View Full Version : Adware.Agent.BN = IE problems, please assist
My laptop installed a fake program called: antivirus 2008, last night and IE gives me page error messages and a toolbar was installed called, "nqgpedlr" I cannot get the kaspersky log because IE redirects me to random pages in a new window when i click on the webpage link in google search, and in cached view. I am just keeping my laptop offline for now, untill I can fix it.
HJT log below
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25, on 2008-07-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\Q Menu\QICON.EXE
C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\INITIO\Button Manager v1.836\inihid.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\mgendron2010\My Documents\hijackthis\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Olive - {0E2E6382-7A6A-4B56-B646-0F11C13B3EA8} - C:\WINDOWS\kgqfwelttko.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: nqgpedlr - {CAE4B16A-4FF4-44D9-8D85-39A4F7E576FA} - C:\WINDOWS\nqgpedlr.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Q Menu] C:\Program Files\HPQ\Q Menu\QICON.EXE -QICON
O4 - HKLM\..\Run: [hpqMcSrv] "C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe" /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Sticky Notes.lnk = C:\WINDOWS\system32\stikynot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Button Manager v1.836.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mgendron2010\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vdoh.org
O17 - HKLM\Software\..\Telephony: DomainName = vdoh.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vdoh.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vdoh.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = vdoh.org
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: qoMdDvsR - qoMdDvsR.dll (file missing)
O21 - SSODL: axrfgvek - {EEC8ACCB-B28A-43D4-814D-FA4B8E3C71DA} - C:\WINDOWS\axrfgvek.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 17849 bytes
pskelley
2008-07-05, 16:05
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
You are infected, I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
Make sure you read this information, often how this junk gets on the computer.
http://forums.spybot.info/showthread.php?t=7344
Follow the directions in this tutorial:
http://www.bleepingcomputer.com/malware-removal/antivirus-2008
When you finish, post a new HJT log and tell me how the computer is running.
Thanks
i saved the file on a flash drive and pasted it on my desktop, when i try to open or run it, nothing happens
pskelley
2008-07-07, 21:13
i saved the file on a flash drive
What exactly is "the file" you are going to have to go online with the computer long enough to get the programs you need to clean this infection.
Thanks
windows defender showed this after a scan this morning
http://img239.imageshack.us/img239/8976/threatns6.jpg
New HJT log, i couldn't get the fixing program to run, and IE fails to load when i try to get a kaspersky scan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15, on 2008-07-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\Q Menu\QICON.EXE
C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\INITIO\Button Manager v1.836\inihid.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\mgendron2010\My Documents\hijackthis\HiJackThis[1].exe
C:\WINDOWS\System32\irftp.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: nqgpedlr - {CAE4B16A-4FF4-44D9-8D85-39A4F7E576FA} - C:\WINDOWS\nqgpedlr.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Q Menu] C:\Program Files\HPQ\Q Menu\QICON.EXE -QICON
O4 - HKLM\..\Run: [hpqMcSrv] "C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe" /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Sticky Notes.lnk = C:\WINDOWS\system32\stikynot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Button Manager v1.836.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mgendron2010\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vdoh.org
O17 - HKLM\Software\..\Telephony: DomainName = vdoh.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vdoh.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vdoh.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = vdoh.org
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: qoMdDvsR - qoMdDvsR.dll (file missing)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 18756 bytes
What exactly is "the file" you are going to have to go online with the computer long enough to get the programs you need to clean this infection.
Thanks
IE won't let me view the page to download the Malwarebytes' Anti-Malware, I can only view it as "cached" on google, but the link does not load and no windows pop up for the download
If I open in a new window, I get redirected to a random site and when I try to go to the site I get a "page cannot be displayed" error, after I searched "bleeping computer antivirus 2008" on google and clicked the first link.
pskelley
2008-07-07, 21:28
I believe you also have a Wareout infection which is probably redirecting you. Follow these directions:
Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe <<< direct link to the download.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.
If you cannot get the update, don't worry about it now, just run the program and remove everything it finds.
Thanks
okay good news, I used yahoo toolbar to get the link and it downloaded, it works i'll post soon
well it opens the window to ask if i want to run it but it does not run the installer
pskelley
2008-07-07, 21:47
Unless you have someone with more experience who can help you, I don't know what to tell you. I posted a direct link, if you can open this webpage, you can click that link. Save it to the Desktop and follow the directions. Not much else I can do for you.
Thanks
I ran the installer online with the yahoo toolbar and it installed and updated, scanning now
Malwarebytes' Anti-Malware Log
Malwarebytes' Anti-Malware 1.19
Database version: 930
Windows 5.1.2600 Service Pack 2
16:36:27 2008-07-07
mbam-log-7-7-2008 (16-36-27).txt
Scan type: Full Scan (C:\|)
Objects scanned: 265405
Time elapsed: 1 hour(s), 16 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9d6d6f00-a244-4ee3-8a20-e9248e972b49} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cae4b16a-4ff4-44d9-8d85-39a4f7e576fa} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\atfxqogp.bqva (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nqgpedlr.beof (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nqgpedlr.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{cae4b16a-4ff4-44d9-8d85-39a4f7e576fa} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\edgp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\clbdriver.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\nqgpedlr.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\mgendron2010\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47, on 2008-07-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\Q Menu\QICON.EXE
C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\INITIO\Button Manager v1.836\inihid.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\mgendron2010\My Documents\hijackthis\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Q Menu] C:\Program Files\HPQ\Q Menu\QICON.EXE -QICON
O4 - HKLM\..\Run: [hpqMcSrv] "C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe" /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Sticky Notes.lnk = C:\WINDOWS\system32\stikynot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Button Manager v1.836.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mgendron2010\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vdoh.org
O17 - HKLM\Software\..\Telephony: DomainName = vdoh.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vdoh.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vdoh.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = vdoh.org
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: qoMdDvsR - qoMdDvsR.dll (file missing)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 18515 bytes
pskelley
2008-07-08, 00:36
OK, MBAM got some of it but we have a ways to go and I am still not sure what all you have. Let's proceed like this.
This is a lot of instruction, take your time and follow the numbered order.
1) C:\Program Files\Viewpoint\Common\ViewpointService.exe
For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546
2) Windows Defender
Click on "Tools"
Click on "General Settings"
Scroll down to "Real-time protection options"
Uncheck "Turn on Real-time protection (recommended)"
Click "Save"
Make sure to turn your protection back on when you finish.
3) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
4) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.
Thanks to LonnyBJones and anyone else who helped with this fix.
5) Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe
Save it to yourDesktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log. (wait until you finish to post the logs and reports)
6) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: qoMdDvsR - qoMdDvsR.dll (file missing)
O24 - Desktop Component 0: Privacy Protection - (no file)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
7) Right click Start > Explore and navigate to these files/folders and delete them if there.
C:\Program Files\Antivirus 2008 PRO\ <<< delete that folder and contents
8) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart and post the report from Fixwareout, a new HJT log and tell me how the computer is running.
Thanks
Fixwareout Report
Username "mgendron2010" - 2008-07-07 20:15:51 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"TabletWizard"="C:\\WINDOWS\\help\\SplshWrp.exe"
"TabletTip"="\"C:\\Program Files\\Common Files\\microsoft shared\\ink\\tabtip.exe\" /resume"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Q Menu"="C:\\Program Files\\HPQ\\Q Menu\\QICON.EXE -QICON"
"hpqMcSrv"="\"C:\\Program Files\\HPQ\\Q Menu\\CpqMcSrV.exe\" /Start"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Snippet"="\"C:\\Program Files\\Microsoft Experience Pack\\Snipping Tool\\SnippingTool.exe\" /i"
"eTrustPPAP"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust PestPatrol Anti-Spyware\\PPActiveDetection.exe\""
"cctray"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\cctray\\cctray.exe\""
"Acrobat Assistant 8.0"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
"Adobe_ID0EYTHM"="C:\\PROGRA~1\\COMMON~1\\Adobe\\ADOBEV~1\\Server\\bin\\VERSIO~2.EXE"
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"DMXLauncher"="\"C:\\Program Files\\Roxio\\Media Experience\\DMXLauncher.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe\""
"NBKeyScan"="\"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""
"googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_06\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\PROGRA~1\\Symantec\\osCheck.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"Aim6"=""
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020"
"Veoh"="\"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe\" /VeohHide"
"BitTorrent DNA"="\"C:\\Program Files\\DNA\\btdna.exe\""
"antivirus-2008pro.exe"="C:\\Program Files\\Antivirus 2008 PRO\\antivirus-2008pro.exe"
"PopUpStopperFreeEdition"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe\""
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
_________________________________________________________________
HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35, on 2008-07-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\Q Menu\QICON.EXE
C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\INITIO\Button Manager v1.836\inihid.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\mgendron2010\My Documents\hijackthis\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Q Menu] C:\Program Files\HPQ\Q Menu\QICON.EXE -QICON
O4 - HKLM\..\Run: [hpqMcSrv] "C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe" /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Sticky Notes.lnk = C:\WINDOWS\system32\stikynot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Button Manager v1.836.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mgendron2010\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vdoh.org
O17 - HKLM\Software\..\Telephony: DomainName = vdoh.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vdoh.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vdoh.org
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = vdoh.org
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 18784 bytes
_________________________________________________________________
My computer is working, the fake IE toolbar is gone, and my desktop is normal.
Thank you! And thanks to everybody who assisted, for your time and patience in helping me. :)
pskelley
2008-07-08, 13:02
Thanks for returning your information and the feedback. You can remove Fixwareout, then update Windows Defender and Symantec and run system scans with both. Let me know the results.
Thanks
Scan Stats:
Scan Time: 856
Scan Options:
Scan Targets: C:
Counts:
Total items scanned: 7642
- Files & Directories: 2975
- Registry Entries: 563
- Processes & Start-up Items: 3896
- Network & Browser Items: 199
- Other: 9
Total security risks detected: 3
Total items resolved: 2
Total items that require attention: 1
Resolved Threats:
VirusProtectPro
Virus ID: 4294907130
Type: Anomaly
Risk: Medium (Medium Stealth, Medium Removal, Medium Performance, Medium Privacy)
Categories: Security risk
State: Fully Resolved
-----------
413 Registry Entries
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03F65A7B-6E49-4ACE-848B-4459DDBD3981} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{15125718-D196-47C9-8FBF-9889C0C85D67} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21C40A12-3079-4A70-A715-8A44CE0DE829} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A3E745F-1EAE-441F-A5D5-E53C909CEEC1} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F6A3DCF-D68F-4663-8C25-312BCDBE4D47} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{48129B70-2F29-4DBA-A499-BEB1A1554E10} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{484E9A1B-C631-47F3-9BC0-F752CDAAFB9A} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1886D5E-3508-4109-A8A0-F045AA86F3A3} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A2817460-5C53-4B41-8D01-D3EF255DD41E} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AEEA2138-2168-449E-B995-B56612EEF65E} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AEFD40BB-03E3-4C66-ABFB-B5720ACB833E} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B9C7A624-88E3-4DFA-8D56-438B10BC0149} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D21FBDCE-EF01-417C-A1A1-C1EEDB8D5DB6} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EBA2671E-29BF-42D8-B17E-AB5315CC73C5} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F105F0C9-50E2-44FA-B3EC-92CA7BFE0C0D} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F664EA90-9B91-4825-9B51-5635AC38CCA6} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6D7F9517-F134-45E3-BF2E-73414FF15CA1} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52} - No Action Required
HKEY_CLASSES_ROOT\Interface\{1D52BB09-465C-4AA4-9FBD-71D1690CAED3} - No Action Required
HKEY_CLASSES_ROOT\Interface\{24998748-6E8A-40D1-AA97-E9952EE9ED18} - No Action Required
HKEY_CLASSES_ROOT\Interface\{287FFE0C-15D0-4BFD-BAA9-0582C6361BBB} - No Action Required
HKEY_CLASSES_ROOT\Interface\{45973D31-5CE3-4503-BC81-25E525119C48} - No Action Required
HKEY_CLASSES_ROOT\Interface\{46D4D563-1C43-4CEE-AF98-471385F2BC42} - No Action Required
HKEY_CLASSES_ROOT\Interface\{5596A310-2E54-4B75-ADA3-7EE0AD10E228} - No Action Required
HKEY_CLASSES_ROOT\Interface\{5C17F7D3-8460-4488-84EB-986A38BEDD2D} - No Action Required
HKEY_CLASSES_ROOT\Interface\{71DF187C-DC99-4A35-BDB2-C099821A435D} - No Action Required
HKEY_CLASSES_ROOT\Interface\{74DF3F5E-99D7-4F4D-81C3-95201D4CDA88} - No Action Required
HKEY_CLASSES_ROOT\Interface\{91478017-FF82-4C5D-9FFF-7801F8D99CCC} - No Action Required
HKEY_CLASSES_ROOT\Interface\{9F9C8CF3-EB4A-4851-A4F6-2370F5BC79EE} - No Action Required
HKEY_CLASSES_ROOT\Interface\{B1B9C911-CA24-4E1E-9F56-838486218327} - No Action Required
HKEY_CLASSES_ROOT\Interface\{C78E49C0-AB82-4C79-A189-F1E34980643B} - No Action Required
HKEY_CLASSES_ROOT\Interface\{D2A0598F-FBC4-4721-BC85-F75C0712C100} - No Action Required
HKEY_CLASSES_ROOT\Interface\{E7B2831E-A25A-430B-B3E3-3D414F9C4288} - No Action Required
HKEY_CLASSES_ROOT\Interface\{EDC652FF-2EA2-4E46-8849-D9041B77B88E} - No Action Required
HKEY_CLASSES_ROOT\Interface\{02910A3C-5D77-4A3E-8A13-FDF81AC7FECD} - No Action Required
HKEY_CLASSES_ROOT\Interface\{0485B9A3-61D4-40A9-82EE-5B8B6BD51A58} - No Action Required
HKEY_CLASSES_ROOT\Interface\{057299D6-7EDB-47B8-934C-ED17535A501C} - No Action Required
HKEY_CLASSES_ROOT\Interface\{1C54613A-A5EC-461B-9643-6F18598036A8} - No Action Required
HKEY_CLASSES_ROOT\Interface\{29143580-A3E7-4AFB-A8EF-B88F3B56C5A3} - No Action Required
HKEY_CLASSES_ROOT\Interface\{321FE2F3-D621-4FC2-97E6-F03B1E106163} - No Action Required
HKEY_CLASSES_ROOT\Interface\{3510AA0D-C620-42A7-BCA4-5424E887BFBE} - No Action Required
HKEY_CLASSES_ROOT\Interface\{3E4FBCA2-CF8F-4897-AC8B-AD3FB68DD794} - No Action Required
HKEY_CLASSES_ROOT\Interface\{3EB2D5E5-AB7C-46DB-950E-878CF812AA1C} - No Action Required
HKEY_CLASSES_ROOT\Interface\{423E470A-EFEC-4B61-80DF-7CEBAEA33912} - No Action Required
HKEY_CLASSES_ROOT\Interface\{465CD1AB-1A0E-4644-A818-4EEA483137F1} - No Action Required
HKEY_CLASSES_ROOT\Interface\{48F5A09E-1F9A-45F6-9028-D3D4AF690727} - No Action Required
HKEY_CLASSES_ROOT\Interface\{5CAEB087-AF31-494D-842D-39CF1C7ADADE} - No Action Required
HKEY_CLASSES_ROOT\Interface\{5DF8C005-6E2E-4BD6-A765-304A8E550ECE} - No Action Required
HKEY_CLASSES_ROOT\Interface\{60659361-1C5F-4FA7-AEB0-F39DF2547122} - No Action Required
HKEY_CLASSES_ROOT\Interface\{6A97A178-3E84-45AF-8F28-982C22E9A49D} - No Action Required
HKEY_CLASSES_ROOT\Interface\{7D9351B3-4EBE-4F8F-981E-9AF90BA99F54} - No Action Required
HKEY_CLASSES_ROOT\Interface\{7E22E1D0-5AF8-4FB8-A635-BD31B3308C71} - No Action Required
HKEY_CLASSES_ROOT\Interface\{821A05ED-BB06-4444-A1E0-F0AB21FF626D} - No Action Required
HKEY_CLASSES_ROOT\Interface\{886BACAE-E094-4BDE-912E-99C3A3DDD122} - No Action Required
HKEY_CLASSES_ROOT\Interface\{8F290589-DB12-447F-8F38-D24653CE9F13} - No Action Required
HKEY_CLASSES_ROOT\Interface\{9946C825-9E64-4CBB-99C3-D853A4CCB6D5} - No Action Required
HKEY_CLASSES_ROOT\Interface\{9B3F8419-B82F-439C-8D5C-0CF7B9AE00AA} - No Action Required
HKEY_CLASSES_ROOT\Interface\{AEF1CB9F-75C1-43D0-944D-773BEB807C4E} - No Action Required
HKEY_CLASSES_ROOT\Interface\{BAD16EE0-5134-4DC2-BD33-46A557C93D36} - No Action Required
HKEY_CLASSES_ROOT\Interface\{BDABFCDE-65AB-4FD8-9DD5-B250CABDC4B2} - No Action Required
HKEY_CLASSES_ROOT\Interface\{D74EB6F1-1C83-4D06-9DAC-B6BE82C5FE70} - No Action Required
HKEY_CLASSES_ROOT\Interface\{EC6671FE-7062-4F26-8383-4B887C4CB50B} - No Action Required
HKEY_CLASSES_ROOT\Interface\{EEBD5970-8E94-4E4D-A2C8-124CB9B5EBAC} - No Action Required
HKEY_CLASSES_ROOT\Interface\{F928FA33-FDF8-4332-A626-CA9F7D12E5AD} - No Action Required
HKEY_CLASSES_ROOT\Interface\{FC8DB863-22BC-4382-AC7A-96FABFD95BB8} - No Action Required
HKEY_CLASSES_ROOT\Interface\{FFA41A18-F50E-459E-80B7-6EA78AD9D365} - No Action Required
HKEY_CLASSES_ROOT\Interface\{0A8C61AE-9639-4E4D-AF61-25B0CE935EAB} - No Action Required
HKEY_CLASSES_ROOT\Interface\{0DF3EB27-E122-4E77-9481-D9332351B606} - No Action Required
HKEY_CLASSES_ROOT\Interface\{1BA582C8-6240-4DC4-BB8E-1B764134A47B} - No Action Required
HKEY_CLASSES_ROOT\Interface\{1F6BD5E9-CEBD-4EB8-94B5-9C4E9C219306} - No Action Required
HKEY_CLASSES_ROOT\Interface\{3DE68A1C-09C2-4724-BB80-CB5AAFB96D99} - No Action Required
HKEY_CLASSES_ROOT\Interface\{720B32BB-73D5-4551-B743-986224487121} - No Action Required
HKEY_CLASSES_ROOT\Interface\{72A238C6-F6A8-41D3-90FD-95F31F02FB33} - No Action Required
HKEY_CLASSES_ROOT\Interface\{76C8C569-C4B8-4E0C-AE87-E1166D7FE005} - No Action Required
HKEY_CLASSES_ROOT\Interface\{79E77B74-D820-4E39-802F-084F9DDCE038} - No Action Required
HKEY_CLASSES_ROOT\Interface\{8F7AFA67-ADC0-4227-B799-34F7800EBC96} - No Action Required
HKEY_CLASSES_ROOT\Interface\{C254C9C5-DE04-49F1-9FC1-72EF4F7F1F6C} - No Action Required
HKEY_CLASSES_ROOT\Interface\{CA91A4F1-3DC6-4D10-8AE3-8545E86D9DB8} - No Action Required
HKEY_CLASSES_ROOT\Interface\{D0E42329-DCA9-4825-B87D-04B789BBB169} - No Action Required
HKEY_CLASSES_ROOT\Interface\{D92E0D32-8D1B-4B8B-AF26-0676C5158ADA} - No Action Required
HKEY_CLASSES_ROOT\Interface\{E082EF71-40AF-4A4E-B036-BB773F450B53} - No Action Required
HKEY_CLASSES_ROOT\Interface\{EAB5EB70-E2F1-4ADA-B033-151A71B9AA3F} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{795175C7-3F75-4F45-AB6C-4FFE32A85BCB} - No Action Required
HKEY_CLASSES_ROOT\Interface\{03F65A7B-6E49-4ACE-848B-4459DDBD3981} - No Action Required
HKEY_CLASSES_ROOT\Interface\{15125718-D196-47C9-8FBF-9889C0C85D67} - No Action Required
HKEY_CLASSES_ROOT\Interface\{21C40A12-3079-4A70-A715-8A44CE0DE829} - No Action Required
HKEY_CLASSES_ROOT\Interface\{2A3E745F-1EAE-441F-A5D5-E53C909CEEC1} - No Action Required
HKEY_CLASSES_ROOT\Interface\{2F6A3DCF-D68F-4663-8C25-312BCDBE4D47} - No Action Required
HKEY_CLASSES_ROOT\Interface\{48129B70-2F29-4DBA-A499-BEB1A1554E10} - No Action Required
HKEY_CLASSES_ROOT\Interface\{484E9A1B-C631-47F3-9BC0-F752CDAAFB9A} - No Action Required
HKEY_CLASSES_ROOT\Interface\{4A2C9DEF-83EB-4575-AD6C-2377FEFC5122} - No Action Required
HKEY_CLASSES_ROOT\Interface\{56943D7C-2283-4D73-B2B1-46173B4844B4} - No Action Required
HKEY_CLASSES_ROOT\Interface\{71C9109D-EB8D-49B9-9211-1CBE8A25A9AA} - No Action Required
HKEY_CLASSES_ROOT\Interface\{75F32B07-D45F-4D5B-9266-3863C65D5B29} - No Action Required
HKEY_CLASSES_ROOT\Interface\{84037416-6A70-46E5-9216-CDCC7E2513E7} - No Action Required
HKEY_CLASSES_ROOT\Interface\{94E14C33-2473-4185-9FA0-3D881BDB5C0B} - No Action Required
HKEY_CLASSES_ROOT\Interface\{95D963D7-86E3-434E-BFF6-FCDDEA5F9F24} - No Action Required
HKEY_CLASSES_ROOT\Interface\{9DC10DE5-5104-4554-ACA0-D9F2D146CD4C} - No Action Required
HKEY_CLASSES_ROOT\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF} - No Action Required
HKEY_CLASSES_ROOT\Interface\{A1886D5E-3508-4109-A8A0-F045AA86F3A3} - No Action Required
HKEY_CLASSES_ROOT\Interface\{A2817460-5C53-4B41-8D01-D3EF255DD41E} - No Action Required
HKEY_CLASSES_ROOT\Interface\{AEEA2138-2168-449E-B995-B56612EEF65E} - No Action Required
HKEY_CLASSES_ROOT\Interface\{AEFD40BB-03E3-4C66-ABFB-B5720ACB833E} - No Action Required
HKEY_CLASSES_ROOT\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C} - No Action Required
HKEY_CLASSES_ROOT\Interface\{B9C7A624-88E3-4DFA-8D56-438B10BC0149} - No Action Required
HKEY_CLASSES_ROOT\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769} - No Action Required
HKEY_CLASSES_ROOT\Interface\{BE465556-F79D-476F-9457-74E49F8F400A} - No Action Required
HKEY_CLASSES_ROOT\Interface\{D21FBDCE-EF01-417C-A1A1-C1EEDB8D5DB6} - No Action Required
HKEY_CLASSES_ROOT\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A} - No Action Required
HKEY_CLASSES_ROOT\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B} - No Action Required
HKEY_CLASSES_ROOT\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1} - No Action Required
HKEY_CLASSES_ROOT\Interface\{EBA2671E-29BF-42D8-B17E-AB5315CC73C5} - No Action Required
HKEY_CLASSES_ROOT\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C} - No Action Required
HKEY_CLASSES_ROOT\Interface\{F105F0C9-50E2-44FA-B3EC-92CA7BFE0C0D} - No Action Required
HKEY_CLASSES_ROOT\Interface\{F664EA90-9B91-4825-9B51-5635AC38CCA6} - No Action Required
HKEY_CLASSES_ROOT\Interface\{21688E5D-A895-4B60-B127-B76607420334} - No Action Required
HKEY_CLASSES_ROOT\Interface\{40E563B2-61B2-4215-819A-A7E24CF8AA3E} - No Action Required
HKEY_CLASSES_ROOT\Interface\{45FBEFBF-E8B6-44A5-B0A1-A143E1A74816} - No Action Required
HKEY_CLASSES_ROOT\Interface\{5146B43E-B36D-4A2A-B617-CC05CC500150} - No Action Required
HKEY_CLASSES_ROOT\Interface\{5B8BED0F-5F18-4051-9908-C5C569A1AAE9} - No Action Required
HKEY_CLASSES_ROOT\Interface\{63667718-EBF2-4CAB-B1E8-994D41589C24} - No Action Required
HKEY_CLASSES_ROOT\Interface\{972F0BE3-976F-40B8-8EB4-88A25987416E} - No Action Required
HKEY_CLASSES_ROOT\Interface\{9F80EA2D-53CF-4AA5-A154-F4FBF1EF6A5A} - No Action Required
HKEY_CLASSES_ROOT\Interface\{A35F8FAC-755D-4F90-A5D3-F7E18D9EB100} - No Action Required
HKEY_CLASSES_ROOT\Interface\{C269F4C1-7558-4DFC-9FB6-4C149B482586} - No Action Required
HKEY_CLASSES_ROOT\Interface\{CE92A296-3142-493C-B64E-6ED73EAFB9AE} - No Action Required
HKEY_CLASSES_ROOT\Interface\{D7C0DF6C-91FF-48BD-AD98-E35769394138} - No Action Required
HKEY_CLASSES_ROOT\Interface\{D8EC2704-B249-4495-A7A4-A90857BDDF4D} - No Action Required
HKEY_CLASSES_ROOT\Interface\{D91E9F36-9E44-44AB-803C-0D941FDA7988} - No Action Required
HKEY_CLASSES_ROOT\Interface\{E0757BDD-69BE-4C3F-AFC6-50D6524FA9B6} - No Action Required
HKEY_CLASSES_ROOT\Interface\{F2F8C877-B06C-4B5E-95E7-AACFC9E8219D} - No Action Required
HKEY_CLASSES_ROOT\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1} - No Action Required
HKEY_CLASSES_ROOT\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68} - No Action Required
HKEY_CLASSES_ROOT\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245} - No Action Required
HKEY_CLASSES_ROOT\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E} - No Action Required
HKEY_CLASSES_ROOT\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872} - No Action Required
HKEY_CLASSES_ROOT\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B} - No Action Required
HKEY_CLASSES_ROOT\Interface\{65C1361C-E696-4AF0-9E21-81910193F352} - No Action Required
HKEY_CLASSES_ROOT\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3} - No Action Required
HKEY_CLASSES_ROOT\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA} - No Action Required
HKEY_CLASSES_ROOT\Interface\{A1922071-390C-418D-916D-91209E95D286} - No Action Required
HKEY_CLASSES_ROOT\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1} - No Action Required
HKEY_CLASSES_ROOT\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A} - No Action Required
HKEY_CLASSES_ROOT\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C} - No Action Required
HKEY_CLASSES_ROOT\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8} - No Action Required
HKEY_CLASSES_ROOT\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB} - No Action Required
HKEY_CLASSES_ROOT\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A} - No Action Required
HKEY_CLASSES_ROOT\Interface\{0DFBA66B-DB48-4292-831A-E7186D8A61AE} - No Action Required
HKEY_CLASSES_ROOT\Interface\{46F309AE-9D11-4C10-9D20-2C084B1C8BCE} - No Action Required
HKEY_CLASSES_ROOT\Interface\{4CB95561-AF37-4BBD-823C-1E355A744A43} - No Action Required
HKEY_CLASSES_ROOT\Interface\{76157861-4996-4711-90E4-6D868B877B24} - No Action Required
HKEY_CLASSES_ROOT\Interface\{81DA01DB-8100-4865-B9B0-A83F54378435} - No Action Required
HKEY_CLASSES_ROOT\Interface\{910EF37B-A486-41FC-8A1B-28C5581AB3AC} - No Action Required
HKEY_CLASSES_ROOT\Interface\{A6B2BC38-7F2A-4202-9B43-A28615727FEE} - No Action Required
HKEY_CLASSES_ROOT\Interface\{B11DA4C8-52DC-44A2-B21B-02BF7A93EB5B} - No Action Required
HKEY_CLASSES_ROOT\Interface\{B5ADBFCA-C6DE-4E5A-A2DA-70AA2933B696} - No Action Required
HKEY_CLASSES_ROOT\Interface\{B5AE5932-F1B3-45E4-842A-59EEA65B13A8} - No Action Required
HKEY_CLASSES_ROOT\Interface\{BA18BA7B-9567-4408-9B87-3D3990C3969E} - No Action Required
HKEY_CLASSES_ROOT\Interface\{D56509AB-9821-4DB0-BF2F-115159804140} - No Action Required
HKEY_CLASSES_ROOT\Interface\{DFF203EA-222C-44FA-8B78-ED88B4587AA2} - No Action Required
HKEY_CLASSES_ROOT\Interface\{EB22B708-E0D3-4FCE-800B-6DD0C5B30D42} - No Action Required
HKEY_CLASSES_ROOT\Interface\{F1EA02F8-E536-4828-BFB7-3DE7FA4D4B09} - No Action Required
HKEY_CLASSES_ROOT\Interface\{F6E18622-DFA8-4DBA-B05E-D3D147E16D44} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{23624BD0-2A69-4F91-BE6A-9F1F22B72C13} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{40331B9F-75E5-4E1E-B511-5AA6638B9ADE} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{6D7F9517-F134-45E3-BF2E-73414FF15CA1} - No Action Required
HKEY_CLASSES_ROOT\Interface\{14E6D991-DB22-4661-981D-20C168D6847B} - No Action Required
HKEY_CLASSES_ROOT\Interface\{2242513C-F5E9-41B3-BC89-4D9DAF487450} - No Action Required
HKEY_CLASSES_ROOT\Interface\{3B489B37-FC1B-45C8-B1CE-78D9AEF5B336} - No Action Required
HKEY_CLASSES_ROOT\Interface\{3D6A6E24-FDFF-418E-A93D-9FBDCBA377AF} - No Action Required
HKEY_CLASSES_ROOT\Interface\{3E318E44-0C35-4292-AF91-18DD17795636} - No Action Required
HKEY_CLASSES_ROOT\Interface\{495349A3-3A35-465F-88DF-6CCFC1348246} - No Action Required
HKEY_CLASSES_ROOT\Interface\{575E8879-D6CF-4992-A7FE-651DA9277BCB} - No Action Required
HKEY_CLASSES_ROOT\Interface\{76A15001-FF88-47EE-9E34-9F68E34246AF} - No Action Required
HKEY_CLASSES_ROOT\Interface\{819A1C55-735F-4696-8727-3772EC87AD26} - No Action Required
HKEY_CLASSES_ROOT\Interface\{8DC7E656-FFBC-4BA2-AF81-1C6C4FE04407} - No Action Required
HKEY_CLASSES_ROOT\Interface\{A86BED71-2B56-4778-9C48-829A3D01C687} - No Action Required
HKEY_CLASSES_ROOT\Interface\{AE119E11-CF86-43CB-91AA-1ACF2BBF9EC6} - No Action Required
HKEY_CLASSES_ROOT\Interface\{B5A1CE7F-011D-4475-98DB-076AAF3B1D18} - No Action Required
HKEY_CLASSES_ROOT\Interface\{B667F141-171C-4AC6-BD2B-8E0C646FB920} - No Action Required
HKEY_CLASSES_ROOT\Interface\{DA4F8351-05EF-4956-B9AB-1093B732436F} - No Action Required
HKEY_CLASSES_ROOT\Interface\{E1E4E46D-53B8-45DC-ABF0-3E7ADEF79012} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6} - No Action Required
HKEY_CLASSES_ROOT\Interface\{0EC085A8-9818-43B7-B975-EC7555EDA4D2} - No Action Required
HKEY_CLASSES_ROOT\Interface\{1A74C41C-0837-4FBE-BA50-621EB70F01CE} - No Action Required
HKEY_CLASSES_ROOT\Interface\{25297614-1B76-4C2C-82C6-62738AA0E8F0} - No Action Required
HKEY_CLASSES_ROOT\Interface\{37F89457-1208-4670-9245-58C62BD6D870} - No Action Required
HKEY_CLASSES_ROOT\Interface\{45477032-ABD0-454D-9CE4-EA34C10322F8} - No Action Required
HKEY_CLASSES_ROOT\Interface\{69E34747-0B27-4B30-AE20-1023BF29E246} - No Action Required
HKEY_CLASSES_ROOT\Interface\{79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7} - No Action Required
HKEY_CLASSES_ROOT\Interface\{7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D} - No Action Required
HKEY_CLASSES_ROOT\Interface\{7EBB34CF-1728-4136-A968-48F231DAD1B4} - No Action Required
HKEY_CLASSES_ROOT\Interface\{88DAA291-B413-4C46-B378-3BE66F65369E} - No Action Required
HKEY_CLASSES_ROOT\Interface\{936A2F4A-53F8-4D2F-92AA-2F9DE889841C} - No Action Required
HKEY_CLASSES_ROOT\Interface\{AFCC3FA7-82A9-42D5-A405-78711E97A5D6} - No Action Required
HKEY_CLASSES_ROOT\Interface\{CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF} - No Action Required
HKEY_CLASSES_ROOT\Interface\{E80114AA-6653-4952-9E97-5F1DC63BEE0F} - No Action Required
HKEY_CLASSES_ROOT\Interface\{F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9} - No Action Required
HKEY_CLASSES_ROOT\Interface\{FCA3958A-8D38-4D14-8B81-CCD7F68A8A01} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{049FECE3-18C7-4023-A1BE-CFAA2C4EE387} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusProtectPro 3.3.exe 3.3 - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{3FB89201-04DE-4430-B5C6-FD57EA654E56} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{8E9D2F33-4585-4404-AA57-15B2B03707F4} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{3B8E549E-0C73-4AAB-8939-5EA2ED102CC6} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->VirusProtectPro 3.3 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtectPro 3.3 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\VirusProtectPro 3.3 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusProtectPro 3.4.exe 3.4 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->VirusProtectPro 3.4 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtectPro 3.4 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\VirusProtectPro 3.4 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusProtectPro 3.5.exe 3.5 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->VirusProtectPro 3.5 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtectPro 3.5 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\VirusProtectPro 3.5 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusProtectPro 3.6.exe 3.6 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->VirusProtectPro 3.6 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtectPro 3.6 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\VirusProtectPro 3.6 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusProtectPro 3.7.exe 3.7 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->VirusProtectPro 3.7 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtectPro 3.7 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\VirusProtectPro 3.7 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusProtectPro 3.8.exe 3.8 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->VirusProtectPro 3.8 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtectPro 3.8 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\VirusProtectPro 3.8 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusProtectPro 3.9.exe 3.9 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->VirusProtectPro 3.9 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtectPro 3.9 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\VirusProtectPro 3.9 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusProtectPro 4.0.exe 4.0 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->VirusProtectPro 4.0 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtectPro 4.0 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\VirusProtectPro 4.0 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusProtect 3.9.exe 3.9 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->VirusProtect 3.9 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->VirusProtect - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtect 3.9 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\VirusProtect 3.9 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.3 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.3 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.3 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.3 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.3 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.3 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.3 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.3 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.3 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.3 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.3 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.3 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.4 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.4 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.4 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.4 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.4 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.4 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.4 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.4 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.4 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.4 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.4 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.4 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.5 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.5 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.5 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.5 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.5 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.5 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.5 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.5 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.5 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.5 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.5 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.5 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.6 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.6 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.6 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.6 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.6 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.6 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.6 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.6 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.6 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.6 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.6 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.6 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.7 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.7 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.7 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.7 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.7 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.7 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.7 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.7 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.7 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.7 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.7 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.7 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.8 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.8 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.8 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.8 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.8 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.8 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.8 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.8 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.8 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.8 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.8 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.8 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.9 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.9 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.9 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.9 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.9 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 3.9 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.9 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.9 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.9 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.9 - No Action Required
HKEY_USERS\S-1-5-20
\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.9 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 3.9 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 4.0 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 4.0 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 4.0 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 4.0 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 4.0 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtectPro 4.0 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 4.0 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 4.0 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 4.0 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 4.0 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 4.0 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtectPro 4.0 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusProtect 3.8.exe 3.8 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\->VirusProtect 3.8 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtect 3.8 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\VirusProtect 3.8 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtect 3.8 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtect 3.8 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtect 3.8 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtect 3.8 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtect 3.8 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtect 3.8 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtect 3.8 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtect 3.8 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtect 3.8 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtect 3.8 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtect 3.8 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtect 3.8 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtect 3.9 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtect 3.9 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtect 3.9 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtect 3.9 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtect 3.9 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusProtect 3.9 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtect 3.9 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtect 3.9 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtect 3.9 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtect 3.9 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtect 3.9 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusProtect 3.9 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusHeat 3.9.exe 3.9 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->VirusHeat 3.9 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusHeat 3.9 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\VirusHeat 3.9 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 3.9 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 3.9 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 3.9 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 3.9 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 3.9 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 3.9 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 3.9 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 3.9 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 3.9 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 3.9 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 3.9 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 3.9 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\->VirusHeat 4.3 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusHeat 4.3 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\VirusHeat 4.3 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 4.3 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 4.3 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 4.3 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 4.3 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 4.3 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 4.3 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 4.3 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 4.3 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 4.3 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 4.3 - Deleted
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 4.3 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 4.3 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\->VirusHeat 4.4 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusHeat 4.4 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\VirusHeat 4.4 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 4.4 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 4.4 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 4.4 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 4.4 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 4.4 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\VirusHeat 4.4 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 4.4 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 4.4 - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 4.4 - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 4.4 - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 4.4 - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusHeat 4.4 - No Action Required
1 File
C:\Documents and Settings\All Users\Application Data\TEMP - Deleted
SafeStrip
Virus ID: 4294906876
Type: Anomaly
Risk: Medium (Medium Stealth, Medium Removal, Medium Performance, Medium Privacy)
Categories: Security risk
State: Fully Resolved
-----------
126 Registry Entries
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->PIDsrc - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->PIDsrc - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->PIDsrc - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->PIDsrc - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->PIDsrc - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->PIDsrc - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->wmsrcpid - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->wmsrcpid - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->wmsrcpid - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->wmsrcpid - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->wmsrcpid - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->wmsrcpid - No Action Required
HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328} - No Action Required
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328} - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328} - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328} - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328} - No Action Required
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328} - No Action Required
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328} - No Action Required
HKEY_USERS\S-1-5-19\Software\Antivirus2008y - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Antivirus2008y - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Antivirus2008y - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Antivirus2008y - No Action Required
HKEY_USERS\S-1-5-20\Software\Antivirus2008y - No Action Required
HKEY_USERS\.DEFAULT\Software\Antivirus2008y - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\->Antivirus2008y - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Run\->Antivirus2008y - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\->Antivirus2008y - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Run\->Antivirus2008y - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\->Antivirus2008y - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\->Antivirus2008y - No Action Required
HKEY_USERS\S-1-5-19\Software\WinAntivirusPro - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\WinAntivirusPro - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\WinAntivirusPro - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\WinAntivirusPro - No Action Required
HKEY_USERS\S-1-5-20\Software\WinAntivirusPro - No Action Required
HKEY_USERS\.DEFAULT\Software\WinAntivirusPro - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus2008y - No Action Required
HKEY_USERS\S-1-5-19\Software\SafeStrip - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\SafeStrip - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\SafeStrip - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\SafeStrip - No Action Required
HKEY_USERS\S-1-5-20\Software\SafeStrip - No Action Required
HKEY_USERS\.DEFAULT\Software\SafeStrip - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafeStrip_is1 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStrip - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStrip - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStrip - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStrip - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStrip - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStrip - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStripReminder - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStripReminder - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStripReminder - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStripReminder - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStripReminder - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStripReminder - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SafeStrip - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SafeStrip - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SafeStrip - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SafeStrip - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SafeStrip - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SafeStrip - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SafeStrip - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SafeStrip - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SafeStrip - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SafeStrip - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SafeStrip - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SafeStrip - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\->XP antivirus - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Run\->XP antivirus - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\->XP antivirus - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Run\->XP antivirus - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\->XP antivirus - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\->XP antivirus - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\->XPAntivirus - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Run\->XPAntivirus - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\->XPAntivirus - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Run\->XPAntivirus - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\->XPAntivirus - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\->XPAntivirus - No Action Required
HKEY_USERS\S-1-5-19\Software\XP antivirus - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\XP antivirus - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\XP antivirus - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\XP antivirus - No Action Required
HKEY_USERS\S-1-5-20\Software\XP antivirus - No Action Required
HKEY_USERS\.DEFAULT\Software\XP antivirus - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP antivirus_is1 - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\XP antivirus - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\XP antivirus - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\XP antivirus - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\XP antivirus - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\XP antivirus - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\XP antivirus - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\XP antivirus - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\XP antivirus - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\XP antivirus - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\XP antivirus - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\XP antivirus - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\XP antivirus - No Action Required
HKEY_USERS\S-1-5-19\Software\Antivirus - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Antivirus - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Antivirus - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Antivirus - No Action Required
HKEY_USERS\S-1-5-20\Software\Antivirus - No Action Required
HKEY_USERS\.DEFAULT\Software\Antivirus - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus - No Action Required
HKEY_USERS\S-1-5-19\Software\Antivirus 2008 PRO - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Antivirus 2008 PRO - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Antivirus 2008 PRO - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Antivirus 2008 PRO - No Action Required
HKEY_USERS\S-1-5-20\Software\Antivirus 2008 PRO - No Action Required
HKEY_USERS\.DEFAULT\Software\Antivirus 2008 PRO - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus 2008 PRO - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus 2008 PRO - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus 2008 PRO - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus 2008 PRO - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus 2008 PRO - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus 2008 PRO - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2008 PRO - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2008 PRO - No Action Required
HKEY_USERS\S-1-5-21-583907252-838170752-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2008 PRO - No Action Required
HKEY_USERS\S-1-5-21-4157893092-2580116332-2277760538-4843\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2008 PRO - Deleted
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2008 PRO - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2008 PRO - No Action Required
17 Files
C:\Documents and Settings\mgendron2010\Application Data\Microsoft\Internet Explorer\Quick Launch\SafeStrip.lnk - No Action Required
C:\Documents and Settings\mgendron2010\Desktop\SafeStrip.lnk - No Action Required
C:\Documents and Settings\mgendron2010\Application Data\Microsoft\Internet Explorer\Quick Launch\XPAntivirus.lnk - No Action Required
C:\Documents and Settings\mgendron2010\Desktop\XPAntivirus.lnk - No Action Required
C:\Documents and Settings\mgendron2010\Application Data\Microsoft\Internet Explorer\Quick Launch\XP Antivirus 2008.lnk - No Action Required
C:\Documents and Settings\mgendron2010\Desktop\XP Antivirus 2008.lnk - No Action Required
C:\xpa_log.txt - No Action Required
C:\Documents and Settings\mgendron2010\Start Menu\Antivirus\Antivirus 2008.lnk - No Action Required
C:\Documents and Settings\mgendron2010\Start Menu\Antivirus\Uninstall Antivirus.lnk - No Action Required
C:\Documents and Settings\mgendron2010\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk - No Action Required
C:\Documents and Settings\mgendron2010\Desktop\antivirus-2008pro.lnk - No Action Required
C:\Documents and Settings\mgendron2010\Desktop\System Antivirus 2008.lnk - No Action Required
C:\Documents and Settings\mgendron2010\Desktop\WinAntivirusPro.lnk - No Action Required
C:\Documents and Settings\mgendron2010\Desktop\Windows Antivirus 2008.lnk - No Action Required
C:\Documents and Settings\mgendron2010\Start Menu\Programs\WinAntivirusPro.lnk - No Action Required
C:\Documents and Settings\mgendron2010\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk - No Action Required
C:\Documents and Settings\mgendron2010\Desktop\Antivirus 2009.lnk - No Action Required
2 Processes
C:\Program Files\XP Antivirus\xpa.exe - No Action Required
C:\Program Files\XP Antivirus\xpa.exe - No Action Required
2 Services
XPAntivirusFilter - No Action Required
XPAntivirusFilter - No Action Required
Unresolved Threats:
Tracking Cookie
Virus ID: 4294909925
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
Categories: Cookie
State: Not Attempted
-----------
2 Tracking Cookies
Cookie:mgendron2010@mediamgr.ugo.com/ - No action taken
____________________________________________________
I ran a full windows defender scan and after four hours i stopped it and i'm going to let it run overnight
the scan found one thing
http://img244.imageshack.us/img244/6855/scanresultfv6.jpg
pskelley
2008-07-08, 22:55
Windows Defender found cookies, but what what that other scan result?
The scan you posted on #17?
How is this computer running, are you having any malware problems?
Thanks
the computer is running fine, i haven't had any problems i'll try doing the synmatic scan again to check if anything shows up
pskelley
2008-07-08, 23:46
Listen, I do not use Symantec and know nothing about the log it produces. I do suggest you follow the instructions and delete or at least quarantine anything it finds. It does no good to run a tool and take no action when it finds stuff. Please do not post logs from Symantec. If your computer is running ok, you are finished, here is some information to help you prevent this from happening again.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
I updated Synamatic again and restarted and did a new scan and it found nothing. I'll try to get windows defender to do a full scan tonight and see if it brings anything up. Other than that, the computer is running fine, nothing strage or slow or wierd pop-ups.
Scan Stats:
Scan Time: 168
Scan Options:
Scan Targets: C:
Counts:
Total items scanned: 6873
- Files & Directories: 2294
- Registry Entries: 563
- Processes & Start-up Items: 3807
- Network & Browser Items: 204
- Other: 5
Total security risks detected: 0
Total items resolved: 0
Total items that require attention: 0
Resolved Threats:
Unresolved Threats: