Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus: Software referall.com[RESOLVED]


  • This topic is locked This topic is locked

#1
Hawkair66

Hawkair66

    Member

  • Member
  • PipPip
  • 13 posts
Hello everyone,
This is my first time posting....that's most likely because this is my first major virus!

I am operating a Sony PVC RX550 Pentium 4
Operating System is XP Home SP2
Using Norton 360 and Spyware Doctor

Problem started after I started with Bitcomet....

Next thing I new, I had 3 new icons on my screen and when my IE started up, it tried to redirect to 3 separate sites.
spyareisolator, scanneradwaremover and xpantiviruspro.

When the computer starts, I get a security warning about WormWin.32 infecting my computer. I know it's a fake because when I hit the ok button, it redirected my IE. I also have the red x button on the lower right hand side of my computer.

Today when I went to boot my computer, it took almost 3 hours to get all the pop ups down. I did a Hijack this scan which is below and after this scan, I ran CCCleaner. Yesterday I ran Panda ActiveScan as mentioned on your web site.

Here is a copy of the HiJackthis summary:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:43 PM, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SXG Advisor - {E3FB9237-4475-437B-8C10-299097A8C0A8} - C:\WINDOWS\dgtxrdfxlw.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ekvgsnw - {60570909-486A-4609-B7AE-CBCAA3831168} - C:\WINDOWS\ekvgsnw.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1176443151109
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) -
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O21 - SSODL: alofkmn - {42C86AD8-239A-42E9-B583-99CB3EC0EE62} - C:\WINDOWS\alofkmn.dll
O21 - SSODL: RunOnceDrive - {17fb058e-4427-461f-b9f3-2f26a4492966} - C:\WINDOWS\Installer\{17fb058e-4427-461f-b9f3-2f26a4492966}\RunOnceDrive.dll
O21 - SSODL: bxlrvps - {1601F75B-3E74-4F67-B089-3FC492A322D0} - C:\WINDOWS\bxlrvps.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9099 bytes

Appreciate any assistance you can provide
Roy
  • 0

Advertisements


#2
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Welcome to GeeksToGo. My name is RatHat, and I will help you get through the process of cleaning the malware from your computer.


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with.

Next, I would like to make sure that you can view hidden files and folders;
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading SELECT Show hidden files and folders.
  • UNCHECK the Hide protected operating system files (recommended) option.
  • UNCHECK the Hide extensions for known file types option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please post me an Uninstall List from HijackThis:
  • Re-Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU.zip on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
Download Adware.bfu and save it to the BFU folder.
Note In Internet Explorer, Right Click and choose Save Target As, in Firefox, Right Click and choose Save Link As.

Whilst you are still in the BFU folder;
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select Adware.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • On completion, allow the computer to be rebooted.
BFU will create a log in your root drive, normally C:\BFUlog.txt, please post the contents in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please read this Combofix tutorial before continuing, then follow the instructions below.

Download ComboFix from Here, Here or Here to your Desktop. (If you already have ComboFix, please delete it and download this new version).

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Save this log to your desktop as Combofix.txt and post it in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Finally, please run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan.

Click the Accept button.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display the results if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop as Kaspersky.txt.
  • Copy and paste that information in your next post.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next post, please include the following (Split this into two or three posts if required):
  • The HijackThis uninstall list
  • The contents of BFUlog.txt
  • The contents of Combofix.txt
  • The MBAM report
  • The contents of the Kaspersky log
  • A fresh HijackThis log, taken after completing the above

And let me know how the computer is behaving now.

Regards,
RatHat
  • 0

#3
Hawkair66

Hawkair66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello and thanks for the quick reply!
Here is how far I am:

Step One: Paste of Unistall_list.txt

Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Premiere Elements 4.0 Templates
Adobe Reader 7.0.9
Adobe Type Manager 4.0
AppCore
Apple Mobile Device Support
Apple Software Update
ArcSoft Camera Suite
ArcSoft Camera Suite 1.3
AV
Avery DesignPro
Avery?Wizard 2.1 forMicrosoft?Word 2000
BeClean
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 2.2
Canon MP530
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
ccCommon
CCleaner (remove only)
Chef Kitchen Management System
DivX
DivX Player
Easy CD Creator 5 Basic
Easy-WebPrint
FUJIFILM USB Driver
GearDrvs
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
InterActual Player
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Lyra Personal Audio Player (RD1021/1071/1075)
Macromedia Shockwave Player
Malwarebytes' RogueRemover
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSXML 6.0 Parser (KB933579)
MUSICMATCH?Jukebox
My Search Bar
My Web Search Bar
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
NTI CD-Maker 2000 Standard
OmniPage SE 2.0
Panda ActiveScan
Panda ActiveScan Pro
PCFriendly
Picasa
Pocket Cook Viewer
PowerDVD
Presto! PageManager 7.15.11
Quicken 2002 New User Edition
QuickTime
RealPlayer
Referentia Learning System
Rhapsody Player Engine
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Shockwave
SPBBC 32bit
Spyware Doctor 5.5
SuppSoft
Symantec Technical Support Controls
Symantec Technical Support Web Controls
SymNet
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USB Driver Vers. 3.2
VeohTV BETA
Viewpoint Media Player
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPcap 3.1 beta4
WinZip
Woodworking Projects for Everyone
X-Treme Woodworking - 8,500 Projects


Step Two
Contents of BFUlog.txt

BFU v1.11.0
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 8:48:58 AM, on 03/03/2008

Option Unload Explorer: Yes
Success: ProcessKillByPID 1380
Success: ProcessKill C:\WINDOWS\explorer.exe|1
Warning: unknown command 'OptionStatusOn' on line #10
Failed: DllUnregister \emlkdvo.dll|1 (file not found)
Failed: DllUnregister \egodktf.dll|1 (file not found)
Failed: DllUnregister \dopfwrlgwx.dll|1 (file not found)
Failed: DllUnregister \ensfolr.dll|1 (file not found)
Failed: DllUnregister \toprates.dll|1 (file not found)
Failed: DllUnregister \dxpvqlmqng.dll|1 (file not found)
Failed: DllUnregister \dxpvqlmgtv.dll|1 (file not found)
Failed: DllUnregister \domnftwqpd.dll|1 (file not found)
Failed: DllUnregister \winload.dll|1 (file not found)
Failed: DllUnregister \voipwet.dll|1 (file not found)
Failed: DllUnregister \vipextmst.dll|1 (file not found)
Failed: DllUnregister \alxvdvm.dll|1 (file not found)
Failed: DllUnregister \ampkfst.dll|1 (file not found)
Failed: DllUnregister \aslpmqk.dll|1 (file not found)
Failed: DllUnregister \asvdnmo.dll|1 (file not found)
Failed: DllUnregister \aswmklt.dll|1 (file not found)
Failed: DllUnregister \bgntlvo.dll|1 (file not found)
Failed: DllUnregister \bklgvsf.dll|1 (file not found)
Failed: DllUnregister \bqxomdo.dll|1 (file not found)
Failed: DllUnregister \bvtqfvx.dll|1 (file not found)
Failed: DllUnregister \bxsnvqt.dll|1 (file not found)
Failed: DllUnregister \gormet.dll|1 (file not found)
Failed: DllUnregister \jetctrl.dll|1 (file not found)
Failed: DllUnregister \kopmet.dll|1 (file not found)
Failed: DllUnregister \leorop.dll|1 (file not found)
Failed: DllUnregister \nopzet.dll|1 (file not found)
Failed: DllUnregister \pmkret.dll|1 (file not found)
Failed: DllUnregister \emlkdvo.dll|1 (file not found)
Failed: DllUnregister \dopfwrlgwx.dll|1 (file not found)
Failed: DllUnregister \ensfolr.dll|1 (file not found)
Failed: DllUnregister \toprates.dll|1 (file not found)
Failed: DllUnregister \dxpvqlmqng.dll|1 (file not found)
Failed: DllUnregister \dmdqdrxpsr.dll|1 (file not found)
Failed: DllUnregister \domnftwqpd.dll|1 (file not found)
Failed: DllUnregister \winload.dll|1 (file not found)
Failed: DllUnregister \vipextmst.dll|1 (file not found)
Failed: DllUnregister \voipwet.dll|1 (file not found)
Failed: DllUnregister \hdtip.dll|1 (file not found)
Failed: DllUnregister \werbetgxd.dll|1 (file not found)
Failed: DllUnregister \sdrmod.dll|1 (file not found)
Failed: DllUnregister \blopenvkgq.dll|1 (file not found)
Failed: DllUnregister \retnsrp.dll|1 (file not found)
Failed: DllUnregister \ttvbonsgr.dll|1 (file not found)
Failed: DllUnregister \adsoowf.dll|1 (file not found)
Failed: DllUnregister \leosrv.dll|1 (file not found)
Failed: DllUnregister \dpvtporrdw.dll|1 (file not found)
Failed: DllUnregister \elfwgps.dll|1 (file not found)
Failed: DllUnregister \emotrlq.dll|1 (file not found)
Failed: DllUnregister \bdmnopx.dll|1 (file not found)
Failed: DllUnregister \admggxp.dll|1 (file not found)
Failed: DllUnregister \dntpkwolsv.dll|1 (file not found)
Failed: DllUnregister \ekxdvft.dll|1 (file not found)
Failed: DllUnregister \dmdvpnsop.dll|1 (file not found)
Failed: DllUnregister \dopfwrlgfm.dll|1 (file not found)
Failed: DllUnregister \dpvtporfgp.dll|1 (file not found)
Failed: DllUnregister \ddwlxtqdpn.dll|1 (file not found)
Failed: DllUnregister \enqvwkp.dll|1 (file not found)
Failed: DllUnregister \agrlmvp.dll|1 (file not found)
Failed: DllUnregister \bmlvqkn.dll|1 (file not found)
Failed: DllUnregister \nsduo.dll|1 (file not found)
Failed: DllUnregister \msmhost.dll|1 (file not found)
Failed: DllUnregister \duocore.dll|1 (file not found)
Failed: DllUnregister \mxduo.dll|1 (file not found)
Failed: DllUnregister \wmpenv.dll|1 (file not found)
Failed: DllUnregister \wmpconf.dll|1 (file not found)
Failed: DllUnregister \bfrgnos.dll|1 (file not found)
Failed: DllUnregister \dwrmntsdnq.dll|1 (file not found)
Failed: DllUnregister \edfqvrw.dll|1 (file not found)
Failed: DllUnregister \afxlspw.dll|1 (file not found)
Failed: DllUnregister \dmdvpnslp.dll|1 (file not found)
Failed: DllUnregister \dgtxrdfxlw.dll|1 (file not found)
Failed: DllUnregister \alofkmn.dll|1 (file not found)
Failed: DllUnregister \bxlrvps.dll|1 (file not found)
Failed: DllUnregister \ekvgsnw.dll|1 (file not found)
Failed: DllUnregister \dgtxrdfntw.dll|1 (file not found)
Failed: DllUnregister \iefwbar.dll|1 (file not found)
Failed: DllUnregister \coolbar.dll|1 (file not found)
Failed: DllUnregister \bdeengine2.dll|1 (file not found)
Failed: DllUnregister \BDEimage.dll|1 (file not found)
Failed: DllUnregister \bdeplayer2.dll|0 (file not found)
Failed: DllUnregister \bdedetect1.dll|1 (file not found)
Failed: DllUnregister \bde3d_ref2.dll|1 (file not found)
Failed: DllUnregister \bdedata2.dll|1 (file not found)
Failed: DllUnregister \bdedownloader.dll|1 (file not found)
Failed: DllUnregister \bdefdi.dll|1 (file not found)
Failed: DllUnregister \bdeinsta2.dll|1 (file not found)
Failed: DllUnregister \bdeload.dll|1 (file not found)
Failed: DllUnregister \BDERastDx6_30002.dll|1 (file not found)
Failed: DllUnregister \BDERastMMX_30001.dll|1 (file not found)
Failed: DllUnregister \BDESac10.dll|1 (file not found)
Failed: DllUnregister \BDESac24.dll|1 (file not found)
Success: RegDelValue HKCU\software\microsoft\windows\currentversion\policies\system|DisableTaskMgr
Success: RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Hidden|1
Success: RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HideFileExt|0
Success: RegSetDwordValue HKCU\software\microsoft\windows\currentversion\policies\explorer|NoRun|0
Success: RegSetDwordValue HKCU\software\microsoft\windows\currentversion\policies\explorer|NoFolderOptions|0
Success: RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSetTaskbar|0
Success: RegSetDwordValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Hidden|1
Success: RegSetDwordValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HideFileExt|0
Success: RegSetDwordValue HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate|DoNotAllowXPSP2|0
Success: RegSetDwordValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer|NoFind|0
Success: RegSetDwordValue HKLM\software\microsoft\windows\currentversion\policies\explorer|NoFolderOptions|0
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{47906C8A-7A72-45A8-AA59-0CEC20BD3B36} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{45E9CE94-2C67-4230-92D0-E64ACD6EBA7F} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{3723900A-B26F-40EC-B606-B7B37132B83F} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{A972081B-E5FE-45E4-BE29-856D23403C4F} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{3FD92B49-9C06-4EBA-9580-056159561908} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{224E1433-F086-4BB1-B791-AF87F7629D93} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{382C8A97-BFEF-47B5-9770-87C4DE651E37} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{16A0662E-AC21-4AD9-89E8-7495AC5ACE93} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{521A5897-9EA7-43B4-A51D-B4C11D67BEEF} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{9EF873D0-0259-4D2A-AA60-F61FA5B28FE8} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{573E45AC-F20E-4DAF-AF6C-0775714BA0C1} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{13EDA0D4-F00D-43B9-8EF2-6313909D3143} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{940EBD8D-A3B7-44F9-A850-F60E76BE3B22} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{7D787886-3B24-401C-A7BC-AF950A1C3CAC} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{5B22CFDE-D43C-4F5C-8F6D-A20C959B85F7} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{27A4FA11-A0B1-4AB7-9A78-BD411FDEAA0D} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{339074ED-B124-4693-AC31-6BCC08B76030} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{6805E89A-2BD3-44B7-8B13-3278155F5D5E} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{7C54D75A-5D72-48B0-BE95-50350CD87A38} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{2106BEDE-F5E8-4DE8-A081-A7E5EAD1529B} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{7B1E78A2-2FC8-4947-A9D1-5177D10B38E6} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{BFAA078B-58E2-4E6C-BD54-BA2A5C6DA153} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{1817219B-D6DC-450A-B913-41F12BC05019} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{00C1B214-1408-4F51-90AE-7EDAC2FAC36E} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{FFB13247-794A-4E4F-8B97-937F906013D1} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{D573EDD4-5DEA-4DF1-9D5A-329D6861EDC8} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{B2F479AD-17DE-4F73-B844-7CF69003B916} (key does not exist)
Success: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{60570909-486A-4609-B7AE-CBCAA3831168}
Success: RegDelValue HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{60570909-486A-4609-B7AE-CBCAA3831168}
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{5415A533-17B1-4A38-B3CA-70AEEF8C41AC} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5415A533-17B1-4A38-B3CA-70AEEF8C41AC} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{038F228B-EED3-4A87-A565-F88FC99EBA91} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038F228B-EED3-4A87-A565-F88FC99EBA91} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{5085333B-FD15-4754-A571-852F7077C5F2} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5085333B-FD15-4754-A571-852F7077C5F2} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{3DAF1739-AB9E-493E-8DD7-F65CDF363BCB} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3DAF1739-AB9E-493E-8DD7-F65CDF363BCB} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{5C28ED27-37BE-40EA-9AEB-FCC19F72682F} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C28ED27-37BE-40EA-9AEB-FCC19F72682F} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{87EF7048-8905-4E82-862E-65004D4DFA80} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87EF7048-8905-4E82-862E-65004D4DFA80} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{2BDEC973-B5AC-4e5b-8AB3-5A0500880DA2} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2BDEC973-B5AC-4e5b-8AB3-5A0500880DA2} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{986F4076-F780-4FD2-93C7-6A8C9DAFD7B0} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{986F4076-F780-4FD2-93C7-6A8C9DAFD7B0} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{1AC7107A-938F-4347-864C-C51E49EC586E} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1AC7107A-938F-4347-864C-C51E49EC586E} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{2B159383-78BB-4D21-A799-95AABC81ACED} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B159383-78BB-4D21-A799-95AABC81ACED} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{059947A2-838E-4773-9EE2-8AB8F53C2EDE} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{059947A2-838E-4773-9EE2-8AB8F53C2EDE} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{31DE3194-C748-48BB-B620-2D0156B5E1AD} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31DE3194-C748-48BB-B620-2D0156B5E1AD} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{5F1F01A9-4013-4C28-90E9-8C50F03B5E37} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5F1F01A9-4013-4C28-90E9-8C50F03B5E37} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{F08487B1-AFEC-45CF-B2E9-D05DEE137D22} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F08487B1-AFEC-45CF-B2E9-D05DEE137D22} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{83CDEF6B-98D2-4C60-84FC-00C44606A4F8} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83CDEF6B-98D2-4C60-84FC-00C44606A4F8} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{56F043F0-CD47-47AE-B459-416A07545CA1} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56F043F0-CD47-47AE-B459-416A07545CA1} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{A8565FBC-8D53-4D4F-9BB0-CBC68A22B126} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8565FBC-8D53-4D4F-9BB0-CBC68A22B126} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{BC165164-78D0-4209-A878-8E6692C768FF} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BC165164-78D0-4209-A878-8E6692C768FF} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{FC516858-0D83-408E-9A76-B16DD182ADAA} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC516858-0D83-408E-9A76-B16DD182ADAA} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{D79A1DFF-DF93-4AE0-851C-A1F8CA9C78F5} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D79A1DFF-DF93-4AE0-851C-A1F8CA9C78F5} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{F9FFA9CB-C9C9-42D5-8F4D-CFA33D45D572} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9FFA9CB-C9C9-42D5-8F4D-CFA33D45D572} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{E48B3E0C-2D23-4249-BE65-23A8719284E3} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E48B3E0C-2D23-4249-BE65-23A8719284E3} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{98B55BD1-39BB-4446-895D-BF6A7A23CE70} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98B55BD1-39BB-4446-895D-BF6A7A23CE70} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{4BF7B3BF-B8B5-439D-A9EB-9272CB92186F} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4BF7B3BF-B8B5-439D-A9EB-9272CB92186F} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{65990097-F699-4216-9270-80572B89D23F} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65990097-F699-4216-9270-80572B89D23F} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{8FC29A8D-F29D-477E-B428-0F942E23A960} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8FC29A8D-F29D-477E-B428-0F942E23A960} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{E587DEAB-947E-4BF0-8439-BDC82913A9AE} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E587DEAB-947E-4BF0-8439-BDC82913A9AE} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{88418AA3-16F5-4FC2-A9D8-90B1266DF841} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88418AA3-16F5-4FC2-A9D8-90B1266DF841} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{208D7BCC-9857-4C9E-823B-D04E72490A67} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{208D7BCC-9857-4C9E-823B-D04E72490A67} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{76F30661-76C7-48CD-B18E-64F388AE030B} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76F30661-76C7-48CD-B18E-64F388AE030B} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{6FFDE480-14C1-43FC-BEC1-CA97A2541FFD} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FFDE480-14C1-43FC-BEC1-CA97A2541FFD} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{81F4697D-617D-40B4-85BA-C7684D9BC543} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81F4697D-617D-40B4-85BA-C7684D9BC543} (key does not exist)
Success: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{E3FB9237-4475-437B-8C10-299097A8C0A8}
Success: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3FB9237-4475-437B-8C10-299097A8C0A8}
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{858D0A33-C1E1-48BE-AF1D-7FC2088651FD} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{858D0A33-C1E1-48BE-AF1D-7FC2088651FD} (key does not exist)
Success: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad|alofkmn
Success: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad|bxlrvps
Failed: RegDeleteKey HKCR\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{23ed2206-856d-461a-bbcf-1c2466ac5ae3} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{736b5468-bdad-41be-92d0-22ae2ddf7bcb} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{a95b2816-1d7e-4561-a202-68c0de02353a} (key does not exist)
Failed: RegDeleteKey HKCU\software\microsoft\internet explorer\toolbar\webbrowser|{11a69ae4-fbed-4832-a2bf-45af82825583} (key does not exist)
Failed: RegDeleteKey HKCU\software\microsoft\internet explorer\toolbar\webbrowser|{23ed2206-856d-461a-bbcf-1c2466ac5ae3} (key does not exist)
Failed: RegDeleteKey HKLM\software\microsoft\internet explorer\toolbar|{11a69ae4-fbed-4832-a2bf-45af82825583} (key does not exist)
Failed: RegDeleteKey HKLM\software\microsoft\internet explorer\toolbar|{23ed2206-856d-461a-bbcf-1c2466ac5ae3} (key does not exist)
Failed: RegDeleteKey HKLM\software\microsoft\internet explorer\toolbar|{736b5468-bdad-41be-92d0-22ae2ddf7bcb} (key does not exist)
Failed: RegDeleteKey HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{a95b2816-1d7e-4561-a202-68c0de02353a} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{2342db04-08ce-4cf6-976d-bd9efa960efb} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{9056a11f-5ea6-4a67-bde9-8d3c7c453dac} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{92f02779-6d88-4958-8ad3-83c12d86adc7} (key does not exist)
Failed: RegDeleteKey HKCR\fizzlebar.clsdockwindow (key does not exist)
Failed: RegDeleteKey HKCR\fizzlebar.clsfwbar (key does not exist)
Failed: RegDeleteKey HKCR\interface\{3116ed38-8599-4261-8f81-f43266ffaaff} (key does not exist)
Failed: RegDeleteKey HKCR\interface\{36a89c39-da76-49d6-98f8-0cbec6b8b352} (key does not exist)
Failed: RegDeleteKey HKCR\typelib\{549ad254-492d-42b5-8909-34f14348d4bc} (key does not exist)
Failed: RegDeleteKey HKLM\software\fwbar2 (key does not exist)
Failed: RegDeleteKey HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{7d6bec01-15e2-46f0-8ed3-d715de09a8f9} (key does not exist)
Failed: RegDeleteKey HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{9056a11f-5ea6-4a67-bde9-8d3c7c453dac} (key does not exist)
Failed: RegDeleteKey HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{2AF8CED6-5BD8-4310-A90C-9664EFB16B10} (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.HTMLMenu (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.HTMLMenu.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.HTMLMenu.2 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.HistoryKillerScheduler (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.HistoryKillerScheduler.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.HistorySwatterControlBar (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.HistorySwatterControlBar.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.IECookiesManager (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.IECookiesManager.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.KillerObjManager (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.KillerObjManager.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.PopSwatterBarButton (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.PopSwatterBarButton.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.PopSwatterSettingsControl (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.PopSwatterSettingsControl.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProductsInstaller.Start (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProductsInstaller.Start.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.BrowserOverlayBarButton (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.BrowserOverlayBarButton.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.BrowserOverlayEmbed (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.BrowserOverlayEmbed.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.DataControl (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.DataControl.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.ShellViewControl (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.ShellViewControl.1 (key does not exist)
Failed: RegDeleteKey HKCR\MTSScreenSaverControl.ScreenSaverInstaller (key does not exist)
Failed: RegDeleteKey HKCR\MyWayToolBar.NetscapeShutdown (key does not exist)
Failed: RegDeleteKey HKCR\MyWayToolBar.NetscapeShutdown.1 (key does not exist)
Failed: RegDeleteKey HKCR\MyWayToolBar.NetscapeStartup (key does not exist)
Failed: RegDeleteKey HKCR\MyWayToolBar.NetscapeStartup.1 (key does not exist)
Failed: RegDeleteKey HKCR\MyWayToolBar.SettingsPlugin (key does not exist)
Failed: RegDeleteKey HKCR\MyWayToolBar.SettingsPlugin.1 (key does not exist)
Success: RegDeleteKey HKCR\MyWebSearch.HTMLPanel
Success: RegDeleteKey HKCR\MyWebSearch.HTMLPanel.1
Failed: RegDeleteKey HKCR\MyWebSearch.OutlookAddin (key does not exist)
Failed: RegDeleteKey HKCR\MyWebSearch.OutlookAddin.1 (key does not exist)
Success: RegDeleteKey HKCR\MyWebSearch.PseudoTransparentPlugin
Success: RegDeleteKey HKCR\MyWebSearch.PseudoTransparentPlugin.1
Failed: RegDeleteKey HKCR\MyWebSearchToolBar.SettingsPlugin (key does not exist)
Failed: RegDeleteKey HKCR\MyWebSearchToolBar.SettingsPlugin.1 (key does not exist)
Failed: RegDeleteKey HKCR\MyWebSearch.ChatSessionPlugin (key does not exist)
Failed: RegDeleteKey HKCR\MyWebSearch.ChatSessionPlugin.1 (key does not exist)
Failed: RegDeleteKey HKCR\MyWebSearchToolBar.ToolbarPlugin (key does not exist)
Failed: RegDeleteKey HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (key does not exist)
Failed: RegDeleteKey HKCR\ScreenSaverControl.ScreenSaverInstaller (key does not exist)
Failed: RegDeleteKey HKCR\ScreenSaverConntrol.ScreenSaverInstaller.1 (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (key does not exist)
Success: RegDeleteKey HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Failed: RegDeleteKey HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{A6573479-9075-4A65-98A6-19FD29CF7374} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{D778513B-1C40-4819-B0C5-49E40B39AFD0} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{2763E333-B168-41A0-A112-D35F96F410C0} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (key does not exist)
Success: RegDeleteKey HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Failed: RegDeleteKey HKCR\Interface\{38A7C9DA-8DB7-4D0F-A7B1-C4B1A305BDDB} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (key does not exist)
Success: RegDeleteKey HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Failed: RegDeleteKey HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{8D292EC0-6792-4A38-82ED-73A087E41BA6} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{621FEACD-8857-43A6-AE26-451D670D5370} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{98635087-3F5D-418F-990C-B1EFE0797A3B} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C} (key does not exist)
Failed: RegDeleteKey HKCR\MIME\Database\Content Type\application/x-f3embed (key does not exist)
Failed: RegDeleteKey HKCR\Software\Excite (key does not exist)
Failed: RegDeleteKey HKCR\Software\Fun Web Products (key does not exist)
Failed: RegDeleteKey HKCR\Software\MyWebSearch (key does not exist)
Failed: RegDeleteKey HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (key does not exist)
Failed: RegDeleteKey HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (key does not exist)
Failed: RegDeleteKey HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} (key does not exist)
Failed: RegDeleteKey HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search (key does not exist)
Failed: RegDeleteKey HKCU\Software\Excite (key does not exist)
Failed: RegDeleteKey HKCU\Software\Fun Web Products (key does not exist)
Failed: RegDeleteKey HKCU\Software\MyWebSearch (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft Office\Outlook Addins\MyWebSearch.OutlookAddin (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft Office\Word Addins\MyWebSearch.OutlookAddin (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExciteInstaller (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FunWebProductsInstaller (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall (key does not exist)
Success: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
Success: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall
Failed: RegDeleteKey HKLM\SOFTWARE\MyWebSearch (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\FocusInteractive (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Fun Web Products (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\FunWebProducts (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\FunWebProducts-MyTotalSearch (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\MyGlobalSearch (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\MyWay (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (key does not exist)
Failed: RegDelValue HKLM\Software\Netscape\Netscape Navigator\Automation Startup|MyWayToolBar.NetscapeStartup.1 (key not found)
Failed: RegDelValue HKLM\Software\Netscape\Netscape Navigator\Automation Shutdown|MyWayToolBar.NetscapeShutdown.1 (key not found)
Failed: RegDeleteKey HKCR\.b3d (key does not exist)
Failed: RegDeleteKey HKCR\.b3dini (key does not exist)
Failed: RegDeleteKey HKCR\.s3d (key does not exist)
Failed: RegDeleteKey HKCR\b3dini_auto_file (key does not exist)
Failed: RegDeleteKey HKCR\b3d_auto_file (key does not exist)
Failed: RegDeleteKey HKCR\BDEPLAYER.BDEPlayerCtrl (key does not exist)
Failed: RegDeleteKey HKCR\BDEPLAYER.BDEPlayerCtrl.1 (key does not exist)
Failed: RegDeleteKey HKCR\BDESmartInstaller.BDESmartInstaller (key does not exist)
Failed: RegDeleteKey HKCR\BDESmartInstaller.BDESmartInstaller.1 (key does not exist)
Failed: RegDeleteKey HKCR\s3d_auto_file (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{51958169-D5E3-11D1-AA42-0000E842E40A} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{67925165-C4B6-11D2-B9C6-0000E84F59A6} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{51958167-D5E3-11D1-AA42-0000E842E40A} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{51958168-D5E3-11D1-AA42-0000E842E40A} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{67925164-C4B6-11D2-B9C6-0000E84F59A6} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{51958166-D5E3-11D1-AA42-0000E842E40A} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{82FC7881-AACC-11D2-B9C6-0000E842E40A} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Brilliant Digital Entertainment (key does not exist)
Failed: RegDeleteKey HKCU\SOFTWARE\Brilliant Digital Entertainment (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bdeplayer (key does not exist)
Failed: RegDeleteKey HKCR\GainPlugin.GainPluginCtrl (key does not exist)
Failed: RegDeleteKey HKCR\GainPlugin.GainPluginCtrl.1 (key does not exist)
Failed: RegDeleteKey HKCR\GSYOutlookAddin.GSYAddinObj (key does not exist)
Failed: RegDeleteKey HKCR\GSYOutlookAddin.GSYAddinObj.1 (key does not exist)
Failed: RegDeleteKey HKCR\HDPlugin.HDPluginCtrl (key does not exist)
Failed: RegDeleteKey HKCR\HDPlugin.HDPluginCtrl.1 (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{309A4386-D229-42DD-BA17-983747DA35B0} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{42040532-2221-4EF7-8F16-9779AB7AAA98} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{22D34833-06F9-4CE6-9FF7-CE4DA0BA351D} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{42040530-2221-4EF7-8F16-9779AB7AAA98} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{6DA65196-9CF9-48C9-9DB2-28742FCC56BE} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{A2BA5E71-5BE3-4007-AC48-157823FB63FB} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{2EC7A834-9C5E-4154-BADC-0D86A2EDC82D} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{42040531-2221-4EF7-8F16-9779AB7AAA98} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{8642D0F2-37CC-46B7-AA5B-399E6E68C626} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{B699B1B8-ADD0-4835-8602-1548200FCDD5} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DashBar (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Date Manager (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GotSmiley (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrecisionTime (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weatherscope (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebSecureAlert (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A840E1E-2BA8-47de-923E-0E00407EB530} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\={6C8DBEC0-8052-11d5-A9D5-00500413153C} (key does not exist)
Option pause between commands: 50 ms
Success: FileDelete C:\WINDOWS\dmdqdrx*.dll
Success: FileDelete C:\WINDOWS\domnft*.dll
Success: FileDelete C:\WINDOWS\dxpvqlm*.dll
Success: FileDelete C:\WINDOWS\blopenv*.dll
Success: FileDelete C:\WINDOWS\dntpkwo*.dll
Failed: FileDelete C:\WINDOWS\dgtxrdfxlw.dll (operation failed)
Success: FileDeleteOnReboot C:\WINDOWS\dgtxrdfxlw.dll
Success: FileDelete C:\WINDOWS\alofkmn.dll
Success: FileDelete C:\WINDOWS\bxlrvps.dll
Failed: FileDelete C:\WINDOWS\ekvgsnw.dll (operation failed)
Success: FileDeleteOnReboot C:\WINDOWS\ekvgsnw.dll
Failed: FolderDelete C:\Program Files\MyWaySA (folder not found)
Failed: FolderDelete C:\WINDOWS\privacy_danger (folder not found)
Success: FileDelete C:\Documents and Settings\Owner\Favorites\Error Cleaner.url
Success: FileDelete C:\Documents and Settings\Owner\Favorites\Privacy Protector.url
Success: FileDelete C:\Documents and Settings\Owner\Favorites\Spyware&Malware Protection.url
Failed: FolderDelete C:\Program Files\security toolbar (folder not found)
Failed: FolderDelete C:\sysfwb (folder not found)
Failed: FolderDelete C:\Program Files\fwbartemp (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\searchbar (folder not found)
Failed: FolderDelete C:\WINDOWS\syas\coolbar (folder not found)
Success: FolderDelete C:\Program Files\FunWebProducts\Shared\Cache
Success: FolderDelete C:\Program Files\FunWebProducts\Shared
Failed: FolderDelete C:\Program Files\FunWebProducts\ScreenSaver\Images (folder not found)
Failed: FolderDelete C:\Program Files\FunWebProducts\ScreenSaver (folder not found)
Success: FolderDelete C:\Program Files\FunWebProducts
Success: FolderDelete C:\Program Files\MyWebSearch\bar\2.bin
Failed: FolderDelete C:\Program Files\MyWebSearch\bar\Avatar (folder not found)
Success: FolderDelete C:\Program Files\MyWebSearch\bar\Cache
Success: FolderDelete C:\Program Files\MyWebSearch\bar\Game
Success: FolderDelete C:\Program Files\MyWebSearch\bar\History
Failed: FolderDelete C:\Program Files\MyWebSearch\bar\icons (folder not found)
Failed: FolderDelete C:\Program Files\MyWebSearch\bar\Message (folder not found)
Failed: FolderDelete C:\Program Files\MyWebSearch\bar\Notifier (folder not found)
Success: FolderDelete C:\Program Files\MyWebSearch\bar\Settings
Success: FolderDelete C:\Program Files\MyWebSearch\SrchAstt\1.bin
Success: FolderDelete C:\Program Files\MyWebSearch\bar
Success: FolderDelete C:\Program Files\MyWebSearch\SrchAstt
Success: FolderDelete C:\Program Files\MyWebSearch
Success: FileDelete C:\Program Files\MyWay\myBar\2.bin\MY2NS.EXE
Success: FileDelete C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
Success: FileDelete C:\Program Files\MyWay\myBar\2.bin\MYWAYPLUGINPROXY.CLASS
Success: FileDelete C:\Program Files\MyWay\myBar\2.bin\NPMYWAY.DLL
Success: FileDelete C:\Program Files\MyWay\myBar\2.bin\PARTNER.BMP
Success: FileDelete C:\Program Files\MyWay\myBar\2.bin\PARTNER.DAT
Success: FileDelete C:\Program Files\MyWay\myBar\2.bin\PARTNER2.DAT
Success: FileDelete C:\Program Files\MyWay\myBar\2.bin\PARTNER3.DAT
Success: FileDelete C:\Program Files\MyWay\myBar\2.bin\PARTNER4.DAT
Success: FileDelete C:\Program Files\MyWay\myBar\2.bin\PARTNER5.DAT
Success: FileDelete C:\Program Files\MyWay\myBar\2.bin\PARTNER6.DAT
Success: FileDelete C:\Program Files\MyWay\myBar\2.bin\UNINSTALL.INF
Success: FolderDelete C:\Program Files\MyWay\myBa
  • 0

#4
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hey Roy,

No need to post the remainder of the BFUlog.txt but please ensure you include:
  • The contents of Combofix.txt
  • The MBAM report
  • The contents of the Kaspersky log
  • A fresh HijackThis log, taken after completing the above

And let me know how the computer is behaving after completing all the fix stages.

Regards,
RatHat
  • 0

#5
Hawkair66

Hawkair66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello....

I see that not all of my message was posted. I got stock on the third action step.....ComboFix.exe.

1. downloaded Combo-fix.com to Desktop =OK
2. downloaded Windows XP Recovery Console to Desktop =OK
3. dragged Windows REcovery Console over to Combo-fix.exe =Problem
................when I try to drop the file over the Combofix red icon, a small rectangular box starts to load Comb-fix.exe and then I get a message that pops up that says windows cannot open file nircmd.com and then provides two options...select from list or go to internet to locate.

Appreciate your next reply

Roy
  • 0

#6
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Lets not worry about installing the recovery console just now.

Just run Combo-Fix by double clicking it, then following the prompts. Make sure you have disabled your AV's etc, and don't run any other programs while it is running.
  • 0

#7
Hawkair66

Hawkair66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Alright....
Just double clicked on the Combo-Fix.exe and I get the same message that windows cannot open file nircmd.com. Same message as before. My Norton and Spy Doctor have been disabled.

Roy
  • 0

#8
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK Roy, delete the version of Combofix that you have, then download a fresh version from Here, don't try to rename it this time.

Once downloaded, double click it to run the program and follow the prompts.

Let me know how it goes.
  • 0

#9
Hawkair66

Hawkair66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
...something strange going on....deleted and downloaded to desktop again and same message pops up!

Am I missing something here??
  • 0

#10
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, lets go about this a different way.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind35u folder and double-click on WinPFind35u.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the box that says Include MD5
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Check the radio button under Rootkit Search for Yes
  • Under Additional Scans check the following:
    • Reg - Approved Shell Extensions
    • Reg - BotCheck
    • Reg - Desktop Components
    • Reg - Disabled MS Config Items
    • Reg - File Associations
    • Reg - IE Zones & Template Policies Details
    • Reg - Security Settings
    • Reg - Software Policy Settings
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

If the log is too large to post, please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

Advertisements


#11
Hawkair66

Hawkair66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello,

OK, I ran this test...I will send two replies because of the size of the attachment. This will be attachment "A"
Thanks for your help
Roy

Attached Files


  • 0

#12
Hawkair66

Hawkair66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
..;.and here is the attachment "B".

I like to find out what this all means...
Thanks again,
Roy

Attached Files


  • 0

#13
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Start WinPFind35u. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-57989841-1004336348-725345543-1003\] > -> HKEY_USERS\S-1-5-21-57989841-1004336348-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{119DBEDA-9C41-4F97-94B4-B6BCD01133CF} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-57989841-1004336348-725345543-1003\] > -> HKEY_USERS\S-1-5-21-57989841-1004336348-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{119DBEDA-9C41-4F97-94B4-B6BCD01133CF} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:Exec -> %ProgramFiles%\PartyPoker\PartyPoker.exe [PartyPoker.com]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{119DBEDA-9c41-4F97-94B4-B6BCD01133CF} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\PartyPoker\PartyPoker.exe [PartyPoker.com]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-57989841-1004336348-725345543-1003\] > -> HKEY_USERS\S-1-5-21-57989841-1004336348-725345543-1003\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{119DBEDA-9c41-4F97-94B4-B6BCD01133CF} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\PartyPoker\PartyPoker.exe [PartyPoker.com]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {56336BCB-3D8A-11D6-A00B-0050DA18DE71}[HKEY_LOCAL_MACHINE] -> http://207.188.7.150/201bd8b53a80e703b923/netzip/RdxIE601.cab[Reg Error: Key does not exist or could not be opened.]
YN -> {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_05]
YN -> {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_06]
YN -> {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab[Java Plug-in 1.5.0_04]
YN -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06]
YN -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11]
YN -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01]
YN -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02]
[Registry - Additional Scans - Non-Microsoft Only]
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
NY -> {5E44E225-A408-11CF-B581-008029601108} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Shellex.dll [Adaptec DirectCD Shell Extension]
NY -> {88895560-9AA2-1069-930E-00AA0030EBC8} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\hticons.dll [HyperTerminal Icon Ext]
NY -> {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes]
NY -> {E0D79304-84BE-11CE-9641-444553540000} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip]
[Files/Folders - Created Within 90 days]
YN -> 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YN -> fkxvkns.exe -> %SystemRoot%\fkxvkns.exe
[Files Created - Additional Folder Scans - Non-Microsoft Only]
YN -> ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe
YN -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier
YN -> OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe
YN -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier
[Extra Files]
Purity
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind35U scan, run without any additional scan options.

Let me know of any problems you encountered performing the steps above.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Your version of Java is out of date. Please update to the latest version here (Java Runtime Environment (JRE) 6 Update 4). Once downloaded, install it and then Reboot your computer.

It is most important that you also uninstall older versions of Java.
  • Click Start, Control Panel, Add/Remove Programs.
  • Please uninstall the following programs:


    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.2_05
    Java™ 6 Update 2
    Java™ 6 Update 3
    Java™ SE Runtime Environment 6 Update 1
    My Search Bar
    My Web Search Bar
    Viewpoint Media Player

    • Remove all of the above
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Please run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan.

    Click the Accept button.

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:[list]
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display the results if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop as Kaspersky.txt.
  • Copy and paste that information in your next post.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post me the logs from WinPFind, MBAM and Kaspersky in your next reply, and let me know what you computer is behaving like now.

Regards,
RatHat
  • 0

#14
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Do you still require assistance with this log?

Regards,
RatHat
  • 0

#15
Hawkair66

Hawkair66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello,
I've just returned from a business trip...

Reply 1 of 3
Started Malwarebytes.
and here is the results

Malwarebytes' Anti-Malware 1.07
Database version: 468

Scan type: Quick Scan
Objects scanned: 27809
Time elapsed: 17 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\Installer\{17fb058e-4427-461f-b9f3-2f26a4492966}\RunOnceDrive.dll (Trojan.Alphabet) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{17fb058e-4427-461f-b9f3-2f26a4492966} (Trojan.Alphabet) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\RunOnceDrive (Trojan.Alphabet) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\Installer\{17fb058e-4427-461f-b9f3-2f26a4492966} (Trojan.Alphabet) -> Delete on reboot.

Files Infected:
C:\WINDOWS\Installer\{17fb058e-4427-461f-b9f3-2f26a4492966}\RunOnceDrive.dll (Trojan.Alphabet) -> Delete on reboot.

Attached Files


Edited by Hawkair66, 09 March 2008 - 01:40 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP