Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Controlling my internet address & removing it

Started by Classy2 , Mar 19 2005 02:34 AM

  • This topic is locked This topic is locked

#1
Classy2
Posted 19 March 2005 - 02:34 AM

Classy2

    Member

  • Member
  • PipPipPip
  • 242 posts
The below address is what comes after I sign out of hotmail.

http://login.passpor...uilogout.srf?lc
=1033&id=6528&ru=http%3a%2f%2f
www.msn.com%&tw=14400&kv=5&ct=
1110457488&cb
=0&msppjph=1&ems=1&ver=
2.1.0191.1&tpf=bdfc81e7f8cd06cc0a99
cabcb21691fa&rollrs=11
Its a blank page except for its saying:
"Geek Hero " killed (# of bugs)

I ran Registry Cleaner, Ccleaner, Adware SE but I cant get rid of this page!

I have read how to to copy and paste or open notepad to locate a log, but Im not sure I understand it.
Is there any easier way to show you a log?
  • 0

Advertisements

#2
Guest_thatman_*
Posted 19 March 2005 - 07:01 AM

Guest_thatman_*
  • Guest
Hi Classy2

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

Kc :tazz:
  • 0

#3
Classy2
Posted 28 March 2005 - 05:18 AM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
I turned off Restore and turned on to show hidden files. Im not sure if I placed the HJT log in the right place. I am very new at this but im willing to learn with very explicit directions. I have done a factory reinstall at least four times within the last 6 months. I am home alot and like speaking with my friends on yahoo messenger, but now since I used AVG and Trogan Hunter my yahoo is no longer working, even after uninstalling and installing many times.
Im not familar with and sort of editing or delting of files. But im not affraid to learn.
Please help me cut out unnecessary files and help me getting my yahoo back.

Logfile of HijackThis v1.99.1
Scan saved at 5:56:17 AM, on 3/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\kmw_run.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\rmmpkm.exe
C:\WINDOWS\System32\KMW_SHOW.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Cuddles\My Documents\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mssn.com/homepage.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rmmpkm.exe
O4 - HKLM\..\Run: [Geek Superhero] C:\Program Files\Geek Superhero\GeekSuperhero.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#4
Guest_thatman_*
Posted 28 March 2005 - 05:36 AM

Guest_thatman_*
  • Guest
Hi Classy2

Welcome to geekstogo

Please read through the instructions before you start (you may want to print this out).

Download CW-Shredder at the link below:
CWShredder
Unzip the program

Run CWShredder to fix your CWS problem.

Download the Microsoft Antispyware
Unzip the program, then run Microsoft Antispyware.

Download the CCleaner unzip the file to install.
Open CCleaner.
Place a check by everything in the Applications tab.
Place a check by Internet Explorer, Windows explorer, and System in the Windows tab.
Run the ccleaner

Please set your system to show all files; please see here if you're unsure how to do this.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mssn.com/homepage.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:

C:\Program Files\WildTangent<--Delete the whole folder

Exit Explorer,

Run the ccleaner

Reboot into normal mode.

The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Please post the logs From both virus scans and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#5
Classy2
Posted 28 March 2005 - 07:01 AM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
I just deleted Wild Tagent. I downloadd and ran the Shredder the log disappeard after I clicked ''fix it''. Im not sure where the log is located but after I fixed it , it reported (no CWS was found.)
Before scaning HJT I used AVG, Reg Cleaner, CCleaner, AdWare SE.
And I have Sybot Search & Destroy running. Although I am unsure what to do when it asked whether I want to make this change.
AVG doesnt include much help. Is this ' microsoft Antispyware any more user friendly?
I know the importance of a firewall and downloaded SP1 3 months ago only to lose my internet connection thus left me with no place to go for instructions. And wasnt there an update on a patch for SP1a? I havent any printer to print out the ''troubleshooting'' on installing it, nor did I understand about ''setting it up''
  • 0

#6
Guest_thatman_*
Posted 28 March 2005 - 07:07 AM

Guest_thatman_*
  • Guest
Hi Classy2

Post a new HJT.Log let me see how you got on.

Kc :tazz:
  • 0

#7
Classy2
Posted 28 March 2005 - 07:39 AM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
Am I supposed to click on ''fix checked'', before sending you a log or after? If after wheree can I find the most up to date log?
Sorry for the delay but I have not notification of your response since my yahoo email has been deleted.

Logfile of HijackThis v1.99.1
Scan saved at 8:30:10 AM, on 3/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\kmw_run.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\KMW_SHOW.EXE
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Cuddles\My Documents\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mssn.com/homepage.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Geek Superhero] C:\Program Files\Geek Superhero\GeekSuperhero.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rmmpkm.exe
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#8
Guest_thatman_*
Posted 28 March 2005 - 07:49 AM

Guest_thatman_*
  • Guest
Hi Classy2

Please download this program: http://www.trojaner-...gi?file=sphjfix

Unzip the file then run the program

Post back with a new HJT.Log

Kc :tazz:
  • 0

#9
Classy2
Posted 28 March 2005 - 08:22 AM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
The above link showed this error; error 13, Run-Time mixmatch.

Will you be online much longer? Id apprec it if you can help me get my yahoo back, which i did an uninstal in safe mode.
  • 0

#10
Classy2
Posted 28 March 2005 - 08:28 AM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
Is there a way I can monitor when you sent me a new reply?
  • 0

Advertisements

#11
Guest_thatman_*
Posted 28 March 2005 - 09:03 AM

Guest_thatman_*
  • Guest
Hi Classy2

Click on FireFox in my signature.
Download the program unzip the file and see if you can connect.

This link is working for me http://www.trojaner-...gi?file=sphjfix
Try it again.

Use FireFox and try to download again, the only way you can see I have posted to your thread is at the bottom of the wiewing window my name will move off the page.

Kc :tazz:
  • 0

#12
Classy2
Posted 28 March 2005 - 09:38 AM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
I ran virus program called Micro Tend. It found 2 trojans
1 --- Downloader C
2 ---Downloader D
Both could not be removed.
Anoher problem which I forgot to tell you; everytime Id type my first letter into the logon in yahoo messenger, it would close. Can these trojans be the problem?
  • 0

#13
Guest_thatman_*
Posted 28 March 2005 - 10:15 AM

Guest_thatman_*
  • Guest
Hi Classy2

Update Ad-aware se, reboot into safemode now scan your system with AD-aware se
Then post the log file from Ad-aware and a new HJT.Log

Kc :tazz:
  • 0

#14
Classy2
Posted 29 March 2005 - 10:43 PM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
Hi Kc,
I updated Ad Ware and ran it in the ''safe mode'' after I ran ad ware, is automatically to ''quarantine'' and make backups.
Kc I appologize to what might seem to familair in finding logs after ''fixing or "deleting" is foregin to me because the info had no use to me.

Anyway, I magaged to get of copy of Ad Ware log. However, Im not sidnt fix any thing found because I do not know how to ''fix'' and find the "fixed log" nor where to save it. It was a guess to save it to notepad and keep it in ''my documents.

I
ArchiveData(auto-quarantine- 2005-03-25 13-25-47.bckp)
Referencefile : SE1R34 23.03.2005
======================================================

IBIS TOOLBAR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Process : C:\Program Files\Common Files\WinTools\WToolsS.exe
obj[1]=Process : C:\PROGRA~1\Toolbar\TBPSSvc.exe
obj[225]=Regkey : protocols\handler\tpro
obj[226]=RegValue : protocols\handler\tpro ""
obj[227]=RegValue : protocols\handler\tpro "CLSID"
obj[228]=Regkey : protocols\name-space handler\res\toolbar.resprotocol
obj[229]=RegValue : protocols\name-space handler\res\toolbar.resprotocol ""
obj[230]=Regkey : protocols\name-space handler\res\wtoolsb.resprotocol
obj[231]=RegValue : protocols\name-space handler\res\wtoolsb.resprotocol ""
obj[232]=Regkey : toolbar.resprotocol
obj[233]=RegValue : toolbar.resprotocol ""
obj[234]=Regkey : wtoolsb.resprotocol
obj[235]=RegValue : wtoolsb.resprotocol ""
obj[236]=Regkey : clsid\{a8deb4a5-d9ef-4d21-b4f6-921475004e7d}
obj[237]=RegValue : clsid\{a8deb4a5-d9ef-4d21-b4f6-921475004e7d} ""
obj[238]=Regkey : clsid\{f1616b86-9288-489d-b71a-0ccf2f1a89da}
obj[239]=RegValue : clsid\{f1616b86-9288-489d-b71a-0ccf2f1a89da} ""
obj[240]=Regkey : clsid\{339bb23f-a864-48c0-a59f-29ea915965ec}
obj[241]=RegValue : clsid\{339bb23f-a864-48c0-a59f-29ea915965ec} ""
obj[242]=Regkey : clsid\{ff76a5da-6158-4439-99ff-edc1b3fe100c}
obj[243]=RegValue : clsid\{ff76a5da-6158-4439-99ff-edc1b3fe100c} ""
obj[244]=Regkey : clsid\{8952a998-1e7e-4716-b23d-3dbe03910972}
obj[245]=RegValue : clsid\{8952a998-1e7e-4716-b23d-3dbe03910972} ""
obj[246]=Regkey : clsid\{87766247-311c-43b4-8499-3d5fec94a183}
obj[247]=RegValue : clsid\{87766247-311c-43b4-8499-3d5fec94a183} ""
obj[248]=Regkey : clsid\{87067f04-de4c-4688-bc3c-4fcf39d609e7}
obj[249]=Regkey : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}
obj[250]=RegValue : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6} ""
obj[251]=Regkey : interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}
obj[252]=RegValue : interface\{234f09fb-fe89-4c6d-9203-31832fc051c3} ""
obj[253]=Regkey : clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}
obj[254]=RegValue : clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128} ""
obj[255]=Regkey : clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}
obj[256]=RegValue : clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904} ""
obj[257]=Regkey : tbps.pluginevents
obj[258]=RegValue : tbps.pluginevents ""
obj[259]=Regkey : tbps.pluginserver
obj[260]=RegValue : tbps.pluginserver ""
obj[261]=Regkey : tbps.pluginconfig
obj[262]=RegValue : tbps.pluginconfig ""
obj[263]=Regkey : interface\{f273d4ea-2025-4410-8408-251a0cd46be7}
obj[264]=RegValue : interface\{f273d4ea-2025-4410-8408-251a0cd46be7} ""
obj[265]=Regkey : interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}
obj[266]=RegValue : interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303} ""
obj[267]=Regkey : interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}
obj[268]=RegValue : interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd} ""
obj[269]=Regkey : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
obj[270]=RegValue : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711} ""
obj[271]=Regkey : tbps.toolbarscript
obj[272]=RegValue : tbps.toolbarscript ""
obj[273]=Regkey : interface\{66c22569-f05c-4a70-a142-763b337e1002}
obj[274]=RegValue : interface\{66c22569-f05c-4a70-a142-763b337e1002} ""
obj[275]=Regkey : typelib\{b23b3add-84b1-414a-92b9-0cabe5a781f4}
obj[276]=Regkey : interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}
obj[277]=RegValue : interface\{99aa88d1-d9d3-410a-be9e-044f94c183da} ""
obj[278]=Regkey : typelib\{37ac49e3-e906-4bd8-ae83-d0f7fb48fd17}
obj[279]=Regkey : clsid\{cae0999f-78c5-49dc-9f30-13142aaaaba4}
obj[280]=RegValue : clsid\{cae0999f-78c5-49dc-9f30-13142aaaaba4} ""
obj[281]=Regkey : interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}
obj[282]=RegValue : interface\{618be527-b7f5-417c-bc51-98fdc2d6de61} ""
obj[283]=Regkey : tbps.plugindown
obj[284]=RegValue : tbps.plugindown ""
obj[285]=Regkey : clsid\{310cc549-4541-46a9-940f-52b342a6e682}
obj[286]=RegValue : clsid\{310cc549-4541-46a9-940f-52b342a6e682} ""
obj[287]=Regkey : interface\{d1951679-1d52-43fc-9585-0737143585f5}
obj[288]=RegValue : interface\{d1951679-1d52-43fc-9585-0737143585f5} ""
obj[289]=Regkey : clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}
obj[290]=RegValue : clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3} ""
obj[291]=Regkey : tbps.plugininst
obj[292]=RegValue : tbps.plugininst ""
obj[293]=Regkey : S-1-5-21-224621903-808743801-2304659736-1008\software\wintools
obj[294]=RegValue : S-1-5-21-224621903-808743801-2304659736-1008\software\wintools "hminlzz2ym5hx3rk4irx"
obj[295]=RegValue : S-1-5-21-224621903-808743801-2304659736-1008\software\wintools "a4ix"
obj[296]=RegValue : S-1-5-21-224621903-808743801-2304659736-1008\software\wintools "alk3hm"
obj[297]=RegValue : S-1-5-21-224621903-808743801-2304659736-1008\software\wintools "4irx2y4mnrk"
obj[298]=RegValue : S-1-5-21-224621903-808743801-2304659736-1008\software\wintools "hrl4nyirlx2j4xz"
obj[299]=RegValue : S-1-5-21-224621903-808743801-2304659736-1008\software\wintools "hr8g8kmi4xz"
obj[300]=RegValue : S-1-5-21-224621903-808743801-2304659736-1008\software\wintools "hrhrirlx2j4xz"
obj[301]=RegValue : S-1-5-21-224621903-808743801-2304659736-1008\software\wintools "hrhrirlx2j25s"
obj[302]=RegValue : S-1-5-21-224621903-808743801-2304659736-1008\software\wintools "hrjy3ralsr4xz"
obj[303]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{8952a998-1e7e-4716-b23d-3dbe03910972}
obj[304]=RegValue : software\microsoft\windows\currentversion\explorer\browser helper objects\{8952a998-1e7e-4716-b23d-3dbe03910972} ""
obj[305]=Regkey : software\wintools
obj[306]=RegValue : software\wintools "hminlzz2ym5hx3rk"
obj[307]=RegValue : software\wintools "hminlzzzrwrz"
obj[308]=RegValue : software\wintools "lkkrzl7"
obj[309]=RegValue : software\wintools "lkjhn2j"
obj[310]=RegValue : software\wintools "lkbd4xz"
obj[311]=RegValue : software\wintools "lkixw4xz"
obj[312]=RegValue : software\wintools "libkrzl7"
obj[313]=RegValue : software\wintools "25s2jr2bjy4x"
obj[314]=RegValue : software\wintools "25s4xz"
obj[315]=RegValue : software\wintools "25swrx"
obj[316]=RegValue : software\wintools "5x62lalk"
obj[317]=RegValue : software\wintools "5x62labd"
obj[318]=RegValue : software\wintools "5x62laiar2"
obj[319]=RegValue : software\wintools "hminlzz2ym5hx3t"
obj[320]=RegValue : software\wintools "hminlzz2ym5hx3i7i"
obj[321]=RegValue : software\wintools "hminlzz2ym5hx3i7iru"
obj[322]=RegValue : software\wintools "hminlzzijyd"
obj[323]=RegValue : software\wintools "4mhminlcy4nhm5y"
obj[324]=RegValue : software\wintools "4mhmin2ym5hx3"
obj[325]=RegValue : software\wintools "4mhminml3r"
obj[326]=RegValue : software\wintools "4mhmina4czhijrx"
obj[327]=RegValue : software\wintools "wrxcyir"
obj[328]=RegValue : software\wintools "5hxinlk"
obj[329]=RegValue : software\wintools "5hxinbd"
obj[330]=RegValue : software\wintools "4mml3rlk"
obj[331]=RegValue : software\wintools "4mml3rbd"
obj[332]=RegValue : software\wintools "4mml3rri"
obj[333]=RegValue : software\wintools "4mml3rhri"
obj[334]=RegValue : software\wintools "4mml3rja"
obj[335]=RegValue : software\wintools "4mml3rlkbd"
obj[336]=RegValue : software\wintools "4mml3rrihri"
obj[337]=RegValue : software\wintools "4mhminlzzhm5yt"
obj[338]=RegValue : software\wintools "4mhminlzzhm5y1"
obj[339]=RegValue : software\wintools "5hxinrbd"
obj[340]=RegValue : software\wintools "5x62larbd"
obj[341]=RegValue : software\wintools "x4zrirua"
obj[342]=RegValue : software\wintools "x4zriinya"
obj[343]=RegValue : software\wintools "lk4mh4xz"
obj[344]=RegValue : software\wintools "rmlczrjy3ralsr"
obj[345]=RegValue : software\wintools "librmlczrjy3ralsr"
obj[346]=RegValue : software\wintools "rmlczr8g8"
obj[347]=RegValue : software\wintools "librmlczr8g8"
obj[348]=RegValue : software\wintools "rmlczrli"
obj[349]=RegValue : software\wintools "librmlczrli"
obj[350]=RegValue : software\wintools "rmlczrhri"
obj[351]=RegValue : software\wintools "librmlczrhri"
obj[352]=RegValue : software\wintools "4mkralk"
obj[353]=RegValue : software\wintools "4mkrabd"
obj[354]=RegValue : software\wintools "4mkrari"
obj[355]=RegValue : software\wintools "4mkrahri"
obj[356]=RegValue : software\wintools "4mkraja"
obj[357]=RegValue : software\wintools "rmlczrlki"
obj[358]=RegValue : software\wintools "rmlczrl4nyhmin"
obj[359]=RegValue : software\wintools "rmlczrbdlki"
obj[360]=RegValue : software\wintools "n4hk"
obj[361]=RegValue : software\wintools "k25s4ak"
obj[362]=RegValue : software\wintools "24irxi"
obj[363]=RegValue : software\wintools "kydmklnr"
obj[364]=RegValue : software\wintools "2lki"
obj[365]=RegValue : software\wintools "2zlki"
obj[366]=RegValue : software\wintools "2rlki"
obj[367]=RegValue : software\wintools "2zrlki"
obj[368]=RegValue : software\wintools "2bd"
obj[369]=RegValue : software\wintools "2zbd"
obj[370]=RegValue : software\wintools "2rbd"
obj[371]=RegValue : software\wintools "2zrbd"
obj[372]=RegValue : software\wintools "2rrbd"
obj[373]=RegValue : software\wintools "2zrrbd"
obj[374]=RegValue : software\wintools "2xhr"
obj[375]=RegValue : software\wintools "2zxhr"
obj[376]=RegValue : software\wintools "28g8"
obj[377]=RegValue : software\wintools "2z8g8"
obj[378]=RegValue : software\wintools "2li"
obj[379]=RegValue : software\wintools "2zli"
obj[380]=RegValue : software\wintools "llrmli"
obj[381]=RegValue : software\wintools "llrm8g8"
obj[382]=RegValue : software\wintools "z225s"
obj[383]=RegValue : software\wintools "25s6xri"
obj[384]=RegValue : software\wintools "li4xz"
obj[385]=RegValue : software\wintools "khminlzz"
obj[386]=RegValue : software\wintools "25sixwwlx"
obj[387]=RegValue : software\wintools "kydm4xziw2"
obj[388]=RegValue : software\wintools "kydm4xzihnr"
obj[389]=RegValue : software\wintools "kydm4xzkr5"
obj[390]=RegValue : software\wintools "kydm4xzaxr5"
obj[391]=RegValue : software\wintools "kydm4xzbd4"
obj[392]=RegValue : software\wintools "kydm4xzbdk"
obj[393]=RegValue : software\wintools "zlh"
obj[394]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{87766247-311c-43b4-8499-3d5fec94a183}
obj[402]=RegValue : software\microsoft\internet explorer\toolbar "{339BB23F-A864-48C0-A59F-29EA915965EC}"
obj[409]=Regkey : common.buttons\clsid
obj[410]=RegValue : common.buttons\clsid ""
obj[411]=Regkey : software\toolbar
obj[412]=RegValue : software\toolbar "LastSA"
obj[413]=RegValue : software\toolbar "JDBINFO"
obj[414]=RegValue : software\toolbar "JDBINFOShow"
obj[415]=RegValue : software\toolbar "SEAINFO"
obj[416]=RegValue : software\toolbar "SEAINFOShow"
obj[417]=RegValue : software\toolbar "KImport_Hash"
obj[418]=Regkey : software\microsoft\windows\currentversion\installer\userdata\sto
obj[419]=RegValue : software\microsoft\windows\currentversion\installer\userdata\sto "C"
obj[420]=RegValue : software\microsoft\windows\currentversion\installer\userdata\sto "A"
obj[421]=Regkey : software\microsoft\windows\currentversion\uninstall\ttool_uninstall
obj[422]=RegValue : software\microsoft\windows\currentversion\uninstall\ttool_uninstall "DisplayName"
obj[423]=RegValue : software\microsoft\windows\currentversion\uninstall\ttool_uninstall "UninstallString"
obj[424]=RegValue : software\microsoft\windows\currentversion\uninstall\ttool_uninstall "DisplayIcon"
obj[425]=Regkey : software\toolbar
obj[426]=RegValue : software\toolbar "TB_ID"
obj[427]=RegValue : software\toolbar "CFG_VER"
obj[428]=RegValue : software\toolbar "CHECK_DAYS"
obj[429]=RegValue : software\toolbar "CAPTION"
obj[430]=RegValue : software\toolbar "AUTOHIGHLIGHT"
obj[431]=RegValue : software\toolbar "AUTOSEARCH"
obj[432]=RegValue : software\toolbar "AUTOSESEARCH"
obj[433]=RegValue : software\toolbar "AUTOCOMPLETE"
obj[434]=RegValue : software\toolbar "USECTRLENTER"
obj[435]=RegValue : software\toolbar "USEALTENTER"
obj[436]=RegValue : software\toolbar "USESHIFTENTER"
obj[437]=RegValue : software\toolbar "ALLOWUPDATE"
obj[438]=RegValue : software\toolbar "KEEPHISTORY"
obj[439]=RegValue : software\toolbar "PRESERVEHISTORY"
obj[440]=RegValue : software\toolbar "NARROWSEARCH"
obj[441]=RegValue : software\toolbar "AUTOSHOW"
obj[442]=RegValue : software\toolbar "TAKEADSUPPORTSETTINGS"
obj[443]=RegValue : software\toolbar "DISABLEADSUPPORTSEARCH"
obj[444]=RegValue : software\toolbar "DIALOG_PAUSE"
obj[445]=RegValue : software\toolbar "REGISTRATION_PAUSE"
obj[446]=RegValue : software\toolbar "URL_FOLDER_NAME"
obj[447]=RegValue : software\toolbar "URL_ITEMS_1"
obj[448]=RegValue : software\toolbar "URL_ITEMS_2"
obj[449]=RegValue : software\toolbar "URL_ITEMS_3"
obj[450]=RegValue : software\toolbar "URL_ITEMS_4"
obj[451]=RegValue : software\toolbar "INSTALL_CONFIRM_1"
obj[452]=RegValue : software\toolbar "UNINSTALL_CONFIRM"
obj[453]=RegValue : software\toolbar "INSTALL_CONFIRM_SYS"
obj[454]=RegValue : software\toolbar "INSTALL_CONFIRM_SYSEX"
obj[455]=RegValue : software\toolbar "RECOVERY_URL"
obj[456]=RegValue : software\toolbar "NONUTF_DOMAINS"
obj[457]=RegValue : software\toolbar "KEYWORDS_IMPORT"
obj[458]=RegValue : software\toolbar "BB_HELP_URL"
obj[459]=RegValue : software\toolbar "SEARCH_INST"
obj[460]=RegValue : software\toolbar "BBDSERVICE"
obj[461]=RegValue : software\toolbar "OBE_FCAP"
obj[462]=RegValue : software\toolbar "OVERRIDE_HOMEPAGE_DIALOG"
obj[463]=RegValue : software\toolbar "USEENTER"
obj[464]=RegValue : software\toolbar "USEAUTOSEARCH"
obj[465]=RegValue : software\toolbar "ERROR404"
obj[466]=RegValue : software\toolbar "OVERRIDE_AUTOSEARCH_DIALOG"
obj[467]=RegValue : software\toolbar "AUTO_SEARCH"
obj[468]=RegValue : software\toolbar "ERROR_PAGE"
obj[469]=RegValue : software\toolbar "NO_AUTOSEARCH_HOOK"
obj[470]=RegValue : software\toolbar "USESEARCHASSISTANT"
obj[471]=RegValue : software\toolbar "OVERRIDE_IESEARCH_DIALOG"
obj[472]=RegValue : software\toolbar "SEARCH_PAGE"
obj[473]=RegValue : software\toolbar "SEARCH_PAGE_INFO"
obj[474]=RegValue : software\toolbar "USEBB"
obj[475]=RegValue : software\toolbar "OVERRIDE_BBACTIVATE_DIALOG"
obj[476]=RegValue : software\toolbar "ACSIZE"
obj[477]=RegValue : software\toolbar "USEBBENH"
obj[478]=RegValue : software\toolbar "POPUPBLOCKER"
obj[479]=RegValue : software\toolbar "OVERRIDE_JSDEBUG_DIALOG"
obj[480]=RegValue : software\toolbar "DEACTIVATETOOLBARS"
obj[481]=RegValue : software\toolbar "OVERRIDE_DEACTIVATE_DIALOG"
obj[482]=RegValue : software\toolbar "IE_RESET"
obj[483]=RegValue : software\toolbar "ITime"
obj[484]=RegValue : software\toolbar "IGU"
obj[485]=RegValue : software\toolbar "STUI"
obj[486]=RegValue : software\toolbar "IEC"
obj[487]=RegValue : software\toolbar "SEC"
obj[488]=RegValue : software\toolbar "SOC"
obj[489]=RegValue : software\toolbar "GSTC"
obj[490]=RegValue : software\toolbar "UC"
obj[491]=RegValue : software\toolbar "AllowUseDefskin"
obj[492]=RegValue : software\toolbar "RTime"
obj[493]=RegValue : software\toolbar "UCL"
obj[494]=RegValue : software\toolbar "LastCFG"
obj[495]=RegValue : software\toolbar "IE4"
obj[496]=RegValue : software\toolbar "IAS"
obj[497]=RegValue : software\toolbar "STC"
obj[498]=RegValue : software\toolbar "AVGSEARCH"
obj[499]=Regkey : software\microsoft\windows\currentversion\uninstall\wintools
obj[500]=RegValue : software\microsoft\windows\currentversion\uninstall\wintools "DisplayName"
obj[501]=RegValue : software\microsoft\windows\currentversion\uninstall\wintools "UninstallString"
obj[502]=RegValue : software\microsoft\windows\currentversion\uninstall\wintools "Publisher"
obj[503]=RegValue : software\microsoft\windows\currentversion\uninstall\wintools "URLInfoAbout"
obj[504]=Regkey : system\controlset001\services\wintoolssvc
obj[505]=RegValue : system\controlset001\services\wintoolssvc "Type"
obj[506]=RegValue : system\controlset001\services\wintoolssvc "Start"
obj[507]=RegValue : system\controlset001\services\wintoolssvc "ErrorControl"
obj[508]=RegValue : system\controlset001\services\wintoolssvc "ImagePath"
obj[509]=RegValue : system\controlset001\services\wintoolssvc "DisplayName"
obj[510]=RegValue : system\controlset001\services\wintoolssvc "ObjectName"
obj[511]=Regkey : system\controlset002\services\wintoolssvc
obj[512]=RegValue : system\controlset002\services\wintoolssvc "Type"
obj[513]=RegValue : system\controlset002\services\wintoolssvc "Start"
obj[514]=RegValue : system\controlset002\services\wintoolssvc "ErrorControl"
obj[515]=RegValue : system\controlset002\services\wintoolssvc "ImagePath"
obj[516]=RegValue : system\controlset002\services\wintoolssvc "DisplayName"
obj[517]=RegValue : system\controlset002\services\wintoolssvc "ObjectName"
obj[518]=Regkey : system\currentcontrolset\services\wintoolssvc
obj[519]=RegValue : system\currentcontrolset\services\wintoolssvc "Type"
obj[520]=RegValue : system\currentcontrolset\services\wintoolssvc "Start"
obj[521]=RegValue : system\currentcontrolset\services\wintoolssvc "ErrorControl"
obj[522]=RegValue : system\currentcontrolset\services\wintoolssvc "ImagePath"
obj[523]=RegValue : system\currentcontrolset\services\wintoolssvc "DisplayName"
obj[524]=RegValue : system\currentcontrolset\services\wintoolssvc "ObjectName"
obj[529]=Regkey : system\currentcontrolset\services\tbpssvc
obj[530]=RegValue : system\currentcontrolset\services\tbpssvc "Type"
obj[531]=RegValue : system\currentcontrolset\services\tbpssvc "Start"
obj[532]=RegValue : system\currentcontrolset\services\tbpssvc "ErrorControl"
obj[533]=RegValue : system\currentcontrolset\services\tbpssvc "ImagePath"
obj[534]=RegValue : system\currentcontrolset\services\tbpssvc "DisplayName"
obj[535]=RegValue : system\currentcontrolset\services\tbpssvc "ObjectName"
obj[536]=RegValue : system\currentcontrolset\services\tbpssvc "Description"
obj[537]=RegValue : software\microsoft\windows\currentversion\explorer "ServerProc"
obj[538]=RegValue : software\microsoft\windows\currentversion\run "WinTools"
obj[539]=RegValue : software\microsoft\windows\currentversion\run "TBPS"
obj[540]=Folder : C:\Program Files\Toolbar
obj[541]=Folder : C:\Program Files\common files\WinTools
obj[585]=File : C:\Program Files\toolbar\common.dll
obj[586]=File : C:\Program Files\toolbar\gykhxlmu.rmr
obj[587]=File : C:\Program Files\toolbar\IExploreSkins.exe
obj[588]=File : C:\Program Files\toolbar\nzqlihv.wzg
obj[589]=File : C:\Program Files\toolbar\PIB.exe
obj[590]=File : C:\Program Files\toolbar\radio.exe
obj[591]=File : C:\Program Files\toolbar\TBPS.exe
obj[592]=File : C:\Program Files\toolbar\TBPSSvc.exe
obj[593]=File : C:\Program Files\toolbar\toolbar.dll
obj[594]=File : C:\Program Files\toolbar\xlmurin.wzg
obj[595]=File : C:\Program Files\toolbar\yywr.wzg
obj[596]=File : C:\Program Files\toolbar\yywsv.wzg
obj[597]=File : C:\Program Files\toolbar\zwipvbh.wzg
obj[598]=File : C:\Program Files\common files\wintools\rmhgxlmu.wzg
obj[599]=File : C:\Program Files\common files\wintools\WSup.exe
obj[600]=File : C:\Program Files\common files\wintools\WToolsA.exe
obj[601]=File : C:\Program Files\common files\wintools\WToolsB.dll
obj[602]=File : C:\Program Files\common files\wintools\WToolsC.cfg
obj[603]=File : C:\Program Files\common files\wintools\WToolsD.cfg
obj[604]=File : C:\Program Files\common files\wintools\WToolsP.cfg
obj[605]=File : C:\Program Files\common files\wintools\WToolsR.cfg
obj[606]=File : C:\Program Files\common files\wintools\WToolsS.exe
obj[607]=File : C:\Program Files\common files\wintools\WToolsU.cfg
obj[608]=File : C:\WINDOWS\System32\TBPS.ini
obj[609]=File : c:\documents and settings\all users\start menu\programs\web search tools\Frequently Asked Questions.url
obj[610]=File : c:\documents and settings\all users\start menu\programs\web search tools\Home.url
obj[611]=File : c:\documents and settings\all users\start menu\programs\web search tools\Privacy Policy.url
obj[612]=File : c:\documents and settings\all users\start menu\programs\web search tools\Terms of Use.url

ADROTATOR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[2]=Regkey : clsid\{017c20c1-f86f-11d8-9b25-000acd002ae3}
obj[3]=RegValue : clsid\{017c20c1-f86f-11d8-9b25-000acd002ae3} ""
obj[613]=File : C:\WINDOWS\searchen.dat

BARGAINBUDDY
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[4]=Regkey : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516e2a3}
obj[5]=Regkey : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\helpdir
obj[6]=RegValue : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\helpdir ""
obj[7]=Regkey : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\flags
obj[8]=RegValue : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\flags ""
obj[9]=Regkey : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\0
obj[10]=Regkey : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0
obj[11]=RegValue : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0 ""
obj[12]=Regkey : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}
obj[13]=Regkey : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}
obj[14]=RegValue : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} ""
obj[15]=Regkey : interface\{c6906a23-4717-4e1f-b6fd-f06ebed12468}
obj[16]=RegValue : interface\{c6906a23-4717-4e1f-b6fd-f06ebed12468} ""
obj[17]=Regkey : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}
obj[18]=RegValue : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} ""
obj[19]=Regkey : interface\{8eee58d5-130e-4cbd-9c83-35a0564e2468}
obj[20]=RegValue : interface\{8eee58d5-130e-4cbd-9c83-35a0564e2468} ""
obj[21]=Regkey : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}
obj[22]=RegValue : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da} ""
obj[23]=Regkey : clsid\{ce188402-6ee7-4022-8868-ab25173a3e14}
obj[24]=RegValue : clsid\{ce188402-6ee7-4022-8868-ab25173a3e14} ""
obj[25]=Regkey : cb.urlcatcher.1
obj[26]=RegValue : cb.urlcatcher.1 ""
obj[27]=Regkey : cb.urlcatcher
obj[28]=RegValue : cb.urlcatcher ""
obj[29]=Regkey : adp.urlcatcher.1
obj[30]=RegValue : adp.urlcatcher.1 ""
obj[31]=Regkey : adp.urlcatcher
obj[32]=RegValue : adp.urlcatcher ""
obj[33]=Regkey : software\cashback
obj[34]=RegValue : software\cashback "MainDir"
obj[35]=RegValue : software\cashback "Binary"
obj[36]=RegValue : software\cashback "ConfigUpdateQueryUrl"
obj[37]=RegValue : software\cashback "ADDataUpdateQueryUrl"
obj[38]=RegValue : software\cashback "SoftwareUpdateQueryUrl"
obj[39]=RegValue : software\cashback "ServerName"
obj[40]=RegValue : software\cashback "ServerPath"
obj[41]=RegValue : software\cashback "TrackingServerPath"
obj[42]=RegValue : software\cashback "TrackingGIFURL"
obj[43]=RegValue : software\cashback "AffiliateURLUID"
obj[44]=RegValue : software\cashback "AutoFlashParam"
obj[45]=RegValue : software\cashback "AutoSwfURL"
obj[46]=RegValue : software\cashback "ClickFlashParam"
obj[47]=RegValue : software\cashback "ClickSwfURL"
obj[48]=RegValue : software\cashback "CBUpdateAccParam"
obj[49]=RegValue : software\cashback "CBSignupWelcomeParam"
obj[50]=RegValue : software\cashback "CBBalance"
obj[51]=RegValue : software\cashback "SliderHTML00"
obj[52]=RegValue : software\cashback "SliderHTML01"
obj[53]=RegValue : software\cashback "SliderHTML02"
obj[54]=RegValue : software\cashback "SliderHTML03"
obj[55]=RegValue : software\cashback "SliderHTML04"
obj[56]=RegValue : software\cashback "SliderHTML05"
obj[57]=RegValue : software\cashback "SliderHTML06"
obj[58]=RegValue : software\cashback "SliderHTML07"
obj[59]=RegValue : software\cashback "SliderHTML08"
obj[60]=RegValue : software\cashback "SliderHTML09"
obj[61]=RegValue : software\cashback "CBSignUpURL"
obj[62]=RegValue : software\cashback "CBServer"
obj[63]=RegValue : software\cashback "ServerPort"
obj[64]=RegValue : software\cashback "Referral"
obj[65]=RegValue : software\cashback "UpdateQueryDuration"
obj[66]=RegValue : software\cashback "UpdateQueryFailedDuration"
obj[67]=RegValue : software\cashback "BuildNumber"
obj[68]=RegValue : software\cashback "CBSignupFailedDuration"
obj[69]=RegValue : software\cashback "CBIconAnimationEnable"
obj[70]=RegValue : software\cashback "CBSliderEnable"
obj[71]=RegValue : software\cashback "CBBalloonMsgEnable"
obj[72]=RegValue : software\cashback "CBSignUpDelay"
obj[73]=RegValue : software\cashback "TrackingFileFlag"
obj[74]=RegValue : software\cashback "FirstHit"
obj[75]=RegValue : software\cashback "PartnerName"
obj[76]=RegValue : software\cashback "PartnerID"
obj[77]=RegValue : software\cashback "SystemInstallTime"
obj[78]=RegValue : software\cashback "CBID"
obj[79]=RegValue : software\cashback "CBPW"
obj[80]=RegValue : software\cashback "UniqueKey"
obj[81]=RegValue : software\cashback "errorCheck"
obj[82]=RegValue : software\cashback "ConfigVersion"
obj[83]=RegValue : software\cashback "ADDataVersion"
obj[84]=RegValue : software\cashback "LastQueryTime"
obj[85]=Regkey : software\bargains
obj[86]=RegValue : software\bargains "MainDir"
obj[87]=RegValue : software\bargains "Binary"
obj[88]=RegValue : software\bargains "ConfigUpdateQueryUrl"
obj[89]=RegValue : software\bargains "ADDataUpdateQueryUrl"
obj[90]=RegValue : software\bargains "SoftwareUpdateQueryUrl"
obj[91]=RegValue : software\bargains "ServerName"
obj[92]=RegValue : software\bargains "ServerPath"
obj[93]=RegValue : software\bargains "SliderLegalText"
obj[94]=RegValue : software\bargains "ServerPort"
obj[95]=RegValue : software\bargains "UpdateQueryDuration"
obj[96]=RegValue : software\bargains "UpdateQueryFailedDuration"
obj[97]=RegValue : software\bargains "BuildNumber"
obj[98]=RegValue : software\bargains "AdvDelaySec"
obj[99]=RegValue : software\bargains "TrackingFileFlag"
obj[100]=RegValue : software\bargains "RestartADPDuration"
obj[101]=RegValue : software\bargains "FirstHit"
obj[102]=RegValue : software\bargains "PartnerName"
obj[103]=RegValue : software\bargains "PartnerID"
obj[104]=RegValue : software\bargains "SystemInstallTime"
obj[105]=RegValue : software\bargains "UniqueKey"
obj[106]=RegValue : software\bargains "IdleMinutesThreshold"
obj[107]=RegValue : software\bargains "MinMinutesBetweenTwoADs"
obj[108]=RegValue : software\bargains "MaxDomainCap"
obj[109]=RegValue : software\bargains "MinCountOfUrlsBetweenTwoADs"
obj[110]=RegValue : software\bargains "MaxDailyCapPerUSer"
obj[111]=RegValue : software\bargains "ConfigVersion"
obj[112]=RegValue : software\bargains "ADDataVersion"
obj[113]=RegValue : software\bargains "LastQueryTime"
obj[114]=Regkey : software\microsoft\windows\currentversion\uninstall\bargainbuddy
obj[115]=RegValue : software\microsoft\windows\currentversion\uninstall\bargainbuddy "DisplayName"
obj[116]=RegValue : software\microsoft\windows\currentversion\uninstall\bargainbuddy "UninstallString"
obj[117]=RegValue : software\microsoft\windows\currentversion\uninstall\bargainbuddy "Publisher"
obj[118]=RegValue : software\microsoft\windows\currentversion\uninstall\bargainbuddy "URLInfoAbout"
obj[119]=RegValue : software\microsoft\windows\currentversion\uninstall\bargainbuddy "DisplayVersion"
obj[120]=RegValue : software\microsoft\windows\currentversion\uninstall\bargainbuddy "DisplayIcon"
obj[121]=RegValue : software\microsoft\windows\currentversion\uninstall\bargainbuddy "NoModify"
obj[122]=RegValue : software\microsoft\windows\currentversion\uninstall\bargainbuddy "NoRepair"
obj[123]=Regkey : software\microsoft\windows\currentversion\uninstall\cashback
obj[124]=RegValue : software\microsoft\windows\currentversion\uninstall\cashback "DisplayName"
obj[125]=RegValue : software\microsoft\windows\currentversion\uninstall\cashback "UninstallString"
obj[126]=RegValue : software\microsoft\windows\currentversion\uninstall\cashback "Publisher"
obj[127]=RegValue : software\microsoft\windows\currentversion\uninstall\cashback "DisplayVersion"
obj[128]=RegValue : software\microsoft\windows\currentversion\uninstall\cashback "URLInfoAbout"
obj[129]=RegValue : software\microsoft\windows\currentversion\uninstall\cashback "Readme"
obj[130]=RegValue : software\microsoft\windows\currentversion\uninstall\cashback "HelpLink"
obj[131]=RegValue : software\microsoft\windows\currentversion\uninstall\cashback "DisplayIcon"
obj[132]=RegValue : software\microsoft\windows\currentversion\uninstall\cashback "NoModify"
obj[133]=RegValue : software\microsoft\windows\currentversion\uninstall\cashback "NoRepair"
obj[397]=RegValue : software\microsoft\windows\currentversion\run "BullsEye Network"
obj[398]=RegValue : software\microsoft\windows\currentversion\run "CashBack"
obj[578]=File : C:\WINDOWS\System32\exul1.exe
obj[579]=File : C:\WINDOWS\System32\exul3.exe
obj[582]=File : C:\WINDOWS\System32\instsrv.exe

BOOKEDSPACE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[134]=Regkey : appid\bookedspace.dll
obj[135]=RegValue : appid\bookedspace.dll "AppID"
obj[136]=Regkey : bookedspace.extension
obj[137]=RegValue : bookedspace.extension ""
obj[138]=Regkey : bookedspace.extension.5
obj[139]=RegValue : bookedspace.extension.5 ""
obj[140]=Regkey : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
obj[141]=Regkey : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
obj[142]=RegValue : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e} ""
obj[143]=Regkey : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
obj[144]=RegValue : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622} ""
obj[145]=Regkey : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
obj[146]=RegValue : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9} ""
obj[147]=RegValue : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9} "AppID"
obj[148]=Regkey : software\bookedspace

BROWSERAID
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[149]=Regkey : _atl_generated.searchtoolbarbho
obj[150]=RegValue : _atl_generated.searchtoolbarbho ""
obj[151]=Regkey : _atl_generated.searchtoolbarbho.1
obj[152]=RegValue : _atl_generated.searchtoolbarbho.1 ""
obj[153]=Regkey : _atl_generated.searchtoolbarname
obj[154]=RegValue : _atl_generated.searchtoolbarname ""
obj[155]=Regkey : _atl_generated.searchtoolbarname.1
obj[156]=RegValue : _atl_generated.searchtoolbarname.1 ""
obj[157]=Regkey : clsid\{12ee7a5e-0674-42f9-a76a-000000004d00}
obj[158]=RegValue : clsid\{12ee7a5e-0674-42f9-a76a-000000004d00} ""
obj[159]=RegValue : clsid\{12ee7a5e-0674-42f9-a76a-000000004d00} "AppID"
obj[160]=Regkey : clsid\{12ee7a5e-0674-42f9-a76b-000000004d00}
obj[161]=RegValue : clsid\{12ee7a5e-0674-42f9-a76b-000000004d00} ""
obj[162]=RegValue : clsid\{12ee7a5e-0674-42f9-a76b-000000004d00} "AppID"
obj[163]=Regkey : clsid\{e004800a-73c6-4587-b855-98d0ce0c16b1}

obj[164]=RegValue : clsid\{e004800a-73c6-4587-b855-98d0ce0c16b1} "uid2"
obj[165]=Regkey : typelib\{12ee7a5e-0674-42f9-a76c-000000004d00}
obj[166]=Regkey : software\microsoft\internet explorer\explorer bars\{12ee7a5e-0674-42f9-a76b-000000004d00}
obj[167]=RegValue : software\microsoft\internet explorer\explorer bars\{12ee7a5e-0674-42f9-a76b-000000004d00} "BarSize"
obj[399]=RegValue : software\microsoft\windows\currentversion\run "{12EE7A5E-0674-42f9-A76B-000000004D00}"

DYFUCA
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[168]=Regkey : typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}
obj[169]=Regkey : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}
obj[170]=RegValue : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} ""
obj[171]=Regkey : dyfuca_bh.bhobj.1
obj[172]=RegValue : dyfuca_bh.bhobj.1 ""
obj[173]=Regkey : dyfuca_bh.bhobj
obj[174]=RegValue : dyfuca_bh.bhobj ""
obj[175]=Regkey : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}
obj[176]=RegValue : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8} ""
obj[177]=Regkey : software\microsoft\windows\currentversion\uninstall\dyfuca
obj[188]=Regkey : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
obj[189]=RegValue : software\microsoft\windows\currentversion\uninstall\Internet Optimizer "DisplayIcon"
obj[190]=RegValue : software\microsoft\windows\currentversion\uninstall\Internet Optimizer "DisplayName"
obj[191]=RegValue : software\microsoft\windows\currentversion\uninstall\Internet Optimizer "UninstallString"
obj[192]=Regkey : software\avenue media
obj[193]=Regkey : software\policies\avenue media
obj[400]=RegValue : software\microsoft\windows\currentversion\run "Internet Optimizer"
obj[542]=Regkey : software\microsoft\windows\currentversion\uninstall\kapabout
obj[543]=RegValue : software\microsoft\windows\currentversion\uninstall\kapabout "Comment"
obj[544]=RegValue : software\microsoft\windows\currentversion\uninstall\kapabout "DComment"
obj[545]=Folder : C:\Program Files\Internet Optimizer
obj[576]=File : C:\WINDOWS\nem220.dll
obj[614]=File : C:\Program Files\internet optimizer\optimize.exe

ELITUM.ELITEBARBHO
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[194]=Regkey : clsid\{825cf5bd-8862-4430-b771-0c15c5ca8def}
obj[195]=RegValue : clsid\{825cf5bd-8862-4430-b771-0c15c5ca8def} ""
obj[196]=Regkey : clsid\{28caeff3-0f18-4036-b504-51d73bd81abc}
obj[197]=RegValue : clsid\{28caeff3-0f18-4036-b504-51d73bd81abc} ""
obj[198]=Regkey : clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}
obj[199]=RegValue : clsid\{be8d0059-d24d-4919-b76f-99f4a2203647} ""
obj[200]=Regkey : clsid\{ed103d9f-3070-4580-ab1e-e5c179c1ae41}
obj[201]=RegValue : clsid\{ed103d9f-3070-4580-ab1e-e5c179c1ae41} ""
obj[202]=Regkey : clsid\{0a1d22c3-37be-470c-9c29-e3074ee0574b}
obj[203]=Regkey : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar
obj[204]=RegValue : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar "UninstallString"
obj[205]=RegValue : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar "DisplayName"
obj[206]=RegValue : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar "DisplayIcon"
obj[207]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{28caeff3-0f18-4036-b504-51d73bd81abc}
obj[208]=RegValue : software\microsoft\windows\currentversion\explorer\browser helper objects\{28caeff3-0f18-4036-b504-51d73bd81abc} ""
obj[209]=Regkey : software\elitum\elitetoolbar
obj[210]=RegValue : software\elitum\elitetoolbar "axparam"
obj[211]=RegValue : software\elitum\elitetoolbar "popupblocker"
obj[212]=RegValue : software\elitum\elitetoolbar "AccountNumber"
obj[213]=RegValue : software\elitum\elitetoolbar "uninstalled"
obj[214]=RegValue : software\elitum\elitetoolbar "_show"
obj[215]=RegValue : software\elitum\elitetoolbar "FirstTimeStarted"
obj[216]=RegValue : software\elitum\elitetoolbar "SearchIndex"
obj[217]=RegValue : software\elitum\elitetoolbar "AutoComplete"
obj[218]=RegValue : software\elitum\elitetoolbar "ac1"
obj[219]=RegValue : software\elitum\elitetoolbar "adult.tbr"
obj[220]=RegValue : software\elitum\elitetoolbar "default.tbr"
obj[221]=RegValue : software\elitum\elitetoolbar "search.mnu"
obj[222]=RegValue : software\elitum\elitetoolbar "version"
obj[223]=RegValue : software\elitum\elitetoolbar "path"
obj[224]=RegValue : software\elitum\elitetoolbar "UpdateDate"
obj[401]=RegValue : software\microsoft\internet explorer\toolbar "{825CF5BD-8862-4430-B771-0C15C5CA8DEF}"
obj[546]=Regkey : software\elitum
obj[547]=Folder : C:\WINDOWS\EliteToolBar
obj[615]=File : C:\WINDOWS\elitetoolbar\EliteToolBar version 59.dll
obj[616]=File : C:\WINDOWS\elitetoolbar\EliteToolBar version 60.dll

SAHAGENT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[395]=Regkey : software\winsock2\layered provider sample

180SOLUTIONS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[396]=RegValue : software\salm "partner_id"
obj[406]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run "salm"
obj[407]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run "bypkh"
obj[548]=Regkey : software\salm
obj[549]=RegValue : software\salm "did"
obj[550]=RegValue : software\salm "duid"
obj[551]=RegValue : software\salm "product_id"
obj[552]=RegValue : software\salm "mt1"
obj[553]=RegValue : software\salm "mt2"
obj[554]=RegValue : software\salm "mt3"
obj[555]=RegValue : software\salm "gma"
obj[556]=RegValue : software\salm "gvi"
obj[557]=RegValue : software\salm "gpi"
obj[558]=RegValue : software\salm "boom"
obj[559]=RegValue : software\salm "boom_ver"
obj[560]=Regkey : software\microsoft\windows\currentversion\uninstall\salm
obj[561]=RegValue : software\microsoft\windows\currentversion\uninstall\salm "DisplayName"
obj[562]=RegValue : software\microsoft\windows\currentversion\uninstall\salm "UninstallString"
obj[563]=RegValue : software\microsoft\windows\currentversion\uninstall\salm "DisplayIcon"
obj[574]=File : c:\temp\salm.exe
obj[575]=File : c:\windows\bypkh.exe
obj[617]=File : c:\temp\salm.log

POSSIBLE BROWSER HIJACK ATTEMPT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[403]=RegData : Software\Microsoft\Internet Explorer\Main "SearchAssistant"
obj[404]=RegData : Software\Microsoft\Internet Explorer\Search "SearchAssistant"
obj[405]=RegData : Software\Microsoft\Internet Explorer\Search "CustomizeSearch"

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[408]=IECache Entry : Cookie:[email protected]/

DEALHELPER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[564]=RegValue : software\microsoft\internet explorer\toolbar\webbrowser "{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
obj[577]=File : C:\WINDOWS\System32\dun.exe
obj[580]=File : C:\WINDOWS\System32\gzhrlp.exe
obj[584]=File : C:\WINDOWS\System32\qejdak.exe

WINDUPDATES
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[565]=Regkey : system\currentcontrolset\services\zesoft
obj[566]=RegValue : system\currentcontrolset\services\zesoft "Type"
obj[567]=RegValue : system\currentcontrolset\services\zesoft "Start"
obj[568]=RegValue : system\currentcontrolset\services\zesoft "ErrorControl"
obj[569]=RegValue : system\currentcontrolset\services\zesoft "ImagePath"
obj[570]=RegValue : system\currentcontrolset\services\zesoft "DisplayName"
obj[571]=RegValue : system\currentcontrolset\services\zesoft "ObjectName"
obj[572]=RegValue : system\currentcontrolset\services\zesoft "Description"
obj[581]=File : C:\WINDOWS\System32\ide21201.vxd

PRUTECT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[573]=Regkey : software\microsoft\downloadmanager
obj[583]=File : C:\WINDOWS\System32\prutqct.exe

OTHER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[618]=File : C:\WINDOWS\prefetch\RADIO.EXE-0FD15F50.pf
  • 0

#15
Classy2
Posted 30 March 2005 - 02:55 AM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
I keep getting an Veritas Update Manger with a bar thats trying to configure it.
This is what the window says;
Click Ok,to try again, or enter an alternate path to a folder containing the Installation Package " S Guard.msi" n the below box. In the box it has this path;
C:\DOCUM~1Owner\Locals~1\Temp\Vies4258\UM\

On my search on the net, in thinking I could just download this missing file; I found the b

veritas updater is used by a program called stomp, or other programs by record now they are cd/dvd copying programs you all need to either uninstall the programs and then reinstal them or if you have already uninstalled them you need to re-instal the program and uninstall correctly, just find a program called stomp record now max and install it, it doesnt matter oif you have a burner or not though i assume you all have, that will re-install SGuard.msi and all your troubles will be gone.

Im aware when I am trying to clean my computer,and now I you Kc sharing your tincredible patience and knowledge, Im no longer alone in taking guesses to fix my computer. From a woman who computer open my world up, thank you Kc.
And Im sorry for writting too much but thats the woman in me.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP