Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

many viruses/ Malwarebytes' doesn't run


  • Please log in to reply
8 replies to this topic

#1 pingu11

pingu11

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 28 May 2010 - 07:29 PM

My wife's laptop pc was infected with many viruses and spyware. We stopped using it about a month and half ago because we think it was still infected.

It is difficult for me to provide complete details since she is the primary user on that pc and has attempted to fix the problem herself.

1. Computer had symantec anti-virus running in the background.
XP SP2 build 2600.xpsp_sp2_gdr.090206-1233, celeron cpu 2.4g, 752mb ram

2. A few months ago, we noticed more frequent popups on IE explorer.

3. I can't remember if symantec scan found anything or not.

4. Installed Malwarebyte's anti-malware. When I click on the icon or from the start menu, it doesn't run.

5. Wife uninstalled symantec anti-virus and installed V3 Lite (korean anti-virus software) . She ran it a few times and it found some viruses according to its log file:
trojan/win32.monder
asd.prevention

The anti virus program removed these viruses, but they came back the next day on a scan.

6. The log files also show some spyware. The log is in korean so I don't know all the details, but I can list the things it found. The infected file paths looked like registry things since the paths all began with HKLM or HKCU.

suspicious BHO
suspicious autoloading entries
win-downloader/Koobface.205253
win-spywware/PWS.OnLineGames.175120
possible start search pages hijack
orphaned urlsearchhooks
orphaned toolbar

each of these things were listed more than once in the log and in different infected registry paths.

7. The AV program also had a list of quarantined files:
vbc.exe
cscomp.dll
horefupa.dll
v3daonol.exe
junehoda.dll
UninstallFirefox.exe
randvarS.exe
v5051001.exe
nQuery40.exe
stats502.exe
vpn5004.exe
uphc600.exe
carpserv.exe
CARPDLL.DLL
STN_FREQ.EXE
RESAMPL.EXE
P_values.exe
consen_p.exe
t_error.exe
seq_bon.exe
RSXLInstWin2.exe
randvar_m.exe
P_VALUES.exe
p_tables.exe
CRIT_VAL.EXE
COMPARE4.EXE
COMPARE2.EXE
pinguseesaw_setup.exe
Linksys WEP Utility.exe
lcdtest.exe
Setup.exe
zepirujo.dll
pusukupu.dll
NAVDownloader.exe


8. We are not confident that the anti virus program cleaned out the laptop. Malwarebytes still doesn't run. The unwanted popup frequency seems to have decreased, but I'm not completely sure since we haven't touched the pc in a month and a half.
Can someone help me out?
Thanks.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:58 AM

Posted 28 May 2010 - 08:52 PM

Hello a couple things to try ... As we don't know if there was an error code from MBAM when it faiked we cannot supply a direct fix.
But we can try running others first and see it it will run after that. Or we can un and reinstall iy.

First I think it best to do this.

>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Do not reboot your computer after running rkill as the malware programs will start again. Or it rebooting happens or is needed rerun RKIll.


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.



Try running MBAM. If still no joy.
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 pingu11

pingu11
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 29 May 2010 - 07:54 PM

My computer was extremely sluggish during the whole process.
FixExe.reg worked fine.

why do the links for rkill point to different filenames?
I turned off my anti-virus program, V3, but my computer was very sluggish. It took a while for the icon to disappear from the bottom right of the screen. So I ran task manager and process explorer to verify that it was really off. Process explorer didn't run properly.
I downloaded rkill.pif, but that didn't work.
I downloaded rkill.exe, and that worked.
Rkill killed the procexp process and rkill itself.

I downloaded ATF cleaner and super antispyware. Installed super antispyware, updated it.
during the setup, I never saw any settings for the scanner options? Did I have to run the program to see those options?

when I tried to run the program from the super icon on the desktop, the computer slowed down alot. the hd light was flashing all the time. I couldn't run any other programs. If I dragged a window for the browser, the screen would show footprints of the windows. I waited about 5 mins and then hit the power switch to turn off the computer. ctl-alt-del didn't work.

when I rebooted in safe mode, weird stuff happened. none of the icons on the desktop appeared and tray along the bottom of the screen was gone. ctl-alt-del also didn't work. so I had to use the power switch to turn off the computer.

I restarted in normal mode, and then a popup window (RUNDLL) appeared. the message was "Error loading geligehu.dll. the specified module could not be found"


What should I do? I'll try repeating the instructions except for downloading the programs since they're already on the desktop.

#4 pingu11

pingu11
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 29 May 2010 - 08:26 PM

update:
i restarted in normal mode
disabled my virus checker
ran fixreg.exe
ran rkill.exe
got into the superantispyware control center scanner options:


Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

Can you clarify whether or not I have to uncheck all the default options except for the 3 listed in the instructions?

#5 pingu11

pingu11
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 30 May 2010 - 12:54 PM

ran super antispyware assuming with only 3 scanner options
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

Log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/29/2010 at 11:24 PM

Application Version : 4.38.1004

Core Rules Database Version : 4951
Trace Rules Database Version: 2763

Scan type : Complete Scan
Total Scan Time : 04:48:13

Memory items scanned : 397
Memory threats detected : 1
Registry items scanned : 5540
Registry threats detected : 5
File items scanned : 244987
File threats detected : 13

Adware.Vundo/Variant-EC
C:\WINDOWS\SYSTEM32\YESIGOJU.DLL
C:\WINDOWS\SYSTEM32\YESIGOJU.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{77992a57-33c9-407c-a4c6-28518cefc517}
HKCR\CLSID\{77992A57-33C9-407C-A4C6-28518CEFC517}
HKCR\CLSID\{77992a57-33c9-407c-a4c6-28518cefc517}\InprocServer32
HKCR\CLSID\{77992a57-33c9-407c-a4c6-28518cefc517}\InprocServer32#ThreadingModel
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#fisoyinor
C:\WINDOWS\SYSTEM32\FAWUJELI.DLL
C:\WINDOWS\SYSTEM32\GATINURO.DLL

Trojan.Agent/Gen
C:\Program Files\SYS

Trojan.Agent/Gen-FakeAlert[Local]
C:\PROGRAM FILES\AGILENT\GENESPRING GX\DATA\GENESPRINGGX.EXE

Unclassified.Unknown Origin
C:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\ALCOHOLCRACK\KEYGEN.NFO

Adware.Vundo/Variant-Yx
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3C631B64-D9BE-43AD-BB6D-8E3923619CA5}\RP1\A0000008.DLL

Adware.Vundo/Variant-Senorita
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3C631B64-D9BE-43AD-BB6D-8E3923619CA5}\RP1\A0001003.DLL

Adware.Vundo/Variant-[Fixed]
C:\WINDOWS\SYSTEM32\DEVOPAHA.DLL
C:\WINDOWS\SYSTEM32\KOHIROVU.DLL

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\GUNOWINI.DLL
C:\WINDOWS\SYSTEM32\HARUPEZA.DLL
C:\WINDOWS\SYSTEM32\TUSIHEKU.DLL

after the reboot, the computer was still sluggish and I had more strange popup messages on startup
Error loading geligehu.dll.
error loadingn yesigoju.dll

I ran mbam clean, and it reported:
SHGetValue failed with error code 0

When I tried to download mbam, the computer froze up.

I downloaded mbam to a different computer and copied the install file to the desktop. Installed, but mbam didn't work. the mbam.exe file is missing from the program file directory.

I also tried to reboot in safe mode, but xp kept reseting everytime I attempt to enter safe mode.

I ran super again and the similar items showed up again in different places

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/30/2010 at 06:52 AM

Application Version : 4.38.1004

Core Rules Database Version : 4951
Trace Rules Database Version: 2763

Scan type : Complete Scan
Total Scan Time : 04:32:02

Memory items scanned : 397
Memory threats detected : 0
Registry items scanned : 5532
Registry threats detected : 0
File items scanned : 247871
File threats detected : 9

Adware.Vundo/Variant-Senorita
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3C631B64-D9BE-43AD-BB6D-8E3923619CA5}\RP1\A0003051.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3C631B64-D9BE-43AD-BB6D-8E3923619CA5}\RP1\A0005061.DLL

Adware.Vundo/Variant-Yx
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3C631B64-D9BE-43AD-BB6D-8E3923619CA5}\RP1\A0003052.DLL

Unclassified.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3C631B64-D9BE-43AD-BB6D-8E3923619CA5}\RP1\A0003054.NFO

Adware.Vundo/Variant-[Fixed]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3C631B64-D9BE-43AD-BB6D-8E3923619CA5}\RP1\A0003055.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3C631B64-D9BE-43AD-BB6D-8E3923619CA5}\RP1\A0003056.DLL

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3C631B64-D9BE-43AD-BB6D-8E3923619CA5}\RP1\A0003057.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3C631B64-D9BE-43AD-BB6D-8E3923619CA5}\RP1\A0003058.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3C631B64-D9BE-43AD-BB6D-8E3923619CA5}\RP1\A0003059.DLL


Help please. thanks.

Edited by pingu11, 30 May 2010 - 12:55 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:58 AM

Posted 01 June 2010 - 01:29 PM

Hello,sorry I had to be away this weekend.. Can you run an Online scan? It may be easier.
We are making progress.

ESET
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
    folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.


after the reboot, the computer was still sluggish and I had more strange popup messages on startup
Error loading geligehu.dll.
error loadingn yesigoju.dll


Its not unusual to receive such an error after using specialized fix tools.

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.

Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file(s) in the error message.
Right-click on the entry and choose delete.
Reboot your computer and see if the startup error returns.
Credit to quietman7
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 pingu11

pingu11
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 19 August 2010 - 12:48 AM

The ESET online scanner encountered some kind of "unexpected error" after completing 92% of the scan. It didn't find anything, but there could have been something since the scan did not complete normally.

#8 pingu11

pingu11
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 19 August 2010 - 01:06 AM

I'm not sure if this would be helpful, but here is the Autoruns scan result. I found several suspicious entries and will try deleting them as you suggested.


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "000StTHK" "" "" "c:\windows\system32\000stthk.exe"
+ "00THotkey" "THotkey" "TOSHIBA Corp." "c:\windows\system32\00thotkey.exe"
+ "AGRSMMSG" "SoftModem Messaging Applet" "Agere Systems" "c:\windows\agrsmmsg.exe"
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\apoint2k\apoint.exe"
+ "ezShieldProtector for Px" "ezSP_Px MFC Application" "Easy Systems Japan Ltd." "c:\windows\system32\ezsp_px.exe"
+ "fehatimehe" "" "" "File not found: geligehu.dll"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "LtMoh" "LtMoh MFC Application" "Agere Systems" "c:\program files\ltmoh\ltmoh.exe"
+ "MSPY2002" "" "" "c:\windows\system32\ime\pintlgnt\imscinst.exe"
+ "NeroCheck" "NeroCheck" "Ahead Software Gmbh" "c:\windows\system32\nerocheck.exe"
+ "pegegeyum" "" "" "c:\windows\system32\famoziza.dll"
+ "phc600" "CameraMonitor Application" "Sonix" "c:\windows\vphc600.exe"
+ "Pinger" "TOSHIBA Pinger" "TOSHIBA Corporation" "c:\toshiba\ivp\ism\pinger.exe"
+ "PmProxy" "PmProxy" "adi" "c:\program files\analog devices\soundmax\pmproxy.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Computer, Inc." "c:\program files\quicktime\qttask.exe"
+ "TFNF5" "TFnF5" "Toshiba Corp." "c:\windows\system32\tfnf5.exe"
+ "TouchED" "TouchPad On/Off Utility" "TOSHIBA Corporation" "c:\program files\toshiba\touched\touched.exe"
+ "Tpwrtray" "TOSHIBA Power Saver" "TOSHIBA Corporation" "c:\windows\system32\tpwrtray.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "Acrobat Assistant.lnk" "AcroTray" "Adobe Systems Inc." "c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe"
+ "Adobe Gamma Loader.exe.lnk" "Adobe Gamma Loader" "Adobe Systems, Inc." "c:\program files\common files\adobe\calibration\adobe gamma loader.exe"
+ "hp psc 2000 Series.lnk" "HP OfficeJet COM Device Objects" "Hewlett-Packard Co." "c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe"
+ "hpoddt01.exe.lnk" "hpotdd01" "Hewlett-Packard" "c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe"
+ "Microsoft Office.lnk" "Microsoft Office XP component" "Microsoft Corporation" "c:\program files\microsoft office\office10\osa.exe"
+ "PC Health.lnk" "" "" "c:\program files\toshiba\toshiba management console\toshealthlocals.vbs"
+ "RAMASST.lnk" "CD Burning of Windows XP disabling tool for DVD MULTI Drive" "Matsubleepa Electric Industrial Co., Ltd." "c:\windows\system32\ramasst.exe"
+ "TrayMin600.exe.lnk" "TrayMin MFC Application" "" "c:\program files\philips\spc 600nc pc camera\traymin600.exe"
+ "VPN Client.lnk" "" "" "c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\icon3e5562ed7.ico"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" "" "" ""
+ "9" "" "" "File not found: C:\WINDOWS\system32\Ravdm.exe"
+ "KernelCheck" "" "" "File not found: C:\WINDOWS\system32\winasse.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\8a9cfa6e-0e40-4e5c-b229-6dd5c0e35258.com"
"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "FlashPlayerUpdate" "Adobe Flash Player Helper 10.0 r12" "Adobe Systems, Inc." "c:\windows\system32\macromed\flash\flashutil10a.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "cdo" "Microsoft SharePoint Portal Server Object Model" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web folders\pkmcdo.dll"
+ "livecall" "MSN Messenger Protocol Handler" "Microsoft Corporation" "c:\program files\msn messenger\msgrapp.8.1.0178.00.dll"
+ "msnim" "MSN Messenger Protocol Handler" "Microsoft Corporation" "c:\program files\msn messenger\msgrapp.8.1.0178.00.dll"
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
+ "s-http" "INITECH HTTP Wrapper Handler" "© INITECH" "c:\program files\initech\shttp\initechshttpinterface.10118.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" "" "" ""
+ "kupuhivus" "" "" "File not found: c:\windows\system32\gohusani.dll"
+ "kupuhivus" "" "" "c:\windows\system32\famoziza.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" ""
+ "jusapafuv" "" "" "c:\windows\system32\famoziza.dll"
+ "puferuwut" "" "" "File not found: c:\windows\system32\gohusani.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Elements" "Adobe Systems Inc." "c:\program files\adobe\acrobat 6.0\acrobat elements\contextmenu.dll"
+ "ALZip" "ALZip ContextMenu Module" "ESTsoft" "c:\program files\estsoft\alzip\azctm.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "ALZip" "ALZip ContextMenu Module" "ESTsoft" "c:\program files\estsoft\alzip\azctm.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "ALZip" "ALZip ContextMenu Module" "ESTsoft" "c:\program files\estsoft\alzip\azctm.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "ALZip" "ALZip ContextMenu Module" "ESTsoft" "c:\program files\estsoft\alzip\azctm.dll"
+ "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ALZip" "ALZip ContextMenu Module" "ESTsoft" "c:\program files\estsoft\alzip\azctm.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Elements" "Adobe Systems Inc." "c:\program files\adobe\acrobat 6.0\acrobat elements\contextmenu.dll"
+ "ALZip 4.0 Context Menu Shell Extension" "ALZip ContextMenu Module" "ESTsoft" "c:\program files\estsoft\alzip\azctm.dll"
+ "Display Panning CPL Extension" "" "" "File not found: deskpan.dll"
+ "For &People..." "Find People" "Microsoft Corporation" "c:\program files\outlook express\wabfind.dll"
+ "HyperTerminal Icon Ext" "HyperTerminal Applet Library" "Hilgraeve, Inc." "c:\windows\system32\hticons.dll"
+ "Messenger Sharing Folders" "Messenger File Sharing Shell Extensions" "Microsoft Corporation" "c:\program files\msn messenger\fsshext.8.1.0178.00.dll"
+ "Microsoft Data Link" "Microsoft Data Access - OLE DB Core Services" "Microsoft Corporation" "c:\program files\common files\system\ole db\oledb32.dll"
+ "Microsoft Office HTML Icon Handler" "Microsoft Office XP component" "Microsoft Corporation" "c:\program files\microsoft office\office10\msohev.dll"
+ "Microsoft Outlook Custom Icon Handler" "Outlook Shell Hook for Start/Find" "Microsoft Corporation" "c:\program files\microsoft office\office10\olkfstub.dll"
+ "TouchED" "TouchPad On/Off Utility" "TOSHIBA Corporation" "c:\program files\toshiba\touched\touched.dll"
+ "Web Folders" "Microsoft Web Folders" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web folders\msonsext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
+ "바이로봇 Expert Ver 4.0" "" "" "File not found: C:\Program Files\ViRobotXP\VShExt.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "AcroIEHlprObj Class" "Adobe Acrobat IE Helper Version 6.0 for ActivieX" "Adobe Systems Incorporated" "c:\program files\adobe\acrobat 6.0\acrobat\activex\acroiehelper.dll"
+ "AcroIEToolbarHelper Class" "" "" "c:\program files\adobe\acrobat 6.0\acrobat\acroiefavclient.dll"
+ "del.icio.us Toolbar Helper" "del.icio.us Buttons for Internet Explorer" "del.icio.us, a Yahoo! Company" "c:\program files\del.icio.us\internet explorer buttons\dlcsie.dll"
+ "{ac5409a6-3d66-4dfd-aad7-a1adcb239abd}" "" "" "File not found: tojowebo.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Adobe PDF" "" "" "c:\program files\adobe\acrobat 6.0\acrobat\acroiefavclient.dll"
+ "del.icio.us" "del.icio.us Buttons for Internet Explorer" "del.icio.us, a Yahoo! Company" "c:\program files\del.icio.us\internet explorer buttons\dlcsie.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "evpjyctu.job" "" "" "c:\windows\system32\zemakige.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "C-DillaSrv" "C-Dilla RTS Service" "C-Dilla Ltd" "c:\windows\system32\drivers\cdantsrv.exe"
+ "CVPND" "Cisco Systems VPN Client" "Cisco Systems, Inc." "c:\program files\cisco systems\vpn client\cvpnd.exe"
+ "DVD-RAM_Service" "Service of RAMAsst for Windows XP" "Matsubleepa Electric Industrial Co., Ltd." "c:\windows\system32\dvdramsv.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "LiveUpdate" "LiveUpdate Core Engine" "Symantec Corporation" "c:\program files\symantec\liveupdate\lucomserver_3_2.exe"
+ "LVPrcSrv" "Webcam Effects Helper." "" "File not found: c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe"
+ "npkcmsvc" "nProtect KeyCrypt Manager Service" "INCA Internet Co., Ltd." "c:\windows\system32\npkcmsvc.exe"
+ "Pml Driver HPZ12" "PML Driver" "HP" "c:\windows\system32\hpzipm12.exe"
+ "SoundMAX Agent Service (default)" "SoundMAX service agent component" "Analog Devices, Inc." "c:\program files\analog devices\soundmax\smagent.exe"
+ "usnjsvc" "Service installed by Messenger to enable sharing scenarios" "Microsoft Corporation" "c:\program files\msn messenger\usnsvc.exe"
+ "vpnagent" "Cisco AnyConnect VPN Agent for Windows" "Cisco Systems, Inc." "c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe"
+ "WindowsFix" "Provides authentication serviceso" "" "File not found: C:\WINDOWS\system32\servet.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "aeaudio" "Andrea Audio Noise Cancellation Driver" "Andrea Electronics Corporation" "c:\windows\system32\drivers\aeaudio.sys"
+ "AgereSoftModem" "SoftModem Device Driver" "Agere Systems" "c:\windows\system32\drivers\agrsm.sys"
+ "AhnFlt2K" "" "" "File not found: C:\WINDOWS\system32\drivers\AhnFlt2K.sys"
+ "AhnRec2K" "" "" "File not found: C:\WINDOWS\system32\drivers\AhnRec2K.sys"
+ "AhnRghNt" "" "" "File not found: C:\WINDOWS\system32\drivers\AhnRghNt.sys"
+ "AMonTDnt" "" "" "File not found: C:\WINDOWS\system32\Drivers\AMonTDnt.sys"
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "ATamptNt_V3LITE" "ATamptNt_V3LITE mini-filter driver" "" "File not found: C:\PROGRA~1\AhnLab\V3Lite\ATamptNt.sys"
+ "C-Dilla" "C-Dilla Windows NT RTS" "Macrovision" "c:\windows\system32\drivers\cdant.sys"
+ "CCCP106" "" "" "File not found: system32\DRIVERS\cccp106.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "CVirtA" "Cisco Systems VPN Adapter" "Cisco Systems, Inc." "c:\windows\system32\drivers\cvirta.sys"
+ "CVPNDRVA" "Cisco Systems VPN Client IPSec Driver" "Cisco Systems, Inc." "c:\windows\system32\drivers\cvpndrva.sys"
+ "DNE" "Deterministic Network Enhancer" "Deterministic Networks, Inc." "c:\windows\system32\drivers\dne2000.sys"
+ "E100B" "NDIS 5.1 driver" "Intel Corporation" "c:\windows\system32\drivers\e100b325.sys"
+ "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
+ "HSF_DP" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dp.sys"
+ "HSFHWCD2" "HSFHWCD2 WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwcd2.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Controller Hub for Intel Graphics Driver" "Intel Corporation" "c:\windows\system32\drivers\ialmnt5.sys"
+ "JRSKD24" "ClientKeeper KeyPro Keyboard Driver" "SoftForum Corporation" "c:\windows\system32\jrskd24.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "LVcKap" "" "" "File not found: system32\DRIVERS\LVcKap.sys"
+ "LVMVDrv" "" "" "File not found: system32\DRIVERS\LVMVDrv.sys"
+ "LVPr2Mon" "" "" "File not found: system32\DRIVERS\LVPr2Mon.sys"
+ "LVUSBSta" "USB Statistic Driver" "Logitech Inc." "c:\windows\system32\drivers\lvusbsta.sys"
+ "mdmxsdk" "Diagnostic Interface DRIVER" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "MeDCoreD_V3LITE" "" "" "File not found: C:\Program Files\AhnLab\V3Lite\MeDCoreD.sys"
+ "meiudf" "DVD-RAM UDF File System Driver" "Matsubleepa Electric Industrial Co.,Ltd." "c:\windows\system32\drivers\meiudf.sys"
+ "npkcrypt" "nProtect KeyCrypt Driver" "INCA Internet Co., Ltd." "c:\windows\system32\npkcrypt.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "pepifilter" "" "" "File not found: system32\DRIVERS\lv302af.sys"
+ "phc600" "PC Camera driver" "" "c:\windows\system32\drivers\phc600.sys"
+ "PID_PEPI" "Logitech QuickCam Driver" "Logitech Inc." "c:\windows\system32\drivers\lv302v32.sys"
+ "portD" "" "" "File not found: system32\DRIVERS\portd2k.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "PxHelper Device Driver for Windows 2000" "VERITAS Software, Inc." "c:\windows\system32\drivers\pxhelp20.sys"
+ "SABKUTIL" "" "" "File not found: C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys"
+ "SABProcEnum" "" "" "File not found: C:\Program Files\Internet Explorer\SABProcEnum.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "scsk5" "" "" "File not found: system32\drivers\scsk5.sys"
+ "Secdrv" "SafeDisc driver" "" "c:\windows\system32\drivers\secdrv.sys"
+ "SMC2862W" "SMC2862W-G Wireless NDIS 5.1 Driver" "SMC Networks, Inc." "c:\windows\system32\drivers\2862wicb.sys"
+ "smwdm" "SoundMAX Integrated Digital Audio " "Analog Devices, Inc." "c:\windows\system32\drivers\smwdm.sys"
+ "TBiosDrv" "" "" "c:\windows\system32\drivers\tbiosdrv.sys"
+ "TVALD" "Toshiba ACPI-Based Value Added Logical Device Driver" "Toshiba Corporation" "c:\windows\system32\drivers\tvald.sys"
+ "TVALG" "TOSHIBA Value Added Logical and General Purpose Device Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalg.sys"
+ "VPDrvNt" "VPDrvNt mini-filter driver" "" "File not found: C:\Program Files\AhnLab\V3Lite\VPDrvNt.sys"
+ "vpnva" "Cisco AnyConnect VPN Client Virtual Miniport Adapter for Windows" "Cisco Systems, Inc." "c:\windows\system32\drivers\vpnva.sys"
+ "vsdatant" "TrueVector Device Driver" "Zone Labs, LLC" "c:\windows\system32\vsdatant.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
+ "wlags48b" "NDIS 5.1 Miniport Driver." "Agere Systems" "c:\windows\system32\drivers\wlags48b.sys"
+ "wlluc48" "NDIS 5.1 Miniport Driver." "Lucent Technologies" "c:\windows\system32\drivers\wlluc48.sys"
+ "{6080A529-897E-4629-A488-ABA0C29B635E}" "Intel Graphics Platform (SoftBIOS) Driver for Windows 2000® & Windows XP™" "Intel Corporation" "c:\windows\system32\drivers\ialmsbw.sys"
+ "{D31A0762-0CEB-444e-ACFF-B049A1F6FE91}" "Intel Graphics Chipset (KCH) Driver for Windows 2000® & Windows XP™" "Intel Corporation" "c:\windows\system32\drivers\ialmkchw.sys"
+ "{E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}" "Ch7009 Minidriver" "Intel Corporation" "c:\windows\system32\drivers\wa301a.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "IndeoŽ audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "CinepakŽ Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "IndeoŽ video 4.4 Compression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "IndeoŽ video 4.4 Decompression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Arcsoft AC3 Audio Decoder" "" "" "File not found: C:\Program Files\Common Files\ArcSoft\MPEG Engine\AC3Dec.ax"
+ "Arcsoft DV Transition" "" "" "File not found: C:\Program Files\Common Files\ArcSoft\MPEG Engine\DVTransition.ax"
+ "Arcsoft MPEG Audio Decoder" "" "" "File not found: C:\Program Files\Common Files\ArcSoft\MPEG Engine\mpgaudio.ax"
+ "Arcsoft Mpeg Encoder Filter" "" "" "File not found: C:\Program Files\Common Files\ArcSoft\MPEG Engine\ArcMpegCodec.ax"
+ "ArcSoft Mpeg Mplex Filter" "" "" "File not found: C:\Program Files\Common Files\ArcSoft\MPEG Engine\ArcMplexFilter.ax"
+ "Arcsoft Mpeg Mplex Filter" "" "" "File not found: C:\Program Files\Common Files\ArcSoft\MPEG Engine\MplexFilter.ax"
+ "ArcSoft MPEG Splitter" "" "" "File not found: C:\Program Files\Common Files\ArcSoft\MPEG Engine\ArcSpl.ax"
+ "ArcSoft MPEG Video Decoder" "" "" "File not found: C:\Program Files\Common Files\ArcSoft\MPEG Engine\mpgvideo.ax"
+ "Arcsoft Mpeg2Audio Encoder" "" "" "File not found: C:\Program Files\Common Files\ArcSoft\MPEG Engine\Mpeg2AudioEncoder.ax"
+ "Arcsoft Realtime Capture Encoder Filter" "" "" "File not found: C:\Program Files\Common Files\ArcSoft\MPEG Engine\ArcCaptureEncoder.ax"
+ "Arcsoft Source Buffer Filter" "" "" "File not found: C:\Program Files\Common Files\ArcSoft\MPEG Engine\SrcBuffer.ax"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo Video ® 5.1 Progressive Download Source" "Intel IndeoŽ video IVF Source Filter 5.10" "Intel Corporation" "c:\windows\system32\ivfsrc.ax"
+ "IndeoŽ audio software" "IndeoŽ audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "IndeoŽ video 5.10 Compression Filter" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "IndeoŽ video 5.10 Decompression Filter" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "InterVideo Audio Decoder" "IVIAUDIO" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviaudio.ax"
+ "InterVideo Audio Processor" "" "" "c:\program files\intervideo\common\bin\iviaudioprocess.ax"
+ "InterVideo Navigator" "IVINAV" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivinav.ax"
+ "InterVideo Video Decoder" "IVIVIDEO" " InterVideo Inc." "c:\program files\intervideo\common\bin\ivivideo.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Render Dib" "Special Effects Sample" "MyCompanyName" "c:\program files\arcsoft\software suite\funhouse\ezrgb24.ax"
+ "ShotBoundaryDet" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Snapshot" "" "" "File not found: C:\Program Files\Common Files\ArcSoft\Shared Filters\ArcSnap.ax"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "Windows Media Pad VU Data Grabber" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "muhodogu.dll c:\windows\system32\yesigoju.dll c:\windows\system32\yurivaho.dll c:\windows\system32\famoziza.dll" "" "" "File not found: muhodogu.dll c:\windows\system32\yesigoju.dll c:\windows\system32\yurivaho.dll c:\windows\system32\famoziza.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "!SASWinLogon" "SUPERAntiSpyware WinLogon Processor" "SUPERAntiSpyware.com" "c:\program files\superantispyware\saswinlo.dll"
+ "igfxcui" "igfxsrvc Module" "Intel Corporation" "c:\windows\system32\igfxsrvc.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port" "Acrobat Ž PDF Port" "Adobe Systems Incorporated." "c:\windows\system32\adobepdf.dll"
+ "hpzlnt07" "" "HP" "c:\windows\system32\hpzlnt07.dll"
+ "LIDIL hpzll4pi" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpzll4pi.dll"

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:58 AM

Posted 19 August 2010 - 02:21 PM

Hello, this time we had an internet outage for a day arrggh.. Any way we need to do a long deep scan.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users