• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Kajo

How to remove cpvfeed

7 posts in this topic

Hi everyone

I just kept getting redirected to cpvfeed.com everytime I open Internet Explorer. I have Tendmicro and downloaded AVG but it didn't workout.Here is the hijackthis log file.Any feedback is really appreciated.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 6:14:48 PM, on 5/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\system32\spoolsv.exe

D:\Program Files\AVG Anti-Spyware 7.5\guard.exe

D:\TREND\PCCTLCOM.EXE

C:\WINDOWS\System32\svchost.exe

D:\TREND\Tmntsrv.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\fxssvc.exe

D:\TREND\TMPFW.EXE

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

D:\TREND\PccGuide.exe

C:\WINDOWS\system32\wuauclt.exe

D:\PROGRAM FILES\AVG ANTI-SPYWARE 7.5\AVGAS.EXE

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

D:\TREND\tmproxy.exe

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRAM FILES\TREND MICRO\TMASY\TMASY.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\Documents and Settings\maryam\Local Settings\Temp\hijackthis.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL

O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - D:\TREND\PccIeBar.dll

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\PROGRAM FILES\AVG ANTI-SPYWARE 7.5\AVGAS.EXE" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB

O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtual...iveXClient1.cab

O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents/tm200...ick/TMSetup.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral4.sel.sony.com/sdccom...oad/sonyctl.CAB

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - D:\TREND\PcCtlCom.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - D:\TREND\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\TREND\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\TREND\tmproxy.exe

O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello,

 

* Download Combofix to your desktop.

Doubleclick combofix.exe

Follow the prompts.

Don't click on the window while the fix is running, because that will cause your system to hang.

 

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

Post this log in your next reply together with a new hijackthislog.

Share this post


Link to post
Share on other sites

Here is the recent log for hijackthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 16:28, on 07-05-06

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Program Files\AVG Anti-Spyware 7.5\guard.exe

D:\TREND\PcCtlCom.exe

C:\WINDOWS\System32\svchost.exe

D:\TREND\Tmntsrv.exe

D:\TREND\tmproxy.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

D:\PROGRAM FILES\AVG ANTI-SPYWARE 7.5\AVGAS.EXE

C:\Program Files\Trend Micro\Tmasy\Tmasy.exe

D:\TREND\PccGuide.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\cmd.exe

D:\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - D:\TREND\PccIeBar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL

O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL

O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - D:\TREND\PccIeBar.dll

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\PROGRAM FILES\AVG ANTI-SPYWARE 7.5\AVGAS.EXE" /minimized

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - D:\TREND\PcCtlCom.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - D:\TREND\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\TREND\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\TREND\tmproxy.exe

O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

 

--

End of file - 5912 bytes

 

 

 

 

This is the log foe combofix.exe

"maryam" - 07-05-06 16:26:22 Service Pack 2

ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\maryam\Desktop\"

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\qoobox\purity\C\WINDOWS\WNSXS~1

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-04-06 to 2007-05-06 ))))))))))))))))))))))))))))))))))

 

 

2007-05-02 11:03 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-05-02 10:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-05-02 10:13 <DIR> d-------- C:\DOCUME~1\maryam\.housecall6.6

2007-04-30 19:49 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-04-28 23:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm

2007-04-28 22:59 <DIR> d-------- C:\Program Files\Siber Systems

2007-04-28 12:31 284,244 ---hs---- C:\WINDOWS\system32\vtuts.dll

2007-04-28 12:24 26,678 --a------ C:\WINDOWS\system32\ssqqpom.dll

2007-04-28 12:23 26,678 --a------ C:\WINDOWS\system32\khfedcy.dll

2007-04-28 12:19 <DIR> d-------- C:\WINDOWS\system32\smpi1

2007-04-28 12:19 <DIR> d-------- C:\WINDOWS\system32\SBO

2007-04-28 12:19 <DIR> d-------- C:\Temp

2007-04-22 18:10 <DIR> d-------- C:\WINDOWS\setup.pss

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-05-02 10:13 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-04-28 12:12 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-04-20 20:16 -------- d-------- C:\DOCUME~1\maryam\APPLIC~1\typingmaster7

2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll

2007-03-16 06:17 68296 --a------ C:\DOCUME~1\maryam\APPLIC~1\gdipfontcachev1.dat

2007-03-09 21:35 -------- d-------- C:\Program Files\quicktime

2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll

2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll

2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll

2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys

2007-03-06 17:16 -------- d-------- C:\Program Files\trend micro

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06647158-359E-4D10-A8DE-E6145DA90BE9} D:\TREND\PccIeBar.dll

{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"!AVG Anti-Spyware"="\"D:\\PROGRAM FILES\\AVG ANTI-SPYWARE 7.5\\AVGAS.EXE\" /minimized"

"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"RunNarrator"="Narrator.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{CA2CFBDE-0F94-491B-9286-00C60C553954}"=""

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\0\0

Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

Notification Packages REG_MULTI_SZ scecli\0\0

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

"location"="Common Startup"

"command"="C:\\PROGRA~1\\MICROS~3\\Office10\\OSA.EXE -b -l"

"item"="Microsoft Office"

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"

"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Personal Coach.lnk"

"backup"="C:\\WINDOWS\\pss\\Personal Coach.lnkCommon Startup"

"location"="Common Startup"

"command"="D:\\MINIMA~1.EXE "

"item"="Personal Coach"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Sony\\VAIOAC~1\\VAServ.exe "

"item"="VAIO Action Setup (Server)"

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\VAIO Action Setup (Server).lnk"

"backup"="C:\\WINDOWS\\pss\\VAIO Action Setup (Server).lnkCommon Startup"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"

"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "

"item"="WinZip Quick Pick"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AVGAS"

"hkey"="HKLM"

"command"="\"D:\\PROGRAM FILES\\AVG ANTI-SPYWARE 7.5\\AVGAS.EXE\" /minimized"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Athan"

"hkey"="HKLM"

"command"="D:\\Athan\\Athan.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClrSchLoader]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Loader"

"hkey"="HKLM"

"inimapping"="0"

"command"="C:\\Program Files\\ClearSearch\\Loader.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CMESys"

"hkey"="HKLM"

"inimapping"="0"

"command"="C:\\Program Files\\Common Files\\CMEII\\CMESys.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentService]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="winservn"

"hkey"="HKCU"

"inimapping"="0"

"command"="C:\\WINDOWS\\System32\\winservn.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cpclient.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="cpclient"

"hkey"="HKLM"

"inimapping"="0"

"command"="c:\\cpclient.exe d"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ctfmon"

"hkey"="HKCU"

"command"="C:\\WINDOWS\\system32\\ctfmon.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ezSP_Px"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\System32\\ezSP_Px.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GQDNYB]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GQDNYB"

"hkey"="HKLM"

"inimapping"="0"

"command"="C:\\WINDOWS\\GQDNYB.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gwiz]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ntsystem"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\ntsystem.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iinl]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="fast"

"hkey"="HKCU"

"command"="\"C:\\PROGRA~1\\COMMON~1\\DOBE~1\\fast.exe\" -vt yazb"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoData]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iojaetow"

"hkey"="HKLM"

"command"="rundll32.exe \"C:\\WINDOWS\\system32\\iojaetow.dll\",realset"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ipoint"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="itype"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="dumprep 0 -k"

"hkey"="HKLM"

"command"="%systemroot%\\system32\\dumprep 0 -k"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"

"item"="?????? ????????"

"hkey"="HKCU"

"command"="?????? ????????"

"inimapping"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LTSMMSG"

"hkey"="HKLM"

"command"="LTSMMSG.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mcupdate"

"hkey"="HKLM"

"command"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="WkUFind"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msbb"

"hkey"="HKLM"

"inimapping"="0"

"command"="C:\\WINDOWS\\System32\\msbb.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msmsgs"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mwsoemon"

"hkey"="HKLM"

"inimapping"="0"

"command"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NEWDOT~1"

"hkey"="HKLM"

"command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~1.DLL,NewDotNetStartup"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCCClient.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PCCClient"

"hkey"="HKLM"

"inimapping"="0"

"command"="C:\\Program Files\\Trend Micro\\PC-cillin 2002\\PCCClient.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="pccguide"

"hkey"="HKLM"

"command"="\"D:\\TREND\\pccguide.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHRMEOCM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PHRMEOCM"

"hkey"="HKLM"

"inimapping"="0"

"command"="C:\\WINDOWS\\PHRMEOCM.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QFSCHD100"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Corel\\WordPerfect Office 2002\\Programs\\QFSCHD100.EXE\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="qttask"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Restore Desktop]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Restore Desktop"

"hkey"="HKCU"

"command"="\"D:\\Restore Desktop\\Restore Desktop.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestoreDesktop]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RestoreDesktop"

"hkey"="HKCU"

"command"="D:\\Restore Desktop\\RestoreDesktop.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RoboTaskBarIcon"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"

"item"="?????? ????????"

"hkey"="HKCU"

"command"="?????? ????????"

"inimapping"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="retadpu2000219"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Tray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKLM"

"command"=""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="StatusClient"

"hkey"="HKLM"

"command"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\StatusClient\\StatusClient.exe /auto"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="realsched"

"hkey"="HKLM"

"inimapping"="0"

"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="winampa"

"hkey"="HKLM"

"inimapping"="0"

"command"="C:\\Program Files\\EasyMP3\\Winamp3\\winampa.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="MSASCui"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="WinPatrol"

"hkey"="HKLM"

"command"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\WinPatrol.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="server"

"hkey"="HKLM"

"command"="c:\\program files\\support.com\\client\\lserver\\server.vbs"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WinToolsSvc"=dword:00000002

"PCCPFW"=dword:00000002

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

 

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\Registration reminder 1.job

 

********************************************************************

 

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-06 16:34:45

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

********************************************************************

 

Completion time: 07-05-06 16:35:43

C:\ComboFix-quarantined-files.txt ... 07-05-06 16:35

C:\ComboFix2.txt ... 07-05-02 11:03

Share this post


Link to post
Share on other sites

Hi,

 

I see you ran Combofix 2 times, so it should have deleted the offending files (core.sys) in the first run. We'll see afterwards.

 

 

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

 

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

 

I see you disabled A LOT of bad entries via msconfig. Because of that, they didn't show in Hijackthis, so I couldn't tell you either which ones to check and fix since you disabled them. Don't enable them - we'll delete them with a regfix.

 

Perform my next steps in the right order...

 

Please set your system to show all files.

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

Uncheck: Hide file extensions for known file types

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

 

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.

And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.

 

Delete next files and folders:

 

C:\WINDOWS\system32\vtuts.dll

C:\WINDOWS\system32\ssqqpom.dll

C:\WINDOWS\system32\khfedcy.dll

C:\WINDOWS\system32\smpi1 <== folder

C:\WINDOWS\system32\SBO <== folder

C:\Temp <== remove the contents of this folder

 

Open notepad and copy and paste next present in the quotebox below in it:

(don't forget to copy and paste REGEDIT4)

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{CA2CFBDE-0F94-491B-9286-00C60C553954}"=-

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClrSchLoader]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentService]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cpclient.exe]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GQDNYB]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gwiz]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iinl]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoData]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WinToolsSvc"=-

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this: reg.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

(In case you are unsure how to create a reg file, take a look here with screenshots.)

 

Then please post the contents of next log in your next reply:

 

C:\ComboFix-quarantined-files.txt

 

This will show what Combfix deleted/quarantined in your first run with Combofix

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this Topic is closed.

 

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here

This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0