Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

leser and other trojans


  • Please log in to reply

#1
winidpooh

winidpooh

    New Member

  • Member
  • Pip
  • 7 posts
Ok I am at a loss. I am fairly computer literate. However, knowing I had some type of virus or trojan I purchased Nortons Internet Security to upgrade from Systemworks 2003. I cannot run the program. I have been online with Symantec twice for an hour each. They cannot even figure out why the program is not running. I think that the trojan is latching onto Norton to keep it from running. Each time I try and configure the program it tells me that a configuration is already running. I have tried the WIndows antispyware program but my computer is non responsive upon restarting it resulting in goin got the task bar to end the process tree to allw windows to run.
I am running Windows XP with Servis Pack 2. I know I have and cannot delete the isrvs trojan. The desktop.exe bar downloads constantly as well as that ff search. Where ever I go to removed these files it tells me that the disk is full or write protected. I have no idea how to reverse this. I have disabled it many times in safe mode. They both reinstall as soon as I exit the safe mode. I tried to download hijack this but it will not let me do that either. I have other programs installed that tell me the names of the infections. Can anyone offer me some type of assistance. I would be very grateful. I have a yearbook deadline on Monday and my computer is just crawling along.
Thanks so much!
Tracy
  • 0

Advertisements


#2
winidpooh

winidpooh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Spyware doctor just finished. It states I have 893 detected infections?
I hope this list helps.

Infection Name Location Risk
I-Search Desktop Search Toolbar multiple High
ILookup.Begin2Search multiple High
Internet Explorer Security Settings multiple Info
SahAgent spoolsv.exe (C:\WINDOWS\system32\DrPMon.dll) Elevated
SahAgent explorer.exe (C:\WINDOWS\Bolger.dll) Elevated
SahAgent iexplore.exe (C:\WINDOWS\Bolger.dll) Elevated
I-Search Desktop Search Toolbar iexplore.exe (C:\WINDOWS\isrvs\mfiltis.dll) High
Altnet Software HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Altnet Elevated
Altnet Software HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Altnet##(Default) Elevated
BroadcastPC HKCU\Software\Microsoft\MediaPlayer\Player\Skins\play.wms High
BroadcastPC HKCU\Software\Microsoft\MediaPlayer\Player\Skins\play.wms##(Default) High
BroadcastPC HKCU\Software\Microsoft\MediaPlayer\Player\Skins\play.wms##Prefs High
BroadcastPC HKLM\SOFTWARE\BPT High
BroadcastPC HKLM\SOFTWARE\BPT##(Default) High
BroadcastPC HKLM\SOFTWARE\BPT##GroupID High
BroadcastPC HKLM\SOFTWARE\BPT##GUID High
BroadcastPC HKLM\SOFTWARE\BPT##Directory High
BroadcastPC HKLM\SOFTWARE\BPT##Version High
BroadcastPC HKLM\SOFTWARE\BPT##RetryUpdateNoConn High
BroadcastPC HKLM\SOFTWARE\BPT##RetryUpdateFail High
BroadcastPC HKLM\SOFTWARE\BPT##Play WMP High
BroadcastPC HKLM\SOFTWARE\BPT##Play MRP High
BroadcastPC HKLM\SOFTWARE\BPT##AllowExit High
BroadcastPC HKLM\SOFTWARE\BPT##Config URL High
BroadcastPC HKLM\SOFTWARE\BPT##Report URL High
BroadcastPC HKLM\SOFTWARE\BPT##Block Size High
BroadcastPC HKLM\SOFTWARE\BPT##Utilization High
BroadcastPC HKLM\SOFTWARE\BPT##Movie Expire High
BroadcastPC HKLM\SOFTWARE\BPT##Next Update High
BroadcastPC HKLM\SOFTWARE\BPT##PauseMovieUntil High
BroadcastPC HKLM\SOFTWARE\BPT\132.zip High
BroadcastPC HKLM\SOFTWARE\BPT\132.zip##(Default) High
BroadcastPC HKLM\SOFTWARE\BPT\132.zip##URL High
BroadcastPC HKLM\SOFTWARE\BPT\132.zip##Window Start High
BroadcastPC HKLM\SOFTWARE\BPT\132.zip##Window End High
BroadcastPC HKLM\SOFTWARE\BPT\132.zip##Stage High
BroadcastPC HKLM\SOFTWARE\BPT\132.zip##File Count High
BroadcastPC HKLM\SOFTWARE\BPT\132.zip##Play WMP High
BroadcastPC HKLM\SOFTWARE\BPT\132.zip##Description High
BroadcastPC HKLM\SOFTWARE\BPT\133.zip High
BroadcastPC HKLM\SOFTWARE\BPT\133.zip##(Default) High
BroadcastPC HKLM\SOFTWARE\BPT\133.zip##URL High
BroadcastPC HKLM\SOFTWARE\BPT\133.zip##Window Start High
BroadcastPC HKLM\SOFTWARE\BPT\133.zip##Window End High
BroadcastPC HKLM\SOFTWARE\BPT\133.zip##Stage High
BroadcastPC HKLM\SOFTWARE\BPT\133.zip##File Count High
BroadcastPC HKLM\SOFTWARE\BPT\133.zip##Play WMP High
BroadcastPC HKLM\SOFTWARE\BPT\133.zip##Description High
BroadcastPC HKLM\SOFTWARE\BPT\134.zip High
BroadcastPC HKLM\SOFTWARE\BPT\134.zip##(Default) High
BroadcastPC HKLM\SOFTWARE\BPT\134.zip##URL High
BroadcastPC HKLM\SOFTWARE\BPT\134.zip##Window Start High
BroadcastPC HKLM\SOFTWARE\BPT\134.zip##Window End High
BroadcastPC HKLM\SOFTWARE\BPT\134.zip##Stage High
BroadcastPC HKLM\SOFTWARE\BPT\134.zip##File Count High
BroadcastPC HKLM\SOFTWARE\BPT\134.zip##Play WMP High
BroadcastPC HKLM\SOFTWARE\BPT\134.zip##Description High
BroadcastPC HKLM\SOFTWARE\BPT\27.exe High
BroadcastPC HKLM\SOFTWARE\BPT\27.exe##(Default) High
BroadcastPC HKLM\SOFTWARE\BPT\27.exe##URL High
BroadcastPC HKLM\SOFTWARE\BPT\27.exe##Window Start High
BroadcastPC HKLM\SOFTWARE\BPT\27.exe##Window End High
BroadcastPC HKLM\SOFTWARE\BPT\27.exe##Stage High
BroadcastPC HKLM\SOFTWARE\BPT\27.exe##File Count High
BroadcastPC HKLM\SOFTWARE\BPT\27.exe##Play WMP High
BroadcastPC HKLM\SOFTWARE\DInstaller2 High
BroadcastPC HKLM\SOFTWARE\DInstaller2##(Default) High
BroadcastPC HKLM\SOFTWARE\DInstaller2##9011 High
BroadcastPC HKLM\SOFTWARE\DInstaller2##GUID High
BroadcastPC HKLM\SOFTWARE\DInstaller2##Directory High
BroadcastPC HKLM\SOFTWARE\DInstaller2##Version High
BroadcastPC HKLM\SOFTWARE\DInstaller2##RetryUpdateNoConn High
BroadcastPC HKLM\SOFTWARE\DInstaller2##RetryUpdateFail High
I-Search Desktop Search Toolbar HKCR\mfiltis High
I-Search Desktop Search Toolbar HKCR\mfiltis##(Default) High
I-Search Desktop Search Toolbar HKCR\mfiltis##Date High
I-Search Desktop Search Toolbar HKCR\mfiltis##Excl High
I-Search Desktop Search Toolbar HKCR\mfiltis##Sites High
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##Desktop Search High
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##ffis High
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID##{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet001\Services\delprot High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet001\Services\delprot##(Default) High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet001\Services\delprot##Type High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet001\Services\delprot##Start High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet001\Services\delprot##ErrorControl High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet001\Services\delprot##ImagePath High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet001\Services\delprot##DisplayName High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet001\Services\delprot\Security High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet001\Services\delprot\Security##(Default) High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet001\Services\delprot\Security##Security High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet001\Services\delprot\Enum High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet001\Services\delprot\Enum##(Default) High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet001\Services\delprot\Enum##0 High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet001\Services\delprot\Enum##Count High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet001\Services\delprot\Enum##NextInstance High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\delprot High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\delprot##(Default) High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\delprot##Type High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\delprot##Start High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\delprot##ErrorControl High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\delprot##ImagePath High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\delprot##DisplayName High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\delprot\Security High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\delprot\Security##(Default) High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\delprot\Security##Security High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\delprot\Enum High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\delprot\Enum##(Default) High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\delprot\Enum##0 High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\delprot\Enum##Count High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\delprot\Enum##NextInstance High
ILookup.Begin2Search HKCR\TypeLib\{9838A0AE-BC2E-465D-8311-6BFA2629E485} High
ILookup.Begin2Search HKCR\TypeLib\{9838A0AE-BC2E-465D-8311-6BFA2629E485}##(Default) High
ILookup.Begin2Search HKCR\TypeLib\{9838A0AE-BC2E-465D-8311-6BFA2629E485}\1.0 High
ILookup.Begin2Search HKCR\TypeLib\{9838A0AE-BC2E-465D-8311-6BFA2629E485}\1.0##(Default) High
ILookup.Begin2Search HKCR\TypeLib\{9838A0AE-BC2E-465D-8311-6BFA2629E485}\1.0\0 High
ILookup.Begin2Search HKCR\TypeLib\{9838A0AE-BC2E-465D-8311-6BFA2629E485}\1.0\0##(Default) High
ILookup.Begin2Search HKCR\TypeLib\{9838A0AE-BC2E-465D-8311-6BFA2629E485}\1.0\0\win32 High
ILookup.Begin2Search HKCR\TypeLib\{9838A0AE-BC2E-465D-8311-6BFA2629E485}\1.0\0\win32##(Default) High
ILookup.Begin2Search HKCR\TypeLib\{9838A0AE-BC2E-465D-8311-6BFA2629E485}\1.0\FLAGS High
ILookup.Begin2Search HKCR\TypeLib\{9838A0AE-BC2E-465D-8311-6BFA2629E485}\1.0\FLAGS##(Default) High
ILookup.Begin2Search HKCR\TypeLib\{9838A0AE-BC2E-465D-8311-6BFA2629E485}\1.0\HELPDIR High
ILookup.Begin2Search HKCR\TypeLib\{9838A0AE-BC2E-465D-8311-6BFA2629E485}\1.0\HELPDIR##(Default) High
ILookup.Begin2Search HKCU\Software\_dsktptr High
ILookup.Begin2Search HKCU\Software\_dsktptr##(Default) High
ILookup.Begin2Search HKCU\Software\_dsktptr##ccat High
ILookup.Begin2Search HKCU\Software\_dsktptr##ffafid High
ILookup.Begin2Search HKCU\Software\_dsktptr##iinst High
ILookup.Begin2Search HKCU\Software\_dsktptr##uiuid High
Pops-Stop HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Netsync Elevated
Pops-Stop HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Netsync##(Default) Elevated
Pops-Stop HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Netsync##Path Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon##(Default) Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon##DistId Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon##CrpId Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon##Uninstall Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Run Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Run##(Default) Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Run##Version Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Run##LRunT Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Run\CPDEF2 Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Run\CPDEF2##(Default) Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Run\CPDEF2##Version Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Run\CPDEF3 Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Run\CPDEF3##(Default) Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Run\CPDEF3##Version Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Run\IDCS52 Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Run\IDCS52##(Default) Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Run\IDCS52##Version Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Run\SLC Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Run\SLC##(Default) Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Run\SLC##Version Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Sys Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Sys##(Default) Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Sys##Registered Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Sys##InstallT Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Sys##InitFailCode Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Sys##Version Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Sys##CfgXpT Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Sys##CfgVersion Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Sys##LastReg Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Sys##CfgNMT Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Sys##LastTPupT_30 Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Sys##LastTPupT Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Sys##LastActT Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Sys##LastInitFail Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Sys##LastPunT Elevated
Pops-Stop HKLM\SOFTWARE\RSyncMon\Sys##LastPupT Elevated
Pops-Stop HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RsyncMon Elevated
Pops-Stop HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RsyncMon##(Default) Elevated
Pops-Stop HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RsyncMon##Path Elevated
Pops-Stop HKCU\Software\In3rd Elevated
Pops-Stop HKCU\Software\In3rd##(Default) Elevated
Pops-Stop HKCU\Software\In3rd##110 Elevated
Pops-Stop HKCU\Software\In3rd##108 Elevated
Pops-Stop HKCU\Software\In3rd##113 Elevated
Pops-Stop HKCU\Software\In3rd##112 Elevated
SahAgent HKCU\Software\aurora Elevated
SahAgent HKCU\Software\aurora##(Default) Elevated
SahAgent HKCU\Software\aurora##AUI3d5OfSDist Elevated
SahAgent HKCU\Software\aurora##AUC3n5trMsgSDisp Elevated
SahAgent HKCU\Software\aurora##AUL3a5stMotsSDay Elevated
SahAgent HKCU\Software\aurora##AUL3a5stSSChckin Elevated
SahAgent HKCU\Software\aurora##AUP3D5om Elevated
SahAgent HKCU\Software\aurora##AUB3D5om Elevated
SahAgent HKCU\Software\aurora##AUs3t5icky1S Elevated
SahAgent HKCU\Software\aurora##AUs3t5icky2S Elevated
SahAgent HKCU\Software\aurora##AUs3t5icky3S Elevated
SahAgent HKCU\Software\aurora##AUs3t5icky4S Elevated
SahAgent HKCU\Software\aurora##AUE3v5nt Elevated
SahAgent HKCU\Software\aurora##AUT3h5rshSBath Elevated
SahAgent HKCU\Software\aurora##AUT3h5rshSysSInf Elevated
SahAgent HKCU\Software\aurora##AUT3h5rshSCheckSIn Elevated
SahAgent HKCU\Software\aurora##AUT3h5rshSMots Elevated
SahAgent HKCU\Software\aurora##AUL3n5Title Elevated
SahAgent HKCU\Software\aurora##AU3N5a7tionSCode Elevated
SahAgent HKCU\Software\aurora##AUD3s5tSSEnd Elevated
SahAgent HKCU\Software\aurora##AUC3u5rrentSMode Elevated
SahAgent HKCU\Software\aurora##AUC3n5tFyl Elevated
SahAgent HKCU\Software\aurora##AUM3o5deSSync Elevated
SahAgent HKCU\Software\aurora##AUI3g5noreS Elevated
SahAgent HKCU\Software\aurora##AUC1o3d5eOfSFinalAd Elevated
SahAgent HKCU\Software\aurora##AUT3i5m7eOfSFinalAd Elevated
SahAgent HKCU\Software\aurora##AUI3d5OfSInst Elevated
SahAgent HKCU\Software\aurora##AUT3o5pListSPos Elevated
SahAgent HKCU\Software\aurora##AUI3n5ProgSCab Elevated
SahAgent HKCU\Software\aurora##AUI3n5ProgSEx Elevated
SahAgent HKCU\Software\aurora##AUI3n5ProgSLstest Elevated
SahAgent HKCU\Software\aurora##AUS3t5atusOfSInst Elevated
SahAgent HKCU\Software\Bolger Elevated
SahAgent HKCU\Software\Bolger##(Default) Elevated
SahAgent HKCU\Software\Bolger##BLI9d1OfSInst Elevated
SahAgent HKCU\Software\Bolger##BLC9n1trMsgSDisp Elevated
SahAgent HKCU\Software\Bolger##BLT9o1pListSPos Elevated
SahAgent HKCU\Software\Bolger##BLs9t1icky1S Elevated
SahAgent HKCU\Software\Bolger##BLs9t1icky2S Elevated
SahAgent HKCU\Software\Bolger##BLs9t1icky3S Elevated
SahAgent HKCU\Software\Bolger##BLs9t1icky4S Elevated
SahAgent HKCU\Software\Bolger##BLC1o9d1eOfSFinalAd Elevated
SahAgent HKCU\Software\Bolger##BLT9i1m4eOfSFinalAd Elevated
SahAgent HKCU\Software\Bolger##BLD9s1tSSEnd Elevated
SahAgent HKCU\Software\Bolger##BL9N1a4tionSCode Elevated
SahAgent HKCU\Software\Bolger##BLP9D1om Elevated
SahAgent HKCU\Software\Bolger##BLT9h1rshSCheckSIn Elevated
SahAgent HKCU\Software\Bolger##BLT9h1rshSMots Elevated
SahAgent HKCU\Software\Bolger##BLM9o1deSSync Elevated
SahAgent HKCU\Software\Bolger##BLI9n1ProgSCab Elevated
SahAgent HKCU\Software\Bolger##BLI9n1ProgSEx Elevated
SahAgent HKCU\Software\Bolger##BLI9n1ProgSLstest Elevated
SahAgent HKCU\Software\Bolger##BLL9a1stMotsSDay Elevated
SahAgent HKCU\Software\Bolger##BLL9a1stSSChckin Elevated
SahAgent HKCU\Software\Bolger##BLC9n1tFyl Elevated
SahAgent HKCU\Software\Bolger##BLE9v1nt Elevated
SahAgent HKCU\Software\Bolger##BLU9n1reg Elevated
SahAgent HKCR\BolgerDll.BolgerDllObj Elevated
SahAgent HKCR\BolgerDll.BolgerDllObj##(Default) Elevated
SahAgent HKCR\BolgerDll.BolgerDllObj\CLSID Elevated
SahAgent HKCR\BolgerDll.BolgerDllObj\CLSID##(Default) Elevated
SahAgent HKCR\BolgerDll.BolgerDllObj\CurVer Elevated
SahAgent HKCR\BolgerDll.BolgerDllObj\CurVer##(Default) Elevated
SahAgent HKCR\BolgerDll.BolgerDllObj.1 Elevated
SahAgent HKCR\BolgerDll.BolgerDllObj.1##(Default) Elevated
SahAgent HKCR\BolgerDll.BolgerDllObj.1\CLSID Elevated
SahAgent HKCR\BolgerDll.BolgerDllObj.1\CLSID##(Default) Elevated
SahAgent HKLM\SYSTEM\CurrentControlSet\Services\SvcProc Elevated
SahAgent HKLM\SYSTEM\CurrentControlSet\Services\SvcProc##(Default) Elevated
SahAgent HKLM\SYSTEM\CurrentControlSet\Services\SvcProc##Type Elevated
SahAgent HKLM\SYSTEM\CurrentControlSet\Services\SvcProc##Start Elevated
SahAgent HKLM\SYSTEM\CurrentControlSet\Services\SvcProc##ErrorControl Elevated
SahAgent HKLM\SYSTEM\CurrentControlSet\Services\SvcProc##ImagePath Elevated
SahAgent HKLM\SYSTEM\CurrentControlSet\Services\SvcProc##DisplayName Elevated
SahAgent HKLM\SYSTEM\CurrentControlSet\Services\SvcProc##ObjectName Elevated
SahAgent HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Security Elevated
SahAgent HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Security##(Default) Elevated
SahAgent HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Security##Security Elevated
SahAgent HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Enum Elevated
SahAgent HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Enum##(Default) Elevated
SahAgent HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Enum##0 Elevated
SahAgent HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Enum##Count Elevated
SahAgent HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Enum##NextInstance Elevated
TIBS Premium Rate Dialer HKCR\Interface\{8A94C367-815A-4D4F-A6B6-D4EB877A126C} Elevated
TIBS Premium Rate Dialer HKCR\Interface\{8A94C367-815A-4D4F-A6B6-D4EB877A126C}##(Default) Elevated
TIBS Premium Rate Dialer HKCR\Interface\{8A94C367-815A-4D4F-A6B6-D4EB877A126C}\ProxyStubClsid Elevated
TIBS Premium Rate Dialer HKCR\Interface\{8A94C367-815A-4D4F-A6B6-D4EB877A126C}\ProxyStubClsid##(Default) Elevated
TIBS Premium Rate Dialer HKCR\Interface\{8A94C367-815A-4D4F-A6B6-D4EB877A126C}\ProxyStubClsid32 Elevated
TIBS Premium Rate Dialer HKCR\Interface\{8A94C367-815A-4D4F-A6B6-D4EB877A126C}\ProxyStubClsid32##(Default) Elevated
TIBS Premium Rate Dialer HKCR\Interface\{8A94C367-815A-4D4F-A6B6-D4EB877A126C}\TypeLib Elevated
TIBS Premium Rate Dialer HKCR\Interface\{8A94C367-815A-4D4F-A6B6-D4EB877A126C}\TypeLib##(Default) Elevated
TIBS Premium Rate Dialer HKCR\Interface\{8A94C367-815A-4D4F-A6B6-D4EB877A126C}\TypeLib##Version Elevated
TIBS Premium Rate Dialer HKCR\TypeLib\{CED445E2-8C78-4F40-87D7-F7FB6F1B6791} Elevated
TIBS Premium Rate Dialer HKCR\TypeLib\{CED445E2-8C78-4F40-87D7-F7FB6F1B6791}##(Default) Elevated
TIBS Premium Rate Dialer HKCR\TypeLib\{CED445E2-8C78-4F40-87D7-F7FB6F1B6791}\1.0 Elevated
TIBS Premium Rate Dialer HKCR\TypeLib\{CED445E2-8C78-4F40-87D7-F7FB6F1B6791}\1.0##(Default) Elevated
TIBS Premium Rate Dialer HKCR\TypeLib\{CED445E2-8C78-4F40-87D7-F7FB6F1B6791}\1.0\0 Elevated
TIBS Premium Rate Dialer HKCR\TypeLib\{CED445E2-8C78-4F40-87D7-F7FB6F1B6791}\1.0\0##(Default) Elevated
TIBS Premium Rate Dialer HKCR\TypeLib\{CED445E2-8C78-4F40-87D7-F7FB6F1B6791}\1.0\0\win32 Elevated
TIBS Premium Rate Dialer HKCR\TypeLib\{CED445E2-8C78-4F40-87D7-F7FB6F1B6791}\1.0\0\win32##(Default) Elevated
TIBS Premium Rate Dialer HKCR\TypeLib\{CED445E2-8C78-4F40-87D7-F7FB6F1B6791}\1.0\FLAGS Elevated
TIBS Premium Rate Dialer HKCR\TypeLib\{CED445E2-8C78-4F40-87D7-F7FB6F1B6791}\1.0\FLAGS##(Default) Elevated
TIBS Premium Rate Dialer HKCR\TypeLib\{CED445E2-8C78-4F40-87D7-F7FB6F1B6791}\1.0\HELPDIR Elevated
TIBS Premium Rate Dialer HKCR\TypeLib\{CED445E2-8C78-4F40-87D7-F7FB6F1B6791}\1.0\HELPDIR##(Default) Elevated
TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971} Medium
TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}##(Default) Medium
TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0 Medium
TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0##(Default) Medium
TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\0 Medium
TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\0##(Default) Medium
TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\0\win32 Medium
TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\0\win32##(Default) Medium
TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\FLAGS Medium
TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\FLAGS##(Default) Medium
TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\HELPDIR Medium
TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\HELPDIR##(Default) Medium
TopSearch HKCR\Interface\{582AB125-1403-42FB-9EFB-198690BA1496} Medium
TopSearch HKCR\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}##(Default) Medium
TopSearch HKCR\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}\ProxyStubClsid Medium
TopSearch HKCR\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}\ProxyStubClsid##(Default) Medium
TopSearch HKCR\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}\ProxyStubClsid32 Medium
TopSearch HKCR\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}\ProxyStubClsid32##(Default) Medium
TopSearch HKCR\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}\TypeLib Medium
TopSearch HKCR\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}\TypeLib##(Default) Medium
TopSearch HKCR\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}\TypeLib##Version Medium
Transponder.Ceres HKCR\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757} High
Transponder.Ceres HKCR\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}##(Default) High
Transponder.Ceres HKCR\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}\ProxyStubClsid High
Transponder.Ceres HKCR\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}\ProxyStubClsid##(Default) High
Transponder.Ceres HKCR\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}\ProxyStubClsid32 High
Transponder.Ceres HKCR\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}\ProxyStubClsid32##(Default) High
Transponder.Ceres HKCR\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}\TypeLib High
Transponder.Ceres HKCR\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}\TypeLib##(Default) High
Transponder.Ceres HKCR\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}\TypeLib##Version High
Transponder.Ceres HKCR\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904} High
Transponder.Ceres HKCR\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}##(Default) High
Transponder.Ceres HKCR\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1 High
Transponder.Ceres HKCR\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1##(Default) High
Transponder.Ceres HKCR\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\0 High
Transponder.Ceres HKCR\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\0##(Default) High
Transponder.Ceres HKCR\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\0\win32 High
Transponder.Ceres HKCR\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\0\win32##(Default) High
Transponder.Ceres HKCR\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\FLAGS High
Transponder.Ceres HKCR\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\FLAGS##(Default) High
Transponder.Ceres HKCR\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\HELPDIR High
Transponder.Ceres HKCR\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\HELPDIR##(Default) High
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63} Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##(Default) Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##FriendlyName Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##CLSID Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##FilterData Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}##(Default) Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib##Version Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}##(Default) Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib##Version Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b} Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}##(Default) Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib##Version Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44} Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}##(Default) Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib##Version Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f} Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}##(Default) Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib##Version Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14} Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}##(Default) Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid32 Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\TypeLib Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\TypeLib##(Default) Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\TypeLib##Version Medium
WildTangent HKCR\interface\{1fad572e-1a3d-44d9-9c23-a87f922da8c0} Medium
WildTangent HKCR\interface\{1fad572e-1a3d-44d9-9c23-a87f922da8c0}##(Default) Medium
WildTangent HKCR\interface\{1fad572e-1a3d-44d9-9c23-a87f922da8c0}\ProxyStubClsid Medium
WildTangent HKCR\interface\{1fad572e-1a3d-44d9-9c23-a87f922da8c0}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{1fad572e-1a3d-44d9-9c23-a87f922da8c0}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{1fad572e-1a3d-44d9-9c23-a87f922da8c0}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{1fad572e-1a3d-44d9-9c23-a87f922da8c0}\TypeLib Medium
WildTangent HKCR\interface\{1fad572e-1a3d-44d9-9c23-a87f922da8c0}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{1fad572e-1a3d-44d9-9c23-a87f922da8c0}\TypeLib##Version Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF} Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}##(Default) Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid32 Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\TypeLib Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\TypeLib##(Default) Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\TypeLib##Version Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08} Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}##(Default) Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib##Version Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227} Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}##(Default) Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib##Version Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0} Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}##(Default) Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\TypeLib Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\TypeLib##Version Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64} Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}##(Default) Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib##Version Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235} Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}##(Default) Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib##Version Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469} Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}##(Default) Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\TypeLib Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\TypeLib##Version Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}##(Default) Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib##Version Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa} Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}##(Default) Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib##Version Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d} Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}##(Default) Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib##Version Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626} Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}##(Default) Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\TypeLib Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\TypeLib##Version Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5} Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}##(Default) Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\TypeLib Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\TypeLib##Version Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7} Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}##(Default) Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib##Version Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14} Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}##(Default) Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib##Version Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}##(Default) Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}##(Default) Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2} Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}##(Default) Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib##Version Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf} Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}##(Default) Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib##Version Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}##(Default) Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib##Version Medium
WildTangent HKCR\interface\{d8e9ccf6-8e64-4e39-95ce-c5333fcfbd1f} Medium
WildTangent HKCR\interface\{d8e9ccf6-8e64-4e39-95ce-c5333fcfbd1f}##(Default) Medium
WildTangent HKCR\interface\{d8e9ccf6-8e64-4e39-95ce-c5333fcfbd1f}\ProxyStubClsid Medium
WildTangent HKCR\interface\{d8e9ccf6-8e64-4e39-95ce-c5333fcfbd1f}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{d8e9ccf6-8e64-4e39-95ce-c5333fcfbd1f}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{d8e9ccf6-8e64-4e39-95ce-c5333fcfbd1f}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{d8e9ccf6-8e64-4e39-95ce-c5333fcfbd1f}\TypeLib Medium
WildTangent HKCR\interface\{d8e9ccf6-8e64-4e39-95ce-c5333fcfbd1f}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{d8e9ccf6-8e64-4e39-95ce-c5333fcfbd1f}\TypeLib##Version Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30} Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}##(Default) Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib##Version Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed} Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}##(Default) Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib##Version Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d} Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}##(Default) Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib##Version Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}##(Default) Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}##(Default) Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}##(Default) Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}##(Default) Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}##(Default) Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32##(Default) Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib##(Default) Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}##(Default) Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid##(Default) Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa46-ca9b
  • 0

#3
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi and welcome to Geeks to Go winidpooh
Please run through the steps outlined in this Topic
Post back a fresh log when done please
  • 0

#4
winidpooh

winidpooh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for the assistance here is the current log.
Sincerely,
Tracy

Logfile of HijackThis v1.99.1
Scan saved at 11:54:24 PM, on 5/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\SYSTEM32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.optonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.optonline.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Norton Disk Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~2\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#5
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi winidpooh.
Please print out the following, Read the direction crefully,

Run HijackThis. Click on "Config...", "Misc Tools", "Open process manager". Select the following files and click on "Kill process". Answer Yes to the "Are you sure..." question.

desktop.exe

edmond.exe

ffisearch.exe


Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg and save it on your Desktop.

REGEDIT4

[-HKEY_CLASSES_ROOT\clsid\{5b4ab8e2-6dc5-477a-b637-bf3c1a2e5993}]

[-HKEY_CLASSES_ROOT\clsid\{950238fb-c706-4791-8674-4d429f85897e}]

[-HKEY_CLASSES_ROOT\mfiltis]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\ext\clsid\{5b4ab8e2-6dc5-477a-b637-bf3c1a2e5993}]

[-HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_delprot]

[-HKEY_LOCAL_MACHINE\system\currentcontrolset\services\delprot]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"desktop search"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ffis"=-


Locate fixme.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".
Restart your computer.

Launch Notepad, and copy/paste the box below into a new text file. Save it as Unreg.bat and save it on your Desktop.

regsvr32 /u C:\Windows\isrvs\msfiltis.dll
regsvr32 /u C:\Windows\isrvs\msdbhk.dll
regsvr32 /u C:\Windows\isrvs\sysupd.dll


Locate Unreg.bat on your Desktop and double-click on it.


Delete the following files/folders (if present) in C:\Windows or C:\Windows\System32

delprot.ini

delprot.log

desktop.exe

isrvs (delete the entire folder)

Delete the following file: C:\Windows\System32\Drivers\Delprot.sys


Delete the following files/folder (if present) in C:\Documents and Settings\<your user name>\Desktop

anal exploits.url

big d*** school for 2.95.url

evidence eraser.lnk

popup blocker stops popups.lnk

spyware avenger.lnk

virus hunter security.lnk

your platinum visa.lnk



Next,

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

First:
Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
Reboot your machine and post back a new HJT log and the ewido .txt log file you saved
  • 0

#6
winidpooh

winidpooh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for the advice. I tried to follow the directions. I cannot remove the files you suggested. The computer continues to state that thet are write protected or the disk is full. I have tried previous to this to removed them in the safe mode with out luck. I have another program installed that disables them but the reinstall themselves within seconds. Any new suggestions? I appreciate you time and assistance. This trojan is a good one.
Sincerely,
Tracy G. :tazz:
  • 0

#7
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Could you post back a fresh log please
  • 0

#8
winidpooh

winidpooh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
˙ž- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

e w i d o s e c u r i t y s u i t e - S c a n r e p o r t

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



+ C r e a t e d o n : 9 : 3 9 : 0 0 P M , 5 / 3 / 2 0 0 5

+ R e p o r t - C h e c k s u m : 3 9 9 3 2 C 5 2



+ D a t e o f d a t a b a s e : 5 / 4 / 2 0 0 5

+ V e r s i o n o f s c a n e n g i n e : v 3 . 0



+ D u r a t i o n : 4 8 m i n

+ S c a n n e d F i l e s : 7 3 3 9 5

+ S p e e d : 2 5 . 1 9 F i l e s / S e c o n d

+ I n f e c t e d f i l e s : 2 6

+ R e m o v e d f i l e s : 2 5

+ F i l e s p u t i n q u a r a n t i n e : 2 5

+ F i l e s t h a t c o u l d n o t b e o p e n e d : 0

+ F i l e s t h a t c o u l d n o t b e c l e a n e d : 1



+ B i n d e r : Y e s

+ C r y p t e r : Y e s

+ A r c h i v e s : Y e s



+ S c a n n e d i t e m s :

C : \



+ S c a n r e s u l t :

C : \ P r o g r a m F i l e s \ C o m m o n F i l e s \ J a v a \ b p t . c f g - > S p y w a r e . B r o a d c a p . a - > C l e a n e d w i t h b a c k u p

C : \ R E C Y C L E R \ S - 1 - 5 - 2 1 - 2 4 0 9 9 6 0 4 4 7 - 2 9 3 9 5 6 1 9 2 1 - 2 0 1 8 3 2 2 7 7 5 - 1 0 0 3 \ D c 1 . e x e - > S p y w a r e . B e t t e r I n t e r n e t - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ B o l g e r . d l l - > S p y w a r e . B e t t e r I n t e r n e t - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ c e r e s . d l l - > S p y w a r e . B e t t e r I n t e r n e t - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ d r e x i n i t . d l l - > T r o j a n . A g e n t . c o - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ e p g e v w q k a . e x e - > S p y w a r e . B e t t e r I n t e r n e t - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ i s r v s \ d e s k t o p . e x e - > S p y w a r e . I S e a r c h . d - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ i s r v s \ e d m o n d . e x e - > T r o j a n . I s e a r c h - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ i s r v s \ f f i s e a r c h . e x e - > S p y w a r e . I s e a r c h - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ i s r v s \ i s e a r c h . x p i / c h r o m e / i s e a r c h . j a r / c o n t e n t / i s e a r c h / i s e a r c h . j s - > S p y w a r e . I S e a r c h . e - > E r r o r d u r i n g c l e a n i n g

C : \ W I N D O W S \ i s r v s \ m f i l t i s . d l l - > S p y w a r e . I S e a r c h . d - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ i s r v s \ m s d b h k . d l l - > S p y w a r e . I s e a r c h . a - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ i s r v s \ s y s u p d . d l l - > T r o j a n D o w n l o a d e r . I e s e r . a - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ N a i l . e x e - > T r o j a n . N a i l - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ s a s e t u p . d l l - > D i a l e r . G e n e r i c - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ s v c p r o c . e x e - > T r o j a n . S t e r v i s . c - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ S Y S T E M 3 2 \ c o n f i g \ s y s t e m p r o f i l e \ C o o k i e s \ s y s t e m @ m y w a y [ 2 ] . t x t - > S p y w a r e . T r a c k i n g - C o o k i e - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ S Y S T E M 3 2 \ d r i v e r s \ d e l p r o t . s y s - > T r o j a n . D e l p r o t . a - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ S Y S T E M 3 2 \ D r P M o n . d l l - > T r o j a n . A g e n t . d b - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ S Y S T E M 3 2 \ d s k t r f . d l l - > S p y w a r e . B e g i n t o . b - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ S Y S T E M 3 2 \ d x f w l v . e x e - > T r o j a n . A g e n t . c p - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ S Y S T E M 3 2 \ m g t b y h d . e x e - > T r o j a n . A g e n t . c p - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ S Y S T E M 3 2 \ n s s 3 . d l l - > S p y w a r e . B e g i n t o . c - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ S Y S T E M 3 2 \ r t n e g 4 . d l l - > S p y w a r e . B e g i n t o . c - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ S Y S T E M 3 2 \ t h i n - 9 4 - 5 - x - x . e x e - > S p y w a r e . B e t t e r I n t e r n e t - > C l e a n e d w i t h b a c k u p

C : \ W I N D O W S \ w t \ w t v h . d l l - > S p y w a r e . W i l d T a n g e n t . b - > C l e a n e d w i t h b a c k u p





: : R e p o r t E n d

Logfile of HijackThis v1.99.1
Scan saved at 9:40:12 PM, on 5/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\epgevwqka.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.optonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.optonline.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Norton Disk Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~2\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Attached Files


  • 0

#9
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Lets try this,
Search for the files again please, when found, right click on them, click properties, make sure that the Read Only is unchecked, if you have to uncheck them, run through the above fix again please,
If no luck with that please disable The Cleaner, WinPatrol and Spyware Doctor
Try and run through the fix again

Also,

Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt
Move HJT into this folder please,
Then post back a fresh log please
  • 0

#10
winidpooh

winidpooh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok, I have tried all you have suggested. the three main threats refuse to be deleted. This would be C:\WINDOWS\isrvs\desktop.exe, C:\WINDOWS\isrvs\ffisearch.exe as well as a few others that continue to pop up but refuse to leave. they continue to state that they are wither write protected or the disk is full or I do not have authorized permission. I have attached the logs.
Thanks again for your time.
Tracy

Attached Files


  • 0

#11
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Looks to be knocking a few off just the same,
Please disable winpatrol

Please open HJT> Click on the Config button> Click >Misc. Tools > Click > Open Process manager> Check Show DLLs > Highlight “
desktop.exe
ffisearch.exe
“ >Click> Kill process
Next click the scan button and put a check mark next to the following, close all open windows , Click “ Fix Checked”

O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Reboot to safe mode ( by tapping the F8 key on start up ) make sure you can view all hidden folders/files View Hidden Folders search for and delete the following in BOLD

C:\WINDOWS\isrvs\desktop.exe <--Delete the isrvs folder
C:\WINDOWS\isrvs\ffisearch.exe <--same here

Restart your computer,

Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the services called:

System Startup Service

or

SvcProc

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok.

Open HiJackThis, click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (make sure there are NO spaces before or after the name):

SvcProc
Click OK.

It should pull up information about the service, then ask if you want to reboot. Click YES.

Post a new HiJackThis log after it reboots and let me know if you received any error messages.
  • 0

#12
winidpooh

winidpooh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok here goes it. The beginning was abit touch and go. I was still unable to find the desktop files. The seem to stay hidden so I hope I surfed around to find them all. At the end I had to reboot manually. I was unable to complete the last step as it could not find any of the NT processes to delete. After this is all cleaned out do you think this Nortons program will run? I appreciate you time an help so much.
Sincerely,
Tracy


Logfile of HijackThis v1.99.1
Scan saved at 11:32:18 PM, on 5/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.optonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.optonline.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O4 - Startup: Norton Disk Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~2\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Attached Files


  • 0

#13
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Tracey,
Sorry I had to edit your post it's just easier for me to view the log in the topic,

Your log looks clean now,
You should go ahead and enable the programs I had you disable,
See if Nortons will run now


Nice job your log is clean !
How is it running ?
Please use the following suggestion to help prevent reinfection

Download the following program, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster

Keep Ad-aware and Spybot handy, Check them for updates prior to running and run them weekly
Same with your Anti Virus,

For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program
Download and install Cleanup
Run "Cleanup" and when it has finished, Reboot

Remeber to Check Windows for updates

Probably a good time to create a new restore point See Here Name it clean or something like that,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP