-2679DF3FB822}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\System32\EGDHTML_1017.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\System32\EGDHTML_1020.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\System32\svcsysnet32.dll". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\BackWeb\BackWeb Client\6.1.0.153\Program\PrvCnt.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\Real\RealOne Player\RealPlay.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\PROGRA~1\QUICKT~1\PictureViewer.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\EarthLink 5.0\mfc42.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Rand McNally\TripMaker\RSFormat.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\EarthLink TotalAccess\mfc42.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\EGDHTML_1017.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\ia.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\EGDHTML_1020.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeEffects.qtx ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeMusic.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\QuickTimeMusicalInstruments.qt x". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeStreamingEx tras.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeStreamingAu thoring.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeVRAuthoring .qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeMPEG4.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeMPEG4Author ing.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\svcsysnet32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".001". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".1pe". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".2ve". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".abm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".act". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".ban". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".bk1". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".brt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".bu". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".bu2". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".cfg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".cfm?szDocumentType=candidate&szFolder=5&szDocumentID=268465". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".config". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".doc?fv_sid=2cc0a33d8e2fe019b380ef07a663ed80&fv_folder=INBOX&fv_id=13&fv_partno=3&fv_action=d&fv_filename=Receipt+and+ag". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".edu/attach/Main/39/1/1133784126/Writting". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".edu/attach/Main/39/1/1133784374/Writting". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".edu/attach/Main/43/1/1133785072/Writting". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".edu/attach/Main/45/1/1133786008/Writting". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".exe_". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".FileSet". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".gid". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".ipi". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".kdt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".kos". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".kpl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".lif". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".mdmp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".net". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".net/wam/wam?p=DownloadAttachment&FolderId=INBOX&MessageUID=107&seq=5". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".ogg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".part". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".PDL". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".pid". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".PI_". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".properties". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".ptm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".query". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".r3t". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".rjt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".Sent&MessageUID=95&seq=3". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".Sent&MessageUID=95&seq=4". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".swk". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".tax". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".ver". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".VOB". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".wpk". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "America Online us". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Connectivity Services". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Spyware Protection". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "bdeplayer". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DelFin Media Viewer". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DyFuCA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DyFuCA Active Alert". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "FirstLook". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "hp officejet d series 1040216047". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "HPTOOLKIT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Instant Access". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Internet Optimizer". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Macromedia Shockwave Player". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.1)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.2)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.3)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MP3 To Wave Converter PLUS 2.22". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MP3 Wave Maker_is1". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MyLayout Profile Editor". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Netscape 6 (6.2.1)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Port Magic". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "PSC 2000 Series". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q308676". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q308677". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q309521". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q309691". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q311842". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q311889". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q311967". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q313450". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q314147". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q314862". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q315000". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q315403". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q317277". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q318138". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q319580". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q323172". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q324096". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q324380". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q326830". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "RapidBlaster". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SaveNow". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "TurboTax Deluxe 2003". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "UWFX5_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WeatherCast". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WhenUSaveMsg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WildTangentDDC". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WSEM Update". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3075C5C3-0807-4924-AF8F-FF27052C12AE}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{50915408-4940-4C36-B4CC-0D9944FA4C59}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-000000000001}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}". Action Taken: No Action Taken.

Turn off System restore and re-run the MWAV scan

When I try to access system restore it says that 'system restore is unable to protect your computer. Please restart and start system restore again.'

If I restart I get the same message.

I really hate to throw in the towel. However, you had a rootkit (VERY BAD) and now windows is acting screwy. We can play around some more, but if I were you, I would backup all of my data. Zero fill the hard drive and reinstall windows.

Please let me know how you want to proceed.

I would like to try and do some more reconstruction if possible. I am having trouble locating my windows cd.

I'll look into the system restore problem and get back to you....

Any luck on the restore issue? Can you give me the instructions on how to zero the hard drive?

Ok I got my system restore working:
http://www.winhelponline.com/articles/72/1/

I will turn off system restore and rerun the mwscan.

File C:\WINDOWS\System32\EGCOMSERVICE2.dll//UPX tagged as "not-a-virus:Dialer.Win32.E-Group.b". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Desktop\fraug\SmitfraudFix\Reboot.e xe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
File C:\WINDOWS\System32\.0IF infected by "Trojan-Downloader.BAT.Ftp.w" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\C.0AT infected by "Trojan.BAT.Zapchast" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Desire-uninstall.exe//PECompact tagged as "not-a-virus:Porn-Dialer.Win32.Generic". Action Taken: No Action Taken.
File C:\WINDOWS\System32\EGCOMSERVICE2.dll//UPX tagged as "not-a-virus:Dialer.Win32.E-Group.b". Action Taken: No Action Taken.
File C:\WINDOWS\System32\EGCOMSERVICE_1043.dll//UPX tagged as "not-a-virus:Dialer.Win32.E-Group.g". Action Taken: No Action Taken.
File C:\WINDOWS\System32\I.0 infected by "Trojan-Downloader.BAT.Ftp.ab" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ieaccess2.dll//UPX tagged as "not-a-virus:Porn-Dialer.Win32.Minidial.a". Action Taken: No Action Taken.

Object "dyfuca/internet optimizer variant Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "instantaccess Adware" found in File System! Action Taken: No Action Taken.
Object "minibug Adware" found in File System! Action Taken: No Action Taken.
Object "dyfuca/internet optimizer variant Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ieaccess Spyware" found in File System! Action Taken: No Action Taken.
Object "instantaccess Adware" found in File System! Action Taken: No Action Taken.
Object "minibug Adware" found in File System! Action Taken: No Action Taken.
Object "bargain buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "egroup Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dyfuca Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dyfuca Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dyfuca Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "egroup Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dyfuca.internet optimizer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "downloadware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "rapidblaster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "dyfuca Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "downloadware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "downloadware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "delfin media viewer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "egroup Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "downloadware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "seekmo Adware" found in File System! Action Taken: No Action Taken.
Object "weatherbug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "virtual bouncer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "weatherbug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "lop.com Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "instantaccess Adware" found in File System! Action Taken: No Action Taken.
Object "instantaccess Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dyfuca.internet optimizer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "downloadware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "newdotnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "rapidblaster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "seekmo Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "egroup Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "downloadware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "downloadware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "rapidblaster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "winfixer/errorsafe Adware" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "xtractor plus Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mybugfreepc Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.

Entry "HKCR\AcroExch.Document.7" refers to invalid object "{B801CA65-A1FC-11D0-85AD-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\AcroExch.XDPDoc" refers to invalid object "{B801CA65-A1FC-11D0-85AD-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\AcroPDF.PDF" refers to invalid object "{CA8A9780-280D-11CF-A24D-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\AcroPDF.PDF.1" refers to invalid object "{CA8A9780-280D-11CF-A24D-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Map.NA" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Map.NA.10" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Template.NA.10" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\ImportExport.OEMsgImp" refers to invalid object "{4043D27A-99EB-4FC1-87D4-44AA02AB7B09}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\MSCAL.Calendar" refers to invalid object "{8E27C92B-1264-101C-8A2F-040224009C02}". Action Taken: No Action Taken.
Entry "HKCR\MSCAL.Calendar.7" refers to invalid object "{8E27C92B-1264-101C-8A2F-040224009C02}". Action Taken: No Action Taken.
Entry "HKCR\PE2Detect.PE2Detect" refers to invalid object "{486E48B5-ABF2-42BB-A327-2679DF3FB822}". Action Taken: No Action Taken.
Entry "HKCR\PE2Detect.PE2Detect.1" refers to invalid object "{486E48B5-ABF2-42BB-A327-2679DF3FB822}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\System32\EGDHTML_1017.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\System32\EGDHTML_1020.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\System32\svcsysnet32.dll". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\BackWeb\BackWeb Client\6.1.0.153\Program\PrvCnt.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\Real\RealOne Player\RealPlay.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\PROGRA~1\QUICKT~1\PictureViewer.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\EarthLink 5.0\mfc42.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Rand McNally\TripMaker\RSFormat.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\EarthLink TotalAccess\mfc42.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\EGDHTML_1017.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\ia.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\EGDHTML_1020.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeEffects.qtx ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeMusic.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\QuickTimeMusicalInstruments.qt x". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeStreamingEx tras.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeStreamingAu thoring.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeVRAuthoring .qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeMPEG4.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\QuickTimeMPEG4Author ing.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\svcsysnet32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".001". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".1pe". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".2ve". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".abm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".act". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".ban". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".bk1". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".brt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".bu". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".bu2". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".cfg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".cfm?szDocumentType=candidate&szFolder=5&szDocumentID=268465". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".config". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".doc?fv_sid=2cc0a33d8e2fe019b380ef07a663ed80&fv_folder=INBOX&fv_id=13&fv_partno=3&fv_action=d&fv_filename=Receipt+and+ag". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".edu/attach/Main/39/1/1133784126/Writting". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".edu/attach/Main/39/1/1133784374/Writting". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".edu/attach/Main/43/1/1133785072/Writting". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".edu/attach/Main/45/1/1133786008/Writting". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".exe_". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".FileSet". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".gid". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".ipi". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".kdt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".kos". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".kpl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".lif". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".mdmp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".net". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".net/wam/wam?p=DownloadAttachment&FolderId=INBOX&MessageUID=107&seq=5". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".ogg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".part". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".PDL". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".pid". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".PI_". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".properties". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".ptm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".query". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".r3t". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".rjt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".Sent&MessageUID=95&seq=3". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".Sent&MessageUID=95&seq=4". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".swk". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".tax". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".ver". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".VOB". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".wpk". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "America Online us". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Connectivity Services". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Spyware Protection". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "bdeplayer". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DelFin Media Viewer". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DyFuCA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DyFuCA Active Alert". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "FirstLook". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "hp officejet d series 1040216047". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "HPTOOLKIT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Instant Access". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Internet Optimizer". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Macromedia Shockwave Player". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.1)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.2)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.3)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.5)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MP3 To Wave Converter PLUS 2.22". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MP3 Wave Maker_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MyLayout Profile Editor". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Netscape 6 (6.2.1)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Port Magic". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "PSC 2000 Series". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q308676". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q308677". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q309521". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q309691". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q311842". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q311889". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q311967". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q313450". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q314147". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q314862". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q315000". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q315403". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q317277". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q318138". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q319580". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q323172". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q324096". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q324380". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q326830". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "RapidBlaster". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SaveNow". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "TurboTax Deluxe 2003". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "UWFX5_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WeatherCast". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WhenUSaveMsg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WildTangentDDC". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WSEM Update". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3075C5C3-0807-4924-AF8F-FF27052C12AE}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{50915408-4940-4C36-B4CC-0D9944FA4C59}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-000000000001}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}". Action Taken: No Action Taken.

Download CCLEANER (http://www.filehippo.com/download_ccleaner/). Run the cleaner tab and the issues tab. Re-boot and try the MWAV. Is there an option you are missing. Nothing is being cleaned.

Make sure you backup your data. Messing with the registry can mess things up.

I downloaded version 9 of MWAV - the option for 'Scan Only' is checked and greyed out. There is a big button to Buy This Product - I assume if I bought it I could fix stuff it found. Is there an older version perhaps?