Jump to content


Photo

Installed Cyberdefender Free 2.0 and uninstalled it but AOL SAFETY AND SECURITY says it is still there.


  • This topic is locked This topic is locked
70 replies to this topic

#1 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 31 December 2006 - 08:27 PM

I installed CyberDefender FREE 2.0 at the end of November and uninstalled a few days later. I just downloaded AOL Safety and Security Center and i can't use the Mcafee antivirus because CyberDefender is still on my computer.

Logfile of HijackThis v1.99.1
Scan saved at 9:24:41 PM, on 12/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\4979\SAService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\1167195191\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1167195191\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.1.720.5674\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1167195191\ee\aolsoftware.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\SiteAdvisor\4979\SiteAdv.exe
c:\program files\aim6\anotify.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Optimum Online net guide] "C:\Program Files\Optimum Online\Netsurf.exe" -trayicon
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167195191\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1167195191\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1167195191\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.1.720.5674\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\cdinstx.exe" -cfgwizard
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\Ereg\EPSONREG.EXE
O4 - Global Startup: AOL Safety and Security Center (2).lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161734753046
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...indows-i586.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: PCCare Premium - Unknown owner - C:\Program Files\PCCare\Client\srvc.exe (file missing)
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\4979\SAService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Edited by spyware sucks, 02 January 2007 - 08:02 PM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 03 January 2007 - 05:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 04 January 2007 - 09:08 AM

Hello spyware sucks,

Sorry for the delay. :unsure:

I suppose you do not have a recent system restore point you can go to ?

Did you use the program's own uninstaller to (try to) remove CyberDefender ?
Removal from the Software list or via C:\Program Files\CyberDefender ?

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup
Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

1. Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following, if still present :O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\cdinstx.exe" -cfgwizard
Click Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

2. Open Windows Explorer and use the "Search" option, search string "CyberDefender", to find all leftover folders and files, and remove if possible.

3. Please download RegSearch 2.0 by Bobbi FlekmanRight click the RegSearch zip folder and extract to your Desktop.

Double-click regsearch.exe, and search for :CyberDefender
It may take a while to run, so be patient.
When finished, the search results will appear in your text editor.

Post the contents of the search into your reply.
[/list]Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#4 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 04 January 2007 - 03:30 PM

I used Add/Remove programs



Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman 2005
; Version: 2.0.2.0

; Results at 1/4/2007 4:17:39 PM for strings:
; 'cyberdefender'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E53AE00-5746-475E-8F7F-4EA85A1BC7A4}\ProgID]
@="CyberDefender.EDCConfigWizard.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E53AE00-5746-475E-8F7F-4EA85A1BC7A4}\VersionIndependentProgID]
@="CyberDefender.EDCConfigWizard"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEF3D8E2-7497-48d8-B574-DA1C4AB22B93}\ProgID]
@="CyberDefender.EDCConfigHostExternalUIHndlr.1.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEF3D8E2-7497-48d8-B574-DA1C4AB22B93}\VersionIndependentProgID]
@="CyberDefender.EDCConfigHostExternalUIHndlr.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{85EA5F42-C785-450A-81E5-176639B8A3C9}\1.0\0\win32]
@="C:\\Program Files\\CyberDefender\\HomePage\\CDWebVw.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{85EA5F42-C785-450A-81E5-176639B8A3C9}\1.0\HELPDIR]
@="C:\\Program Files\\CyberDefender\\HomePage\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AD4E8864-245A-4C8D-BE59-23A6C9DD54AA}\1.0\0\win32]
@="C:\\Program Files\\CyberDefender\\AntiVirus\\CybDefCom.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AD4E8864-245A-4C8D-BE59-23A6C9DD54AA}\1.0\HELPDIR]
@="C:\\Program Files\\CyberDefender\\AntiVirus\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE3739AE-27BB-48BE-BD79-E820389BD8C0}\1.0\0\win32]
@="C:\\Program Files\\CyberDefender\\AntiSpyware\\EDCConfig.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE3739AE-27BB-48BE-BD79-E820389BD8C0}\1.0\HELPDIR]
@="C:\\Program Files\\CyberDefender\\AntiSpyware\\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\CyberDefender\\AntiSpyware\\cdas1e.exe"="C:\\Program Files\\CyberDefender\\AntiSpyware\\cdas1e.exe:*:Enabled:CyberDefender AntiSpyware"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\CyberDefender\\AntiSpyware\\cdas1e.exe"="C:\\Program Files\\CyberDefender\\AntiSpyware\\cdas1e.exe:*:Enabled:CyberDefender AntiSpyware"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\CyberDefender\\AntiSpyware\\cdas1e.exe"="C:\\Program Files\\CyberDefender\\AntiSpyware\\cdas1e.exe:*:Enabled:CyberDefender AntiSpyware"

[HKEY_CURRENT_USER\Software\CyberDefender]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU]
"000"="CyberDefender"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\CyberDefender]

; End Of The Log...

#5 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 05 January 2007 - 04:45 AM

Hello spyware sucks,

Open Notepad, copy and paste next (in bold) in an empty window: REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E53AE00-5746-475E-8F7F-4EA85A1BC7A4}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEF3D8E2-7497-48d8-B574-DA1C4AB22B93}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{85EA5F42-C785-450A-81E5-176639B8A3C9}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AD4E8864-245A-4C8D-BE59-23A6C9DD54AA}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE3739AE-27BB-48BE-BD79-E820389BD8C0}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\CyberDefender\\AntiSpyware\\cdas1e.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\CyberDefender\\AntiSpyware\\cdas1e.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\CyberDefender\\AntiSpyware\\cdas1e.exe"=-

[-HKEY_CURRENT_USER\Software\CyberDefender]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\CyberDefender]

Save it to your Desktop as regfix.reg, type "all files".

Doublecllik on regfix.reg and allow admission to the registry.

Reboot your PC and check if McAfee works properly now. :hmmm:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#6 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 05 January 2007 - 03:10 PM

That didn't work. Was I supposed to make what i copied in notepad bold? Because i didn't make it bold.

#7 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 05 January 2007 - 05:54 PM

No, you just have to copy everything in blue (don't forget to copy REGEDIT as well !)
in an empty Notepad window,
and save it as regfix.reg (change the filetype from Textfiles (*.txt) to All Files)
to your Desktop.

Doubleclick on it en you should get a question to merge it with the register.
Accept, and that's it.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#8 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 06 January 2007 - 01:47 PM

I did that but it still says that it is on my computer

#9 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 06 January 2007 - 03:58 PM

Hello spyware sucks,

Can you have your PC reboot and run the RegSearch once more please ?

Post a fresh HijackThis log as well.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#10 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 06 January 2007 - 06:37 PM

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman 2005
; Version: 2.0.2.0

; Results at 1/6/2007 7:20:31 PM for strings:
; 'cyberdefender'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

Edited by spyware sucks, 08 January 2007 - 02:21 PM.


#11 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 08 January 2007 - 02:21 PM

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman 2005
; Version: 2.0.2.0

; Results at 1/6/2007 7:20:31 PM for strings:
; 'cybdef'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CybDefCom.OfficeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CybDefCom.OfficeAntiVirus\eBlocs-ISS]



; End Of The Log...

#12 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 08 January 2007 - 04:43 PM

Hello spyware sucks,

Let's see if that might hold your install back :

First of all, delete the old regfix.reg on your Desktop.

Then once more, open Notepad, copy and paste next (in bold) in an empty window: REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CybDefCom.OfficeAntiVirus]

Save it to your Desktop as regfix.reg, type "all files".

Doublecllik on regfix.reg and allow admission to the registry.

Reboot your PC and check if McAfee works properly now. :hmmm:

edit: it might be a good idea to check with the Windows Explorer "Search" function, if you find anything left from Cyberdefender (search on both strings) and delete anything you might find.

Greetings,
Thunder

Edited by Thunder, 08 January 2007 - 04:48 PM.

Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#13 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 08 January 2007 - 05:23 PM

I did that and it still didn't work. And my searches take literally two seconds and doesn't find anything. Is that a problem?

I found something interesting in msconfig. Does CyberDefender use Spyblocs? I have found alot of things that say spybolcs or eblocs that you will see following this.


In "msconfig" i looked under the WIN.INI tab and saw there are three suspicious things i saw they are called [CybDefKeepSafe], [XXXXXXXXXXXX], and [CDWINSETUP].

If you click on the + that is next to [CybDefKeepSafe] it shows something called
;msconfig ClientID={80D57307-FA17-49A6-8A27-2C8BFC8C8CCB}


If you click on the + that is next to [XXXXXXXXXXXX] it shows 33 other items, they are called
;msconfig ShellExecute=12/04/2006 13:34:51
;msconfig I_AVUI::CloseWindow=2006/12/04 14:16:05
;msconfig I_AVUI::CloseWindowend=2006/12/04 14:16:06
;msconfig I_ASUI::CloseWindow=2006/12/04 14:16:06
;msconfig ~CSpyBlocsView=2006/12/04 14:16:06
;msconfig ~CNetwork=2006/12/04 14:16:06
;msconfig ~CDownloadFile=2006/12/04 14:16:06
;msconfig ~CDownloadFile end=2006/12/04 14:16:06
;msconfig ~CUploadFile=2006/12/04 14:16:06
;msconfig ~CUploadFile end=2006/12/04 14:16:06
;msconfig ~CNetwork end=2006/12/04 14:16:06
;msconfig ~CScanControl=2006/12/04 14:16:06
;msconfig StopThread m_hShieldThread=2006/12/04 14:16:06
;msconfig StopThread m_hScanThread=2006/12/04 14:16:06
;msconfig ~CProcessList=2006/12/04 14:16:06
;msconfig delete m_pNtProcessMonitor=2006/12/04 14:16:06
;msconfig StopThread m_hRemoveAllThread=2006/12/04 14:16:06
;msconfig StopThread m_hRestoreAllThread=2006/12/04 14:16:06
;msconfig delete m_TaskManagerForProcessList=2006/12/04 14:16:06
;msconfig m_PatFilesList.clear=2006/12/04 14:16:06
;msconfig FreeLibrary(m_hModPSAPI)=2006/12/04 14:16:07
;msconfig ~CProcessList end=2006/12/04 14:16:07
;msconfig delete m_pProcessList=2006/12/04 14:16:07
;msconfig ~CScanControlend=2006/12/04 14:16:07
;msconfig EBlocsSB ExitInstance=2006/12/04 14:16:07
;msconfig EBlocsSB ExitInstance end=2006/12/04 14:16:07
;msconfig ~CSpyBlocsViewend=2006/12/04 14:16:09
;msconfig I_ASUI::CloseWindowend=2006/12/04 14:16:08
;msconfig ~CSYSView=2006/12/04 14:16:09
;msconfig LiveReport=2006/12/04 13:42:14
;msconfig LiveReportend=2006/12/04 13:42:14
;msconfig StartDownload=2006/12/04 14:12:15
;msconfig endDownload=2006/12/04 14:12:16


And when you click on the + that is next to [CDWINSETUP] there is one item called. I only think that [CDWINSETUP] could be one of the problems because the "CD" could stand for CyberDefender
;msconfig AUTOUNLOAD=No


When you put a check in the box next to the items it removes the ;msconfig and keeps everything the same.
Here is an example
If the box is not checked it would say ";msconfig abc"
And if the box is checked it would say "abc"

I DON'T HAVE ANY OF THESE CHECKED

Edited by spyware sucks, 08 January 2007 - 05:29 PM.


#14 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 13 January 2007 - 07:36 PM

Please Help

#15 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 14 January 2007 - 05:13 AM

Hello spyware sucks,

Sorry it took a while,
I've been trying to figure out what else we have to get rid off. ^_^

Using Windows Explorer, check if present, and delete (replace "Owner" by your account name) : c:\CybDefInstallInfo.log
c:\Documents and Settings\Owner\Desktop\CyberDefender AntiSpyware.lnk
c:\Documents and Settings\Owner\Start Menu\Programs\CyberDefender\AntiSpyware Support.url
c:\Documents and Settings\Owner\Start Menu\Programs\CyberDefender\CyberDefender AntiSpyware.lnk
c:\Program Files\CyberDefender => entire folder
C:\Program Files\eBlocs => entire folder
c:\WINDOWS\as_affiliate.ini
Delete the old regfix.reg on your Desktop.

Then once more, open Notepad, copy and paste next (in bold) in an empty window: REGEDIT4

[-HKEY_CURRENT_USER\Software\WsLiveUp]

[-HKEY_CURRENT_USER\Software\ebc]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CybDefCom.OfficeAntiVirus]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HttpSvr.Logfile]

[-HKEY_LOCAL_MACHINE\SOFTWARE\WsLiveUp]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CDAVFS]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UWProSys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDAVFS]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UWProSys]

Save it to your Desktop as regfix.reg, type "all files".

Doublecllik on regfix.reg and allow admission to the registry.

Reboot your PC and try once more.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#16 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 14 January 2007 - 10:12 AM

It didn't work should i also delete st_affiliate.ini and av_affiliate.ini?

Edited by spyware sucks, 14 January 2007 - 10:12 AM.


#17 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 14 January 2007 - 05:01 PM

Hello spyware sucks,

Were they made at the same moment ?
(Check their properties please.)
What's their location ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#18 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 14 January 2007 - 05:33 PM

st_affiliate.ini was created on Sunday, December 03, 2006, 10:51:48 AM

av_affiliate.ini was created on Sunday, December 03, 2006, 10:53:38 AM


And everything is still in win.ini

#19 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 15 January 2007 - 09:06 AM

Hello spyware sucks,

Before we tackle anything in win.ini,
I'd like to see a Combofix log first :

Download Combofix to your Desktop.Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang!
When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new HijackThis log.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#20 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 15 January 2007 - 01:18 PM

COMBOFIX

"Casey" - 07-01-15 14:02:42 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Casey\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\npf.sys


((((((((((((((((((((((((((((((( Files Created from 2006-12-15 to 2007-01-15 ))))))))))))))))))))))))))))))))))


2007-01-14 14:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-13 19:27 <DIR> d-------- C:\DOCUME~1\MOM\Application Data\Viewpoint
2007-01-13 00:08 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-11 17:12 <DIR> d-------- C:\DOCUME~1\Casey\Application Data\Viewpoint
2006-12-31 18:14 <DIR> d-------- C:\Program Files\HijackThis
2006-12-30 13:13 <DIR> d-------- C:\DOCUME~1\MOM\Application Data\McAfee.com Personal Firewall
2006-12-28 16:08 <DIR> d-------- C:\Program Files\AOL Security Toolbar
2006-12-28 15:39 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-12-27 14:28 23,296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys
2006-12-27 14:13 341,064 --a------ C:\WINDOWS\system32\mcinsctl.dll
2006-12-27 14:13 279,624 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2006-12-27 00:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2006-12-27 00:03 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2006-12-27 00:03 8,704 --a------ C:\WINDOWS\system32\MPFApi.dll
2006-12-27 00:01 <DIR> d-------- C:\Program Files\CA
2006-12-26 23:57 <DIR> d-------- C:\Program Files\Common Files\McAfee
2006-12-26 23:56 <DIR> d-------- C:\Program Files\mcafee.com
2006-12-26 23:52 <DIR> d-------- C:\Program Files\Common Files\aolshare
2006-12-26 22:58 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\McAfee.com Personal Firewall
2006-12-26 22:58 <DIR> d-------- C:\DOCUME~1\Casey\Application Data\McAfee.com Personal Firewall
2006-12-26 22:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\mcafee.com personal firewall
2006-12-23 18:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2006-12-16 18:46 <DIR> d-------- C:\DOCUME~1\Casey\Application Data\WholeSecurity


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-15 13:58 -------- d-------- C:\Program Files\mozilla firefox
2006-12-31 20:14 -------- d-------- C:\DOCUME~1\Casey\Application Data\siteadvisor
2006-12-31 18:14 -------- d-------- C:\Program Files\aol
2006-12-28 15:44 -------- d-------- C:\Program Files\Common Files\aol
2006-12-27 00:21 -------- d---s---- C:\DOCUME~1\Casey\Application Data\microsoft
2006-12-26 23:56 -------- d-------- C:\DOCUME~1\Casey\Application Data\aol
2006-12-23 18:43 -------- d-------- C:\Program Files\siteadvisor
2006-12-12 15:49 -------- d-------- C:\DOCUME~1\Casey\Application Data\acccore
2006-12-12 15:48 -------- d-------- C:\DOCUME~1\Casey\Application Data\aim
2006-12-12 15:47 -------- d-------- C:\Program Files\aim6
2006-12-10 17:19 -------- d-------- C:\Program Files\windows media connect 2
2006-12-08 23:51 -------- d-------- C:\Program Files\mtv networks
2006-12-06 20:12 -------- d-------- C:\Program Files\quicktime
2006-12-05 18:51 737280 --a------ C:\WINDOWS\iun6002.exe
2006-12-04 14:26 -------- d--h----- C:\Program Files\installshield installation information
2006-12-04 14:25 -------- d-------- C:\Program Files\musicmatch
2006-11-26 19:16 -------- d-------- C:\DOCUME~1\Casey\Application Data\adobe
2006-11-25 00:10 -------- d-------- C:\Program Files\online services
2006-11-20 03:42 33280 --a------ C:\WINDOWS\system32\snmp.exe
2006-11-19 17:11 -------- d-------- C:\DOCUME~1\Casey\Application Data\mozilla
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 15:09 6049280 --a------ C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --a------ C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.1.720.5674\\GoogleToolbarNotifier.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\" HIDEMAIN"
"EPSON Stylus CX4800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIADA.EXE /P26 \"EPSON Stylus CX4800 Series\" /O6 \"USB001\" /M \"Stylus CX4800\""
"Optimum Online net guide"="\"C:\\Program Files\\Optimum Online\\Netsurf.exe\" -trayicon"
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"VTPreset"="VTPreset.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1167195191\\ee\\AOLSoftware.exe"
"AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1167195191\\ee\\services\\safetyCore\\ver210_5_2_1\\AOLSP Scheduler.exe"
"sscRun"="C:\\Program Files\\Common Files\\AOL\\1167195191\\ee\\SSCRun.exe"
"MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe"
"aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\""
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOOGLE~1.EXE -systray -startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim6"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCCareCApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="capp"
"hkey"="HKLM"
"command"="C:\\Program Files\\PCCare\\Client\\capp.exe -r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.1.720.5674\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000001
"DisableTaskMgr"=dword:00000000
"DisableChangePassword"=dword:00000000
"DisableLockWorkstation"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableChangePassword"=dword:00000000
"DisableLockWorkstation"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=dword:00000000
"NoLogoff"=dword:00000000
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=dword:00000000
"NoLogoff"=dword:00000000
"NoWinKeys"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Ad-Aware SE Personal.job
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\Disk Defragmenter.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 07-01-15 14:10:49




Logfile of HijackThis v1.99.1
Scan saved at 2:15:35 PM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\1167195191\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.1.720.5674\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\4979\SAService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\utilman.exe
C:\Program Files\Common Files\AOL\1167195191\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1167195191\ee\aolsoftware.exe
C:\Program Files\SiteAdvisor\4979\SiteAdv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Optimum Online net guide] "C:\Program Files\Optimum Online\Netsurf.exe" -trayicon
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167195191\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1167195191\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1167195191\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.1.720.5674\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\Ereg\EPSONREG.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161734753046
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...indows-i586.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: PCCare Premium - Unknown owner - C:\Program Files\PCCare\Client\srvc.exe (file missing)
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\4979\SAService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

#21 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 15 January 2007 - 03:57 PM

Hello spyware sucks,

Just to be sure nothing hidden is interfering :

Download and save F-Secure Blacklight to your desktop.Double-click blbeta.exe, then accept the agreement.
click > scan, then > next,
You'll see a list of all items found - if found, so don't worry it tells that there were no files found.
In case hidden files were found, don't choose for rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply please.
Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#22 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 15 January 2007 - 06:32 PM

01/15/07 19:20:41 [Info]: BlackLight Engine 1.0.55 initialized
01/15/07 19:20:41 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/15/07 19:20:41 [Note]: 7019 4
01/15/07 19:20:41 [Note]: 7005 0
01/15/07 19:20:53 [Note]: 7006 0
01/15/07 19:20:53 [Note]: 7011 1912
01/15/07 19:20:54 [Note]: 7026 0
01/15/07 19:20:55 [Note]: 7026 0
01/15/07 19:21:49 [Note]: FSRAW library version 1.7.1021
01/15/07 19:29:08 [Note]: 2000 1012
01/15/07 19:29:08 [Note]: 2000 1012
01/15/07 19:31:43 [Note]: 7007 0

#23 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 17 January 2007 - 01:39 PM

Hello spyware sucks,

That looks fine. ^_^

There seem to be some restrictive policies present however :
Please download Dial-a-fix to your Desktop and unpack the content to its Dial-a-fix-v0.60.0.24 folder.Open the folder and doubleclick Dial-a-fix.exe to start the program.
At the bottom of the program window, click the "Policies..." button.
If any restrictive policies are found, select them all and click the "Remove" button below.
Then click "Close". This should close the policies window.
Then click "Exit" in the main window under it, because we don't need anything else from there.
REBOOT your computer afterwards, important.

I see you may still have Viewpoint installed?
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546
I suggest you remove the program now, if you did not install it.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player

Using Windows Explorer, search and delete if still present (in bold):C:\Program Files\Viewpoint => entire folder, if uninstalled from add/remove programs
Now back to your problem :
It's somewhat a mystery to me why you had Active Virus Shield installed in the first place. :hmmm:
You are already using the McAfee Security Pack, and as you may or may not know,
having both of them present will very likely cause problems and have them interfering each other anyway.

Furthermore, the AOL Security Toolbar doesn't only freeze your browser, but it has a dubious reputation as well.
The AOL Security Toolbar can be uninstalled via add/remove programs.
In this case, I'd even uninstall the entire AOL Security Pack.
You might find, upon reboot, that's also the end of your problem. ^_^
Don't forget to remove any leftover program files as well afterwards.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#24 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 17 January 2007 - 03:20 PM

I did everything you told me to do except uninstall AOL Security Pack.

I have Active Security Shield installed on my computer because i can't install the Mcafee antivirus that comes with AOL SECURITY PACK because of CyberDefender. And i can't uninstall AOL Security Pack because i won't have any protection.

AOL SECURITY PACK uses Mcafee Antivirus, Mcafee Firewall, and eTrust PestPatrol

Edited by spyware sucks, 18 January 2007 - 12:54 PM.


#25 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 18 January 2007 - 12:56 PM

When i used Dial-a-Fix there were two things that one of them said something about disabling regedit but i don't remember the exact words.

Edited by spyware sucks, 18 January 2007 - 12:58 PM.


#26 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 18 January 2007 - 02:58 PM

Hello spyware sucks,

Can you find out wheter or not this file is still present :c:\WINDOWS\system32\drivers\CDAVFS.sys
Did you remove the restrictive policies ?

Can I see a fresh combofix log and a new HijackThis log please ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#27 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 18 January 2007 - 09:04 PM

I didn't find that file. And I removed the restrictive policie

#28 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 18 January 2007 - 09:24 PM

COMBOFIX

"Casey" - 07-01-18 22:07:54 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Casey\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-18 to 2007-01-18 ))))))))))))))))))))))))))))))))))


2007-01-14 14:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-13 19:27 <DIR> d-------- C:\DOCUME~1\MOM\Application Data\Viewpoint
2007-01-13 00:08 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-11 17:12 <DIR> d-------- C:\DOCUME~1\Casey\Application Data\Viewpoint
2006-12-31 18:14 <DIR> d-------- C:\Program Files\HijackThis
2006-12-30 13:13 <DIR> d-------- C:\DOCUME~1\MOM\Application Data\McAfee.com Personal Firewall
2006-12-28 15:39 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-12-27 14:28 23,296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys
2006-12-27 14:13 341,064 --a------ C:\WINDOWS\system32\mcinsctl.dll
2006-12-27 14:13 279,624 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2006-12-27 00:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2006-12-27 00:03 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2006-12-27 00:03 8,704 --a------ C:\WINDOWS\system32\MPFApi.dll
2006-12-27 00:01 <DIR> d-------- C:\Program Files\CA
2006-12-26 23:57 <DIR> d-------- C:\Program Files\Common Files\McAfee
2006-12-26 23:56 <DIR> d-------- C:\Program Files\mcafee.com
2006-12-26 23:52 <DIR> d-------- C:\Program Files\Common Files\aolshare
2006-12-26 22:58 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\McAfee.com Personal Firewall
2006-12-26 22:58 <DIR> d-------- C:\DOCUME~1\Casey\Application Data\McAfee.com Personal Firewall
2006-12-26 22:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\mcafee.com personal firewall
2006-12-23 18:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-18 21:58 -------- d-------- C:\Program Files\mozilla firefox
2006-12-31 20:14 -------- d-------- C:\DOCUME~1\Casey\Application Data\siteadvisor
2006-12-31 18:14 -------- d-------- C:\Program Files\aol
2006-12-28 15:44 -------- d-------- C:\Program Files\Common Files\aol
2006-12-27 00:21 -------- d---s---- C:\DOCUME~1\Casey\Application Data\microsoft
2006-12-26 23:56 -------- d-------- C:\DOCUME~1\Casey\Application Data\aol
2006-12-23 18:43 -------- d-------- C:\Program Files\siteadvisor
2006-12-16 18:46 -------- d-------- C:\DOCUME~1\Casey\Application Data\wholesecurity
2006-12-12 15:49 -------- d-------- C:\DOCUME~1\Casey\Application Data\acccore
2006-12-12 15:48 -------- d-------- C:\DOCUME~1\Casey\Application Data\aim
2006-12-12 15:47 -------- d-------- C:\Program Files\aim6
2006-12-10 17:19 -------- d-------- C:\Program Files\windows media connect 2
2006-12-08 23:51 -------- d-------- C:\Program Files\mtv networks
2006-12-06 20:12 -------- d-------- C:\Program Files\quicktime
2006-12-05 18:51 737280 --a------ C:\WINDOWS\iun6002.exe
2006-12-04 14:26 -------- d--h----- C:\Program Files\installshield installation information
2006-12-04 14:25 -------- d-------- C:\Program Files\musicmatch
2006-11-26 19:16 -------- d-------- C:\DOCUME~1\Casey\Application Data\adobe
2006-11-25 00:10 -------- d-------- C:\Program Files\online services
2006-11-20 03:42 33280 --a------ C:\WINDOWS\system32\snmp.exe
2006-11-19 17:11 -------- d-------- C:\DOCUME~1\Casey\Application Data\mozilla
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 15:09 6049280 --a------ C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --a------ C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.1.720.5674\\GoogleToolbarNotifier.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\" HIDEMAIN"
"EPSON Stylus CX4800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIADA.EXE /P26 \"EPSON Stylus CX4800 Series\" /O6 \"USB001\" /M \"Stylus CX4800\""
"Optimum Online net guide"="\"C:\\Program Files\\Optimum Online\\Netsurf.exe\" -trayicon"
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"VTPreset"="VTPreset.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1167195191\\ee\\AOLSoftware.exe"
"AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1167195191\\ee\\services\\safetyCore\\ver210_5_2_1\\AOLSP Scheduler.exe"
"sscRun"="C:\\Program Files\\Common Files\\AOL\\1167195191\\ee\\SSCRun.exe"
"MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe"
"aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOOGLE~1.EXE -systray -startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim6"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCCareCApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="capp"
"hkey"="HKLM"
"command"="C:\\Program Files\\PCCare\\Client\\capp.exe -r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.1.720.5674\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableChangePassword"=dword:00000000
"DisableLockWorkstation"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableChangePassword"=dword:00000000
"DisableLockWorkstation"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=dword:00000000
"NoLogoff"=dword:00000000
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=dword:00000000
"NoLogoff"=dword:00000000
"NoWinKeys"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Ad-Aware SE Personal.job
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\Disk Defragmenter.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 07-01-18 22:18:30
C:\ComboFix2.txt ... 07-01-15 14:13

Edited by spyware sucks, 18 January 2007 - 09:42 PM.


#29 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 18 January 2007 - 09:43 PM

Hijack This

Logfile of HijackThis v1.99.1
Scan saved at 10:25:48 PM, on 1/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\4979\SAService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\1167195191\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1167195191\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.1.720.5674\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\1167195191\ee\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Optimum Online net guide] "C:\Program Files\Optimum Online\Netsurf.exe" -trayicon
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167195191\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1167195191\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1167195191\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.1.720.5674\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\Ereg\EPSONREG.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161734753046
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...indows-i586.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: PCCare Premium - Unknown owner - C:\Program Files\PCCare\Client\srvc.exe (file missing)
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\4979\SAService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

#30 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 19 January 2007 - 11:12 PM

What should i do next?

#31 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 24 January 2007 - 04:09 AM

Hello spyware sucks,

I must have missed your latest replies, sorry about that :blush:

Back to your problem :
I've been trying to reconstruct in VM the problem your faced with,
and found out that Cyberdefender leaves quite a pile of junk behind, even after correct uninstallation. :gasp:

I've made another registry fix, based on the identification of the leftover keys.

Can you please uninstall McAfee's SiteAdvisor first through Control Panel > Software ?

Then :
Open Notepad, copy and paste next (in bold) in an empty window: REGEDIT4

[-HKEY_CURRENT_USER\Software\WsLiveUp]

[-HKEY_CLASSES_ROOT\AppID\{0F0ED099-0402-4CF8-8A74-520F0ED354DF}]

[-HKEY_CLASSES_ROOT\AppID\{F3097835-8B74-4AA4-BCDC-CFAF7DB2F8C9}]

[-HKEY_CLASSES_ROOT\AppID\{F5155FFD-602F-4DB7-9629-BFF3FEE49093}]

[-HKEY_CLASSES_ROOT\AppID\EDCConfig.EXE]

[-HKEY_CLASSES_ROOT\CLSID\{0ECF824A-5FC2-4B96-AF46-F656996DB323}]

[-HKEY_CLASSES_ROOT\CLSID\{12BAF038-264C-464B-9D58-C83B3781DD4C}]

[-HKEY_CLASSES_ROOT\CLSID\{12BAF045-264C-464B-9D58-C83B3781DD4C}]

[-HKEY_CLASSES_ROOT\CLSID\{12BAF048-264C-464B-9D58-C83B3781DD4C}]

[-HKEY_CLASSES_ROOT\CLSID\{12BAF059-264C-464B-9D58-C83B3781DD4C}]

[-HKEY_CLASSES_ROOT\CLSID\{12BAF05C-264C-464B-9D58-C83B3781DD4C}]

[-HKEY_CLASSES_ROOT\CLSID\{12BAF069-264C-464B-9D58-C83B3781DD4C}]

[-HKEY_CLASSES_ROOT\CLSID\{27D02595-3CBA-4743-98A4-BC7AC3B02B36}]

[-HKEY_CLASSES_ROOT\CLSID\{308193AC-E3A0-49D9-8649-7AE023F69067}]

[-HKEY_CLASSES_ROOT\CLSID\{4077DB6F-7798-4383-AB03-D63EE4394BBE}]

[-HKEY_CLASSES_ROOT\CLSID\{54BA1E8F-818D-407F-949D-BAE1692C5C18}]

[-HKEY_CLASSES_ROOT\CLSID\{550C8FFB-4DC0-4756-828C-862E6D0AE74F}]

[-HKEY_CLASSES_ROOT\CLSID\{57EC406A-23E9-4E30-85D3-2C7D1804C1F3}]

[-HKEY_CLASSES_ROOT\CLSID\{5AD9503F-7B90-469E-9C29-765ED10C3CE8}]

[-HKEY_CLASSES_ROOT\CLSID\{5E53AE00-5746-475E-8F7F-4EA85A1BC7A4}]

[-HKEY_CLASSES_ROOT\CLSID\{60A9863A-11FD-4080-850E-A8E184FC3A3C}]

[-HKEY_CLASSES_ROOT\CLSID\{68FF9E0F-2E96-4467-87FA-1A8B9734C7E7}]

[-HKEY_CLASSES_ROOT\CLSID\{7BA9DA59-959A-4E1B-A600-CE06A033415C}]

[-HKEY_CLASSES_ROOT\CLSID\{7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}]

[-HKEY_CLASSES_ROOT\CLSID\{883F25C2-614F-444B-B110-F2ED90E61925}]

[-HKEY_CLASSES_ROOT\CLSID\{9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}]

[-HKEY_CLASSES_ROOT\CLSID\{91D221C4-0CD4-461C-A728-01D509321556}]

[-HKEY_CLASSES_ROOT\CLSID\{94AFFFCC-6C05-4814-B123-A941105AA77F}]

[-HKEY_CLASSES_ROOT\CLSID\{9585D7B6-C0E9-483C-986E-740C5DE01F97}]

]-HKEY_CLASSES_ROOT\CLSID\{A440BD76-CFE1-4D46-AB1F-15F238437A3D}]

[-HKEY_CLASSES_ROOT\CLSID\{A996E48C-D3DC-4244-89F7-AFA33EC60679}]

[-HKEY_CLASSES_ROOT\CLSID\{B114534C-B917-4289-9B5F-E1F3F050251F}]

[-HKEY_CLASSES_ROOT\CLSID\{CBA052B9-7988-4594-A44F-9239F9BD0B57}]

[-HKEY_CLASSES_ROOT\CLSID\{CE32ABF6-475D-41F6-BF82-D27F03E3D38B}]

[-HKEY_CLASSES_ROOT\CLSID\{CEF3D8E2-7497-48d8-B574-DA1C4AB22B93}]

[-HKEY_CLASSES_ROOT\CLSID\{F3A12E08-EDE9-4160-8B51-334D982A9AD0}]

[-HKEY_CLASSES_ROOT\CLSID\{F4C94434-96F2-493A-951A-7622E7AE13BE}]

[-HKEY_CLASSES_ROOT\CLSID\{F6DCBA17-D2E9-430E-8D6F-83198004F674}]

[-HKEY_CLASSES_ROOT\CyberDefender.EDCConfigWizard]

[-HKEY_CLASSES_ROOT\CyberDefender.EDCConfigWizard.1]

[-HKEY_CLASSES_ROOT\Interface\{324E5453-C53C-450B-8FD9-8868B8BB1C5C}]

[-HKEY_CLASSES_ROOT\Interface\{33910C6F-06BD-43FB-8FFB-416942ECF972}]

[-HKEY_CLASSES_ROOT\Interface\{637FC5CA-2D56-48F6-AF67-1A4577C099A1}]

[-HKEY_CLASSES_ROOT\Interface\{69FEF985-97C8-4E46-811A-BAC83EE708BE}]

[-HKEY_CLASSES_ROOT\Interface\{6E56B033-0B2C-46CB-9AD1-620C5D39BE6B}]

[-HKEY_CLASSES_ROOT\Interface\{95888CF7-CF1A-4CBF-86C4-467EDEDA7ECD}]

[-HKEY_CLASSES_ROOT\Interface\{ABBE333C-73E7-4373-B1C0-B1422308CEB1}]

[-HKEY_CLASSES_ROOT\Interface\{BC768FF3-8079-4638-8E16-BED7CB891F3A}]

[-HKEY_CLASSES_ROOT\Interface\{C57152F7-1F7B-4CB2-B4E9-E76854F24748}]

[-HKEY_CLASSES_ROOT\Interface\{EDA1AE5C-75E4-4A19-A3CE-6939A9D30AC4}]

[-HKEY_CLASSES_ROOT\Interface\{F6DCBA17-D2E9-430E-8D6F-83198004F674}]

[-HKEY_CLASSES_ROOT\TypeLib\{85EA5F42-C785-450A-81E5-176639B8A3C9}]

[-HKEY_CLASSES_ROOT\TypeLib\{EE3739AE-27BB-48BE-BD79-E820389BD8C0}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\CyberDefender]

[-HKEY_CURRENT_USER\Software\WsLiveUp]

[-HKEY_CLASSES_ROOT\AppID\{0F0ED099-0402-4CF8-8A74-520F0ED354DF}]

[-HKEY_CLASSES_ROOT\AppID\{F5155FFD-602F-4DB7-9629-BFF3FEE49093}]

[-HKEY_CLASSES_ROOT\AppID\EDCConfig.EXE]

[-HKEY_CLASSES_ROOT\CyberDefender.EDCConfigWizard]

[-HKEY_CLASSES_ROOT\CyberDefender.EDCConfigWizard.1]

Save it to your Desktop as CybDef.reg, type "all files".

Doublecllik on CybDef.reg and allow admission to the registry.

This should take care of the possibly remaining keys, most likely to obstruct the installation.

Reboot your PC and check if McAfee works properly now. :hmmm:

Finally run the RegSearch once more and look for these strings :WsLiveUp
EDC
SpyBlocs
EBlocs

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#32 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 24 January 2007 - 07:00 PM

I uninstalled Mcafee Site Adviser and did the CybDef.reg but it didn't work

When i searched for WsLiveUp, EDC, SpyBlocs, and EBlocs i found alot of stuff it would be 168 printed pages and i don't know whey it showed some of these things because i installed some of the things after i uninstalled CyberDefender


Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman 2005
; Version: 2.0.2.0

; Results at 1/24/2007 7:32:22 PM for strings:
; 'wsliveup'
; 'edc'
; 'spyblocs'
; 'eblocs'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Registry Backup\Content Type\audio/aiff]
"CLSID"="{cd3afa72-b84f-48f0-9393-7edc34128127}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Registry Backup\Content Type\audio/basic]
"CLSID"="{cd3afa73-b84f-48f0-9393-7edc34128127}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Registry Backup\Content Type\audio/mpeg]
"CLSID"="{cd3afa76-b84f-48f0-9393-7edc34128127}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Registry Backup\Content Type\audio/wav]
"CLSID"="{cd3afa7b-b84f-48f0-9393-7edc34128127}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Registry Backup\Content Type\audio/x-aiff]
"CLSID"="{cd3afa72-b84f-48f0-9393-7edc34128127}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Registry Backup\Content Type\audio/x-mpeg]
"CLSID"="{cd3afa76-b84f-48f0-9393-7edc34128127}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Registry Backup\Content Type\audio/x-wav]
"CLSID"="{cd3afa7b-b84f-48f0-9393-7edc34128127}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Registry Backup\Content Type\video/avi]
"CLSID"="{cd3afa88-b84f-48f0-9393-7edc34128127}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Registry Backup\Content Type\video/mpeg]
"CLSID"="{cd3afa89-b84f-48f0-9393-7edc34128127}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Registry Backup\Content Type\video/msvideo]
"CLSID"="{cd3afa88-b84f-48f0-9393-7edc34128127}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Registry Backup\Content Type\video/x-mpeg]
"CLSID"="{cd3afa89-b84f-48f0-9393-7edc34128127}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Registry Backup\Content Type\video/x-msvideo]
"CLSID"="{cd3afa88-b84f-48f0-9393-7edc34128127}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{005FCC6A-8EB2-4FAB-9DB4-840641FDCFD2}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\ThumbnailCtrl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0087A0C7-F481-4F12-B19E-4434E5D60B7E}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\CommonObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00CEDC01-864D-11D3-908D-00C0F03B3EDC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00CEDC01-864D-11D3-908D-00C0F03B3EDC}\Control]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00CEDC01-864D-11D3-908D-00C0F03B3EDC}\Implemented Categories]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00CEDC01-864D-11D3-908D-00C0F03B3EDC}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00CEDC01-864D-11D3-908D-00C0F03B3EDC}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00CEDC01-864D-11D3-908D-00C0F03B3EDC}\MiscStatus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00CEDC01-864D-11D3-908D-00C0F03B3EDC}\MiscStatus\1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00CEDC01-864D-11D3-908D-00C0F03B3EDC}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00CEDC01-864D-11D3-908D-00C0F03B3EDC}\Programmable]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00CEDC01-864D-11D3-908D-00C0F03B3EDC}\ToolboxBitmap32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00CEDC01-864D-11D3-908D-00C0F03B3EDC}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00CEDC01-864D-11D3-908D-00C0F03B3EDC}\TypeLib]
@="{00CEDBF1-864D-11D3-908D-00C0F03B3EDC}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00CEDC01-864D-11D3-908D-00C0F03B3EDC}\Version]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00CEDC01-864D-11D3-908D-00C0F03B3EDC}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0166915F-7036-48A5-AFD0-C2397067883F}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\DisplaceMask2DEffect.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01FC24AB-5104-47D5-96C3-71FBE4FFEDCA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01FC24AB-5104-47D5-96C3-71FBE4FFEDCA}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01FC24AB-5104-47D5-96C3-71FBE4FFEDCA}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01FC24AB-5104-47D5-96C3-71FBE4FFEDCA}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01FC24AB-5104-47D5-96C3-71FBE4FFEDCA}\Version]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07526CE9-A9A7-4C2C-9933-C1330B7E3BE4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIHelperAxControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"CLSID"="{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"CLSID"="{E4206432-01A1-4BEE-B3E1-3702C8EDC574}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0840B0F9-3E37-4397-8F51-CA9263403896}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIActiveXControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\TreatAs]
@="{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0948CA7C-9C84-48CC-A78C-59B3CEE29EA1}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Distortion2DEffect.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09CE5750-5B96-4D5D-843C-E958C5E7A6FC}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIActiveXControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A078335-C915-4933-B94D-0DE40BE00E45}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\TreeCtrl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B24A4DC-E3E3-11D3-BFEC-00A0C97009DE}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\audconv.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B24A4DD-E3E3-11D3-BFEC-00A0C97009DE}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\audconv.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B24A4DF-E3E3-11D3-BFEC-00A0C97009DE}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\audconv.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B36B30C-C375-44D6-9D04-672C16914ACA}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\JpegCompressor.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BE67088-FC73-4EF0-BD05-AD99787E784D}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0edcdb7d-cd9e-44e6-9e9a-adbaa85540e8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0edcdb7d-cd9e-44e6-9e9a-adbaa85540e8}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0edcdb7d-cd9e-44e6-9e9a-adbaa85540e8}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0edcdb7d-cd9e-44e6-9e9a-adbaa85540e8}\Programmable]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0edcdb7d-cd9e-44e6-9e9a-adbaa85540e8}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0edcdb7d-cd9e-44e6-9e9a-adbaa85540e8}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE179A4-D012-4AAA-AF8B-36C008C0EBE5}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\EnumD3DCapsUtil.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10F7B02B-E5F6-444F-8949-5B36E8C2A1E0}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\SkinProtocolHandler.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{114C8700-1636-498E-8AD1-1FB4FB70D746}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\DVDHelper.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{136B3877-0179-47CA-BC7B-30E78B017AF6}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\DialogRunners.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14EE93AE-5514-41A1-AF88-7D706DAE7C64}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\SearchLights2DEffect.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{161C774B-BF01-40A5-A316-0B4630571EFA}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Morph3DEffect.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A830F6C-9591-41F7-B484-2EEFD1BAE4B1}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cedc5da-3614-11d2-bf96-00c04fd8d5b0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cedc5da-3614-11d2-bf96-00c04fd8d5b0}\InProcServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFAD738-4F6D-4296-BD79-9B9A4F8C1EBF}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Particles3DTransition.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1EB15F40-04C8-11D4-8025-00A0C97009DE}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\PanZoom.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ECB5970-04C8-11D4-8025-00A0C97009DE}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\PanZoom.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F1EF495-ED1B-48D6-9553-7BD34CACB069}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGISaveOptions.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2260A680-06D0-11D3-888D-0080C82D9047}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MVWcDSutil.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22A36074-A3E3-11D2-8FEA-0080C8465202}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\ThumbnailCtrl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231D1CF6-C578-411D-9B9B-48264355805D}\InprocServer32]
@="C:\\Program Files\\MTV Networks\\URGE\\XceedCry.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259DF89E-20EC-4242-8DE6-F83B1B25F510}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIExtendedControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259DF89E-20EC-4242-8DE6-F83B1B25F510}\ProgID]
@="MGIExtendedControls.MPSGroupCtrl.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259DF89E-20EC-4242-8DE6-F83B1B25F510}\VersionIndependentProgID]
@="MGIExtendedControls.MPSGroupCtrl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DDCC0E-E0B8-44AD-9B19-92AE2481C0D4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Animated3DTransition.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{267634A2-9D37-4C77-9FA9-9F78ADE4C68E}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIExtendedControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{267634A2-9D37-4C77-9FA9-9F78ADE4C68E}\ProgID]
@="MGIExtendedControls.MPSPlaySound.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{267634A2-9D37-4C77-9FA9-9F78ADE4C68E}\VersionIndependentProgID]
@="MGIExtendedControls.MPSPlaySound"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27D2D54F-C553-4C0B-8678-6AB50F502816}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIListCtrl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28FA202B-5FF6-41ED-8AE7-7F4F18CBF1B1}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\ImageMask2DTransition.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2AD121F1-8AF5-11D2-8FD2-0080C8465202}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\FileLoader.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BB3CC4E-1439-4976-8642-855BFD810EED}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\ProxyFileManager.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E06CE16-68FA-4DA6-9851-CD00E29748D1}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E71FD0F-AAB1-42c0-9146-6D2C4EDCF07D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E71FD0F-AAB1-42c0-9146-6D2C4EDCF07D}\InProcServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E71FD0F-AAB1-42c0-9146-6D2C4EDCF07D}\MiscStatus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E71FD0F-AAB1-42c0-9146-6D2C4EDCF07D}\MiscStatus\1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E71FD0F-AAB1-42c0-9146-6D2C4EDCF07D}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E71FD0F-AAB1-42c0-9146-6D2C4EDCF07D}\Programmable]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E71FD0F-AAB1-42c0-9146-6D2C4EDCF07D}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E71FD0F-AAB1-42c0-9146-6D2C4EDCF07D}\Version]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E71FD0F-AAB1-42c0-9146-6D2C4EDCF07D}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ED7F7E8-1F7E-4EDC-8E84-45B23631EBFE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ED7F7E8-1F7E-4EDC-8E84-45B23631EBFE}\InProcServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ED7F7E8-1F7E-4EDC-8E84-45B23631EBFE}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ED7F7E8-1F7E-4EDC-8E84-45B23631EBFE}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F400F4E-AB81-4A0E-88A3-1F6F70191010}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\thumbnailgraber.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}\DocObject]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{331D5F83-1988-4095-AC57-2C0481333323}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\StorageProtocolHandler.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{344AC713-CD66-450B-9202-9D2737ABB332}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{354A08AC-7215-49E5-AD81-97B4652B6EAD}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35BDA483-CEB6-4F75-A1CB-7EDB554648C7}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\LevelTransform2DEffect.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{360C57D8-44B9-4E7A-A2FC-143CB85943E6}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Particles3DTransition.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{367E4439-1AA5-4862-8F7F-25D377EF2966}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37168D7C-69D9-48D7-ABA0-64D3060E6EB7}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Curl2DTransition.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{383853A2-4BFD-41D0-8B99-5EF986B858A9}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MGINullIP.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A606995-1B69-11D2-A099-00A0C9B6359A}]
@="FPXMIXFilter.LockedCropProc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A606995-1B69-11D2-A099-00A0C9B6359A}\ProgID]
@="FPXMIXFilter.LockedCropProc.3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A606995-1B69-11D2-A099-00A0C9B6359A}\VersionIndependentProgID]
@="FPXMIXFilter.LockedCropProc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A930288-AEAE-4EC8-8597-5A661FEA83EA}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DAE44DA-11C4-4234-9FEB-58E3B16B68E7}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIExtendedControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E6BD5E3-6841-11D2-BE3A-0080C8585869}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\WavHead.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E75E673-A67A-405C-934A-64A045ADEDC6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E75E673-A67A-405C-934A-64A045ADEDC6}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E9D2387-5654-49ED-848B-8A0B42F1135B}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIExtendedControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E9D2387-5654-49ED-848B-8A0B42F1135B}\ProgID]
@="MGIExtendedControls.MPSFontPicker.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E9D2387-5654-49ED-848B-8A0B42F1135B}\VersionIndependentProgID]
@="MGIExtendedControls.MPSFontPicker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3FE468E9-6890-11D4-8737-0000863FC3F4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40683662-A18B-40B7-9279-F55DF3677114}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIExtendedControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40683662-A18B-40B7-9279-F55DF3677114}\ProgID]
@="MGIExtendedControls.MPSLightColorPicker2.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40683662-A18B-40B7-9279-F55DF3677114}\VersionIndependentProgID]
@="MGIExtendedControls.MPSLightColorPicker2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42472816-A887-47CF-B3ED-A8A6BFBE0FC5}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\SupportWIA.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{432B34AF-D77B-4E55-9377-851E99F6F320}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Panel3DTransition.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4353B0B2-F9F0-4EB5-B504-2F6C38DB6C3D}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{439D892E-DFDB-469A-B63A-BB3B8D79B2EA}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\PhysicalMasks2DTransition.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44AAD2A0-1201-11D4-BD63-0050DA6C337D}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Vw3Effect.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4563FA30-F29E-11D2-904F-0080C8465202}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\CommonObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45EA0A15-7D9E-47AB-9694-518411573349}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\ListImageSource.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{476EE724-BBFD-48ED-A065-D40C044CAB08}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\PNGLoader.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{489000EB-1D3C-47AD-8C34-2CA1BD255ACD}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\DVDDisplayObject.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{493D5D84-0272-459B-8539-2CD9C59F4E8B}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGISaveOptions.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A93BBF0-A7B9-4CA6-A9DF-3B8E9D46805F}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Warp3DTransition.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4AC0F8B8-1A6F-4CB1-856F-C30AC8F753AB}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Looper.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D671823-9A5A-11d3-8EDC-00C04F6109CF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D671823-9A5A-11d3-8EDC-00C04F6109CF}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D90D82C-4CD2-4208-916A-8B8DFB2AB6EF}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIActiveXControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DDF7B04-B4EA-4A39-99A1-BE8BEEAF43E6}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIExtendedControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5147BA1E-4060-4C51-BD8C-E1A5CC8B5E4D}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\LensFlare2DEffect.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51AD4BAC-5412-4572-8F31-FFBC07798932}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53D920E9-D406-4935-9F93-EE61A0E1D339}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56B949DB-4312-452B-8C4F-BEA73C4C2B84}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MFDVDBurnLib.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{577A7492-5851-44B1-8E68-4C3258CCD196}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGISaveOptions.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57EE4C0D-7128-47B8-919C-C7950714E5C3}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\DisplaceMask2DEffect.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{592BC906-C534-11D4-B6E6-00E018991BC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C1F45F1-9424-11D2-8FDF-0080C8465202}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\ImageDeviceProtocolHandler.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CCF8E84-CCF0-11D3-BD63-0050DA6C337D}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\VideoEffect.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CCF8E86-CCF0-11D3-BD63-0050DA6C337D}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\VideoEffect.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D9920F6-6E4C-4125-8889-E5A1082AE774}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MVWDVInputLib.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F683229-CC35-4BD6-9E3B-688C0E4ECB13}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\FileLoader.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602D366D-362E-4869-9EF2-63546AA24120}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{612fbd09-aad2-4f1c-ba97-f56658b1161b}]
@="SpeedCombobox Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{612fbd09-aad2-4f1c-ba97-f56658b1161b}\ProgID]
@="NeroCBUI.SpeedCombobox.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{612fbd09-aad2-4f1c-ba97-f56658b1161b}\VersionIndependentProgID]
@="NeroCBUI.SpeedCombobox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61BEF801-7CF0-4075-9956-4A06E5AA3D07}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MVWTemplateMgr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61C45C5F-54E9-438F-B1FB-9ED65AE2A394}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIExtendedControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61C45C5F-54E9-438F-B1FB-9ED65AE2A394}\ProgID]
@="MGIExtendedControls.MPSDateTimeCtrl.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61C45C5F-54E9-438F-B1FB-9ED65AE2A394}\VersionIndependentProgID]
@="MGIExtendedControls.MPSDateTimeCtrl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{627E37E8-8057-4FCD-B908-8D70649FDA7A}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\ThumbnailCtrl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63281F7B-CA72-4A3A-B8A6-61986805764E}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63BC516E-F93A-4110-A5E5-32780598DA77}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIExtendedControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63BC516E-F93A-4110-A5E5-32780598DA77}\ProgID]
@="MGIExtendedControls.MPSCustomColorsPicker.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63BC516E-F93A-4110-A5E5-32780598DA77}\VersionIndependentProgID]
@="MGIExtendedControls.MPSCustomColorsPicker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64CC7F62-B7C9-4762-A55A-B33EAEE72646}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\FileLoader.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{660BE932-8E46-4FBF-92C2-14C72D978FCA}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIExtendedControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{663E7171-760B-4501-B78C-65AC9FE38AFB}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\RxPlasmaDVDHelper.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69316A54-49CA-4F5F-9A17-A78C3A8DC364}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Louver3DTransition.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69774383-91DD-11D3-94D5-0080C877E41B}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MVWMediaObjectLoader.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69EB7CAF-79E4-49D2-8EBA-599743A12C9C}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Panel3DTransition.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A03E06A-D77D-4E73-868D-D521BBA338A2}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Distortion2DEffect.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B6EF901-6F6C-4049-9E54-6AD426113A18}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Warp3DTransition.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BABB8C8-0D4A-4628-A08E-2CF15613B8C7}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\NavigationBarControl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BBC55A1-D56E-11D3-BD63-0050DA6C337D}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\VideoAdjust.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D5C894D-2221-41E5-8611-FDC6A84C9D4E}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\LevelTransform2DEffect.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E347CCA-F464-437F-856D-44697FF9D6BA}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\InsideShape3DEffect.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E8657D0-8256-11D3-8107-0080C8754728}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIActiveXControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E8657D3-8256-11D3-8107-0080C8754728}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIActiveXControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E8657D5-8256-11D3-8107-0080C8754728}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIActiveXControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E8657D7-8256-11D3-8107-0080C8754728}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIActiveXControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EE680D0-0F42-447A-82BD-0F2F3BCD3CB0}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\UpdateCore.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8665-8FAD-4C70-BEE4-82D30FD91F17}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MPSMediaPicker.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F91B70F-B7DF-4FBC-AF2B-CA174D054EE6}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Looper.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F9EC666-45E7-4564-A3BF-B5E546F95E92}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\ListImageSource.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FF20DD4-7689-11D3-90CE-0080C8465202}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\CommonObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{707ED8BE-BD4B-4B46-9F28-5BB0C2B88862}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\DialogRunners.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71DCB3E5-BFF1-4DB3-9D12-5B866483A763}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\ThumbnailCtrl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{723D76CE-4D9C-4FB2-9895-5D5A4431A8CC}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\ImageMask2DTransition.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72d3edc2-a4c4-11d0-8533-00c04fd8d503}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72d3edc2-a4c4-11d0-8533-00c04fd8d503}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72d3edc2-a4c4-11d0-8533-00c04fd8d503}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72d3edc2-a4c4-11d0-8533-00c04fd8d503}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72d3edc2-a4c4-11d0-8533-00c04fd8d503}\Version]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73079595-A12D-11D3-BFAF-00A0C97009DE}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\AudioSrc.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73079598-A12D-11D3-BFAF-00A0C97009DE}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\AudioSrc.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74C88020-FBF6-11D3-888E-0080C82D9047}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\AlphaBlend.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74E19416-60AF-482A-8D20-E3CB427EF44E}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{754EFC61-FE48-4A29-8506-A627EDC47E30}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{754EFC61-FE48-4A29-8506-A627EDC47E30}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{754EFC61-FE48-4A29-8506-A627EDC47E30}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{754EFC61-FE48-4A29-8506-A627EDC47E30}\Programmable]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{754EFC61-FE48-4A29-8506-A627EDC47E30}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{754EFC61-FE48-4A29-8506-A627EDC47E30}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75BDA1D6-07D5-486B-95E7-817FEA81ECFB}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIExtendedControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75BDA1D6-07D5-486B-95E7-817FEA81ECFB}\ProgID]
@="MGIExtendedControls.MPSFullColorPicker.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75BDA1D6-07D5-486B-95E7-817FEA81ECFB}\VersionIndependentProgID]
@="MGIExtendedControls.MPSFullColorPicker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78749DDD-E3D4-4649-ACA8-26A0048A0739}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGISaveOptions.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{788DD686-1F48-4F98-A0F4-D837BECED76F}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Curl2DTransition.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78B2C89B-8220-4ED2-A2C6-91F732025BF1}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIActiveXControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A5234E7-948D-44B3-B23B-AA073DB74784}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIActiveXControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AA5B65D-95B4-48DE-B158-D042E918F432}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\ProxyFileManager.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B4130EF-F09F-4FCD-8D7E-3C518571FE96}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\DVDTemplater.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C49285F-ACAF-439E-94C7-3DF32129E439}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIActiveXControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EC04D5B-19A8-45EE-BCB0-6FE0067F9468}\InprocServer32]
@="C:\\Program Files\\MTV Networks\\URGE\\XceedCry.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EC04D5B-19A8-45EE-BCB0-6FE0067F9468}\ToolboxBitmap32]
@="C:\\Program Files\\MTV Networks\\URGE\\XceedCry.dll, 109"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EC1D817-D9DC-42FA-9F66-BFF68659E97C}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\SupportTWAIN.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F814F3D-17A6-46AA-AD01-CAE2523C9024}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\DialogRunners.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}\ProgID]
@="MSVidCtl.MSVidClosedCaptioning.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}\VersionIndependentProgID]
@="MSVidCtl.MSVidClosedCaptioning"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FC64A1C-95D8-424B-82A5-773623972A92}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MVWMediaObjectLoader.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FF6C136-0984-4BEF-B94E-9C3844DA578B}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MPSImagePreView.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80E4996C-EA56-426B-AECC-344E2A9DD968}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82A1EF14-8E04-4433-8D52-D77606BF5050}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82AD4CB1-043A-425F-9BD9-6C5326892742}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\FormatLoaderTIFF.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8314B3AB-94C9-4BD3-9DBB-FEC978975C1C}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\JPEGDecompressor.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83704C48-9851-48F1-96C5-7C9CB1B88574}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MFDVDBurnLib.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8448F7E8-7D66-4E0E-AB7B-C707C0921E9C}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84555B48-76EA-4BB3-8C6B-696AC0447D2A}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MVWDVInputLib.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86DD268E-3674-481C-B477-B1B8D09A515F}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87AC7021-27FB-49B2-9CF2-E7C404D83A31}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\DialogRunners.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{882F8C99-FB6C-4A2B-8EC3-76D5136E8CF0}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B7F3DC8-059C-4EFA-BF10-D8E06CC3FCF4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\CommonObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C05BFE1-5ACC-4429-9AAD-1155AA7F9160}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E0C15A0-B76C-455A-B88C-C0CFE9EFA4C3}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\VWTemplater.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9001AA43-A81E-403C-B90A-2DFF521E9287}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{906D06A2-B045-4FE2-88FF-8CEBBF7C45DE}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Morph3DEffect.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90F20757-3487-11D3-BF40-00A0C97009DE}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\latency.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90F20758-3487-11D3-BF40-00A0C97009DE}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\latency.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90FDB7BD-EB76-4AC9-8385-D1EE80BBCDCD}\InprocServer32]
@="C:\\Program Files\\MTV Networks\\URGE\\XceedCry.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{912D45ED-2C18-4ABA-8542-FECAC91BF0CD}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MVWDVInputLib.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94426DE2-3211-11d2-A0DB-00C04F8EDCEE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94426DE2-3211-11d2-A0DB-00C04F8EDCEE}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94FE3681-D30D-11D3-BD63-0050DA6C337D}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\VideoEffect.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{966DA813-2477-4650-9533-08D42AE1910F}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{975ABEDC-F64B-436d-ABFF-44B932459856}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{975ABEDC-F64B-436d-ABFF-44B932459856}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98FE1A75-2908-4406-B17C-FCF7C425E4ED}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99714647-907D-11D2-8FDB-0080C8465202}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\FileProtocolHandler.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9971464B-907D-11D2-8FDB-0080C8465202}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\FormatLoaderBMP.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A428E42-DD6B-4E5A-8663-0532412A8EF8}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\PreviewControl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AB0CB4A-DEE1-4741-8056-09E50B6C3DFB}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\RxBurner.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B783203-16E0-11D4-8037-00A0C97009DE}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\AlphaBlend.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BFCE770-E149-11D2-841F-0080C8754727}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\CommonObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D29F413-FDB5-4DF5-A939-9EBBFD0D4E55}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\OLEPICTLoader.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FFCDC55-49AC-4F82-8800-BEB98339162A}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\Predefined3DTransition.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A01E8342-BFBF-11D4-B6E6-00E018991BC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A02A65C1-50E4-4E5D-B9D0-625D5DEBC671}\InprocServer32]
@="C:\\Program Files\\MTV Networks\\URGE\\XceedCry.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A04140BF-D360-47C6-A5BB-59AFAA593846}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIExtendedControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A04140BF-D360-47C6-A5BB-59AFAA593846}\ProgID]
@="MGIExtendedControls.MPSLightShadowCtrl.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A04140BF-D360-47C6-A5BB-59AFAA593846}\VersionIndependentProgID]
@="MGIExtendedControls.MPSLightShadowCtrl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0A61B00-96A6-457F-AA5E-AFA5167852E5}\InprocServer32]
@="C:\\Program Files\\MTV Networks\\URGE\\XceedCry.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0A61B00-96A6-457F-AA5E-AFA5167852E5}\ToolboxBitmap32]
@="C:\\Program Files\\MTV Networks\\URGE\\XceedCry.dll, 101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2CC9C13-B151-4657-BF27-6C61BF2F648A}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\ThumbnailCtrl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46746FC-4C11-4EB4-BC15-7F45CB76CDC5}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\JPGLoader.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4D09D96-5C9F-40DC-9215-4F9A0CF50775}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIActiveXControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4D354E6-D4DC-11D3-BFDE-00A0C97009DE}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\audmf.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4D354E9-D4DC-11D3-BFDE-00A0C97009DE}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\audmf.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A54A324E-E395-485F-AFBB-97D7F83B8763}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\MGIActiveXControls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A560A371-FBA6-4319-ABC9-EF828C60E7F6}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MediaGraphBuilderObjects.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5F711DA-41E6-42AA-A573-E29CDED2A645}\InprocServer32]
@="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM\\MGINullIP.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A635E904-FBF3-4843-A9BD-559952C218F2}\InprocServer32]
@="C:\\Program

#33 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 24 January 2007 - 07:09 PM

I can't send you the whole log

#34 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 25 January 2007 - 02:53 PM

Hello spyware sucks,

You'd better leave EDC out of the search, it's showing to many keys that have nothing to do with what we're looking for. :hmmm:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#35 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 25 January 2007 - 07:51 PM

It didn't find anything


Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman 2005
; Version: 2.0.2.0

; Results at 1/25/2007 8:42:37 PM for strings:
; 'wsliveup'
; 'eblocs'
; 'spyblocs'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

#36 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 26 January 2007 - 02:57 AM

Hello spyware sucks,

All traces of CyberDefender should be gone now. :hmmm:

What happens if you reinstall McAfee now ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#37 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 27 January 2007 - 02:22 PM

it still says cyberdefender is on the computer

#38 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 27 January 2007 - 04:46 PM

Hello spyware sucks,

That leaves us with quite a problem :hmmm:

Maybe, although I'm not very fond of registry cleaners,
you can download CCleaner from here:
http://www.ccleaner.com
Install and run it, and clean out your Temporary and Temporary Internet Files (as well as anything else you may want to clean out.)
Then see if the registry cleaning option can find anything that we may have missed.

If that doesn't work, I don't see any other option than using another antivirus program that isn't that stubborn. :huh:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#39 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 27 January 2007 - 10:31 PM

Do you know what SSSInst is? :scratchhead:

#40 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 27 January 2007 - 10:39 PM

Do you know what WMPCD is? :wtf:

#41 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 28 January 2007 - 12:34 PM

Do you know what SSSInst is? :scratchhead:


if you find it in this form : %programfiles%\screensavers.com\sssinst
it's adware (Comet)

Do you know what WMPCD is? :scratchhead:

if you find it as wmpcd.dll in %WINDIR%\SYSTEM32\,
its a part of Microsoft Corporation Windows Media Player CD Support

^_^
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#42 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 28 January 2007 - 03:05 PM

Do you think SSSInst could be the problem because when i was looking things up about cyberdefender, i saw something that said cyberdefender installs a toolbar called SSSTbar.DLL

#43 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 28 January 2007 - 03:26 PM

Do you know if CyberDefender leaves any File Extensions on the computer? And how do I delete the things from Wini.ini?

#44 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 29 January 2007 - 03:36 PM

? ???

#45 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 30 January 2007 - 03:45 AM

Do you know if CyberDefender leaves any File Extensions on the computer? And how do I delete the things from Wini.ini?

As far as I can tell, CyberDefender does not create any File Extensions of its own.

Regarding the disabled Win.ini entries :
Choose File > Run, type win.ini in the Command Line text box, and click OK to open the file in Windows Notepad.
Select both [CybDefKeepSafe] and [XXXXXXXXXXXX] and all lines linked to those entries,
and delete them.
Save the changed Win.ini file.

If you haven't done so already :
Using Windows Explorer, check if present, and delete : C:\WINDOWS\st_affiliate.ini
C:\WINDOWS\av_affiliate.ini
It seems however a common problem that CyberDefender leaves a lot of files behind upon uninstallation,
and I fear it's going to be extremely difficult to find them all. :hmmm:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#46 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 30 January 2007 - 04:07 PM

I found a log on my computer from AOL ACTIVE SECURITY MONITOR it is from January 30,2007 that shows the security programs that i have on my computer i don't know if this will help

[PC1]
DeviceGUID={581ACD70-1431-4AA2-B277-96F17F4B7A75}
NetBIOSName=CASEY-OJ09J3A1Q
OSVersion=Windows XP Home\nService Pack 2
IsDialup=No
IsRoaming=Yes

[Security Applications1]
AV_Count=2
AS_Count=3
FW_Count=2

ON THE COMPUTER BUT CAN'T RUN BECAUSE OF CYBERDEFENDER
AV_ProductID1=AolAV
AV_ProductType1=ANTIVIRUS
AV_ProductDescription1=AOL Safety and Security Center Virus Protection
AV_ProductVendor1=America Online, Inc.
AV_ProductVersion1=210.5.2.1
AV_EngineVersion1=5100
AV_FileSystemProtectionEnforced1=TRUE
AV_LastScanTime1=INTERNAL_ERROR
AV_DataFileTime1=INTERNAL_ERROR
AV_DataFileVersion1=4951
AV_DataFileUpToDate1=TRUE
AV_EnableFsrtpSupported1=NOT_IMPLEMENTED
AV_LaunchScanProgramSupported1=NOT_IMPLEMENTED
AV_RunLiveUpdateSupported1=NOT_IMPLEMENTED


AV_ProductID2=
AV_ProductType2=ANTIVIRUS
AV_ProductDescription2=CyberDefender unknown product
AV_ProductVendor2=CyberDefender
AV_ProductVersion2=2005
AV_EngineVersion2=NOT_IMPLEMENTED
AV_FileSystemProtectionEnforced2=TRUE
AV_LastScanTime2=NOT_IMPLEMENTED
AV_DataFileTime2=NOT_IMPLEMENTED
AV_DataFileVersion2=NOT_IMPLEMENTED
AV_DataFileUpToDate2=INTERNAL_ERROR
AV_EnableFsrtpSupported2=INTERNAL_ERROR
AV_LaunchScanProgramSupported2=INTERNAL_ERROR
AV_RunLiveUpdateSupported2=INTERNAL_ERROR


AS_ProductID1=AOL
AS_ProductType1=ANTISPYWARE
AS_ProductDescription1=AOL Safety and Security Center Spyware Protection
AS_ProductVendor1=America Online, Inc.
AS_ProductVersion1=2.5.1.2
AS_EngineVersion1=5.6.8.13
AS_FileSystemProtectionEnforced1=INTERNAL_ERROR
AS_LastScanTime1=2007.01.29-03-00-07.000
AS_DataFileTime1=INTERNAL_ERROR
AS_DataFileVersion1=NOT_SUPPORTED
AS_DataFileUpToDate1=[Unable to determine]
AS_EnableFsrtpSupported1=TRUE
AS_LaunchScanProgramSupported1=NOT_IMPLEMENTED
AS_RunLiveUpdateSupported1=NOT_IMPLEMENTED

AS_ProductID2=MicrosoftAS
AS_ProductType2=ANTISPYWARE
AS_ProductDescription2=Windows Defender
AS_ProductVendor2=Microsoft Corp.
AS_ProductVersion2=1.1.1347.6
AS_EngineVersion2=1.1.1904.0
AS_FileSystemProtectionEnforced2=TRUE
AS_LastScanTime2=2006.12.31-02-31-59.000
AS_DataFileTime2=2006.12.27-19-41-55.000
AS_DataFileVersion2=1.14.1948.9
AS_DataFileUpToDate2=TRUE
AS_EnableFsrtpSupported2=NOT_IMPLEMENTED
AS_LaunchScanProgramSupported2=NOT_IMPLEMENTED
AS_RunLiveUpdateSupported2=TRUE

AS_ProductID3=Lavasoft
AS_ProductType3=ANTISPYWARE
AS_ProductDescription3=Ad-Aware SE Personal
AS_ProductVendor3=Lavasoft, Inc.
AS_ProductVersion3=1.06
AS_EngineVersion3=NOT_SUPPORTED
AS_FileSystemProtectionEnforced3=NOT_SUPPORTED
AS_LastScanTime3=NOT_IMPLEMENTED
AS_DataFileTime3=2007.01.30-03-28-08.000
AS_DataFileVersion3=NOT_SUPPORTED
AS_DataFileUpToDate3=TRUE
AS_EnableFsrtpSupported3=NOT_SUPPORTED
AS_LaunchScanProgramSupported3=NOT_IMPLEMENTED
AS_RunLiveUpdateSupported3=NOT_IMPLEMENTED

FW_ProductID1=AolFW
FW_ProductType1=PERSONAL_FIREWALL
FW_ProductDescription1=AOL Firewall
FW_ProductVersion1=1.0
FW_Enabled1=TRUE
FW_EnableSupported1=NOT_IMPLEMENTED
FW_DisableSupported1=NOT_IMPLEMENTED

FW_ProductID2=MSWindowsFW
FW_ProductType2=PERSONAL_FIREWALL
FW_ProductDescription2=Microsoft Windows Firewall
FW_ProductVersion2=NOT_IMPLEMENTED
FW_Enabled2=FALSE
FW_EnableSupported2=TRUE
FW_DisableSupported2=TRUE

[Windows Security1]
AutoUpdateServiceStarted=Yes
AutoUpdateEnabled=Yes
SystemRestoreEnabled=Yes
GuestUserEnabled=No
HideFileExtension=No
PatchesNotApplied=1

[Browser Security1]
URLACTION_ACTIVEX_NO_WEBOC_SCRIPT=URLPOLICY_DISALLOW
URLACTION_DOWNLOAD_SIGNED_ACTIVEX=URLPOLICY_QUERY
URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX=URLPOLICY_DISALLOW
URLACTION_ACTIVEX_CONFIRM_NOOBJECTSAFETY=URLPOLICY_DISALLOW
URLACTION_HTML_MIXED_CONTENT=URLPOLICY_QUERY
URLACTION_SHELL_INSTALL_DTITEMS=URLPOLICY_QUERY
URLACTION_SHELL_VERB=URLPOLICY_QUERY
URLACTION_ALLOW_RESTRICTEDPROTOCOLS=URLPOLICY_QUERY
URLACTION_CLIENT_CERT_PROMPT=URLPOLICY_DISALLOW
URLACTION_CREDENTIALS_USE=URLPOLICY_CREDENTIALS_CONDITIONAL_PROMPT
Privacy1stPartyCookies=3
Privacy3rdPartyCookies=3
SecureProtocolSettings=160
PublisherCertificateRevocation=1
IEVersion=7.0.5730.11

[Wireless Security1]
Ndis80211WEPStatus=-1
SSID=

[Backup Applications1]
Count=0

[Optimization Applications1]
Count=1
Application1=Computer Checkup
Version1=
Publisher1=

[Peer to Peer Applications1]
Count=0

Edited by spyware sucks, 30 January 2007 - 04:25 PM.


#47 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 30 January 2007 - 04:58 PM

I found this in C:\WINDOWS\INF it is called oem10.infand there's another one called oem10.pnf they were both created on December 3,2006 at 10:51 AM. I am going to search my computer for everything created on December 3,2006 and see if it has anything to do with CyberDefender.


;;;
;;; CDAVFS
;;;
;;;
;;; Copyright © 2004-2006, CyberDefender Corporation
;;;

[Version]
Signature = "$Windows NT$"
Class = "ActivityMonitor" ;"AntiVirus" This is determined by the work this filter driver does
ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2} ;{b1d1a169-c54f-4379-81db-bee7d88d7454} This value is determined by the Class
Provider = %CybDef%
DriverVer = 4/03/2006,1.0.0.0

[DestinationDirs]
DefaultDestDir = 12
CDAVFS.DriverFiles = 12 ;%windir%\system32\drivers
CDAVFS.UserFiles =C:\Program Files\CyberDefender\AntiVirus

;;
;; Default install sections
;;

[DefaultInstall]
OptionDesc = %CDAVFSServiceDesc%
CopyFiles = CDAVFS.DriverFiles, CDAVFS.UserFiles

[DefaultInstall.Services]
AddService = %CDAVFSServiceName%,,CDAVFS.Service

;;
;; Default uninstall sections
;;

[DefaultUninstall]
DelFiles = CDAVFS.DriverFiles, CDAVFS.UserFiles



[DefaultUninstall.Services]
DelService = CDAVFS,0x200 ;Ensure service is stopped before deleting

;
; Services Section
;

[CDAVFS.Service]
DisplayName = %CDAVFSServiceName%
Description = %CDAVFSServiceDesc%
ServiceBinary = %12%\CDAVFS.sys ;%windir%\system32\drivers\CDAVFS.sys
ServiceType = 2 ;SERVICE_FILE_SYSTEM_DRIVER
StartType = 3 ;SERVICE_DEMAND_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
LoadOrderGroup = "FSFilter Content Screener"
AddReg = CDAVFS.AddRegistry
Dependencies = FltMgr

;
; Registry Modifications
;

[CDAVFS.AddRegistry]
HKR,%RegInstancesSubkeyName%,%RegDefaultInstanceValueName%,0x00000000,%DefaultInstance%
HKR,%RegInstancesSubkeyName%"\"%Instance1.Name%,%RegAltitudeValueName%,0x00000000,%Instance1.Altitude%
HKR,%RegInstancesSubkeyName%"\"%Instance1.Name%,%RegFlagsValueName%,0x00010001,%Instance1.Flags%
HKR,,%PatValueName%,0x00020000,%PatPath%
HKR,,%CreatedFileValueName%,0x00020000,%Options%
HKR,,%LaunchedExeValueName%,0x00020000,%Options%
HKR,,%LaunchedDllValueName%,0x00020000,%Options%
HKR,,%LaunchingExeValueName%,0x00020000,%Options%
HKR,,%LaunchingDllValueName%,0x00020000,%Options%
HKR,,%ModifiedExeValueName%,0x00020000,%Options%
HKR,,%ModifiedDllValueName%,0x00020000,%Options%
HKR,,%ScanValueName%,0x00020000,%Options%
HKR,,%NotifyValueName%,0x00020000,%Options%
HKR,,%BypassListName%,0x00020000,%Options%

HKR,,%WhiteVendorsValueName%,0x00020000,"CyberDefender;McAfee;Network Associates;"
HKR,,%BlackVendorsValueName%,0x00020000,""
HKR,,%FileTypesValueName%,0x00020000,""


;
; Copy Files
;

[CDAVFS.DriverFiles]
CDAVFS.sys

[CDAVFS.UserFiles]
CDAVFS.dll

;;
;; String Section
;;

[Strings]
CybDef = "Cyber Defender"
CDAVFSServiceDesc = "CDAVFS mini-filter driver"
CDAVFSServiceName = "CDAVFS"
RegInstancesSubkeyName = "Instances"
RegDefaultInstanceValueName = "DefaultInstance"
RegAltitudeValueName = "Altitude"
RegFlagsValueName = "Flags"
PatValueName = "Pat"
LaunchedExeValueName = "LaunchedExe"
LaunchedDllValueName = "LaunchedDll"
LaunchingExeValueName = "LaunchingExe"
LaunchingDllValueName = "LaunchingDll"
CreatedFileValueName = "CreatedFile"
ModifiedExeValueName = "ModifiedExe"
ModifiedDllValueName = "ModifiedDll"
ScanValueName = "Scan"
NotifyValueName = "Notify"
BypassListName = "BypassList"

WhiteVendorsValueName = "WhiteVendors"
BlackVendorsValueName = "BlackVendors"
FileTypesValueName = "FileTypes"


;Instances specific information.
DefaultInstance = "CDAVFS Instance"
Instance1.Name = "CDAVFS Instance"
Instance1.Altitude = "265000"
Instance1.Flags = 0x0 ; Allow all attachments
PatPath =C:\Program Files\CyberDefender\AntiVirus\cdavpat.dat.03
Options = "DKUBN"

#48 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 30 January 2007 - 05:36 PM

I found one more thing but i don't know if it has anything to do with cyberdefender

{5BFFF118-9BFD-4290-8B72-058346A5BA66}.bin It was found in C:\WINDOWS\SoftwareDistribution\EventCache and it was created at 10:30 AM on December 3,2006

#49 Malware Zapper

Malware Zapper

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 30 January 2007 - 10:44 PM

What can i do to become a Helper Trainee

#50 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 31 January 2007 - 11:20 AM

Hello spyware sucks,

Interesting log from AOL ACTIVE SECURITY MONITOR :hmmm:

I wonder if AOL ACTIVE SECURITY MONITOR isn't checking that log when you try to install McAfee ?

Can you uninstall McAfee, delete oem10.inf and oem10.pnf and edit that log as follows :
* change AV_Count=2 to AV_Count=0
* delete the AV_Product parts (blue and bold black)
* save the log,
* and try to reinstall

Maybe that way you'll be able to trick AOL ACTIVE SECURITY MONITOR into believing there never has been an AV program ?

Btw. If you use the AOL firewall, you should disable the Windows firewall to prevent counterproductive action. ^_^

If you want to become a Helper Trainee,
see here : http://forums.spywar...hp?showtopic=34 :cool:
and good luck.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated




Member of UNITE
Support SpywareInfo Forum - click the button