recently i downloaded the DJ software traktor for my friend and decided to try it out for my self, i was able to register it too, but soon after i uninstalled it, my computer started to give me pop-ups every time i opened a folder in my computer saying: i understand this is a fake and say no every time, and it ends up opening my firefox browser with a screen that looks like this: now i really wanna get rid of this issue because it is getting annoying, and i think its starting to effect my IE7 now. about 5-6 days ago i also downloaded norton 360 and registered it. i scanned the whole computer to find out whats wrong but nothing comes up . and now im everytime i open IE7 it either crashes and closes or goes to some page saying that i have a virus and that i should download some random antivirus that i have never heard of. PLEASE HELP ME!! it would be greatly appreciated.
Hi palak Please download Superantispyware Free and install it. Follow the prompts and reboot if required. Launch Superantispyware Free either by running C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware... Configuring SuperAntispyware • Click on Preferences. • In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run. • Navigate to the tab Scanning Control. • Make sure only these boxes are checked: Code: Close browsers before scanning Scan for tracking cookies Terminate memory threats before quarantining Scan Alternate Data Streams Use Kernel Direct File Access (recommended) Use Kernel Direct Registry Access (recommended) Use Direct Disk Access (recommended) • Click on Close. Updating SuperAntispyware • At the main window, click on Check for Updates.... • Wait for SuperAntispyware to be fully updated. Scanning Time • Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode. • Launch SuperAntispyware. • At the main window, click on Scan your Computer.... • Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next. • Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items. • Reboot your computer. Post A Log • Launch SuperAntispyware • Click on Preferences • Navigate to the tab Statistics/Logs. • Choose the latest scan log, and the click on View Log.... • Copy and paste the contents of the log here in your next post. Best Regards
Are you perfectly sure this will work? and if doesnt work it wont mess anything up in my computer? please reply
SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 11/05/2008 at 11:24 PM Application Version : 4.21.1004 Core Rules Database Version : 3555 Trace Rules Database Version: 1608 Scan type : Complete Scan Total Scan Time : 03:19:36 Memory items scanned : 184 Memory threats detected : 0 Registry items scanned : 5969 Registry threats detected : 459 File items scanned : 103474 File threats detected : 24 Adware.MyWebSearch HKU\S-1-5-21-1972869173-3552872896-3468390370-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D} Adware.Tracking Cookie C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt C:\Documents and Settings\Owner\Cookies\owner@dynamic.media.adrevolver[2].txt C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt Adware.180solutions/ZangoSearch HKU\S-1-5-21-1972869173-3552872896-3468390370-1006\Software\Zango HKLM\Software\Zango HKLM\Software\Zango\Zango HKLM\Software\Zango\Zango\Install HKLM\Software\Zango\Zango\Install#CreateDate HKLM\Software\Zango\Zango\Install#CreateDateDW Adware.MyWebSearch/FunWebProducts HKU\S-1-5-21-1972869173-3552872896-3468390370-1006\SOFTWARE\Fun Web Products HKLM\SOFTWARE\Fun Web Products HKLM\SOFTWARE\Fun Web Products#JpegConversionLib HKLM\SOFTWARE\Fun Web Products#CacheDir HKLM\SOFTWARE\Fun Web Products\MSNMessenger HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir HKLM\SOFTWARE\Fun Web Products\ScreenSaver HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir HKLM\SOFTWARE\Fun Web Products\Settings HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#LastHTMLMenuURL HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#HTMLMenuRevision HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#ETag HKLM\SOFTWARE\Fun Web Products\Settings\Promos HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8 HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag HKU\S-1-5-21-1972869173-3552872896-3468390370-1006\SOFTWARE\FunWebProducts HKU\S-1-5-21-1972869173-3552872896-3468390370-1006\SOFTWARE\MyWebSearch HKCR\FunWebProducts.DataControl HKCR\FunWebProducts.DataControl\CLSID HKCR\FunWebProducts.DataControl\CurVer HKCR\FunWebProducts.DataControl.1 HKCR\FunWebProducts.DataControl.1\CLSID HKCR\FunWebProducts.HistoryKillerScheduler HKCR\FunWebProducts.HistoryKillerScheduler\CLSID HKCR\FunWebProducts.HistoryKillerScheduler\CurVer HKCR\FunWebProducts.HistoryKillerScheduler.1 HKCR\FunWebProducts.HistoryKillerScheduler.1\CLSID HKCR\FunWebProducts.HistorySwatterControlBar HKCR\FunWebProducts.HistorySwatterControlBar\CLSID HKCR\FunWebProducts.HistorySwatterControlBar\CurVer HKCR\FunWebProducts.HistorySwatterControlBar.1 HKCR\FunWebProducts.HistorySwatterControlBar.1\CLSID HKCR\FunWebProducts.HTMLMenu HKCR\FunWebProducts.HTMLMenu\CLSID HKCR\FunWebProducts.HTMLMenu\CurVer HKCR\FunWebProducts.HTMLMenu.1 HKCR\FunWebProducts.HTMLMenu.1\CLSID HKCR\FunWebProducts.HTMLMenu.2 HKCR\FunWebProducts.HTMLMenu.2\CLSID HKCR\FunWebProducts.IECookiesManager HKCR\FunWebProducts.IECookiesManager\CLSID HKCR\FunWebProducts.IECookiesManager\CurVer HKCR\FunWebProducts.IECookiesManager.1 HKCR\FunWebProducts.IECookiesManager.1\CLSID HKCR\FunWebProducts.KillerObjManager HKCR\FunWebProducts.KillerObjManager\CLSID HKCR\FunWebProducts.KillerObjManager\CurVer HKCR\FunWebProducts.KillerObjManager.1 HKCR\FunWebProducts.KillerObjManager.1\CLSID HKCR\MyWebSearch.ChatSessionPlugin HKCR\MyWebSearch.ChatSessionPlugin\CLSID HKCR\MyWebSearch.ChatSessionPlugin\CurVer HKCR\MyWebSearch.ChatSessionPlugin.1 HKCR\MyWebSearch.ChatSessionPlugin.1\CLSID HKCR\MyWebSearch.HTMLPanel HKCR\MyWebSearch.HTMLPanel\CLSID HKCR\MyWebSearch.HTMLPanel\CurVer HKCR\MyWebSearch.HTMLPanel.1 HKCR\MyWebSearch.HTMLPanel.1\CLSID HKCR\MyWebSearch.PseudoTransparentPlugin HKCR\MyWebSearch.PseudoTransparentPlugin\CLSID HKCR\MyWebSearch.PseudoTransparentPlugin\CurVer HKCR\MyWebSearch.PseudoTransparentPlugin.1 HKCR\MyWebSearch.PseudoTransparentPlugin.1\CLSID HKCR\ScreenSaverControl.ScreenSaverInstaller HKCR\ScreenSaverControl.ScreenSaverInstaller\CLSID HKCR\ScreenSaverControl.ScreenSaverInstaller\CurVer HKCR\ScreenSaverControl.ScreenSaverInstaller.1 HKCR\ScreenSaverControl.ScreenSaverInstaller.1\CLSID HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32 HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32#ThreadingModel HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\ProgID HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\Programmable HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\TypeLib HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\VersionIndependentProgID HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Control HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32 HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32#ThreadingModel HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus\1 HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\ProgID HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Programmable HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\TypeLib HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Version HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\VersionIndependentProgID HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32 HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32#ThreadingModel HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ProgID HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\VersionIndependentProgID HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Control HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32 HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32#ThreadingModel HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1 HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ProgID HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Programmable HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\TypeLib HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Version HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\VersionIndependentProgID HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1 HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1 HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1 HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32 HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32#ThreadingModel HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32 HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32#ThreadingModel HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32 HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32#ThreadingModel HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ProgID HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\VersionIndependentProgID HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32 HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32#ThreadingModel HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus\1 HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ProgID HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Programmable HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\TypeLib HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Version HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\VersionIndependentProgID HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32 HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32#ThreadingModel HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus\1 HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\ProgID HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Programmable HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\TypeLib HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Version HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\VersionIndependentProgID HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32 HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32#ThreadingModel HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus\1 HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\ProgID HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Programmable HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\TypeLib HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Version HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\VersionIndependentProgID HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32 HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32#ThreadingModel HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\ProgID HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\Programmable HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\TypeLib HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\VersionIndependentProgID HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32 HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32#ThreadingModel HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\Programmable HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\TypeLib HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Control HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32 HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32#ThreadingModel HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus\1 HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ProgID HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Programmable HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\TypeLib HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Version HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\VersionIndependentProgID HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0 HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0 HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32 HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\FLAGS HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0 HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0 HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32 HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\FLAGS HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0 HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0 HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32 HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\FLAGS HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0 HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0 HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32 HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\FLAGS HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0 HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0 HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32 HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\FLAGS HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0 HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0 HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32 HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\FLAGS HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0 HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0 HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32 HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0 HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0 HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32 HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\FLAGS HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C} HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0 HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0 HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32 HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\FLAGS HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32 HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390} HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32 HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32 HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728} HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32 HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32 HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32 HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32 HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32 HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906} HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32 HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32 HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32 HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32 HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32 HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69} HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32 HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32 HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32 HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32 HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32 HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32 HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32 HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32 HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32 HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32 HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32 HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version HKLM\Software\FocusInteractive HKLM\Software\FocusInteractive\bar HKLM\Software\FocusInteractive\bar\Switches HKLM\Software\FocusInteractive\bar\Switches#incmail.exe HKLM\Software\FocusInteractive\bar\Switches#msimn.exe HKLM\Software\FocusInteractive\bar\Switches#msn.exe HKLM\Software\FocusInteractive\bar\Switches#outlook.exe HKLM\Software\FocusInteractive\bar\Switches#waol.exe HKLM\Software\FocusInteractive\bar\Switches#aim.exe HKLM\Software\FocusInteractive\bar\Switches#icq.exe HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe HKLM\Software\FocusInteractive\bar\Switches#ypager.exe HKLM\Software\FocusInteractive\bar\Switches#au HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll HKLM\Software\FocusInteractive\bar\Switches#ps HKLM\Software\FocusInteractive\bar\Switches#ok HKLM\Software\FocusInteractive\bar\Switches#od HKLM\Software\FocusInteractive\bar\Switches#nk HKLM\Software\FocusInteractive\bar\Switches#nd HKLM\Software\FocusInteractive\Email-IM HKLM\Software\FocusInteractive\Email-IM\0 HKLM\Software\FocusInteractive\Email-IM\0#Toolbar HKLM\Software\FocusInteractive\Email-IM\0#AppName HKLM\Software\FocusInteractive\Email-IM\0#Path HKLM\Software\FocusInteractive\Outlook HKLM\Software\FocusInteractive\Outlook#MyWebSearch.OutlookAddin HKLM\Software\Microsoft\Windows\CurrentVersion\Run#MyWebSearch Plugin [ rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF ] Rogue.TotalSecure2009 C:\WINDOWS\k.txt C:\WINDOWS\system32\c.ico C:\WINDOWS\system32\m.ico C:\WINDOWS\system32\s.ico C:\Documents and Settings\Owner\Favorites\Search Online.url C:\Documents and Settings\Owner\Favorites\VIP Casino.url C:\Documents and Settings\Owner\Start Menu\Search Online.url C:\Documents and Settings\Owner\Start Menu\VIP Casino.url Trojan.Downloader-Gen/Suspicious C:\SYSTEM VOLUME INFORMATION\_RESTORE{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP100\A0014951.EXE Adware.180solutions/Seekmo/Zango C:\SYSTEM VOLUME INFORMATION\_RESTORE{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP36\A0007387.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP43\A0007596.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP43\A0007597.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP43\A0007598.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP43\A0007599.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP43\A0007600.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP43\A0007601.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP43\A0007602.DLL
Hey palak How's your problem? Now, please download ComboFix. With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. • Run Combo-Fix.exe and follow the prompts. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be completed. • If it requires a reboot, please do it. • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt) Do not click on the ComoboFix window, as it may cause it to stall. Best Regards
ComboFix 08-11-07.01 - Owner 2008-11-07 15:44:52.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.436 [GMT -8:00] Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Application Data\FunWebProducts c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\avatar.dat c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\zbucks.dat c:\documents and settings\Owner\Application Data\inst.exe c:\documents and settings\Owner\Favorites\Cheap Pharmacy Online.url c:\documents and settings\Owner\Start Menu\Cheap Pharmacy Online.url c:\program files\Internet Explorer\msimg32.dll c:\windows\k.txt c:\windows\system32\f3PSSavr.scr c:\windows\system32\gopfa.dll D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 ))))))))))))))))))))))))))))))) . 2008-11-07 15:45 . 2008-11-07 15:45 6,736 --a------ c:\windows\system32\drivers\PROCEXP90.SYS 2008-11-05 19:48 . 2008-11-05 19:48 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-11-05 19:48 . 2008-11-05 19:48 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2008-11-05 19:48 . 2008-11-05 19:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-11-05 19:47 . 2008-11-05 19:47 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-05 18:46 . 2008-11-05 18:46 <DIR> d-------- c:\documents and settings\All Users\Symantec Temporary Files 2008-11-01 09:27 . 2008-11-01 09:27 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Yahoo! 2008-10-29 15:18 . 2008-10-29 15:18 <DIR> d-------- C:\N360_BACKUP 2008-10-29 14:40 . 2008-10-29 14:40 <DIR> d-------- c:\program files\Windows Sidebar 2008-10-29 14:40 . 2008-11-04 11:06 <DIR> d-------- c:\program files\Norton 360 2008-10-29 14:39 . 2008-10-31 17:24 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS 2008-10-29 14:39 . 2008-10-31 17:24 60,800 --a------ c:\windows\system32\S32EVNT1.DLL 2008-10-29 14:39 . 2008-10-31 17:24 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT 2008-10-29 14:39 . 2008-10-31 17:24 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF 2008-10-27 15:25 . 2008-10-27 15:25 <DIR> d-------- c:\program files\Native Instruments 2008-10-23 16:51 . 2008-10-15 08:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-21 13:50 . 2008-10-21 13:50 <DIR> d-------- c:\program files\VirtualDJ 2008-10-20 13:46 . 2005-11-30 20:20 2,314,332 --a------ c:\windows\system32\LIBMMD.DLL 2008-10-20 13:46 . 2000-05-21 21:00 647,872 --a------ c:\windows\system32\mscomct2.ocx 2008-10-20 13:46 . 2001-03-13 10:49 120,320 --a------ c:\windows\system32\comdlg32.ocx 2008-10-20 13:46 . 2000-05-22 14:58 115,920 --a------ c:\windows\system32\msinet.ocx 2008-10-18 10:19 . 2008-10-18 10:19 <DIR> d-------- c:\program files\Microsoft Games 2008-10-14 13:01 . 2008-09-15 04:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-14 13:01 . 2008-09-08 02:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-14 13:00 . 2008-08-14 02:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-14 13:00 . 2008-08-14 02:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-14 13:00 . 2008-08-14 01:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-14 13:00 . 2008-08-14 01:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-10 21:39 . 2008-04-13 16:11 21,504 --a------ c:\windows\system32\hidserv.dll 2008-10-10 21:39 . 2008-04-13 16:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll 2008-10-09 10:46 . 2008-11-05 19:55 12 --a------ c:\windows\bthservsdp.dat 2008-10-09 10:32 . 2008-10-09 10:32 <DIR> d-------- c:\program files\iTunes 2008-10-09 10:32 . 2008-10-09 10:32 <DIR> d-------- c:\program files\iPod 2008-10-09 10:32 . 2008-10-09 10:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-08 13:10 . 2008-04-13 16:12 151,552 --a------ c:\windows\system32\irftp.exe 2008-10-08 13:10 . 2008-04-13 16:12 151,552 --a--c--- c:\windows\system32\dllcache\irftp.exe 2008-10-08 13:10 . 2008-04-13 16:11 28,160 --a------ c:\windows\system32\irmon.dll 2008-10-08 13:10 . 2008-04-13 16:11 28,160 --a--c--- c:\windows\system32\dllcache\irmon.dll 2008-10-08 13:10 . 2008-04-13 16:12 8,192 --a------ c:\windows\system32\wshirda.dll 2008-10-08 13:10 . 2008-04-13 16:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-07 23:42 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-11-06 02:56 --------- d-----w c:\program files\Microsoft Silverlight 2008-11-06 02:53 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-11-04 23:22 --------- d-----w c:\documents and settings\Owner\Application Data\OpenOffice.org2 2008-11-04 01:17 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-01 01:24 --------- d-----w c:\program files\Symantec 2008-10-29 23:16 --------- d-----w c:\documents and settings\Owner\Application Data\Symantec 2008-10-19 05:38 --------- d-----w c:\program files\Microsoft Picture It! 10 2008-10-10 04:30 --------- d-----w c:\documents and settings\Owner\Application Data\Vso 2008-10-03 22:31 --------- d-----w c:\documents and settings\Owner\Application Data\DivX 2008-10-03 22:28 --------- d-----w c:\program files\DivX 2008-10-03 22:01 --------- d-----w c:\program files\The Logo Creator v5 2008-10-03 17:35 --------- d-----w c:\program files\DVDFab Platinum 4 2008-10-03 04:33 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2008-10-03 04:33 47,360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys 2008-10-03 01:11 1,202 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat 2008-09-22 02:05 --------- d-----w c:\documents and settings\Owner\Application Data\Thinstall 2008-09-21 18:45 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-09-21 18:11 --------- d-----w c:\documents and settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-09-21 18:06 --------- d-----w c:\program files\Common Files\Adobe 2008-09-21 16:24 --------- d-----w c:\program files\Safari 2008-09-21 16:24 --------- d-----w c:\documents and settings\Owner\Application Data\Apple Computer 2008-09-21 00:27 --------- d-----w c:\program files\Gabest 2008-09-16 18:28 --------- dc-h--w c:\documents and settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151} 2008-09-16 00:14 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys 2008-09-16 00:14 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys 2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe 2008-09-16 00:14 43,528 ------w c:\windows\system32\drivers\pxhelp20.sys 2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll 2008-09-16 00:14 129,784 ------w c:\windows\system32\pxafs.dll 2008-09-16 00:14 120,056 ------w c:\windows\system32\pxcpyi64.exe 2008-09-16 00:14 118,520 ------w c:\windows\system32\pxinsi64.exe 2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll 2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll 2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll 2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll 2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll 2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll 2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll 2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll 2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll 2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll 2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll 2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll 2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll 2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe 2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll 2008-09-15 22:01 196,608 ----a-w c:\windows\system32\avisynth.dll 2008-09-15 22:01 --------- d-----w c:\program files\GordianKnot 2008-09-15 22:01 --------- d-----w c:\program files\DivXCodec 2008-09-15 22:00 414,272 ----a-w c:\windows\system32\DivXc32f.dll 2008-09-15 22:00 414,272 ----a-w c:\windows\system32\DivXc32.dll 2008-09-15 22:00 33,280 ----a-w c:\windows\system32\HUFFYUV.DLL 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-12 22:28 --------- d-----w c:\documents and settings\Owner\Application Data\Any Video Converter 2008-09-12 04:33 --------- d-----w c:\program files\Bonjour 2008-09-12 04:32 --------- d-----w c:\program files\QuickTime 2008-09-12 04:32 --------- d-----w c:\program files\Common Files\Apple 2008-09-12 04:30 --------- d-----w c:\program files\Apple Software Update 2008-09-10 21:51 --------- d-----w c:\program files\Three Rings Design 2008-09-10 04:49 --------- d-----w c:\program files\Java 2008-09-10 01:18 --------- d-----w c:\program files\BitComet 2008-09-09 02:35 --------- d-----w c:\program files\VstPlugins 2008-09-09 01:17 --------- d-----w c:\program files\OpenOffice.org 2.4 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2008-09-07 05:46 --------- d-----w c:\program files\Any Video Converter 2008-09-07 05:43 --------- d-----w c:\program files\Aimersoft 2008-09-07 05:05 --------- d-----w c:\program files\Lexmark 2300 Series 2008-08-29 17:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-08-29 16:53 61,440 ----a-w c:\windows\system32\dnssd.dll 2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-23 15:26 368,640 ----a-w c:\windows\system32\ReWire.dll 2008-08-23 15:26 233,472 ----a-w c:\windows\system32\REX Shared Library.dll 2008-08-15 00:09 155,995 ----a-w c:\windows\java\Packages\7P7NVT3P.ZIP 2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded] @="{4433A54A-1AC8-432F-90FC-85F045CF383C}" [HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}] 2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending] @="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}" [HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}] 2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected] @="{476D0EA3-80F9-48B5-B70B-05E677C9C148}" [HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}] 2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168] "IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-12-06 9138176] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 275800] "VX3000"="c:\windows\vVX3000.exe" [2006-12-05 707360] "V0500Mon.exe"="c:\windows\V0500Mon.exe" [2007-11-02 32768] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-25 94208] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-25 77824] "Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512] "CHotkey"="zHotkey.exe" [2005-05-03 c:\windows\zHotkey.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BigFix.lnk - c:\program files\BigFix\BigFix.exe [2008-08-13 1742384] Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2008-08-13 729088] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= c:\windows\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.HFYU"= huffyuv.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\WINDOWS\\system32\\lxcgcoms.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "22079:TCP"= 22079:TCP:BitComet 22079 TCP "22079:UDP"= 22079:UDP:BitComet 22079 UDP R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 MSCamSvc;MSCamSvc;c:\program files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 240408] S1 lusbaudio;Logitech USB Microphone;c:\windows\system32\drivers\OVSound2.sys [2001-08-17 25216] S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888] S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\DRIVERS\OVCE.sys [2001-08-17 31872] S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\DRIVERS\V0500Vid.sys [2007-10-31 251264] *Newly Created Service* - COMHOST *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{837A2318-6C43-814E-B152-DB2D2A8D36C5}] c:\windows\system32\svch0st.exe . Contents of the 'Scheduled Tasks' folder 2008-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS REMOVED - - - - HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL HKLM-Run-SigmatelSysTrayApp - sttray.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pyzp7dpl.default\ FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-07 15:47:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-07 15:48:44 ComboFix-quarantined-files.txt 2008-11-07 23:48:35 Pre-Run: 187,545,952,256 bytes free Post-Run: 187,567,304,704 bytes free 271 --- E O F --- 2008-10-24 10:00:41
Hey palak Please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file. Rename HijackThis(.exe) to scanner(.exe). Next, run scanner(.exe). A window will pop up. • Click on the button which says Main Menu, then Do a system scan and save a logfile. • Please wait for the scan to be completed. • After the scan has completed, a text window will pop up. Please post the contents of this window here. This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved. NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer. Tell me what problems you have left. Best Regards
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:15:12 PM, on 11/8/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\zHotkey.exe C:\WINDOWS\V0500Mon.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe C:\Program Files\Norton 360\ScanStub.exe C:\WINDOWS\system32\lxcgcoms.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Owner\Desktop\HiJackThis\scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [V0500Mon.exe] C:\WINDOWS\V0500Mon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 8707 bytes
i just have a few questions, can i delete combofix and hijack this now? and uninstall SUPERAntiSpyware, or do i need to keep them? and THANK YOU SO MUCH FOR YOUR HELP!!! my computer works perfectly fine now.
Hey palak You are clean now! Yes, it is recommended to delete HijackThis and Combofix, but I would recommend keeping Superantispyware to scan regularly in case of an infection. Best Regards
