Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: lemonlime on August 13, 2012, 07:29:36 PM
-
I'm in safe mode with networking now, the only way I can access internet. I do not have the start button, only icons, so I can't do step 1. Should I start with Step 2?
When windows opens, I get a series of error messages like Anyprogram.exe referenced memory at 14opfk- memory could not be "read".
Is it safe to stay in safe mode indefinitely? It automatically turned off MacAfee security and did not give me an option to restore it.
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please try to run MBAM in Safe Mode. If successful, try running it in Normal Mode.
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*********************************************************
- Please download Unhide by Grinler from here (http://download.bleepingcomputer.com/grinler/unhide.exe) and save it to your desktop.
- Double click unhide.exe to run the tool.
- It will take some time to go through all your files, so please be patient.
- If this tool doesn´t fix the problem, please let me know.
-
Hi Dave, thanx for the quick reply! I found the Start button and I did Step 1. A lot of games were on there, but no obvious malware. Should I do step 2, or go ahead with MBAM?
-
Please run MBAM again and post the log as well as these logs.
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here (http://www.softpedia.com/get/Others/Signatures-Updates/SUPERAntiSpyware-Database-Definitions-Updates.shtml)
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
Still can only access internet in safe mode; would not allow me to run MBAM or disable Norton and McAfee; looks like it may have done it automatically.
Here are the logs:
ComboFix 12-08-15.01 - Administrator 08/15/2012 19:32:39.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.715 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Norton Internet Security 2006 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton Internet Security 2006 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\fiosejgfse.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\Compaq_Administrator\GoToAssistDownloadHelper.exe
c:\documents and settings\Compaq_Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\program files\Internet Explorer\SET12E.tmp
c:\program files\Internet Explorer\SET133.tmp
c:\program files\Internet Explorer\SET163.tmp
c:\program files\Internet Explorer\SET168.tmp
c:\program files\Internet Explorer\SET182.tmp
c:\program files\Internet Explorer\SET187.tmp
c:\program files\Internet Explorer\SET1D5.tmp
c:\program files\Internet Explorer\SET1D6.tmp
c:\program files\Internet Explorer\SET218.tmp
c:\program files\Internet Explorer\SET21D.tmp
c:\program files\Internet Explorer\SET29D.tmp
c:\program files\Internet Explorer\SET2A2.tmp
c:\program files\Internet Explorer\SETA83.tmp
c:\program files\Internet Explorer\SETA88.tmp
c:\program files\Internet Explorer\SETAF5.tmp
c:\program files\Internet Explorer\SETAF6.tmp
c:\program files\Internet Explorer\SETBC.tmp
c:\program files\Internet Explorer\SETC1.tmp
c:\program files\Internet Explorer\SETD7.tmp
c:\program files\Internet Explorer\SETDC.tmp
c:\program files\Mozilla Firefox\components\AskHPRFF.js
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 03:35 . 2012-08-15 03:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-08-15 03:35 . 2012-08-15 03:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-15 03:35 . 2012-08-15 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-08-10 13:01 . 2012-08-15 01:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\DoNotTrackPlus
2012-08-06 01:12 . 2012-08-06 01:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-07-23 00:00 . 2012-07-23 00:00 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-07-23 00:00 . 2012-08-13 04:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:19 . 2004-08-10 04:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2011-04-27 17:51 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2010-05-29 15:23 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-10 04:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2004-08-10 04:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2004-08-10 04:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2004-08-10 04:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-10 04:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2004-08-10 04:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2004-08-10 04:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2004-08-10 04:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2004-08-10 04:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-05-29 15:23 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2010-05-29 15:23 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-10 04:00 599040 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 15:28 1307928 ----a-w- c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 53096]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe" [2011-07-01 240288]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-5 27136]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/11/2010 9:06 AM 84072]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/11/2010 9:05 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [10/11/2010 9:06 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/11/2010 9:06 AM 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/11/2010 9:06 AM 313288]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2/10/2012 11:28 AM 193816]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/25/2011 4:02 AM 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/6/2010 8:06 AM 203280]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [10/11/2010 9:05 AM 271480]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [8/8/2010 9:48 PM 793048]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2/10/2012 11:28 AM 240408]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/11/2010 9:06 AM 55840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/25/2011 4:02 AM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10/11/2010 9:06 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/11/2010 9:06 AM 84264]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - PXHELP20
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-25 08:00]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-25 08:00]
.
2012-08-11 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-12-31 16:13]
.
2012-08-10 c:\windows\Tasks\Norton Security Scan for Compaq_Administrator.job
- c:\progra~1\NORTON~3\Engine\301~1.8\Nss.exe [2011-01-18 06:45]
.
2012-08-15 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2009-07-29 18:10]
.
2012-08-15 c:\windows\Tasks\RegPowerClean.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2009-07-29 18:48]
.
2012-08-11 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2012-01-21 03:24]
.
2012-08-13 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2012-01-21 03:24]
.
2010-04-19 c:\windows\Tasks\RPCReminder.job
- c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2009-07-29 18:34]
.
2012-08-15 c:\windows\Tasks\User_Feed_Synchronization-{8CD641F2-643E-439F-A5D7-45F4A6558B5B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
HKLM-Run-Intel - c:\documents and settings\Compaq_Administrator\Application Data\Intel\Intel.exe
HKLM-Explorer_Run-5516 - c:\docume~1\ALLUSE~1\LOCALS~1\Temp\mswauao.scr
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 19:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,88,42,bd,e4,ca,7e,4c,ad,19,58,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,88,42,bd,e4,ca,7e,4c,ad,19,58,\
.
[HKEY_USERS\S-1-5-21-3642355760-1211948261-21286445-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,0f,e8,01,fd,43,af,4d,ab,4a,9b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,0f,e8,01,fd,43,af,4d,ab,4a,9b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-08-15 19:43:51
ComboFix-quarantined-files.txt 2012-08-15 23:43
.
Pre-Run: 166,210,342,912 bytes free
Post-Run: 169,809,567,744 bytes free
.
- - End Of File - - 8A5745B0991D237C62BF7F44EDB0BD24
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/15/2012 at 01:38 AM
Application Version : 5.5.1012
Core Rules Database Version : 9059
Trace Rules Database Version: 6871
Scan type : Complete Scan
Total Scan Time : 01:55:03
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 342
Memory threats detected : 0
Registry items scanned : 33540
Registry threats detected : 839
File items scanned : 262358
File threats detected : 580
PUP.MyWebSearch
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
[My Web Search Bar Search Scope Monitor] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\M3SRCHMN.EXE
C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\M3SRCHMN.EXE
[MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
HKLM\System\ControlSet001\Services\MYWEBSEARCHSERVICE
C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSSVC.EXE
HKLM\System\ControlSet001\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Local Settings\Temporary Internet Files\Content.IE5\I5GVUF2B\submitdiagnosticfile[8].php [ cache:mywebsearch.com ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Local Settings\Temporary Internet Files\Content.IE5\UZEFYD4F\submitdiagnosticfile[1].php [ cache:mywebsearch.com ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Local Settings\Temporary Internet Files\Content.IE5\OJYH0X8D\submitdiagnosticfile[7].php [ cache:mywebsearch.com ]
HKLM\System\ControlSet002\Services\MYWEBSEARCHSERVICE
HKLM\System\ControlSet002\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\Software\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}\InprocServer32
HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}\InprocServer32#ThreadingModel
HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}\Programmable
HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}\TypeLib
HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0
HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\0
HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\0\win32
HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\FLAGS
HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\HELPDIR
HKLM\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
C:\WINDOWS\Prefetch\M3SRCHMN.EXE-214A5037.pf
C:\WINDOWS\Prefetch\MWSOEMON.EXE-22AAA5A1.pf
HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}\ProxyStubClsid
HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}\ProxyStubClsid32
HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}\TypeLib
HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}\TypeLib#Version
PUP.MyWebSearch/FunWebProducts
HKLM\SOFTWARE\Fun Web Products
HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
HKLM\SOFTWARE\Fun Web Products#CacheDir
HKLM\SOFTWARE\Fun Web Products\MSNMessenger
HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile
HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir
HKLM\SOFTWARE\Fun Web Products\ScreenSaver
HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
HKLM\SOFTWARE\Fun Web Products\ScreenSaver#PM
HKLM\SOFTWARE\Fun Web Products\Settings
HKLM\SOFTWARE\Fun Web Products\Settings\Promos
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag
HKU\.DEFAULT\SOFTWARE\MyWebSearch
HKU\S-1-5-18\SOFTWARE\MyWebSearch
HKLM\SOFTWARE\MyWebSearch
HKLM\SOFTWARE\MyWebSearch\bar
HKLM\SOFTWARE\MyWebSearch\bar#Maximized
HKLM\SOFTWARE\MyWebSearch\bar#Visible
HKLM\SOFTWARE\MyWebSearch\bar#UseFWB
HKLM\SOFTWARE\MyWebSearch\bar#pid
HKLM\SOFTWARE\MyWebSearch\bar#fwp
HKLM\SOFTWARE\MyWebSearch\bar#psid
HKLM\SOFTWARE\MyWebSearch\bar#un
HKLM\SOFTWARE\MyWebSearch\bar#tiec
HKLM\SOFTWARE\MyWebSearch\bar#Dir
HKLM\SOFTWARE\MyWebSearch\bar#UninstallString
HKLM\SOFTWARE\MyWebSearch\bar#PluginPath
HKLM\SOFTWARE\MyWebSearch\bar#RegHookPath
HKLM\SOFTWARE\MyWebSearch\bar#Id
HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
HKLM\SOFTWARE\MyWebSearch\bar#sr
HKLM\SOFTWARE\MyWebSearch\bar#pl
HKLM\SOFTWARE\MyWebSearch\bar#CacheDir
HKLM\SOFTWARE\MyWebSearch\bar#NextConfigRequest
HKLM\SOFTWARE\MyWebSearch\bar#LastConfigRequest
HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevision
HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevisionURL
HKLM\SOFTWARE\MyWebSearch\bar#ConfigDateStamp
HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision
HKLM\SOFTWARE\MyWebSearch\bar#AlertCount
HKLM\SOFTWARE\MyWebSearch\bar#AlertPeriod
HKLM\SOFTWARE\MyWebSearch\bar#AlertPausePeriod
HKLM\SOFTWARE\MyWebSearch\bar#NoThrottleAlert
HKLM\SOFTWARE\MyWebSearch\bar#sscSet
HKLM\SOFTWARE\MyWebSearch\bar#sscLabel
HKLM\SOFTWARE\MyWebSearch\bar#sscURL
HKLM\SOFTWARE\MyWebSearch\bar#Flags
HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
HKLM\SOFTWARE\MyWebSearch\bar#AutocompleteURL
HKLM\SOFTWARE\MyWebSearch\bar#PostEvents
HKLM\SOFTWARE\MyWebSearch\bar#NextEventsPost
HKLM\SOFTWARE\MyWebSearch\bar#LastEventsPost
HKLM\SOFTWARE\MyWebSearch\MWSOEMON
HKLM\SOFTWARE\MyWebSearch\MWSOEMON#Version
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Version
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Path
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#StandardSmileyDir.AIM
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.numActive2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.0
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.1
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.3
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.4
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.5
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.6
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.7
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.8
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.9
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.0.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.1.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.2.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.3.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.4.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.5.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.6.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.7.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.8.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.9.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.10.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.11.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.12.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.13.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.0.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.1.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.2.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.3.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.4.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.5.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.6.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.7.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.8
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.9
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.10
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.numActive2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.0
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.1
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.3
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.4
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.5
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.6
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.7
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.8
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.9
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.10
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.11
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.numActive2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.0
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.1
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.3
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.4
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.5
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.6
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.7
HKLM\SOFTWARE\MyWebSearch\OEHosts
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows12
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows2
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows3
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows4
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows5
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows6
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows7
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows8
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows9
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows10
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows11
HKLM\SOFTWARE\MyWebSearch\SearchAssistant
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#psid
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#LastRequest
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#NextRequest
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ie8h
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fs
HKLM\SOFTWARE\MyWebSearch\SkinTools
HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
HKCR\FunWebProducts.DataControl
HKCR\FunWebProducts.DataControl\CLSID
HKCR\FunWebProducts.DataControl\CurVer
HKCR\FunWebProducts.DataControl.1
HKCR\FunWebProducts.DataControl.1\CLSID
HKCR\FunWebProducts.HistoryKillerScheduler
HKCR\FunWebProducts.HistoryKillerScheduler\CLSID
HKCR\FunWebProducts.HistoryKillerScheduler\CurVer
HKCR\FunWebProducts.HistoryKillerScheduler.1
HKCR\FunWebProducts.HistoryKillerScheduler.1\CLSID
HKCR\FunWebProducts.HistorySwatterControlBar
HKCR\FunWebProducts.HistorySwatterControlBar\CLSID
HKCR\FunWebProducts.HistorySwatterControlBar\CurVer
HKCR\FunWebProducts.HistorySwatterControlBar.1
HKCR\FunWebProducts.HistorySwatterControlBar.1\CLSID
HKCR\FunWebProducts.HTMLMenu
HKCR\FunWebProducts.HTMLMenu\CLSID
HKCR\FunWebProducts.HTMLMenu\CurVer
HKCR\FunWebProducts.HTMLMenu.1
HKCR\FunWebProducts.HTMLMenu.1\CLSID
HKCR\FunWebProducts.HTMLMenu.2
HKCR\FunWebProducts.HTMLMenu.2\CLSID
HKCR\FunWebProducts.IECookiesManager
HKCR\FunWebProducts.IECookiesManager\CLSID
HKCR\FunWebProducts.IECookiesManager\CurVer
HKCR\FunWebProducts.IECookiesManager.1
HKCR\FunWebProducts.IECookiesManager.1\CLSID
HKCR\FunWebProducts.KillerObjManager
HKCR\FunWebProducts.KillerObjManager\CLSID
HKCR\FunWebProducts.KillerObjManager\CurVer
HKCR\FunWebProducts.KillerObjManager.1
HKCR\FunWebProducts.KillerObjManager.1\CLSID
HKCR\FunWebProducts.PopSwatterBarButton
HKCR\FunWebProducts.PopSwatterBarButton\CLSID
HKCR\FunWebProducts.PopSwatterBarButton\CurVer
HKCR\FunWebProducts.PopSwatterBarButton.1
HKCR\FunWebProducts.PopSwatterBarButton.1\CLSID
HKCR\FunWebProducts.PopSwatterSettingsControl
HKCR\FunWebProducts.PopSwatterSettingsControl\CLSID
HKCR\FunWebProducts.PopSwatterSettingsControl\CurVer
HKCR\FunWebProducts.PopSwatterSettingsControl.1
HKCR\FunWebProducts.PopSwatterSettingsControl.1\CLSID
HKCR\MyWebSearch.ChatSessionPlugin
HKCR\MyWebSearch.ChatSessionPlugin\CLSID
HKCR\MyWebSearch.ChatSessionPlugin\CurVer
HKCR\MyWebSearch.ChatSessionPlugin.1
HKCR\MyWebSearch.ChatSessionPlugin.1\CLSID
HKCR\MyWebSearch.HTMLPanel
HKCR\MyWebSearch.HTMLPanel\CLSID
HKCR\MyWebSearch.HTMLPanel\CurVer
HKCR\MyWebSearch.HTMLPanel.1
HKCR\MyWebSearch.HTMLPanel.1\CLSID
HKCR\MyWebSearch.OutlookAddin
HKCR\MyWebSearch.OutlookAddin\CLSID
HKCR\MyWebSearch.OutlookAddin\CurVer
HKCR\MyWebSearch.OutlookAddin.1
HKCR\MyWebSearch.OutlookAddin.1\CLSID
HKCR\MyWebSearch.PseudoTransparentPlugin
HKCR\MyWebSearch.PseudoTransparentPlugin\CLSID
HKCR\MyWebSearch.PseudoTransparentPlugin\CurVer
HKCR\MyWebSearch.PseudoTransparentPlugin.1
HKCR\MyWebSearch.PseudoTransparentPlugin.1\CLSID
HKCR\MyWebSearchToolBar.SettingsPlugin
HKCR\MyWebSearchToolBar.SettingsPlugin\CLSID
HKCR\MyWebSearchToolBar.SettingsPlugin\CurVer
HKCR\MyWebSearchToolBar.SettingsPlugin.1
HKCR\MyWebSearchToolBar.SettingsPlugin.1\CLSID
HKCR\MyWebSearchToolBar.ToolbarPlugin
HKCR\MyWebSearchToolBar.ToolbarPlugin\CLSID
HKCR\MyWebSearchToolBar.ToolbarPlugin\CurVer
HKCR\MyWebSearchToolBar.ToolbarPlugin.1
HKCR\MyWebSearchToolBar.ToolbarPlugin.1\CLSID
HKCR\ScreenSaverControl.ScreenSaverInstaller
HKCR\ScreenSaverControl.ScreenSaverInstaller\CLSID
HKCR\ScreenSaverControl.ScreenSaverInstaller\CurVer
HKCR\ScreenSaverControl.ScreenSaverInstaller.1
HKCR\ScreenSaverControl.ScreenSaverInstaller.1\CLSID
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32#ThreadingModel
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\ProgID
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\Programmable
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\TypeLib
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\VersionIndependentProgID
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32#ThreadingModel
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance#CLSID
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag#url
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Control
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32#ThreadingModel
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus\1
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\ProgID
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Programmable
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\TypeLib
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Version
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\VersionIndependentProgID
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32#ThreadingModel
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ProgID
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\VersionIndependentProgID
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Control
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32#ThreadingModel
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ProgID
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Programmable
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Version
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\VersionIndependentProgID
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32#ThreadingModel
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32#ThreadingModel
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ProgID
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\Programmable
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\VersionIndependentProgID
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32#ThreadingModel
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32#ThreadingModel
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\ProgID
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\Programmable
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\TypeLib
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\VersionIndependentProgID
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32#ThreadingModel
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32#ThreadingModel
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ProgID
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\VersionIndependentProgID
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32#ThreadingModel
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus\1
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ProgID
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Programmable
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\TypeLib
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Version
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\VersionIndependentProgID
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32#ThreadingModel
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\Programmable
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\TypeLib
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32#ThreadingModel
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32#ThreadingModel
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus\1
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\ProgID
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Programmable
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\TypeLib
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Version
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\VersionIndependentProgID
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32#ThreadingModel
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus\1
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\ProgID
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Programmable
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\TypeLib
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Version
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\VersionIndependentProgID
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32#ThreadingModel
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\ProgID
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\Programmable
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\TypeLib
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\VersionIndependentProgID
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32#ThreadingModel
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\Programmable
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\TypeLib
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Control
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32#ThreadingModel
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus\1
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ProgID
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Programmable
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\TypeLib
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Version
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\VersionIndependentProgID
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\FLAGS
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\FLAGS
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\FLAGS
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\FLAGS
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\FLAGS
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\FLAGS
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\FLAGS
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\FLAGS
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\FLAGS
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\FLAGS
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\FLAGS
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
HKCR\Interface\{BBABDC90-F3D5-4801-863A
-
It would appear from that log that you're running two AV's on your computer; McAfee Anti-Virus and Anti-Spyware and Norton Internet Security 2006 which is a no-no. One will have to be disabled/removed. It looks like Norton is out-of-date. Try to uninstall it. If you have trouble doing that, please let me know and I'll give you a tool to remove it.
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Winferno and Registry Mechanic
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.
For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.
Further reading: XP Fixes Myth #1: Registry Cleaners (http://www.windowsbbs.com/showthread.php?t=61015)
**************************************************
•Please download Dial-A-Fix from one of the following mirrors:
Primary mirror (http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip)
Secondary mirror (http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip)
•Extract the zip file to your desktop.
•Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click
(http://i424.photobucket.com/albums/pp322/digistar/OK.jpg) to continue.
•Press the green double checkmark box (Looks like this:
(http://i424.photobucket.com/albums/pp322/digistar/checkmark.png)
UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:
(http://i424.photobucket.com/albums/pp322/digistar/ncheck.png)
(http://i424.photobucket.com/albums/pp322/digistar/Window.png)
•Click on Go
•Wait for Dial-A-Fix to finish (All the checks marks will be all gone)
•Close Dial-A-Fix
Please let me know if you can now access the internet.
-
Internet connection is working now, although it was awfully slow and I still get about a dozen error messages when Windows opens. Dial a Fix did not let me check the group of blocks under MSI.
I never installed any registry cleaners so maybe they are part of a Windows update. A few months ago "PC Tools" started showing up every time windows opens and it wants to run a clean registry program. It started an automatic scan just now; had to cancel it.
I'm fine with uninstalling any of these, just show me how.
Windows also wants to update and restart. Should I let it?
Should I try to run MBAM or CCleaner now?
-
although it was awfully slow and I still get about a dozen error messages when Windows opens.
Such as?
I never installed any registry cleaners so maybe they are part of a Windows update. A few months ago "PC Tools" started showing up every time windows opens and it wants to run a clean registry program. It started an automatic scan just now; had to cancel it.
I'm fine with uninstalling any of these, just show me how.
MS doesn't recommend Registry Cleaners. It probably came from PC Tools. I'll get you to run a program to see what's installed and then I will recommend how to remove it.
Please download: HiJackThis (http://go.trendmicro.com/free-tools/hijackthis/HijackThisInstaller.exe) to your Desktop.
- Double Click the HijackThis icon, located on your Desktop.
- By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
- Accept the license agreement.
- Click the Open the Misc Tools section button.
•Click on the Open Uninstall Manager button.
•Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.
Copy and paste this file in your next reply.
*************************************************
Windows also wants to update and restart. Should I let it?
Yes, by all means.
Should I try to run MBAM or CCleaner now?
Yes, please try to run them.
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
Windows updated, then Norton said a low risk program was trying to access and recommended access. It was called A.exe and I OKd it.
Hijack This would not open. Explorer said it could not connect.
MBAM still getting error message Run time "0"
Sys Prot said my security settings would not allow it to run.
-
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) to Desktop and run it.
(http://i424.photobucket.com/albums/pp322/digistar/MiniToolBox.png)
Checkmark the following boxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- List content of Hosts
- List IP Configuration
- Lst Last 10 Event Viewer Errors
- List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.
-
"Your security settings do not allow this file to be downloaded." I uninstalled Norton (kept McAfee, which is giving me PC at risk warnings.)
Still get the same message.
-
I went back to safe mode and was able to run Hijack and Mini
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5
Adobe Shockwave Player 11.6
Agere Systems PCI-SV92PP Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Bing Bar
Bonjour
Compaq Connections (remove only)
Customer Experience Enhancement
DISCover
Do Not Track Plus Add-on 2.2.0.705
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Rhapsody
HP Software Update
HP Support Overview
HP Web Helper
iTunes
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 20
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
McAfee Internet Security
McAfee Security Scan Plus
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Money 2006
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft UI Engine
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netscape Browser (remove only)
Norton Security Scan
NVIDIA Drivers
OpenOffice.org 3.2
Otto
PC Tools Registry Mechanic 11.0
PC-Doctor 5 for Windows
Quicken 2006
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SUPERAntiSpyware
swMSM
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vz In Home Agent
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
MiniToolBox by Farbar Version: 23-07-2012
Ran by Administrator (administrator) on 17-08-2012 at 23:29:46
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
NVIDIA nForce Networking Controller = Local Area Connection (Connected)
# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip
# Interface IP Configuration for "Local Area Connection"
set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
popd
# End of interface IP configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : your-4dacd0ea75
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-17-31-9D-DA-12
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : Friday, August 17, 2012 11:07:37 PM
Lease Expires . . . . . . . . . . : Saturday, August 18, 2012 11:07:37 PM
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1
Name: google.com
Addresses: 74.125.228.69, 74.125.228.65, 74.125.228.66, 74.125.228.67
74.125.228.70, 74.125.228.73, 74.125.228.68, 74.125.228.64, 74.125.228.71
74.125.228.72, 74.125.228.78
Pinging google.com [74.125.228.65] with 32 bytes of data:
Reply from 74.125.228.65: bytes=32 time=17ms TTL=252
Reply from 74.125.228.65: bytes=32 time=16ms TTL=252
Ping statistics for 74.125.228.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 17ms, Average = 16ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1
Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=67ms TTL=50
Reply from 98.139.183.24: bytes=32 time=63ms TTL=49
Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 63ms, Maximum = 67ms, Average = 65ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1
Name: bleepingcomputer.com
Address: 208.43.87.2
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 31 9d da 12 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Event log errors: ===============================
Application errors:
==================
Error: (08/15/2012 08:18:33 PM) (Source: Application Error) (User: )
Description: Faulting application itunes.exe, version 10.6.1.7, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x000381cd.
Processing media-specific event for [itunes.exe!ws!]
Error: (08/14/2012 10:46:42 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: Exception in McShield.Exe!
Exception details follow :
VSCORE.14.2.0.794
Exception Code : 0XC0000005
Exception Address : 0X0052004F
Exception Parameters : 2
Param 1 = 0X00000001
Param 2 = 00000000
More information :
Error: (08/14/2012 09:01:17 PM) (Source: Application Error) (User: )
Description: Faulting application DNTPService.exe, version 2.2.0.705, faulting module DNTPButton.dll, version 0.0.0.0, fault address 0x00002ed6.
Processing media-specific event for [DNTPService.exe!ws!]
Error: (08/13/2012 09:07:23 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (08/13/2012 09:07:23 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (08/12/2012 09:01:43 PM) (Source: Application Error) (User: )
Description: Faulting application DNTPService.exe, version 2.2.0.705, faulting module DNTPButton.dll, version 0.0.0.0, fault address 0x00002ed6.
Processing media-specific event for [DNTPService.exe!ws!]
Error: (08/11/2012 09:24:53 AM) (Source: Application Error) (User: )
Description: Faulting application iPodService.exe, version 10.6.1.7, faulting module unknown, version 0.0.0.0, fault address 0xffcd26db.
Error in creating result PEAP-TLV in response to received PEAP-TLV (iPodService.exe!ld!)
Error: (08/10/2012 11:29:53 PM) (Source: Application Error) (User: )
Description: Faulting application LuComServer_3_0.EXE, version 3.0.1.6, faulting module unknown, version 0.0.0.0, fault address 0xffcc26db.
Processing media-specific event for [LuComServer_3_0.EXE!ws!]
Error: (08/10/2012 11:25:06 PM) (Source: Application Error) (User: )
Description: Faulting application LuComServer_3_0.EXE, version 3.0.1.6, faulting module unknown, version 0.0.0.0, fault address 0xffcc26db.
Processing media-specific event for [LuComServer_3_0.EXE!ws!]
Error: (08/10/2012 11:23:13 PM) (Source: Application Error) (User: )
Description: Faulting application LuComServer_3_0.EXE, version 3.0.1.6, faulting module unknown, version 0.0.0.0, fault address 0xffcc26db.
Processing media-specific event for [LuComServer_3_0.EXE!ws!]
System errors:
=============
Error: (08/17/2012 11:09:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
Error: (08/17/2012 11:09:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
Error: (08/17/2012 11:09:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
Error: (08/17/2012 11:09:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
Error: (08/17/2012 11:09:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
Error: (08/17/2012 11:09:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
Error: (08/17/2012 11:09:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
Error: (08/17/2012 11:09:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
Error: (08/17/2012 11:09:13 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AmdK8
eeCtrl
Fips
SASDIFSV
SASKUTIL
Error: (08/17/2012 11:09:06 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Microsoft Office Sessions:
=========================
Error: (08/15/2012 08:18:33 PM) (Source: Application Error)(User: )
Description: itunes.exe10.6.1.7msvcrt.dll7.0.2600.55 12000381cd
Error: (08/14/2012 10:46:42 PM) (Source: McLogEvent)(User: NT AUTHORITY)NT AUTHORITY
Description: VSCORE.14.2.0.794
Exception Code : 0XC0000005
Exception Address : 0X0052004F
Exception Parameters : 2
Param 1 = 0X00000001
Param 2 = 00000000
More information :
Error: (08/14/2012 09:01:17 PM) (Source: Application Error)(User: )
Description: DNTPService.exe2.2.0.705DNTPButton.dll0 .0.0.000002ed6
Error: (08/13/2012 09:07:23 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (08/13/2012 09:07:23 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (08/12/2012 09:01:43 PM) (Source: Application Error)(User: )
Description: DNTPService.exe2.2.0.705DNTPButton.dll0 .0.0.000002ed6
Error: (08/11/2012 09:24:53 AM) (Source: Application Error)(User: )
Description: iPodService.exe10.6.1.7unknown0.0.0.0ff cd26db
Error: (08/10/2012 11:29:53 PM) (Source: Application Error)(User: )
Description: LuComServer_3_0.EXE3.0.1.6unknown0.0.0. 0ffcc26db
Error: (08/10/2012 11:25:06 PM) (Source: Application Error)(User: )
Description: LuComServer_3_0.EXE3.0.1.6unknown0.0.0. 0ffcc26db
Error: (08/10/2012 11:23:13 PM) (Source: Application Error)(User: )
Description: LuComServer_3_0.EXE3.0.1.6unknown0.0.0. 0ffcc26db
========================= Memory info: ===================================
Percentage of memory in use: 33%
Total physical RAM: 958.48 MB
Available physical RAM: 637.82 MB
Total Pagefile: 2313.31 MB
Available Pagefile: 2066.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.33 MB
========================= Partitions: =====================================
1 Drive c: (PRESARIO) (Fixed) (Total:224.68 GB) (Free:158.1 GB) NTFS
2 Drive d: (PRESARIO_RP) (Fixed) (Total:8.18 GB) (Free:0.5 GB) FAT32
========================= Users: ========================================
User accounts for \\YOUR-4DACD0EA75
Administrator Compaq_Administrator Guest
HelpAssistant SUPPORT_388945a0 SUPPORT_fddfa904
**** End of log ****
-
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
No IRP Hooks found
******************************************************************************************
******************************************************************************************
Ports:
Local Address: YOUR-4DACD0EA75.HOME:1258
Remote Address: IAD23S05-IN-F2.1E100.NET:HTTP
Type: TCP
Process: 1868 (PID)
State: ESTABLISHED
Local Address: YOUR-4DACD0EA75.HOME:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING
Local Address: YOUR-4DACD0EA75:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING
Local Address: YOUR-4DACD0EA75:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: 912 (PID)
State: LISTENING
Local Address: YOUR-4DACD0EA75.HOME:138
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA
Local Address: YOUR-4DACD0EA75.HOME:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA
Local Address: YOUR-4DACD0EA75:1083
Remote Address: NA
Type: UDP
Process: 1868 (PID)
State: NA
Local Address: YOUR-4DACD0EA75:1030
Remote Address: NA
Type: UDP
Process: 1188 (PID)
State: NA
Local Address: YOUR-4DACD0EA75:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA
******************************************************************************************
******************************************************************************************
No hidden files/folders found
-
Please try this Norton Removal Tool.
Norton/Symantec Removal Tool - Norton Removal Tool (http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039/)
*****************************************************
"Your security settings do not allow this file to be downloaded."
Where and when do you see this warning?
******************************************************
Delete An Uninstall Entry
•Start HijackThis
•Click on the Open the Misc Tools section
•Click on the Open Uninstall Manager button.
•Highlight the entry you want to remove.
•Click Delete these entries
Ask Toolbar
PC Tools Registry Mechanic 11.0
****************************************************
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***********************************************************
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
The error messages when PC turns on are:
C/Documents - Windows cannot find C/Documents. Make sure you type name corretly and try again.
Destop - Could not load or run C/Desktop specified in the registry. Make sure the file exists on you computer or remove the reference to it in the registry
and - Windows cannot find and...
Setting /Compaq Administrator App - Windows cannot find...
Data Intel.exe - Windows cannot find
McAfee cannot update your software. Please check your internet connection
Microsoft Visual C++Runtime Library - Runtime Error
Also, in today's history are websites I never accessed such as otraffixeng.com, eutimes.com, tubesplay.com
I had to reset my Internet security options to default in order to install the latest JAVA. Should I leave it there?
Here is the ESET log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d7157de55da5a64bb34fd423f26791cc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-19 03:27:23
# local_time=2012-08-18 11:27:23 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777190 100 75 52027989 61572661 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=207345
# found=15
# cleaned=0
# scan_time=7823
C:\Documents and Settings\Compaq_Administrator\Application Data\12F.exe.gonewiththewings a variant of Win32/Kryptik.AKCT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Compaq_Administrator\Application Data\35D.exe.gonewiththewings a variant of Win32/Kryptik.AKCT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Compaq_Administrator\Application Data\Cxvgvi.scr a variant of Win32/Kryptik.AKCT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Compaq_Administrator\Application Data\Iyvgvo.scr Win32/Dorkbot.B worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\64de802c-7cb8453e Java/Exploit.CVE-2012-0507.DM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\54\17266536-73c5444a Java/Exploit.Agent.NCI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\153F.tmp a variant of Win32/Agent.TVG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Compaq_Administrator\My Documents\My Music\iLividSetupV1.exe Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Compaq_Administrator\My Documents\My Music\iTunes\ac3filter_app_1200.exe a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Winferno\PC Confidential\PCCBHO.dll Win32/Adware.PCConfidential application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Winferno\PC Confidential\PCConfidential.exe Win32/Adware.PCConfidential application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Winferno\PC Confidential\PCCST.exe Win32/Adware.PCConfidential application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe a variant of Win32/XrayMyPC application (unable to clean) 00000000000000000000000000000000 I
D:\I386\APPS\APP18921\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
D:\I386\APPS\APP18921\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
Here is the ESET log:
-
I updated MBAM which was already installed.
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.19.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Administrator :: YOUR-4DACD0EA75 [administrator]
Protection: Enabled
8/19/2012 12:45:48 AM
mbam-log-2012-08-19 (00-45-48).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 349559
Time elapsed: 2 hour(s), 28 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 17
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 10
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: ©Ž±#¥aI¶»
äG\Ê -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000345&p=ZLxdm378YYUS&si=2459-FT&a=qx7hFEhKI4J_p3.Eb23CXQ&n=2011111209 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: Explorer.exe,C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Intel (Trojan.Agent) -> Data: C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin (PUP.MyWebSearch) -> Data: C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|5516 (Trojan.Agent) -> Data: C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mswauao.scr -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 6
C:\Documents and Settings\Compaq_Administrator\My Documents\My Music\iTunes\ac3filter_app_1200.exe (PUP.BundleOffers.IIQ) -> No action taken.
c:\documents and settings\compaq_administrator\application data\iyvgvo.scr (Worm.DorkBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\12F.exe.gonewiththewings (Trojan.Obfuscated) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\35D.exe.gonewiththewings (Trojan.Obfuscated) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_administrator\application data\cxvgvi.scr (Trojan.Ircbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
-
I had to reset my Internet security options to default in order to install the latest JAVA. Should I leave it there?
Set it back to where it was.
Please run MBAM again. There was one infection not dealt with.
Files Detected: 6
C:\Documents and Settings\Compaq_Administrator\My Documents\My Music\iTunes\ac3filter_app_1200.exe (PUP.BundleOffers.IIQ) -> No action taken.
Please uninstall Winferno.
* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.
Look through the list and let me know if anything was found infected.
************************************************************
Save these instructions so you can have access to them while in Safe Mode.
Please click here (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) to download AVP Tool by Kaspersky.
- Save it to your desktop.
- Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
- Double click the setup file to run it.
- Click Next to continue.
- Accept the License agreement and click on next.
- It will, by default, install it to your desktop folder. Click Next.
- It will then open a box There will be a tab that says Automatic scan.
- Under Automatic scan make sure these are checked.
- Hidden Startup Objects
- System Memory
- Disk Boot Sectors.
- My Computer.
- Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.
-
Ran MBAM again and removed the PUP file.
Still getting those 5 or 6 error messages.
Cannot remove Winferno. It deleted from Desktop, but it is still there in programs. When I tried the Hijack Uninstall tool, it does not show up as an option to remove. I also saw it there during the scans.
mrt.exe said 4201 files were infected, however only one was on the report: Rogue:Win32/Fake Cog
The Kapersky tool must have changed; there was no option to check anything under Automatic Scan. The scan did not find anything.
-
Cannot remove Winferno. It deleted from Desktop, but it is still there in programs. When I tried the Hijack Uninstall tool, it does not show up as an option to remove. I also saw it there during the scans.
Please try removing it with UnLocker or Revo Uninstaller.
You can download and install Unlocker (http://download.cnet.com/Unlocker/3000-2248_4-10493998.html) .
Download Revo Uninstaller (http://majorgeeks.com/Revo_Uninstaller_d5706.html)
* Open Revo and let the list populate (can take several seconds to finish).
* Right click what you want to uninstall and choose Uninstall
* Next choose Advanced then click Next
* This will (try to) launch the programs built in uninstaller and go through the normal uninstall process.
* If the uninstaller fails just continue on with the Revo instructions.
* Once complete: In Revo Uninstaller click Next and Revo will scan the registry for leftovers.
* This scan can take several seconds.
* Once the results are shown look at each one to ensure they are all related to the program that was uninstalled.
* Choose Select All then click Delete
* Click Next and Revo will scan for any files or folders that were not removed.
* If any files/folders are found choose Select all > Delete
********************************************************
The Kapersky tool must have changed; there was no option to check anything under Automatic Scan.
That's very possible.
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply .
-
Unlocker or Revo did not find the file.
I think I made a mistake, though, because I could not get into Unlocker at first. After I ran Revo and did not see Winferno I went to All Programs. It was there again and I deleted it. There was no uninstall option. It deleted too fast for it to be a real delete; I think it just disappeared off the visible list of programs. So Unlocker did not find it either.
Still a lot of websites in today's history that I did not go to.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-20 22:51:03
-----------------------------
22:51:03.593 OS Version: Windows 5.1.2600 Service Pack 3
22:51:03.593 Number of processors: 1 586 0x2F02
22:51:03.593 ComputerName: YOUR-4DACD0EA75 UserName:
22:51:05.031 Initialize success
22:51:26.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
22:51:26.812 Disk 0 Vendor: WDC_WD2500JS-60NCB1 10.02E02 Size: 238475MB BusType: 3
22:51:26.859 Disk 0 MBR read successfully
22:51:26.859 Disk 0 MBR scan
22:51:26.859 Disk 0 unknown MBR code
22:51:26.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 230071 MB offset 63
22:51:26.890 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8393 MB offset 471202515
22:51:26.890 Disk 0 scanning sectors +488392065
22:51:26.937 Disk 0 scanning C:\WINDOWS\system32\drivers
22:51:48.953 Service scanning
22:52:07.218 Modules scanning
22:52:18.500 Disk 0 trace - called modules:
22:52:18.531 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:52:18.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862b2ab8]
22:52:19.031 3 CLASSPNP.SYS[f7610fd7] -> nt!IofCallDriver -> \Device\00000078[0x86339f18]
22:52:19.031 5 ACPI.sys[f7487620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8632e940]
22:52:19.031 Scan finished successfully
22:52:42.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat"
22:52:42.265 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.txt"
-
We need to fix the infection found with aswMBR now
- Double click aswMBR.exe to run it like before
- Once the scan finishes click Fix to remove the infection as illustrated below
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Fix.jpg)
- Once the scan finishes click Save log to save the log to your Desktop
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
- Copy and paste the contents of aswMBR.txt back here for review
-
Ran it again, scanned, but Fix was not clickable.
-
- Download RogueKiller (http://tigzy.geekstogo.com/Tools/RogueKiller.exe) on the desktop
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
**********************************************************
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe)
Link 2 (http://ad13.geekstogo.com/MBRCheck.exe)
Link 3 (http://www.kernelmode.info/MBRCheck.exe)
•Double-click on MBRCheck.exe to run it.
•It will open a black window...please do not fix anything (if it gives you an option).
•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.
-
RogueKiller prompted me to delete what was checked. You didn't say to do this, so I didn't.
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Compaq_Administrator [Admin rights]
Mode: Scan -- Date: 08/22/2012 21:35:41
¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] arpwrmsg.exe -- C:\WINDOWS\ARPWRMSG.EXE -> KILLED [TermProc]
¤¤¤ Registry Entries: 9 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Intel (C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Run : Iyvgvo (C:\Documents and Settings\Compaq_Administrator\Application Data\Iyvgvo.scr) -> FOUND
[SUSP PATH] HKCU\[...]\Run : Cxvgvi (C:\Documents and Settings\Compaq_Administrator\Application Data\Cxvgvi.scr) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3642355760-1211948261-21286445-1008[...]\Run : Intel (C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3642355760-1211948261-21286445-1008[...]\Run : Iyvgvo (C:\Documents and Settings\Compaq_Administrator\Application Data\Iyvgvo.scr) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3642355760-1211948261-21286445-1008[...]\Run : Cxvgvi (C:\Documents and Settings\Compaq_Administrator\Application Data\Cxvgvi.scr) -> FOUND
[SUSP PATH] HKCU\[...]\Windows : load (C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3642355760-1211948261-21286445-1008[...]\Windows : load (C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500JS-60NCB1 +++++
--- User ---
[MBR] 660fd9b99918e0b5a3661b8c69037b40
[BSP] 05e3161cf4ce79602881f99911e8893d : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 230071 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 471202515 | Size: 8393 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001ec
Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7A70000 \WINDOWS\system32\KDCOM.DLL
0xF7980000 \WINDOWS\system32\BOOTVID.dll
0xF7441000 ACPI.sys
0xF7A72000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7430000 pci.sys
0xF7570000 isapnp.sys
0xF7580000 ohci1394.sys
0xF7590000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7B38000 pciide.sys
0xF77F0000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A74000 viaide.sys
0xF7A76000 intelide.sys
0xF75A0000 MountMgr.sys
0xF7411000 ftdisk.sys
0xF7A78000 dmload.sys
0xF73EB000 dmio.sys
0xF77F8000 PartMgr.sys
0xF75B0000 VolSnap.sys
0xF7316000 iaStor.sys
0xF72FE000 atapi.sys
0xF72BB000 ftsata2.sys
0xF72A3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF75C0000 disk.sys
0xF75D0000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7283000 fltmgr.sys
0xF7271000 sr.sys
0xF7202000 mfehidk.sys
0xF75E0000 bb-run.sys
0xF75F0000 PxHelp20.sys
0xF71EB000 KSecDD.sys
0xF715E000 Ntfs.sys
0xF7131000 NDIS.sys
0xF7117000 Mup.sys
0xF7620000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7720000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF7950000 \SystemRoot\system32\DRIVERS\aracpi.sys
0xF6387000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6373000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7958000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF634F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7960000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6236000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF6213000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7AB2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7968000 \SystemRoot\System32\Drivers\Modem.SYS
0xF61EB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF70D3000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF61A0000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF6169000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF7730000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7970000 \SystemRoot\system32\DRIVERS\PS2.sys
0xF7978000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7AB4000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
0xF70CF000 \SystemRoot\system32\DRIVERS\arpolicy.sys
0xF7BD0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7740000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A08000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6152000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7750000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7760000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7800000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6141000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7770000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF6116000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF609C000 \SystemRoot\system32\drivers\mfefirek.sys
0xF7840000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7848000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF606C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7780000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7850000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7AB6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF600E000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A24000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7790000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF77A0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF77B0000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF35FF000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF35DB000 \SystemRoot\system32\drivers\portcls.sys
0xF77C0000 \SystemRoot\system32\drivers\drmk.sys
0xF7ABA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BAD000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ABC000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7878000 \SystemRoot\System32\drivers\vga.sys
0xF7ABE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AC0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7880000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7888000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6106000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3558000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF34FF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF34EA000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xF34C4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF349C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF60F2000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF347A000 \SystemRoot\System32\drivers\afd.sys
0xF6A23000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF3458000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7890000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF342D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF33BD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF69E3000 \SystemRoot\System32\Drivers\Fips.SYS
0xF69D3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF69C3000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF5FFE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF69B3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7898000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF78A0000 \SystemRoot\system32\DRIVERS\arhidfltr.sys
0xF78A8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF5FFA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7AC2000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
0xF30D1000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF30AD000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF3095000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AC8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF35C7000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78B8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BF8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBA5D4000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xBA584000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB922B000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA528000 \SystemRoot\system32\drivers\sysaudio.sys
0xB9110000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB8FB7000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8E6F000 \SystemRoot\system32\DRIVERS\srv.sys
0xB8C17000 \SystemRoot\system32\drivers\cfwids.sys
0xB8F27000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB7B1B000 \SystemRoot\system32\drivers\mfeapfk.sys
0xB7BE7000 \SystemRoot\system32\drivers\mfebopk.sys
0xB7AF0000 \SystemRoot\system32\drivers\kmixer.sys
0xBA448000 \??\c:\windows\system32\drivers\TrueSight.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 65):
0 System Idle Process
4 System
740 C:\WINDOWS\system32\smss.exe
816 csrss.exe
840 C:\WINDOWS\system32\winlogon.exe
884 C:\WINDOWS\system32\services.exe
896 C:\WINDOWS\system32\lsass.exe
1084 C:\WINDOWS\system32\svchost.exe
1136 svchost.exe
1228 C:\WINDOWS\system32\svchost.exe
1272 svchost.exe
1604 C:\WINDOWS\system32\spoolsv.exe
1768 C:\WINDOWS\explorer.exe
164 svchost.exe
288 C:\Program Files\SUPERAntiSpyware\SASCore.exe
296 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
316 C:\WINDOWS\arservice.exe
356 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
416 C:\Program Files\Bonjour\mDNSResponder.exe
540 C:\WINDOWS\ehome\ehrecvr.exe
660 C:\WINDOWS\ehome\ehSched.exe
1200 C:\Program Files\Java\jre7\bin\jqs.exe
1256 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1292 C:\Program Files\Google\Update\GoogleUpdate.exe
1300 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
1396 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1488 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1512 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1704 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1812 C:\WINDOWS\system32\mfevtps.exe
1924 C:\WINDOWS\system32\nvsvc32.exe
1952 svchost.exe
1764 svchost.exe
260 C:\WINDOWS\system32\svchost.exe
568 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2320 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2372 mcrdsvc.exe
2412 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3420 alg.exe
3012 C:\WINDOWS\system32\svchost.exe
3964 C:\Program Files\McAfee.com\Agent\mcagent.exe
4092 C:\WINDOWS\system32\ctfmon.exe
1364 C:\WINDOWS\ehome\ehtray.exe
2748 C:\WINDOWS\RTHDCPL.EXE
2852 C:\Program Files\DISC\DISCUpdMgr.exe
2092 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2868 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
2916 C:\Program Files\iTunes\iTunesHelper.exe
2944 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
2952 C:\Program Files\Unlocker\UnlockerAssistant.exe
2972 C:\Program Files\Messenger\msmsgs.exe
2996 C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
2884 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3308 C:\Program Files\OpenOffice.org 3\program\soffice.exe
3372 C:\Program Files\OpenOffice.org 3\program\soffice.bin
900 C:\Program Files\iPod\bin\iPodService.exe
1108 C:\hp\KBD\kbd.exe
3772 C:\WINDOWS\system\hpsysdrv.exe
2688 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
3492 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2404 C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
3000 RogueKiller.exe
2196 C:\WINDOWS\system32\notepad.exe
3208 C:\Program Files\Internet Explorer\iexplore.exe
3716 C:\Documents and Settings\Compaq_Administrator\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`2bf5a600 (FAT32)
PhysicalDrive0 Model Number: WDCWD2500JS-60NCB1, Rev: 10.02E02
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CE B
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Done!
-
Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"
(you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows XP bootup)
(http://i582.photobucket.com/albums/ss269/Cat_Byte/images/RC_BootMenu.gif)
(http://i582.photobucket.com/albums/ss269/Cat_Byte/images/RConsole_Fixmbr.png)
When you get to the above screen, take note of the number that references your operating system.
If it's '1' like the picture above, type 1 and press Enter
(http://i582.photobucket.com/albums/ss269/Cat_Byte/images/RConsole_A.png)
Next type FIXMBR
If it ask if you're sure you want to write a new MBR, answer 'Y'
Then type EXIT to reboot the machine.
With that done, please post back and let me know how things are now.
-
I was having some trouble with Internet Explorer; would not open.
The FIXMBR took only a second, I got the completed successfully message right away: seemed too fast.
IE working now, but still getting the error messages when windows opens, strange websites in today's IE history.
-
Please run MBRCheck.exe as described in Reply # 22 and post the log.
-
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001ec
Kernel Drivers (total 135):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7AB0000 \WINDOWS\system32\KDCOM.DLL
0xF79C0000 \WINDOWS\system32\BOOTVID.dll
0xF7481000 ACPI.sys
0xF7AB2000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7470000 pci.sys
0xF75B0000 isapnp.sys
0xF75C0000 ohci1394.sys
0xF75D0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7B78000 pciide.sys
0xF7830000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7AB4000 viaide.sys
0xF7AB6000 intelide.sys
0xF75E0000 MountMgr.sys
0xF7451000 ftdisk.sys
0xF7AB8000 dmload.sys
0xF742B000 dmio.sys
0xF7838000 PartMgr.sys
0xF75F0000 VolSnap.sys
0xF7356000 iaStor.sys
0xF733E000 atapi.sys
0xF72FB000 ftsata2.sys
0xF72E3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7600000 disk.sys
0xF7610000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72C3000 fltmgr.sys
0xF72B1000 sr.sys
0xF7242000 mfehidk.sys
0xF7620000 bb-run.sys
0xF7630000 PxHelp20.sys
0xF722B000 KSecDD.sys
0xF719E000 Ntfs.sys
0xF7171000 NDIS.sys
0xF7157000 Mup.sys
0xF7660000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF76F0000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF7880000 \SystemRoot\system32\DRIVERS\aracpi.sys
0xF6518000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6504000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7888000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF64E0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7890000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF63C7000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF63A4000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7AF0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7898000 \SystemRoot\System32\Drivers\Modem.SYS
0xF637C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF711B000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF6331000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF62FA000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF7700000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78A0000 \SystemRoot\system32\DRIVERS\PS2.sys
0xF78A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7AF2000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
0xF7117000 \SystemRoot\system32\DRIVERS\arpolicy.sys
0xF7C44000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7710000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7113000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF62E3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7720000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7730000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78B0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF62D2000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7740000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF62A7000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF622D000 \SystemRoot\system32\drivers\mfefirek.sys
0xF78B8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78C0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF61FD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7750000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF78C8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7AF4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF619F000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A5C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7760000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7770000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7780000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF2A40000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF2A1C000 \SystemRoot\system32\drivers\portcls.sys
0xF7790000 \SystemRoot\system32\drivers\drmk.sys
0xF7AF8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C9C000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AFA000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78F0000 \SystemRoot\System32\drivers\vga.sys
0xF7AFC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AFE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78F8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7900000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6293000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF2999000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF2940000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF292B000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xF2905000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF28DD000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF6283000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF28BB000 \SystemRoot\System32\drivers\afd.sys
0xF77C0000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF2899000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7908000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF286E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF27FE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7800000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7810000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7820000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF618F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF6A74000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7910000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7918000 \SystemRoot\system32\DRIVERS\arhidfltr.sys
0xF7920000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF618B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7B00000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
0xF2778000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF2754000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF273C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B06000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF2A08000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7930000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CBC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBA5D4000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xBA580000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB922B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB9368000 \SystemRoot\system32\drivers\sysaudio.sys
0xB90E8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB8F8F000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8E6F000 \SystemRoot\system32\DRIVERS\srv.sys
0xB87C3000 \SystemRoot\system32\drivers\mfeapfk.sys
0xB89DF000 \SystemRoot\system32\drivers\mfebopk.sys
0xB8D47000 \SystemRoot\system32\drivers\cfwids.sys
0xB93A8000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB5BC9000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 69):
0 System Idle Process
4 System
732 C:\WINDOWS\system32\smss.exe
804 csrss.exe
828 C:\WINDOWS\system32\winlogon.exe
876 C:\WINDOWS\system32\services.exe
888 C:\WINDOWS\system32\lsass.exe
1076 C:\WINDOWS\system32\svchost.exe
1128 svchost.exe
1220 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1672 C:\WINDOWS\explorer.exe
1752 C:\WINDOWS\system32\spoolsv.exe
156 svchost.exe
284 C:\Program Files\SUPERAntiSpyware\SASCore.exe
300 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
320 C:\WINDOWS\arservice.exe
360 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
396 C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
420 C:\Program Files\Bonjour\mDNSResponder.exe
544 C:\WINDOWS\ehome\ehrecvr.exe
648 C:\WINDOWS\ehome\ehSched.exe
1204 C:\Program Files\Java\jre7\bin\jqs.exe
1248 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1344 C:\Program Files\Google\Update\GoogleUpdate.exe
1380 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
1272 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1408 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1508 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1592 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1620 C:\WINDOWS\system32\mfevtps.exe
1864 C:\WINDOWS\system32\nvsvc32.exe
1916 svchost.exe
2020 svchost.exe
604 C:\WINDOWS\system32\svchost.exe
500 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1048 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2140 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2280 mcrdsvc.exe
2596 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3108 alg.exe
3744 wmiprvse.exe
3100 C:\WINDOWS\ehome\ehtray.exe
3204 C:\WINDOWS\system32\svchost.exe
3284 C:\WINDOWS\RTHDCPL.EXE
3292 C:\WINDOWS\arpwrmsg.exe
1412 C:\Program Files\DISC\DISCUpdMgr.exe
3380 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3388 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
3404 C:\Program Files\McAfee.com\Agent\mcagent.exe
3332 C:\Program Files\iTunes\iTunesHelper.exe
3464 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3480 C:\Program Files\Unlocker\UnlockerAssistant.exe
3496 C:\WINDOWS\system32\ctfmon.exe
3540 C:\Program Files\Messenger\msmsgs.exe
3596 C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
3628 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3732 C:\Program Files\iPod\bin\iPodService.exe
3772 C:\Program Files\OpenOffice.org 3\program\soffice.exe
2248 C:\Program Files\OpenOffice.org 3\program\soffice.bin
3952 C:\hp\KBD\kbd.exe
392 C:\Program Files\Internet Explorer\iexplore.exe
4024 C:\Program Files\DoNotTrackPlus\IE\DNTPService.exe
2976 C:\Program Files\Internet Explorer\iexplore.exe
3604 C:\WINDOWS\system\hpsysdrv.exe
2332 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
4092 C:\Program Files\Internet Explorer\iexplore.exe
372 C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
2300 C:\Documents and Settings\Compaq_Administrator\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`2bf5a600 (FAT32)
PhysicalDrive0 Model Number: WDCWD2500JS-60NCB1, Rev: 10.02E02
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644 A
Done!
-
How's the computer running now?
-
Still getting the error messages and websites in history. When I turn off the PC I get the message: CiceroU1Wind not responding. I have to end task about 6 times before it goes away.
Remember, I was never able to uninstall Winferno, maybe that's part of the problem?
McAfee is not automatically turning on virus protection. It tells me I have to turn it on. Also McAfee does not seem to have the Parental Control settings which I need. I do not want access to X rated sites. Should I switch to Norton?
-
McAfee is not automatically turning on virus protection. It tells me I have to turn it on. Also McAfee does not seem to have the Parental Control settings which I need. I do not want access to X rated sites. Should I switch to Norton?
I'm not too familiar with those products but I think the best way to set up Parental control is to establish an account on the computer for the children. Here's (http://windows.microsoft.com/en-US/windows-vista/Set-up-Parental-Controls) more information on how to set that up. Please just hold up on McAfee until we get this sorted out.
Please update and run SAS and MBAM again and post the logs.
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber1.png)
- If an infected file is detected, the default action will be Cure, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber2.png)
- If a suspicious file is detected, the default action will be Skip, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber3.png)
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillerlastone3.png)
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
-
The report did not have copy/paste option. I could highlight the text but not copy it. I don't know how to find the log.
-
Please run ESET again and post the log.
-
ESET Scan and also figured out where TDSSKiller log was:
(I turned off PC and turned back on to see if scan fixed the problems. No strange sites in history but still getting the same error messages.) I think I may be able to uninstall Winferno.
C:\Documents and Settings\Compaq_Administrator\Desktop\Unlocker1.9.1.exe a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\153F.tmp a variant of Win32/Agent.TVG trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Compaq_Administrator\My Documents\My Music\iLividSetupV1.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\Winferno\PC Confidential\PCCBHO.dll Win32/Adware.PCConfidential application cleaned by deleting - quarantined
C:\Program Files\Winferno\PC Confidential\PCConfidential.exe Win32/Adware.PCConfidential application cleaned by deleting - quarantined
C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe a variant of Win32/XrayMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0009893.exe a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0009894.dll Win32/Adware.PCConfidential application cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0009896.exe Win32/Adware.PCConfidential application cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0009898.exe a variant of Win32/XrayMyPC application cleaned by deleting - quarantined
D:\I386\APPS\APP18921\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
D:\I386\APPS\APP18921\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0009899.exe a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0009900.exe a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
F
9:24:40.0856 3240 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:24:42.0903 3240 ============================================================
19:24:42.0903 3240 Current date / time: 2012/08/28 19:24:42.0903
19:24:42.0903 3240 SystemInfo:
19:24:42.0903 3240
19:24:42.0919 3240 OS Version: 5.1.2600 ServicePack: 3.0
19:24:42.0919 3240 Product type: Workstation
19:24:42.0919 3240 ComputerName: YOUR-4DACD0EA75
19:24:42.0919 3240 UserName: Compaq_Administrator
19:24:42.0919 3240 Windows directory: C:\WINDOWS
19:24:42.0919 3240 System windows directory: C:\WINDOWS
19:24:42.0919 3240 Processor architecture: Intel x86
19:24:42.0919 3240 Number of processors: 1
19:24:42.0919 3240 Page size: 0x1000
19:24:42.0919 3240 Boot type: Normal boot
19:24:42.0919 3240 ============================================================
19:24:49.0184 3240 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:24:49.0590 3240 Drive \Device\Harddisk5\DR15 - Size: 0x1D63C0000 (7.35 Gb), SectorSize: 0x1000, Cylinders: 0x77, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:24:49.0606 3240 ============================================================
19:24:49.0606 3240 \Device\Harddisk0\DR0:
19:24:49.0606 3240 MBR partitions:
19:24:49.0606 3240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C15BBD3
19:24:49.0606 3240 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x1C15FAD3, BlocksNum 0x1064AAE
19:24:49.0606 3240 \Device\Harddisk5\DR15:
19:24:49.0606 3240 MBR partitions:
19:24:49.0606 3240 \Device\Harddisk5\DR15\Partition1: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0x1D637F
19:24:49.0606 3240 ============================================================
19:24:49.0700 3240 C: <-> \Device\Harddisk0\DR0\Partition1
19:24:49.0731 3240 D: <-> \Device\Harddisk0\DR0\Partition2
19:24:49.0747 3240 ============================================================
19:24:49.0747 3240 Initialize success
19:24:49.0747 3240 ============================================================
19:24:57.0372 4976 ============================================================
19:24:57.0372 4976 Scan started
19:24:57.0372 4976 Mode: Manual;
19:24:57.0372 4976 ============================================================
19:25:03.0669 4976 ================ Scan system memory ========================
19:25:07.0059 4976 System memory - ok
19:25:07.0059 4976 ================ Scan services =============================
19:25:07.0247 4976 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:25:07.0512 4976 !SASCORE - ok
19:25:07.0700 4976 Abiosdsk - ok
19:25:07.0715 4976 abp480n5 - ok
19:25:07.0747 4976 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:25:07.0794 4976 ACPI - ok
19:25:07.0840 4976 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:25:07.0872 4976 ACPIEC - ok
19:25:07.0887 4976 adpu160m - ok
19:25:07.0981 4976 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:25:08.0044 4976 aec - ok
19:25:08.0122 4976 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:25:08.0122 4976 AFD - ok
19:25:08.0184 4976 [ 994A42D273C35B43EE9D1E8A5D8BC639 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
19:25:08.0231 4976 AgereSoftModem - ok
19:25:08.0247 4976 Aha154x - ok
19:25:08.0294 4976 aic78u2 - ok
19:25:08.0309 4976 aic78xx - ok
19:25:08.0387 4976 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:25:08.0403 4976 Alerter - ok
19:25:08.0450 4976 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:25:08.0450 4976 ALG - ok
19:25:08.0465 4976 AliIde - ok
19:25:08.0497 4976 [ 59301936898AE62245A6F09C0ABA9475 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
19:25:08.0872 4976 AmdK8 - ok
19:25:08.0887 4976 amsint - ok
19:25:09.0044 4976 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:25:09.0387 4976 Apple Mobile Device - ok
19:25:09.0450 4976 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:25:09.0497 4976 AppMgmt - ok
19:25:09.0559 4976 [ 00523019E3579C8F8A94457FE25F0F24 ] aracpi C:\WINDOWS\system32\DRIVERS\aracpi.sys
19:25:09.0700 4976 aracpi - ok
19:25:09.0731 4976 [ 9FEDAA46EB1A572AC4D9EE6B5F123CF2 ] arhidfltr C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
19:25:10.0012 4976 arhidfltr - ok
19:25:10.0044 4976 [ 82969576093CD983DD559F5A86F382B4 ] arkbcfltr C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
19:25:10.0184 4976 arkbcfltr - ok
19:25:10.0215 4976 [ 9B21791D8A78FAECE999FADBEBDA6C22 ] armoucfltr C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
19:25:10.0434 4976 armoucfltr - ok
19:25:10.0497 4976 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:25:10.0497 4976 Arp1394 - ok
19:25:10.0512 4976 [ 7A2DA7C7B0C524EF26A79F17A5C69FDE ] ARPolicy C:\WINDOWS\system32\DRIVERS\arpolicy.sys
19:25:10.0715 4976 ARPolicy - ok
19:25:10.0762 4976 [ 9A0D9B2E263BEDE80FB79DDBAD240EC1 ] ARSVC C:\WINDOWS\arservice.exe
19:25:12.0231 4976 ARSVC - ok
19:25:12.0247 4976 asc - ok
19:25:12.0262 4976 asc3350p - ok
19:25:12.0278 4976 asc3550 - ok
19:25:12.0497 4976 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
19:25:12.0528 4976 aspnet_state - ok
19:25:12.0590 4976 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:25:12.0590 4976 AsyncMac - ok
19:25:12.0637 4976 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:25:12.0637 4976 atapi - ok
19:25:12.0653 4976 Atdisk - ok
19:25:12.0684 4976 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:25:12.0684 4976 Atmarpc - ok
19:25:12.0747 4976 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:25:12.0747 4976 AudioSrv - ok
19:25:12.0840 4976 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:25:12.0840 4976 audstub - ok
19:25:12.0965 4976 [ E1DAE1CFF5FE2AE95DD1C7489D26D88D ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
19:25:12.0981 4976 Automatic LiveUpdate Scheduler - ok
19:25:12.0997 4976 [ 7270D070173B20AC9487EA16BB08B45F ] bb-run C:\WINDOWS\system32\DRIVERS\bb-run.sys
19:25:12.0997 4976 bb-run - ok
19:25:13.0184 4976 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
19:25:13.0184 4976 BBSvc - ok
19:25:13.0262 4976 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
19:25:13.0278 4976 BBUpdate - ok
19:25:13.0325 4976 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:25:13.0325 4976 Beep - ok
19:25:13.0403 4976 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:25:13.0450 4976 BITS - ok
19:25:13.0559 4976 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:25:13.0590 4976 Bonjour Service - ok
19:25:13.0653 4976 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:25:13.0653 4976 Browser - ok
19:25:13.0778 4976 catchme - ok
19:25:13.0825 4976 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:25:13.0825 4976 cbidf2k - ok
19:25:13.0856 4976 cd20xrnt - ok
19:25:13.0887 4976 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:25:13.0887 4976 Cdaudio - ok
19:25:13.0934 4976 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:25:13.0950 4976 Cdfs - ok
19:25:13.0965 4976 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:25:13.0965 4976 Cdrom - ok
19:25:14.0012 4976 [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
19:25:14.0012 4976 cfwids - ok
19:25:14.0028 4976 Changer - ok
19:25:14.0075 4976 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:25:14.0075 4976 CiSvc - ok
19:25:14.0122 4976 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:25:14.0122 4976 ClipSrv - ok
19:25:14.0137 4976 CmdIde - ok
19:25:14.0169 4976 COMSysApp - ok
19:25:14.0200 4976 Cpqarray - ok
19:25:14.0231 4976 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:25:14.0231 4976 CryptSvc - ok
19:25:14.0247 4976 dac2w2k - ok
19:25:14.0262 4976 dac960nt - ok
19:25:14.0340 4976 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:25:14.0356 4976 DcomLaunch - ok
19:25:14.0419 4976 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:25:14.0419 4976 Dhcp - ok
19:25:14.0450 4976 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:25:14.0450 4976 Disk - ok
19:25:14.0465 4976 dmadmin - ok
19:25:14.0528 4976 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:25:14.0559 4976 dmboot - ok
19:25:14.0606 4976 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:25:14.0606 4976 dmio - ok
19:25:14.0653 4976 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:25:14.0653 4976 dmload - ok
19:25:14.0700 4976 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:25:14.0700 4976 dmserver - ok
19:25:14.0731 4976 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:25:14.0731 4976 DMusic - ok
19:25:14.0762 4976 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:25:14.0778 4976 Dnscache - ok
19:25:14.0872 4976 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:25:14.0872 4976 Dot3svc - ok
19:25:14.0887 4976 dpti2o - ok
19:25:14.0950 4976 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:25:14.0950 4976 drmkaud - ok
19:25:15.0012 4976 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:25:15.0012 4976 EapHost - ok
19:25:15.0137 4976 [ 089296AEDB9B72B4916AC959752BDC89 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:25:15.0169 4976 eeCtrl - ok
19:25:15.0340 4976 [ D039A0C347632622934906BD59A4E1EA ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
19:25:15.0372 4976 ehRecvr - ok
19:25:15.0481 4976 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
19:25:15.0481 4976 ehSched - ok
19:25:15.0497 4976 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:25:15.0497 4976 ERSvc - ok
19:25:15.0559 4976 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:25:15.0559 4976 Eventlog - ok
19:25:15.0622 4976 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:25:15.0637 4976 EventSystem - ok
19:25:15.0700 4976 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:25:15.0715 4976 Fastfat - ok
19:25:15.0731 4976 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:25:15.0762 4976 FastUserSwitchingCompatibility - ok
19:25:15.0809 4976 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
19:25:15.0887 4976 Fax - ok
19:25:15.0919 4976 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:25:15.0919 4976 Fdc - ok
19:25:15.0981 4976 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:25:15.0981 4976 Fips - ok
19:25:15.0997 4976 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:25:15.0997 4976 Flpydisk - ok
19:25:16.0059 4976 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:25:16.0059 4976 FltMgr - ok
19:25:16.0106 4976 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:25:16.0106 4976 Fs_Rec - ok
19:25:16.0122 4976 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:25:16.0137 4976 Ftdisk - ok
19:25:16.0184 4976 [ 22399D3CE5840C6082844679CCA5D2FC ] ftsata2 C:\WINDOWS\system32\DRIVERS\ftsata2.sys
19:25:16.0184 4976 ftsata2 - ok
19:25:16.0278 4976 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:25:16.0278 4976 GEARAspiWDM - ok
19:25:16.0309 4976 getPlusHelper - ok
19:25:16.0356 4976 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:25:16.0372 4976 Gpc - ok
19:25:16.0512 4976 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:25:16.0512 4976 gupdate - ok
19:25:16.0528 4976 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:25:16.0528 4976 gupdatem - ok
19:25:16.0575 4976 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:25:16.0575 4976 HDAudBus - ok
19:25:16.0715 4976 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:25:16.0715 4976 helpsvc - ok
19:25:16.0731 4976 HidServ - ok
19:25:16.0762 4976 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:25:16.0778 4976 HidUsb - ok
19:25:16.0872 4976 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:25:16.0903 4976 hkmsvc - ok
19:25:16.0919 4976 hpn - ok
19:25:17.0231 4976 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:25:17.0231 4976 HTTP - ok
19:25:17.0309 4976 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:25:17.0309 4976 HTTPFilter - ok
19:25:17.0325 4976 i2omgmt - ok
19:25:17.0340 4976 i2omp - ok
19:25:17.0419 4976 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:25:17.0434 4976 i8042prt - ok
19:25:17.0512 4976 [ 9A65E42664D1534B68512CAAD0EFE963 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
19:25:17.0544 4976 iaStor - ok
19:25:17.0778 4976 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:25:17.0840 4976 IDriverT - ok
19:25:17.0887 4976 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:25:17.0887 4976 Imapi - ok
19:25:17.0981 4976 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:25:17.0997 4976 ImapiService - ok
19:25:18.0012 4976 ini910u - ok
19:25:18.0215 4976 [ 64BE56B8858CA0153C725C720FFD194F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:25:18.0419 4976 IntcAzAudAddService - ok
19:25:18.0450 4976 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:25:18.0450 4976 IntelIde - ok
19:25:18.0481 4976 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:25:18.0481 4976 intelppm - ok
19:25:18.0528 4976 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:25:18.0528 4976 Ip6Fw - ok
19:25:18.0559 4976 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:25:18.0575 4976 IpFilterDriver - ok
19:25:18.0590 4976 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:25:18.0590 4976 IpInIp - ok
19:25:18.0606 4976 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:25:18.0622 4976 IpNat - ok
19:25:18.0715 4976 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:25:18.0747 4976 iPod Service - ok
19:25:18.0778 4976 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:25:18.0778 4976 IPSec - ok
19:25:18.0809 4976 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:25:18.0809 4976 IRENUM - ok
19:25:18.0856 4976 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:25:18.0856 4976 isapnp - ok
19:25:19.0012 4976 [ BC0FEADA7A5A69787C70B03EBC51B582 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:25:19.0012 4976 JavaQuickStarterService - ok
19:25:19.0028 4976 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:25:19.0028 4976 Kbdclass - ok
19:25:19.0106 4976 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:25:19.0106 4976 kmixer - ok
19:25:19.0153 4976 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:25:19.0153 4976 KSecDD - ok
19:25:19.0200 4976 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:25:19.0200 4976 lanmanserver - ok
19:25:19.0278 4976 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:25:19.0294 4976 lanmanworkstation - ok
19:25:19.0309 4976 lbrtfdc - ok
19:25:19.0434 4976 [ E4973B3229E0015345AFBE43A8A8EB3B ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:25:19.0450 4976 LightScribeService - ok
19:25:19.0840 4976 [ 2EE3508E453CC0B1BEE47B3514EBB97A ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
19:25:19.0950 4976 LiveUpdate - ok
19:25:20.0044 4976 [ 2D1389E05A807D956829F44BD4B60389 ] LiveUpdate Notice Service C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
19:25:20.0075 4976 LiveUpdate Notice Service - ok
19:25:20.0200 4976 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:25:20.0200 4976 LmHosts - ok
19:25:20.0247 4976 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
19:25:20.0247 4976 MBAMProtector - ok
19:25:20.0340 4976 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:25:20.0372 4976 MBAMService - ok
19:25:20.0450 4976 [ AAC3B33BA020D2AF530D694A5A920180 ] McAfee SiteAdvisor Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
19:25:20.0465 4976 McAfee SiteAdvisor Service - ok
19:25:20.0528 4976 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
19:25:20.0528 4976 McComponentHostService - ok
19:25:20.0700 4976 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:25:20.0715 4976 McMPFSvc - ok
19:25:20.0778 4976 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:25:20.0794 4976 mcmscsvc - ok
19:25:20.0809 4976 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:25:20.0809 4976 McNaiAnn - ok
19:25:20.0825 4976 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:25:20.0825 4976 McNASvc - ok
19:25:20.0919 4976 [ B3CD9ADE1C2665124CA34125B331B0B4 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
19:25:20.0950 4976 McODS - ok
19:25:20.0965 4976 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:25:20.0981 4976 McProxy - ok
19:25:21.0044 4976 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
19:25:21.0044 4976 McrdSvc - ok
19:25:21.0169 4976 [ 85DB8DDD2D664716BB5B2D3405F9EF92 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
19:25:21.0169 4976 McShield - ok
19:25:21.0262 4976 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:25:21.0278 4976 MDM - ok
19:25:21.0372 4976 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:25:21.0372 4976 Messenger - ok
19:25:21.0465 4976 [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
19:25:21.0465 4976 mfeapfk - ok
19:25:21.0544 4976 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
19:25:21.0544 4976 mfeavfk - ok
19:25:21.0575 4976 mfeavfk01 - ok
19:25:21.0606 4976 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
19:25:21.0606 4976 mfebopk - ok
19:25:21.0637 4976 [ 183AB9DCE971E029C50223765671839C ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:25:21.0653 4976 mfefire - ok
19:25:21.0715 4976 [ 4EA6FF90015424517843E931448E00F1 ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
19:25:21.0731 4976 mfefirek - ok
19:25:21.0825 4976 [ D1E998748BA24A731106611D535C6BBF ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
19:25:21.0840 4976 mfehidk - ok
19:25:21.0887 4976 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
19:25:21.0887 4976 mfendisk - ok
19:25:21.0919 4976 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
19:25:21.0919 4976 mferkdet - ok
19:25:21.0997 4976 [ 41FE2F288E05A6C8AB85DD56770FFBAD ] mferkdk C:\WINDOWS\system32\drivers\mferkdk.sys
19:25:21.0997 4976 mferkdk - ok
19:25:22.0059 4976 [ 096B52EA918AA909BA5903D79E129005 ] mfesmfk C:\WINDOWS\system32\drivers\mfesmfk.sys
19:25:22.0059 4976 mfesmfk - ok
19:25:22.0122 4976 [ 070D3FAF2EAC417C59D8674A8752F7A6 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
19:25:22.0153 4976 mfetdi2k - ok
19:25:22.0215 4976 [ 2B8DFC60EDDDAA33EB5E9F7C91B48ACD ] mfevtp C:\WINDOWS\system32\mfevtps.exe
19:25:22.0215 4976 mfevtp - ok
19:25:22.0325 4976 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
19:25:22.0356 4976 MHN - ok
19:25:22.0450 4976 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:25:22.0465 4976 MHNDRV - ok
19:25:22.0481 4976 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:25:22.0481 4976 mnmdd - ok
19:25:22.0559 4976 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:25:22.0559 4976 mnmsrvc - ok
19:25:22.0637 4976 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:25:22.0637 4976 Modem - ok
19:25:22.0653 4976 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:25:22.0653 4976 Mouclass - ok
19:25:22.0731 4976 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:25:22.0731 4976 mouhid - ok
19:25:22.0778 4976 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:25:22.0778 4976 MountMgr - ok
19:25:22.0794 4976 mraid35x - ok
19:25:22.0809 4976 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:25:22.0825 4976 MRxDAV - ok
19:25:22.0887 4976 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:25:22.0919 4976 MRxSmb - ok
19:25:22.0965 4976 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:25:22.0965 4976 Msfs - ok
19:25:22.0981 4976 MSIServer - ok
19:25:23.0028 4976 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:25:23.0028 4976 MSK80Service - ok
19:25:23.0106 4976 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:25:23.0106 4976 MSKSSRV - ok
19:25:23.0122 4976 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:25:23.0122 4976 MSPCLOCK - ok
19:25:23.0200 4976 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:25:23.0215 4976 MSPQM - ok
19:25:23.0231 4976 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:25:23.0231 4976 mssmbios - ok
19:25:23.0278 4976 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:25:23.0278 4976 Mup - ok
19:25:23.0325 4976 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:25:23.0340 4976 napagent - ok
19:25:23.0403 4976 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:25:23.0403 4976 NDIS - ok
19:25:23.0419 4976 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:25:23.0419 4976 NdisTapi - ok
19:25:23.0497 4976 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:25:23.0497 4976 Ndisuio - ok
19:25:23.0512 4976 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:25:23.0528 4976 NdisWan - ok
19:25:23.0590 4976 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:25:23.0590 4976 NDProxy - ok
19:25:23.0653 4976 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:25:23.0653 4976 NetBIOS - ok
19:25:23.0731 4976 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:25:23.0731 4976 NetBT - ok
19:25:23.0809 4976 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:25:23.0809 4976 NetDDE - ok
19:25:23.0840 4976 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:25:23.0840 4976 NetDDEdsdm - ok
19:25:23.0919 4976 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:25:23.0919 4976 Netlogon - ok
19:25:23.0997 4976 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:25:24.0012 4976 Netman - ok
19:25:24.0059 4976 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:25:24.0075 4976 NIC1394 - ok
19:25:24.0184 4976 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:25:24.0200 4976 Nla - ok
19:25:24.0247 4976 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:25:24.0247 4976 Npfs - ok
19:25:24.0340 4976 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:25:24.0356 4976 Ntfs - ok
19:25:24.0372 4976 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:25:24.0372 4976 NtLmSsp - ok
19:25:24.0450 4976 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:25:24.0465 4976 NtmsSvc - ok
19:25:24.0528 4976 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:25:24.0528 4976 Null - ok
19:25:24.0684 4976 [ CE58F42B11BE20A47C3D8D2F38DA254E ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:25:24.0809 4976 nv - ok
19:25:24.0856 4976 [ 22EEDB34C4D7613A25B10C347C6C4C21 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:25:24.0856 4976 NVENETFD - ok
19:25:24.0903 4976 [ 5E3F6AD5CAD0F12D3CCCD06FD964087A ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:25:24.0903 4976 nvnetbus - ok
19:25:24.0981 4976 [ 95CAEC95D6777CE7D6B7091BC4D91CEB ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
19:25:24.0981 4976 NVSvc - ok
19:25:25.0044 4976 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:25:25.0044 4976 NwlnkFlt - ok
19:25:25.0059 4976 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:25:25.0059 4976 NwlnkFwd - ok
19:25:25.0090 4976 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:25:25.0106 4976 ohci1394 - ok
19:25:25.0153 4976 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:25:25.0153 4976 ose - ok
19:25:25.0215 4976 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:25:25.0215 4976 Parport - ok
19:25:25.0278 4976 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:25:25.0278 4976 PartMgr - ok
19:25:25.0325 4976 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:25:25.0340 4976 ParVdm - ok
19:25:25.0356 4976 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:25:25.0356 4976 PCI - ok
19:25:25.0372 4976 PCIDump - ok
19:25:25.0387 4976 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:25:25.0387 4976 PCIIde - ok
19:25:25.0434 4976 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:25:25.0450 4976 Pcmcia - ok
19:25:25.0465 4976 PDCOMP - ok
19:25:25.0481 4976 PDFRAME - ok
19:25:25.0497 4976 PDRELI - ok
19:25:25.0512 4976 PDRFRAME - ok
19:25:25.0528 4976 perc2 - ok
19:25:25.0544 4976 perc2hib - ok
19:25:25.0606 4976 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:25:25.0606 4976 PlugPlay - ok
19:25:25.0637 4976 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:25:25.0637 4976 PolicyAgent - ok
19:25:25.0715 4976 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:25:25.0715 4976 PptpMiniport - ok
19:25:25.0731 4976 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:25:25.0731 4976 Processor - ok
19:25:25.0747 4976 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:25:25.0747 4976 ProtectedStorage - ok
19:25:25.0794 4976 [ 390C204CED3785609AB24E9C52054A84 ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
19:25:25.0794 4976 Ps2 - ok
19:25:25.0825 4976 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:25:25.0825 4976 PSched - ok
19:25:25.0840 4976 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:25:25.0840 4976 Ptilink - ok
19:25:25.0856 4976 [ 0457E25BB122B854E267CF552DCDC370 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:25:25.0856 4976 PxHelp20 - ok
19:25:25.0887 4976 ql1080 - ok
19:25:25.0903 4976 Ql10wnt - ok
19:25:25.0919 4976 ql12160 - ok
19:25:25.0934 4976 ql1240 - ok
19:25:25.0965 4976 ql1280 - ok
19:25:25.0997 4976 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:25:25.0997 4976 RasAcd - ok
19:25:26.0044 4976 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:25:26.0044 4976 RasAuto - ok
19:25:26.0059 4976 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:25:26.0059 4976 Rasl2tp - ok
19:25:26.0106 4976 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:25:26.0122 4976 RasMan - ok
19:25:26.0153 4976 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:25:26.0153 4976 RasPppoe - ok
19:25:26.0169 4976 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:25:26.0169 4976 Raspti - ok
19:25:26.0247 4976 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:25:26.0247 4976 Rdbss - ok
19:25:26.0309 4976 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:25:26.0309 4976 RDPCDD - ok
19:25:26.0372 4976 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:25:26.0372 4976 rdpdr - ok
19:25:26.0434 4976 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:25:26.0434 4976 RDPWD - ok
19:25:26.0497 4976 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:25:26.0512 4976 RDSessMgr - ok
19:25:26.0544 4976 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:25:26.0544 4976 redbook - ok
19:25:26.0622 4976 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:25:26.0622 4976 RemoteAccess - ok
19:25:26.0684 4976 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:25:26.0684 4976 RemoteRegistry - ok
19:25:26.0700 4976 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:25:26.0700 4976 RpcLocator - ok
19:25:26.0747 4976 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:25:26.0762 4976 RpcSs - ok
19:25:26.0825 4976 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:25:26.0825 4976 RSVP - ok
19:25:26.0903 4976 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:25:26.0903 4976 rtl8139 - ok
19:25:26.0919 4976 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:25:26.0919 4976 SamSs - ok
19:25:26.0934 4976 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:25:26.0997 4976 SASDIFSV - ok
19:25:27.0028 4976 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:25:27.0028 4976 SASKUTIL - ok
19:25:27.0059 4976 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:25:27.0075 4976 SCardSvr - ok
19:25:27.0137 4976 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:25:27.0153 4976 Schedule - ok
19:25:27.0278 4976 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:25:27.0278 4976 Secdrv - ok
19:25:27.0403 4976 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:25:27.0403 4976 seclogon - ok
19:25:27.0465 4976 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:25:27.0465 4976 SENS - ok
19:25:27.0544 4976 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
19:25:27.0544 4976 Serial - ok
19:25:27.0559 4976 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:25:27.0559 4976 Sfloppy - ok
19:25:27.0637 4976 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:25:27.0653 4976 SharedAccess - ok
19:25:27.0684 4976 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:25:27.0715 4976 ShellHWDetection - ok
19:25:27.0731 4976 Simbad - ok
19:25:27.0747 4976 Sparrow - ok
19:25:27.0840 4976 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:25:27.0840 4976 splitter - ok
19:25:27.0903 4976 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:25:27.0903 4976 Spooler - ok
19:25:27.0997 4976 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:25:27.0997 4976 sr - ok
19:25:28.0090 4976 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:25:28.0106 4976 srservice - ok
19:25:28.0231 4976 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:25:28.0231 4976 Srv - ok
19:25:28.0294 4976 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:25:28.0294 4976 SSDPSRV - ok
19:25:28.0340 4976 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:25:28.0356 4976 stisvc - ok
19:25:28.0434 4976 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:25:28.0434 4976 swenum - ok
19:25:28.0512 4976 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:25:28.0512 4976 swmidi - ok
19:25:28.0528 4976 SwPrv - ok
19:25:28.0544 4976 symc810 - ok
19:25:28.0559 4976 symc8xx - ok
19:25:28.0575 4976 sym_hi - ok
19:25:28.0590 4976 sym_u3 - ok
19:25:28.0653 4976 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:25:28.0653 4976 sysaudio - ok
19:25:28.0700 4976 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:25:28.0700 4976 SysmonLog - ok
19:25:28.0747 4976 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:25:28.0762 4976 TapiSrv - ok
19:25:28.0840 4976 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:25:28.0872 4976 Tcpip - ok
19:25:28.0934 4976 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:25:28.0934 4976 TDPIPE - ok
19:25:28.0965 4976 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:25:28.0965 4976 TDTCP - ok
19:25:28.0997 4976 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:25:29.0012 4976 TermDD - ok
19:25:29.0137 4976 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:25:29.0153 4976 TermService - ok
19:25:29.0262 4976 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:25:29.0262 4976 Themes - ok
19:25:29.0356 4976 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:25:29.0356 4976 TlntSvr - ok
19:25:29.0372 4976 TosIde - ok
19:25:29.0403 4976 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:25:29.0403 4976 TrkWks - ok
19:25:29.0465 4976 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:25:29.0465 4976 Udfs - ok
19:25:29.0497 4976 ultra - ok
19:25:29.0575 4976 [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
19:25:29.0575 4976 UMWdf - ok
19:25:29.0669 4976 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
19:25:29.0669 4976 UnlockerDriver5 - ok
19:25:29.0747 4976 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:25:29.0762 4976 Update - ok
19:25:29.0825 4976 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:25:29.0840 4976 upnphost - ok
19:25:29.0903 4976 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:25:29.0903 4976 UPS - ok
19:25:29.0965 4976 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
19:25:29.0981 4976 USBAAPL - ok
19:25:30.0044 4976 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:25:30.0044 4976 usbehci - ok
19:25:30.0090 4976 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:25:30.0090 4976 usbhub - ok
19:25:30.0137 4976 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:25:30.0137 4976 usbohci - ok
19:25:30.0262 4976 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:25:30.0262 4976 usbscan - ok
19:25:30.0309 4976 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:25:30.0340 4976 usbstor - ok
19:25:30.0403 4976 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:25:30.0403 4976 usbuhci - ok
19:25:30.0450 4976 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:25:30.0450 4976 VgaSave - ok
19:25:30.0512 4976 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
19:25:30.0528 4976 ViaIde - ok
19:25:30.0590 4976 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:25:30.0590 4976 VolSnap - ok
19:25:30.0653 4976 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:25:30.0669 4976 VSS - ok
19:25:30.0762 4976 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:25:30.0809 4976 W32Time - ok
19:25:30.0840 4976 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:25:30.0840 4976 Wanarp - ok
19:25:30.0856 4976 WDICA - ok
19:25:30.0887 4976 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:25:30.0887 4976 wdmaud - ok
19:25:30.0950 4976 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:25:30.0965 4976 WebClient - ok
19:25:31.0090 4976 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:25:31.0090 4976 winmgmt - ok
19:25:31.0294 4976 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:25:31.0372 4976 wlidsvc - ok
19:25:31.0434 4976 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:25:31.0434 4976 WmdmPmSN - ok
19:25:31.0497 4976 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:25:31.0528 4976 Wmi - ok
19:25:31.0575 4976 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:25:31.0575 4976 WmiApSrv - ok
19:25:31.0637 4976 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:25:31.0637 4976 WS2IFSL - ok
19:25:31.0715 4976 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:25:31.0731 4976 wscsvc - ok
19:25:31.0794 4976 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:25:31.0809 4976 wuauserv - ok
19:25:31.0887 4976 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:25:31.0903 4976 WZCSVC - ok
19:25:31.0981 4976 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:25:31.0981 4976 xmlprov - ok
19:25:32.0012 4976 ================ Scan global ===============================
19:25:32.0075 4976 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:25:32.0137 4976 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:25:32.0169 4976 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:25:32.0231 4976 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:25:32.0231 4976 [Global] - ok
19:25:32.0231 4976 ================ Scan MBR ==================================
19:25:32.0262 4976 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:25:32.0434 4976 \Device\Harddisk0\DR0 - ok
19:25:32.0450 4976 [ 25A853D87F74184AE65B48F3C5D1C82B ] \Device\Harddisk5\DR15
19:25:44.0247 4976 \Device\Harddisk5\DR15 - ok
19:25:44.0262 4976 ================ Scan VBR ==================================
19:25:44.0262 4976 [ 167A6C50D11A9DDEA20D4B01998AC4FE ] \Device\Harddisk0\DR0\Partition1
19:25:44.0262 4976 \Device\Harddisk0\DR0\Partition1 - ok
19:25:44.0309 4976 [ 8363D296BF854078B8A7139CF283180A ] \Device\Harddisk0\DR0\Partition2
19:25:44.0309 4976 \Device\Harddisk0\DR0\Partition2 - ok
19:25:44.0325 4976 [ 6C9A98165BB7C051EA6139C24F55CEC0 ] \Device\Harddisk5\DR15\Partition1
19:25:44.0325 4976 \Device\Harddisk5\DR15\Partition1 - ok
19:25:44.0325 4976 ============================================================
19:25:44.0325 4976 Scan finished
19:25:44.0325 4976 ============================================================
19:25:44.0372 3724 Detected object count: 0
19:25:44.0372 3724 Actual detected object count: 0
19:30:57.0700 5272 Deinitialize success
-
It looks clean. How's your computer running now?
-
I think I successfully got rid of Winferno. However, I'm still getting the error mesages and now, instead of photos and graphics on some (not all) websites I get red Xs.
-
My trial version of MBAM is expiring: is this something I need to purchase?
-
However, I'm still getting the error mesages and now, instead of photos and graphics on some (not all) websites I get red Xs.
Can you give me screenshots of those?
How to post screenshots or images (http://www.computerhope.com/forum/index.php/topic,61232.0.html)
My trial version of MBAM is expiring: is this something I need to purchase?
If you want full time protection, you can purchase it. The free version doesn't have full-time protection. You have to initiate the scans yourself.
We should do some cleanup now.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
********************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
******************************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Here's a shot of an image from this thread.
http://imageshack.us/photo/my-images/20/screenshotec.jpg/
TFC wouldn't run. It said you have to log in as an administrator. When I try to change my log in; the only option was Compaq Administrator. In safe mode I can be Administrator but TFC does not show up in Safe Mode. I did not try Start>Run in Safe Mode; maybe that would bring up TFC?
I got a bit lost in Secunia, I got unable to install messages and I can't click on the proper buttons because the icons are all red Xs and I can't tell what they are. It also was unable to install some updates due to McAfee security, so I will try to temporarily disable. It seems like it wasn't going to update Real Player and ITunes, for example, but was going to install as new; asking me where I wanted it on the desktop or somewhere else. I was afraid this would mess up the ITunes files I have saved.
I still have on my desktop MBRcheck, aswMBR.exe, RogueKiller.exe and RK Quarantine file. and Kapersky.
-
Here's a shot of an image from this thread.
What am I suppose to be seeing in this image?
TFC wouldn't run.
That's ok. Just do a disk cleanup.
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup2.jpg)
Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup.jpg)
This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
**************************************************
I still have on my desktop MBRcheck, aswMBR.exe, RogueKiller.exe and RK Quarantine file. and Kapersky.
You can unistall/delete those.
As for Secunia, just make sure all your programs and especially your OS is kept up-to-date.
-
What am I suppose to be seeing in this image?
It is supposed to be the screenshot you sent of the TDSSKiller screen.
The screenshots you sent last of Disk Cleanup screens also showed up as boxes with a red X in the corner. The page layout of the forum changed too. However, now that I am in "reply" forum mode, I can see the images and the layout now looks as usual.
I tried to send you a shot of how my Yahoo homepage looks, but the file was too large. It has some red Xs instead of the icons along the left side and some icons missing altogether, just a blank space.
-
I tried to send you a shot of how my Yahoo homepage looks, but the file was too large. It has some red Xs instead of the icons along the left side and some icons missing altogether, just a blank space
That doesn't seem correct. Here's how to post screenshots.
How to post screenshots or images (http://www.computerhope.com/forum/index.php/topic,61232.0.html)
-
OK, the reason I couldn't upload was because the Upload or Enter button on my screen is not visible, not even a red X appears.
I only found it by moving the mouse until I got that little finger/hand thingy. This is how my Imageshack page looks:
http://imageshack.us/photo/my-images/716/imagehome.png/
Here is how the Computer Hope Forum page looks on my PC.
http://imageshack.us/photo/my-images/543/forumio.png/
Here is how the Yahoo Homepage looks:
http://imageshack.us/photo/my-images/854/yahooeo.png/
All of the Yahoo Sites along the left side are supposed to have picture icons.
-
Please try the suggestions from this (http://support.microsoft.com/kb/283807) MS site.
-
I tried the suggestions, no luck so far. I will keep working on it.
Thanks so much for all your help. It would probably have cost hundreds of dollars for someone to come out and fix my software.
My last question is about browsers. Some say that IE is the least secure browser and I should switch to Firefox or Google Chrome. What do you think?
-
My last question is about browsers. Some say that IE is the least secure browser and I should switch to Firefox or Google Chrome. What do you think?
Some people say the FF is more secure but I've been hit using FF as well as IE so it all comes down to protection.
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.