Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm not sure if this is a virus


  • Please log in to reply
17 replies to this topic

#1 butterflydiva

butterflydiva

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 06 August 2009 - 10:21 AM

I'm having horrible trouble with my computer.

Every time I use incredimail I get this pop up:

Posted Image

My daughter has run various scans on my computer such as: Super anti spyware, Malwarebytes, and also my AVG

all of them were clear.

I tried reinstalling internet explorer but it couldn't.

I'd appreciate any possible help.

BC AdBot (Login to Remove)

 


#2 securityguy

securityguy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 06 August 2009 - 10:43 AM

You dont have an infection, thats just tellin you that the IE cant properly display all the information on the page. are you having this problem with just one or two pages that you go to ( sometimes it can be a problem with the web page itself that causes that message). if that the case you can get rid of that by disabling the script debugging. if not, there are several other things you can try. is the problem with a lot of sites, or just a site or two?

#3 butterflydiva

butterflydiva
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 06 August 2009 - 10:45 AM

Its a problem with everything
and the error message doesn't go away.

I can't get my mail in MSN explorer nor can I see the home page.
My computer is a mess.
It's not one or two pages doing it, theres something wrong with my computer and my daughter isn't sure what it is either.

#4 securityguy

securityguy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 06 August 2009 - 11:41 AM

Ok then, you need to check and see if the scrpting and java isnt being blocked by IE, you need to go to internet options. to do this with your internet explorer opened, at the top right go to "tools" click options , in the security tab, click the default level button under internet. also sometimes if the temp folders get a lot in them it can cause problems such as this too. its good to clean those out occasionally. to do that on the first tab (general ) you see the catagory browsing history click the delete tab, another dialog will come up with the choices, click delete all. try those and see if that takes care of the problem.

#5 butterflydiva

butterflydiva
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 06 August 2009 - 03:47 PM

I have tried that multiple times since this has started happening.

My daughter whom is familiar with this site told me that I should wait for a distinguished member to reply to my post because although you ment no harm, you are not trained to help me.

But I really appreciate your response.


I am going to have my daughter take over this thread for me, because she will be the one doing everything on here.

She is in the training program on here and I am aware shes not allowed to help on this forum until she finishes the program but seeing as she's standing over my shoulder telling me what to type it just makes more sense if she sits at the computer and does it.

Her screen name is lolokittyy.

She won't post until someone says it is okay for her to do so.

#6 securityguy

securityguy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 06 August 2009 - 10:07 PM

well actually I have several microsoft certifications in support and security, along with other computer certifications, I own a company named DB Security. but, if you feel more comfortable with somebody else helping you thats ok, I hadnt been long joined this site, but Ive done tech work for a long time now, along with a lot of other computer related work. I'm a certified microsoft partner.

Edited by securityguy, 06 August 2009 - 10:15 PM.


#7 lolokittyy

lolokittyy

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:new jersey
  • Local time:12:23 PM

Posted 07 August 2009 - 07:50 PM

Thanks so much for helping securityguy. If there is anything else you think might work help out my moms computer please let us know. We didn't mean to sound rude or sound like we thought you didn't know what you were saying, I just warned her against listening to members because most of them don't know what they are talking about.

But if you do know we appreciate any information you, or anyone else, has. :]

The problem is not getting better and we are also having trouble updating many things.

I've pretty much ran out of options. I didn't think it was a virus or anything but now I'm not sure.
:/

#8 securityguy

securityguy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 07 August 2009 - 09:16 PM

then your having more problems than just the scripting errors? what all is giving you problems?

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:23 PM

Posted 07 August 2009 - 09:31 PM

There's an old saying

Physician Heal Thyself

One anti malware school encourages it's students to lead their own cleanup and helpers/teachers/experts give advise along the way.

Experience is the best teacher

Lolo, why don't you dig a little deeper?

Please download and run Processexplorer

http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Under file and save as, create a log and post here

copy and paste into a reply

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Chewy

No. Try not. Do... or do not. There is no try.

#10 securityguy

securityguy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 07 August 2009 - 10:56 PM

A lot of times things that go wrong with a pc is attributed to malware. we cant disregard the possiblity of malware infections, but in todays society too many computer problems are automaticaly assumed to be malware. things go wrong and regular use of a computer can eventually cause losses of system files and cause others lose their registration. there are a lot of things that can go wrong. way too much that goes wrong is blamed on malware. that doesnt mean we dont need to be aware of dangers and possiblity of that, just that we dont need jump to that conclusion and start doing things that can cause more system errors when we've done a reasonable job of ruling out a malware infection. a lot of people that do that just cause more damage to their pc's by automaticaly treating system errors like they were some type of malware infection that they just cabt seem to find, but keep looking for. with any problems we need to look at the symptoms and after safely but reasonably ruling out malware, start looking at the symptoms and seeing what kind of system errors could be causing them. anyway, since you have already scanned multiple times and didnt find anything wrong, and the symptoms are those of serious system errors also, I'd start here
http://support.microsoft.com/kb/315265 ,, then go here http://support.microsoft.com/kb/310747 thats always a good place to start when trying to handle system related errors. I hope I havent offended anyone with my post, but there are too many people that yell malware with anything that goes wrong. Oh, and I will say, that I DO know about malware, DB Security also is involved in malware analysis. I can also be found on microsofts technet forums under the same screenname, and the sysinternal forums, and the MSDN forums also.

Edited by securityguy, 07 August 2009 - 11:04 PM.


#11 lolokittyy

lolokittyy

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:new jersey
  • Local time:12:23 PM

Posted 07 August 2009 - 11:17 PM

Thank you both so much.
DaChew I will have the results of those scans shortly. {:

securityguy thank you for all your help and replies but we have already tried all those things. :]

#12 lolokittyy

lolokittyy

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:new jersey
  • Local time:12:23 PM

Posted 07 August 2009 - 11:27 PM

Here is the first one.
Process explorer
The log is weird looking to say the least o.0
I hope I did it right.


Process PID CPU Description Company Name
System Idle Process 0 93.08
Interrupts n/a Hardware Interrupts
DPCs n/a 1.54 Deferred Procedure Calls
System 4
SMSS.EXE 832 Windows NT Session Manager Microsoft Corporation
CSRSS.EXE 900 Client Server Runtime Process Microsoft Corporation
WINLOGON.EXE 924 Windows NT Logon Application Microsoft Corporation
SERVICES.EXE 968 0.77 Services and Controller app Microsoft Corporation
SVCHOST.EXE 1140 Generic Host Process for Win32 Services Microsoft Corporation
ImApp.exe 3408 IncrediMail Application IncrediMail, Ltd.
SVCHOST.EXE 1240 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 1376 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 1496 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 1636 Generic Host Process for Win32 Services Microsoft Corporation
SPOOLSV.EXE 1768 Spooler SubSystem App Microsoft Corporation
AppleMobileDeviceService.exe 348 Apple Mobile Device Service Apple, Inc.
AVGWDSVC.EXE 364 AVG Watchdog Service AVG Technologies CZ, s.r.o.
AVGAM.EXE 816 AVG Alert Manager AVG Technologies CZ, s.r.o.
AVGRSX.EXE 1052 AVG Resident Shield Service AVG Technologies CZ, s.r.o.
AVGCSRVX.EXE 1396 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o.
AVGNSX.EXE 984 AVG Network scanner Service AVG Technologies CZ, s.r.o.
AVGFWS8.EXE 396 AVG Firewall Service AVG Technologies CZ, s.r.o.
iWinGamesInstaller.exe 108 iWin Games Installer service iWin Inc.
iWinTrusted.exe 516 0.77 iWin Trusted Games Service iWin Inc.
JQS.EXE 552 Java™ Quick Starter Service Sun Microsystems, Inc.
ncupdatesvc.exe 724 Netscape Update Service Netscape Communications Corporation
NetMDSB.exe 1156 MD Simple Burner Sony Corporation
SVCHOST.EXE 1872 Generic Host Process for Win32 Services Microsoft Corporation
wdfmgr.exe 1784 Windows User Mode Driver Manager Microsoft Corporation
SVCHOST.EXE 1112 Generic Host Process for Win32 Services Microsoft Corporation
avgemc.exe 1024 AVG E-Mail Scanner AVG Technologies CZ, s.r.o.
AVGCSRVX.EXE 2844 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o.
lxbxcoms.exe 3904 Lexmark Communication System Lexmark International, Inc.
ALG.EXE 2732 Application Layer Gateway Service Microsoft Corporation
iPodService.exe 3976 iPodService Module Apple Inc.
SVCHOST.EXE 2896 Generic Host Process for Win32 Services Microsoft Corporation
LSASS.EXE 980 LSA Shell (Export Version) Microsoft Corporation
EXPLORER.EXE 204 Windows Explorer Microsoft Corporation
VTTimer.exe 1532 S3 Graphics, Inc.
VTTrayp.exe 1556 s3contrl S3 Graphics Co., Ltd.
SOUNDMAN.EXE 1616 Realtek Sound Manager Realtek Semiconductor Corp.
PCTSPK.EXE 1632 pctvoice MFC Application Conexant Systems, Inc.
WINAMPA.EXE 1648
lxbxmon.exE 1988 Lexmark 7100 Series Device Monitor Lexmark International, Inc.
EZPRINT.EXE 2008
Monitor.exe 132 AutoDetector Ulead Systems, Inc.
McciTrayApp.exe 856 2.31 mcci+McciTrayApp Motive Communications, Inc.
McciBrowser.exe 12152 mcci+McciBrowser Motive Communications, Inc.
McciBrowser.exe 16308 mcci+McciBrowser Motive Communications, Inc.
JUSCHED.EXE 892 Java™ Platform SE binary Sun Microsystems, Inc.
APDPROXY.EXE 1888 0.77 Adobe Photoshop Album Starter Edition 3.2 component Adobe Systems Incorporated
iTunesHelper.exe 2260 iTunesHelper Module Apple Inc.
realsched.exe 2280 RealNetworks Scheduler RealNetworks, Inc.
VerizonServicepoint.exe 2312 Verizon Servicepoint Application Verizon
AVGTRAY.EXE 2324 AVG Tray Monitor AVG Technologies CZ, s.r.o.
mssysmgr.exe 2372 PhotoShow Media Manager Simple Star, Inc.
PCLETray.exe 2408 Tray Starter Pinnacle Systems
MsnMsgr.Exe 2504 Messenger Microsoft Corporation
ctfmon.exe 2512 CTF Loader Microsoft Corporation
WinCinemaMgr.exe 2700 WinCinema Manager InterVideo Inc.
mpbtn.exe 2852 Motive Support Client Motive Communications, Inc.
firefox.exe 4008 Firefox Mozilla Corporation
KBDAP32A.EXE 184 Multi-Media Keyboard Application
procexp.exe 16048 0.77 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:23 PM

Posted 07 August 2009 - 11:29 PM

@ securityguy

Here at Bleepin we give the poster plenty of choices on how to handle their problems, when they post in this subforum we try to find any infections first then refer them to another section when we don't.

Even when we don't find malware, non invasive scans/logs can reveal clues to the source of the problem.
Chewy

No. Try not. Do... or do not. There is no try.

#14 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:23 PM

Posted 07 August 2009 - 11:39 PM

Test disabling AVG and see if the IncrediMail error disappears
Chewy

No. Try not. Do... or do not. There is no try.

#15 lolokittyy

lolokittyy

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:new jersey
  • Local time:12:23 PM

Posted 07 August 2009 - 11:44 PM

Its still there after AVG is disabled.

And it doesn't go away in all its taking up half the screen glory.

Here is the other log, my mothers not sure she ran it properly.
She wanted to learn :thumbsup:


GMER 1.0.15.15020 [jj6oerjq.exe] - http://www.gmer.net
Rootkit scan 2009-08-08 00:38:59
Windows 5.1.2600 Service Pack 3


---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[2504] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM@ Free Threaded XML DOM Document
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM\CLSID@ {2933BF91-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM\CurVer@ Microsoft.FreeThreadedXMLDOM.1.0
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM.1.0@ Free Threaded XML DOM Document
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM.1.0\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM.1.0\CLSID@ {2933BF91-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM@ XML DOM Document
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM\CLSID@ {2933BF90-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM\CurVer@ Microsoft.XMLDOM.1.0
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM.1.0@ XML DOM Document
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM.1.0\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM.1.0\CLSID@ {2933BF90-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO@ XML Data Source Object
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO\CLSID@ {550DDA30-0541-11D2-9CA9-0060B0EC3D39}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO\CurVer@ Microsoft.XMLDSO.1.0
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO.1.0@ XML Data Source Object
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO.1.0\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO.1.0\CLSID@ {550DDA30-0541-11D2-9CA9-0060B0EC3D39}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP@ XML HTTP Request
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP\CLSID@ {ED8C108E-4349-11D2-91A4-00C04F7969E8}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP\CurVer@ Microsoft.XMLHTTP.1.0
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP.1.0@ XML HTTP Request
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP.1.0\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP.1.0\CLSID@ {ED8C108E-4349-11D2-91A4-00C04F7969E8}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser@ XML Parser
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser\CLSID@ {D2423620-51A0-11D2-9CAF-0060B0EC3D39}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser\CurVer@ Microsoft.XMLParser.1.0
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser.1.0@ XML Parser
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser.1.0\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser.1.0\CLSID@ {D2423620-51A0-11D2-9CAF-0060B0EC3D39}
Reg HKLM\SOFTWARE\Classes\Msxml@ Msxml
Reg HKLM\SOFTWARE\Classes\Msxml\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml\CLSID@ {CFC399AF-D876-11D0-9C10-00C04FC99C8E}
Reg HKLM\SOFTWARE\Classes\MSXML.DOMDocument@ XML DOM Document
Reg HKLM\SOFTWARE\Classes\MSXML.DOMDocument\CLSID
Reg HKLM\SOFTWARE\Classes\MSXML.DOMDocument\CLSID@ {2933BF90-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\MSXML.DOMDocument\CurVer
Reg HKLM\SOFTWARE\Classes\MSXML.DOMDocument\CurVer@ Microsoft.XMLDOM.1.0
Reg HKLM\SOFTWARE\Classes\MSXML.FreeThreadedDOMDocument@ Free Threaded XML DOM Document
Reg HKLM\SOFTWARE\Classes\MSXML.FreeThreadedDOMDocument\CLSID
Reg HKLM\SOFTWARE\Classes\MSXML.FreeThreadedDOMDocument\CLSID@ {2933BF91-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\MSXML.FreeThreadedDOMDocument\CurVer
Reg HKLM\SOFTWARE\Classes\MSXML.FreeThreadedDOMDocument\CurVer@ Microsoft.FreeThreadedXMLDOM.1.0
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument@ XML DOM Document
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument\CLSID@ {F6D90F11-9C73-11D3-B32E-00C04F990BB4}
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument\CurVer@ Msxml2.DOMDocument.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument.3.0@ XML DOM Document 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument.3.0\CLSID@ {F5078F32-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl@ XML Data Source Object
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl\CLSID@ {F6D90F14-9C73-11D3-B32E-00C04F990BB4}
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl\CurVer@ Msxml2.DSOControl.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl.3.0@ XML Data Source Object 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl.3.0\CLSID@ {F5078F39-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument@ Free Threaded XML DOM Document
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument\CLSID@ {F6D90F12-9C73-11D3-B32E-00C04F990BB4}
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument\CurVer@ Msxml2.FreeThreadedDOMDocument.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument.3.0@ Free Threaded XML DOM Document 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument.3.0\CLSID@ {F5078F33-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter@ MXXMLWriter
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter\CLSID@ {FC220AD8-A72A-4EE8-926E-0B7AD152A020}
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter\CurVer@ Msxml2.MXXMLWriter.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter.3.0@ MXXMLWriter 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter.3.0\CLSID@ {3D813DFE-6C91-4A4E-8F41-04346A841D9C}
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes@ SAXAttributes
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes\CLSID@ {4DD441AD-526D-4A77-9F1B-9841ED802FB0}
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes\CurVer@ Msxml2.SAXAttributes.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes.3.0@ SAXAttributes 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes.3.0\CLSID@ {3E784A01-F3AE-4DC0-9354-9526B9370EBA}
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader@ SAX XML Reader
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader\CLSID@ {079AA557-4A18-424A-8EEE-E39F0A8D41B9}
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader\CurVer@ Msxml2.SAXXMLReader.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader.3.0@ SAX XML Reader 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader.3.0\CLSID@ {3124C396-FB13-4836-A6AD-1317F1713688}
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP@ Server XML HTTP
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP\CLSID@ {AFBA6B42-5692-48EA-8141-DC517DCF0EF1}
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP\CurVer@ Msxml2.ServerXMLHTTP.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP.3.0@ Server XML HTTP 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP.3.0\CLSID@ {AFB40FFD-B609-40A3-9828-F88BBE11E4E3}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP@ XML HTTP
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP\CLSID@ {F6D90F16-9C73-11D3-B32E-00C04F990BB4}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP\CurVer@ Msxml2.XMLHTTP.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP.3.0@ XML HTTP 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP.3.0\CLSID@ {F5078F35-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser@ XML Parser
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser\CLSID@ {F5078F19-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser\CurVer@ Msxml2.XMLParser.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser.3.0@ XML Parser 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser.3.0\CLSID@ {F5078F31-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache@ XML Schema Cache
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache\CLSID@ {373984C9-B845-449B-91E7-45AC83036ADE}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache\CurVer@ Msxml2.XMLSchemaCache.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache.3.0@ XML Schema Cache 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache.3.0\CLSID@ {F5078F34-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate@ XSL Template
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate\CLSID@ {2933BF94-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate\CurVer@ Msxml2.XSLTemplate.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate.3.0@ XSL Template 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate.3.0\CLSID@ {F5078F36-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\XML@ XML Script Engine
Reg HKLM\SOFTWARE\Classes\XML\CLSID
Reg HKLM\SOFTWARE\Classes\XML\CLSID@ {989D1DC0-B162-11D1-B6EC-D27DDCF9A923}
Reg HKLM\SOFTWARE\Classes\XML\OLEScript
Reg HKLM\SOFTWARE\Classes\XML\OLEScript@
Reg HKLM\SOFTWARE\Classes\xmlfile@ XML Document
Reg HKLM\SOFTWARE\Classes\xmlfile@FriendlyTypeName @C:\WINDOWS\system32\msxml3r.dll,-1
Reg HKLM\SOFTWARE\Classes\xmlfile\BrowseInPlace
Reg HKLM\SOFTWARE\Classes\xmlfile\BrowseInPlace@
Reg HKLM\SOFTWARE\Classes\xmlfile\CLSID
Reg HKLM\SOFTWARE\Classes\xmlfile\CLSID@ {48123BC4-99D9-11D1-A6B3-00C04FD91555}
Reg HKLM\SOFTWARE\Classes\xmlfile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\xmlfile\DefaultIcon@ C:\WINDOWS\system32\msxml3.dll,0
Reg HKLM\SOFTWARE\Classes\xmlfile\shell
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\command
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\command@ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec@ "file:%1",,-1,,,,,
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec\application
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec\application@ IExplore
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec\topic
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec\topic@ WWW_OpenURL
Reg HKLM\SOFTWARE\Classes\xslfile@ XSL Stylesheet
Reg HKLM\SOFTWARE\Classes\xslfile@FriendlyTypeName @C:\WINDOWS\system32\msxml3r.dll,-2
Reg HKLM\SOFTWARE\Classes\xslfile\BrowseInPlace
Reg HKLM\SOFTWARE\Classes\xslfile\BrowseInPlace@
Reg HKLM\SOFTWARE\Classes\xslfile\CLSID
Reg HKLM\SOFTWARE\Classes\xslfile\CLSID@ {48123BC4-99D9-11D1-A6B3-00C04FD91555}
Reg HKLM\SOFTWARE\Classes\xslfile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\xslfile\DefaultIcon@ C:\WINDOWS\system32\msxml3.dll,1
Reg HKLM\SOFTWARE\Classes\xslfile\shell
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\command
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\command@ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec@ "file:%1",,-1,,,,,
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec\application
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec\application@ IExplore
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec\topic
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec\topic@ WWW_OpenURL

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 10: copy of MBR

---- EOF - GMER 1.0.15 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users