Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with FBI MoneyPak Virus WinXP


  • This topic is locked This topic is locked
22 replies to this topic

#1 TY2D2

TY2D2

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 30 September 2012 - 03:37 PM

The computer downstairs is about 11 years old and has become infected with the MoneyPak ransomware virus, asking for $200.

I have tried getting around this screen anyways I can. I was following a different related topic but those efforts were incompatible with my situation.

I do not have a Windows XP CD to run the repair tools or start recovery mdoe if that even exists for XP.

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:48 PM

Posted 01 October 2012 - 07:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please execute the removal instructions on this page.

Remove the FBI MoneyPak Ransomware or the Reveton Trojan
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

If at any time you need advice on how to proceed please ask.
===

When done,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Please post the logs and let me know what problem persists on this computer.

#3 TY2D2

TY2D2
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 01 October 2012 - 02:17 PM

Thank you so much for the quick reply! I will get started with this ASAP and post back!

#4 TY2D2

TY2D2
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 01 October 2012 - 02:23 PM

Hmm there seems to be a problem here.

The tutorial you posted:
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

I get to step 3, but once I login it gives me a message about waiting for a page to load for 30 seconds, I am confident this is just the virus trying to load.

I think the virus version that is for is outdated as my version looks a bit different, it is green, not blue, and asks for $200 even.

I believe this guy [http://www.bleepingcomputer.com/forums/topic469026.html] had a similar problem but he is running win7 so his instructions aren't compatible for me.


I cannot run safemode or safemode with networking, but I can access safe mode with command prompt.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:48 PM

Posted 02 October 2012 - 07:44 AM

Download these tools to a CD or Flash drive. Copy the to the Desktop of the infected computer.
Please run them in the order listed below.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

Let me know if you have internet connectivity ine either Safe or Normal mode.

Wait for further instructions.

#6 TY2D2

TY2D2
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 02 October 2012 - 02:07 PM

I have run the tool in order. Opened explorer through command prompt in safemode then copied the exe to desktop. The first one didn't detect a thing!

Secondly this may be unrelated but there is a registry file on the desktop called regbkr[.reg is that dangerous? It could be a leftover from something unrelated because this isn't my PC, just dunno how many people keep reg files on their desktop ;)

Also, when I ran the avast tool it created the .dat file in the flash drive, not on the desktop even though I am positive it ran from desktop, is that a problem? I have attached it.


Here are the logs in order: TDS>Avast

11:46:39.0687 1232 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
11:46:39.0718 1232 ============================================================
11:46:39.0718 1232 Current date / time: 2012/10/02 11:46:39.0718
11:46:39.0718 1232 SystemInfo:
11:46:39.0718 1232
11:46:39.0718 1232 OS Version: 5.1.2600 ServicePack: 2.0
11:46:39.0718 1232 Product type: Workstation
11:46:39.0718 1232 ComputerName: YOUR-F78BF48CE2
11:46:39.0718 1232 UserName: Administrator
11:46:39.0718 1232 Windows directory: C:\WINDOWS
11:46:39.0718 1232 System windows directory: C:\WINDOWS
11:46:39.0718 1232 Processor architecture: Intel x86
11:46:39.0718 1232 Number of processors: 1
11:46:39.0718 1232 Page size: 0x1000
11:46:39.0718 1232 Boot type: Safe boot
11:46:39.0718 1232 ============================================================
11:46:41.0906 1232 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x64F1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:46:41.0906 1232 Drive \Device\Harddisk1\DR3 - Size: 0xF1000000 (3.77 Gb), SectorSize: 0x200, Cylinders: 0x1EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:46:41.0968 1232 ============================================================
11:46:41.0968 1232 \Device\Harddisk0\DR0:
11:46:41.0968 1232 MBR partitions:
11:46:41.0968 1232 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xAD08A1
11:46:41.0968 1232 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAD08E0, BlocksNum 0x169CD130
11:46:41.0968 1232 \Device\Harddisk1\DR3:
11:46:41.0968 1232 MBR partitions:
11:46:41.0968 1232 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x787FC1
11:46:41.0968 1232 ============================================================
11:46:42.0015 1232 C: <-> \Device\Harddisk0\DR0\Partition2
11:46:42.0015 1232 D: <-> \Device\Harddisk0\DR0\Partition1
11:46:42.0015 1232 ============================================================
11:46:42.0015 1232 Initialize success
11:46:42.0015 1232 ============================================================
11:46:42.0937 1256 ============================================================
11:46:42.0937 1256 Scan started
11:46:42.0937 1256 Mode: Manual;
11:46:42.0937 1256 ============================================================
11:46:44.0828 1256 ================ Scan system memory ========================
11:46:44.0828 1256 System memory - ok
11:46:44.0843 1256 ================ Scan services =============================
11:46:45.0156 1256 Abiosdsk - ok
11:46:45.0171 1256 abp480n5 - ok
11:46:45.0265 1256 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:46:45.0343 1256 ACPI - ok
11:46:45.0359 1256 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:46:45.0359 1256 ACPIEC - ok
11:46:45.0531 1256 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:46:45.0656 1256 AdobeFlashPlayerUpdateSvc - ok
11:46:45.0671 1256 adpu160m - ok
11:46:45.0781 1256 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:46:45.0828 1256 aec - ok
11:46:45.0921 1256 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:46:45.0968 1256 AFD - ok
11:46:46.0453 1256 [ 593AEFC67283D409F34CC1245D00A509 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:46:46.0937 1256 AgereSoftModem - ok
11:46:46.0953 1256 Aha154x - ok
11:46:46.0953 1256 aic78u2 - ok
11:46:46.0968 1256 aic78xx - ok
11:46:47.0843 1256 [ 781C5EC517C53F5214B61253B20C13C4 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
11:46:48.0718 1256 ALCXWDM - ok
11:46:48.0750 1256 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:46:48.0765 1256 Alerter - ok
11:46:48.0812 1256 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
11:46:48.0843 1256 ALG - ok
11:46:48.0843 1256 AliIde - ok
11:46:48.0906 1256 [ E6A2299284013EC4DE3419481A62069F ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
11:46:48.0921 1256 AmdK8 - ok
11:46:48.0937 1256 amsint - ok
11:46:49.0109 1256 [ B4837FE56D76B2E9EA90E5365CF6A2BE ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:46:49.0171 1256 AntiVirSchedulerService - ok
11:46:49.0296 1256 [ DF5A3016052755C910A206058B4A1729 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:46:49.0390 1256 AntiVirService - ok
11:46:49.0406 1256 AppMgmt - ok
11:46:49.0468 1256 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:46:49.0500 1256 Arp1394 - ok
11:46:49.0500 1256 asc - ok
11:46:49.0515 1256 asc3350p - ok
11:46:49.0531 1256 asc3550 - ok
11:46:49.0671 1256 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:46:49.0750 1256 aspnet_state - ok
11:46:49.0843 1256 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:46:49.0843 1256 AsyncMac - ok
11:46:49.0906 1256 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:46:49.0906 1256 atapi - ok
11:46:49.0921 1256 Atdisk - ok
11:46:49.0953 1256 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:46:49.0984 1256 Atmarpc - ok
11:46:50.0031 1256 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:46:50.0046 1256 AudioSrv - ok
11:46:50.0062 1256 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:46:50.0062 1256 audstub - ok
11:46:50.0125 1256 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Program Files\Avira\AntiVir Desktop\avgio.sys
11:46:50.0125 1256 avgio - ok
11:46:50.0187 1256 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:46:50.0203 1256 avgntflt - ok
11:46:50.0281 1256 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:46:50.0328 1256 avipbb - ok
11:46:50.0375 1256 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:46:50.0375 1256 Beep - ok
11:46:50.0562 1256 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
11:46:50.0765 1256 BITS - ok
11:46:50.0828 1256 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
11:46:50.0859 1256 Browser - ok
11:46:50.0906 1256 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
11:46:50.0906 1256 BrScnUsb - ok
11:46:50.0937 1256 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:46:50.0953 1256 cbidf2k - ok
11:46:50.0953 1256 cd20xrnt - ok
11:46:50.0984 1256 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:46:50.0984 1256 Cdaudio - ok
11:46:51.0062 1256 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:46:51.0078 1256 Cdfs - ok
11:46:51.0125 1256 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:46:51.0140 1256 Cdrom - ok
11:46:51.0140 1256 Changer - ok
11:46:51.0171 1256 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:46:51.0171 1256 CiSvc - ok
11:46:51.0203 1256 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:46:51.0218 1256 ClipSrv - ok
11:46:51.0296 1256 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:46:51.0406 1256 clr_optimization_v2.0.50727_32 - ok
11:46:51.0421 1256 CmdIde - ok
11:46:51.0437 1256 COMSysApp - ok
11:46:51.0453 1256 Cpqarray - ok
11:46:51.0515 1256 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:46:51.0515 1256 CryptSvc - ok
11:46:51.0531 1256 dac2w2k - ok
11:46:51.0546 1256 dac960nt - ok
11:46:51.0734 1256 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:46:51.0875 1256 DcomLaunch - ok
11:46:51.0984 1256 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:46:52.0031 1256 Dhcp - ok
11:46:52.0046 1256 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:46:52.0062 1256 Disk - ok
11:46:52.0078 1256 dmadmin - ok
11:46:52.0406 1256 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:46:52.0703 1256 dmboot - ok
11:46:52.0781 1256 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:46:52.0843 1256 dmio - ok
11:46:52.0921 1256 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:46:52.0921 1256 dmload - ok
11:46:52.0968 1256 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
11:46:52.0984 1256 dmserver - ok
11:46:53.0046 1256 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:46:53.0062 1256 DMusic - ok
11:46:53.0093 1256 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:46:53.0109 1256 Dnscache - ok
11:46:53.0125 1256 dpti2o - ok
11:46:53.0156 1256 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:46:53.0156 1256 drmkaud - ok
11:46:53.0203 1256 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:46:53.0218 1256 ERSvc - ok
11:46:53.0281 1256 [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog C:\WINDOWS\system32\services.exe
11:46:53.0296 1256 Eventlog - ok
11:46:53.0453 1256 [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem C:\WINDOWS\system32\Es.dll
11:46:53.0546 1256 EventSystem - ok
11:46:53.0640 1256 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:46:53.0703 1256 Fastfat - ok
11:46:53.0750 1256 [ 1E580770BDECE924494B368AC980749E ] fasttx2k C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
11:46:53.0812 1256 fasttx2k - ok
11:46:53.0890 1256 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:46:53.0937 1256 FastUserSwitchingCompatibility - ok
11:46:54.0093 1256 [ FCBD571FA0EE8DC238944AE5FAB74461 ] Fax C:\WINDOWS\system32\fxssvc.exe
11:46:54.0187 1256 Fax - ok
11:46:54.0218 1256 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:46:54.0234 1256 Fdc - ok
11:46:54.0750 1256 [ 2814BE2F1EC4E33377EC575A5C5A48F1 ] File Backup C:\Program Files\Starfield\offSyncService.exe
11:46:55.0234 1256 File Backup - ok
11:46:55.0296 1256 [ 622FCF264119F7DF127BE353F796B319 ] FilmFanaticService C:\PROGRA~1\FilmFanatic\bar\1.bin\pabarsvc.exe
11:46:55.0312 1256 FilmFanaticService - ok
11:46:55.0343 1256 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:46:55.0359 1256 Fips - ok
11:46:55.0390 1256 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:46:55.0390 1256 Flpydisk - ok
11:46:55.0500 1256 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:46:55.0546 1256 FltMgr - ok
11:46:55.0640 1256 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:46:55.0656 1256 FontCache3.0.0.0 - ok
11:46:55.0703 1256 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:46:55.0703 1256 Fs_Rec - ok
11:46:55.0812 1256 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:46:55.0859 1256 Ftdisk - ok
11:46:55.0906 1256 [ 4216CD545E5C30807B560C5DCAA812E6 ] gagp30kx C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
11:46:55.0921 1256 gagp30kx - ok
11:46:55.0968 1256 [ 2FB04DB459C71F416EE8B05448CA4AC3 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:46:55.0968 1256 GEARAspiWDM - ok
11:46:56.0015 1256 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:46:56.0031 1256 Gpc - ok
11:46:56.0156 1256 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:46:56.0156 1256 helpsvc - ok
11:46:56.0171 1256 HidServ - ok
11:46:56.0218 1256 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:46:56.0234 1256 HidUsb - ok
11:46:56.0234 1256 hpn - ok
11:46:56.0343 1256 [ 5DF616ADDB75C1AD36C1F9E4DE0F7654 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
11:46:56.0421 1256 HSFHWBS2 - ok
11:46:56.0828 1256 [ DFA8F86C0DBCA7DB948043AA3BE6793B ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
11:46:57.0250 1256 HSF_DP - ok
11:46:57.0390 1256 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:46:57.0484 1256 HTTP - ok
11:46:57.0515 1256 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:46:57.0546 1256 HTTPFilter - ok
11:46:57.0562 1256 i2omgmt - ok
11:46:57.0578 1256 i2omp - ok
11:46:57.0625 1256 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:46:57.0640 1256 i8042prt - ok
11:46:58.0062 1256 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:46:58.0421 1256 idsvc - ok
11:46:58.0500 1256 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:46:58.0515 1256 Imapi - ok
11:46:58.0609 1256 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:46:58.0671 1256 ImapiService - ok
11:46:58.0687 1256 ini910u - ok
11:46:58.0765 1256 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:46:58.0781 1256 IntelIde - ok
11:46:58.0781 1256 intelppm - ok
11:46:58.0843 1256 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:46:58.0859 1256 Ip6Fw - ok
11:46:58.0906 1256 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:46:58.0906 1256 IpFilterDriver - ok
11:46:58.0953 1256 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:46:58.0968 1256 IpInIp - ok
11:46:59.0031 1256 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:46:59.0078 1256 IpNat - ok
11:46:59.0234 1256 [ 6D1DD86EA58AD1B2F57301042D819436 ] iPodService C:\Program Files\iPod\bin\iPodService.exe
11:46:59.0359 1256 iPodService - ok
11:46:59.0406 1256 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:46:59.0437 1256 IPSec - ok
11:46:59.0453 1256 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:46:59.0453 1256 IRENUM - ok
11:46:59.0500 1256 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:46:59.0515 1256 isapnp - ok
11:46:59.0546 1256 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
11:46:59.0546 1256 Iviaspi - ok
11:46:59.0578 1256 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:46:59.0593 1256 Kbdclass - ok
11:46:59.0703 1256 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:46:59.0765 1256 kmixer - ok
11:46:59.0828 1256 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:46:59.0875 1256 KSecDD - ok
11:46:59.0968 1256 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:47:00.0000 1256 lanmanserver - ok
11:47:00.0093 1256 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:47:00.0140 1256 lanmanworkstation - ok
11:47:00.0156 1256 lbrtfdc - ok
11:47:00.0281 1256 [ 75F8FDF480DBED5358188E0EAA2020D9 ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:47:00.0312 1256 LightScribeService - ok
11:47:00.0359 1256 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:47:00.0359 1256 LmHosts - ok
11:47:00.0421 1256 [ 622FCF264119F7DF127BE353F796B319 ] MapsGalaxy_39Service C:\PROGRA~1\MapsGalaxy_39\bar\1.bin\39barsvc.exe
11:47:00.0453 1256 MapsGalaxy_39Service - ok
11:47:00.0625 1256 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:47:00.0750 1256 MDM - ok
11:47:00.0812 1256 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:47:00.0828 1256 mdmxsdk - ok
11:47:00.0875 1256 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:47:00.0890 1256 Messenger - ok
11:47:00.0906 1256 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:47:00.0906 1256 mnmdd - ok
11:47:00.0968 1256 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:47:00.0984 1256 mnmsrvc - ok
11:47:01.0046 1256 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:47:01.0046 1256 Modem - ok
11:47:01.0078 1256 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
11:47:01.0093 1256 MODEMCSA - ok
11:47:01.0125 1256 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:47:01.0125 1256 Mouclass - ok
11:47:01.0187 1256 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:47:01.0187 1256 mouhid - ok
11:47:01.0218 1256 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:47:01.0234 1256 MountMgr - ok
11:47:01.0250 1256 mraid35x - ok
11:47:01.0328 1256 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:47:01.0390 1256 MRxDAV - ok
11:47:01.0593 1256 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:47:01.0765 1256 MRxSmb - ok
11:47:01.0812 1256 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:47:01.0812 1256 MSDTC - ok
11:47:01.0859 1256 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:47:01.0859 1256 Msfs - ok
11:47:01.0875 1256 MSIServer - ok
11:47:01.0890 1256 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:47:01.0890 1256 MSKSSRV - ok
11:47:01.0953 1256 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:47:01.0953 1256 MSPCLOCK - ok
11:47:01.0984 1256 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:47:01.0984 1256 MSPQM - ok
11:47:02.0015 1256 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:47:02.0015 1256 mssmbios - ok
11:47:02.0062 1256 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:47:02.0109 1256 Mup - ok
11:47:02.0218 1256 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:47:02.0281 1256 NDIS - ok
11:47:02.0312 1256 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:47:02.0312 1256 NdisTapi - ok
11:47:02.0343 1256 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:47:02.0359 1256 Ndisuio - ok
11:47:02.0390 1256 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:47:02.0421 1256 NdisWan - ok
11:47:02.0453 1256 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:47:02.0468 1256 NDProxy - ok
11:47:02.0500 1256 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:47:02.0500 1256 NetBIOS - ok
11:47:02.0578 1256 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:47:02.0640 1256 NetBT - ok
11:47:02.0765 1256 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
11:47:02.0796 1256 NetDDE - ok
11:47:02.0843 1256 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:47:02.0859 1256 NetDDEdsdm - ok
11:47:02.0906 1256 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:47:02.0906 1256 Netlogon - ok
11:47:02.0984 1256 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
11:47:03.0062 1256 Netman - ok
11:47:03.0203 1256 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:47:03.0250 1256 NetTcpPortSharing - ok
11:47:03.0296 1256 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:47:03.0328 1256 NIC1394 - ok
11:47:03.0453 1256 [ 097722F235A1FB698BF9234E01B52637 ] Nla C:\WINDOWS\System32\mswsock.dll
11:47:03.0531 1256 Nla - ok
11:47:03.0562 1256 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:47:03.0562 1256 Npfs - ok
11:47:03.0796 1256 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:47:04.0000 1256 Ntfs - ok
11:47:04.0031 1256 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:47:04.0031 1256 NtLmSsp - ok
11:47:04.0234 1256 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:47:04.0390 1256 NtmsSvc - ok
11:47:04.0453 1256 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:47:04.0453 1256 Null - ok
11:47:04.0468 1256 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:47:04.0468 1256 NwlnkFlt - ok
11:47:04.0500 1256 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:47:04.0515 1256 NwlnkFwd - ok
11:47:04.0546 1256 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:47:04.0578 1256 ohci1394 - ok
11:47:04.0671 1256 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:47:04.0703 1256 ose - ok
11:47:04.0796 1256 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:47:04.0828 1256 Parport - ok
11:47:04.0843 1256 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:47:04.0843 1256 PartMgr - ok
11:47:04.0875 1256 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:47:04.0875 1256 ParVdm - ok
11:47:04.0921 1256 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:47:04.0937 1256 PCI - ok
11:47:04.0953 1256 PCIDump - ok
11:47:04.0984 1256 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:47:04.0984 1256 PCIIde - ok
11:47:05.0046 1256 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:47:05.0093 1256 Pcmcia - ok
11:47:05.0109 1256 PDCOMP - ok
11:47:05.0125 1256 PDFRAME - ok
11:47:05.0125 1256 PDRELI - ok
11:47:05.0140 1256 PDRFRAME - ok
11:47:05.0156 1256 perc2 - ok
11:47:05.0171 1256 perc2hib - ok
11:47:05.0203 1256 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
11:47:05.0218 1256 Pfc - ok
11:47:05.0265 1256 [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay C:\WINDOWS\system32\services.exe
11:47:05.0265 1256 PlugPlay - ok
11:47:05.0296 1256 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:47:05.0296 1256 PolicyAgent - ok
11:47:05.0359 1256 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:47:05.0375 1256 PptpMiniport - ok
11:47:05.0453 1256 [ 0D97D88720A4087EC93AF7DBB303B30A ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
11:47:05.0468 1256 Processor - ok
11:47:05.0484 1256 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:47:05.0484 1256 ProtectedStorage - ok
11:47:05.0531 1256 [ 9B793A1FFD480155FE9EE5261153F21B ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
11:47:05.0546 1256 Ps2 - ok
11:47:05.0578 1256 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:47:05.0609 1256 PSched - ok
11:47:05.0640 1256 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:47:05.0640 1256 Ptilink - ok
11:47:05.0703 1256 [ 30CBAE0A34359F1CD19D1576245149ED ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:47:05.0718 1256 PxHelp20 - ok
11:47:05.0718 1256 ql1080 - ok
11:47:05.0734 1256 Ql10wnt - ok
11:47:05.0750 1256 ql12160 - ok
11:47:05.0765 1256 ql1240 - ok
11:47:05.0765 1256 ql1280 - ok
11:47:05.0781 1256 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:47:05.0796 1256 RasAcd - ok
11:47:05.0859 1256 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:47:05.0906 1256 RasAuto - ok
11:47:05.0937 1256 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:47:05.0953 1256 Rasl2tp - ok
11:47:06.0046 1256 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:47:06.0109 1256 RasMan - ok
11:47:06.0125 1256 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:47:06.0140 1256 RasPppoe - ok
11:47:06.0187 1256 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:47:06.0187 1256 Raspti - ok
11:47:06.0281 1256 [ 809CA45CAA9072B3176AD44579D7F688 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:47:06.0343 1256 Rdbss - ok
11:47:06.0359 1256 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:47:06.0359 1256 RDPCDD - ok
11:47:06.0437 1256 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:47:06.0500 1256 RDPWD - ok
11:47:06.0593 1256 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:47:06.0640 1256 RDSessMgr - ok
11:47:06.0718 1256 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:47:06.0750 1256 redbook - ok
11:47:06.0796 1256 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:47:06.0812 1256 RemoteAccess - ok
11:47:06.0890 1256 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
11:47:06.0906 1256 RpcLocator - ok
11:47:07.0078 1256 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:47:07.0078 1256 RpcSs - ok
11:47:07.0156 1256 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:47:07.0203 1256 RSVP - ok
11:47:07.0265 1256 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
11:47:07.0265 1256 rtl8139 - ok
11:47:07.0296 1256 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
11:47:07.0296 1256 SamSs - ok
11:47:07.0343 1256 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:47:07.0375 1256 SCardSvr - ok
11:47:07.0468 1256 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:47:07.0531 1256 Schedule - ok
11:47:07.0593 1256 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:47:07.0609 1256 Secdrv - ok
11:47:07.0671 1256 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
11:47:07.0687 1256 seclogon - ok
11:47:07.0734 1256 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
11:47:07.0750 1256 SENS - ok
11:47:07.0796 1256 [ A2D868AEEFF612E70E213C451A70CAFB ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:47:07.0812 1256 Serenum - ok
11:47:07.0875 1256 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:47:07.0890 1256 Serial - ok
11:47:07.0937 1256 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:47:07.0937 1256 Sfloppy - ok
11:47:08.0093 1256 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:47:08.0218 1256 SharedAccess - ok
11:47:08.0281 1256 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:47:08.0296 1256 ShellHWDetection - ok
11:47:08.0296 1256 Simbad - ok
11:47:08.0437 1256 [ 509D96916C7D9218E4083940B8711B9B ] SiS315 C:\WINDOWS\system32\DRIVERS\sisgrp.sys
11:47:08.0531 1256 SiS315 - ok
11:47:08.0546 1256 [ 61CA562DEF09A782D26B3E7EDEC5369A ] SISAGP C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
11:47:08.0562 1256 SISAGP - ok
11:47:08.0593 1256 [ 2C921A4CCE0B3EB372EBF448939FA3BF ] SiSkp C:\WINDOWS\system32\DRIVERS\srvkp.sys
11:47:08.0593 1256 SiSkp - ok
11:47:08.0656 1256 [ 5529B51AACFF16FBDDE4B34FF0AF2B76 ] SISNIC C:\WINDOWS\system32\DRIVERS\sisnic.sys
11:47:08.0671 1256 SISNIC - ok
11:47:08.0687 1256 smserial - ok
11:47:08.0718 1256 Sparrow - ok
11:47:08.0734 1256 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:47:08.0734 1256 splitter - ok
11:47:08.0796 1256 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:47:08.0828 1256 Spooler - ok
11:47:08.0859 1256 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:47:08.0890 1256 sr - ok
11:47:08.0968 1256 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
11:47:09.0015 1256 srservice - ok
11:47:09.0171 1256 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:47:09.0296 1256 Srv - ok
11:47:09.0359 1256 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:47:09.0375 1256 SSDPSRV - ok
11:47:09.0437 1256 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:47:09.0437 1256 ssmdrv - ok
11:47:09.0609 1256 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:47:09.0734 1256 stisvc - ok
11:47:09.0781 1256 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:47:09.0781 1256 swenum - ok
11:47:09.0843 1256 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:47:09.0859 1256 swmidi - ok
11:47:09.0875 1256 SwPrv - ok
11:47:09.0875 1256 symc810 - ok
11:47:09.0890 1256 symc8xx - ok
11:47:09.0906 1256 sym_hi - ok
11:47:09.0921 1256 sym_u3 - ok
11:47:09.0953 1256 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:47:09.0968 1256 sysaudio - ok
11:47:10.0062 1256 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:47:10.0093 1256 SysmonLog - ok
11:47:10.0218 1256 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:47:10.0328 1256 TapiSrv - ok
11:47:10.0500 1256 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:47:10.0625 1256 Tcpip - ok
11:47:10.0703 1256 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:47:10.0703 1256 TDPIPE - ok
11:47:10.0765 1256 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:47:10.0765 1256 TDTCP - ok
11:47:10.0859 1256 [ 622FCF264119F7DF127BE353F796B319 ] TelevisionFanaticService C:\PROGRA~1\TelevisionFanatic\bar\1.bin\64barsvc.exe
11:47:10.0890 1256 TelevisionFanaticService - ok
11:47:10.0953 1256 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:47:10.0968 1256 TermDD - ok
11:47:11.0109 1256 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
11:47:11.0234 1256 TermService - ok
11:47:11.0296 1256 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
11:47:11.0296 1256 Themes - ok
11:47:11.0312 1256 TosIde - ok
11:47:11.0359 1256 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:47:11.0390 1256 TrkWks - ok
11:47:11.0437 1256 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:47:11.0468 1256 Udfs - ok
11:47:11.0484 1256 ultra - ok
11:47:11.0515 1256 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
11:47:11.0531 1256 UMWdf - ok
11:47:11.0625 1256 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:47:11.0703 1256 Update - ok
11:47:11.0812 1256 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
11:47:11.0875 1256 upnphost - ok
11:47:11.0906 1256 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
11:47:11.0906 1256 UPS - ok
11:47:11.0968 1256 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:47:11.0984 1256 usbccgp - ok
11:47:12.0046 1256 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:47:12.0046 1256 usbehci - ok
11:47:12.0093 1256 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:47:12.0109 1256 usbhub - ok
11:47:12.0140 1256 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:47:12.0140 1256 usbohci - ok
11:47:12.0203 1256 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:47:12.0218 1256 usbprint - ok
11:47:12.0265 1256 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:47:12.0281 1256 usbscan - ok
11:47:12.0312 1256 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:47:12.0312 1256 USBSTOR - ok
11:47:12.0343 1256 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:47:12.0359 1256 usbuhci - ok
11:47:12.0390 1256 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:47:12.0390 1256 VgaSave - ok
11:47:12.0437 1256 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
11:47:12.0453 1256 ViaIde - ok
11:47:12.0500 1256 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:47:12.0531 1256 VolSnap - ok
11:47:12.0671 1256 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
11:47:12.0781 1256 VSS - ok
11:47:12.0890 1256 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
11:47:12.0953 1256 W32Time - ok
11:47:13.0031 1256 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:47:13.0046 1256 Wanarp - ok
11:47:13.0062 1256 WDICA - ok
11:47:13.0125 1256 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:47:13.0156 1256 wdmaud - ok
11:47:13.0218 1256 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:47:13.0234 1256 WebClient - ok
11:47:13.0546 1256 [ 473EE64C368CE2EED110376C11960259 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:47:13.0796 1256 winachsf - ok
11:47:13.0953 1256 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:47:13.0984 1256 winmgmt - ok
11:47:14.0078 1256 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:47:14.0093 1256 WmdmPmSN - ok
11:47:14.0187 1256 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:47:14.0234 1256 WmiApSrv - ok
11:47:14.0312 1256 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:47:14.0343 1256 wscsvc - ok
11:47:14.0500 1256 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:47:14.0625 1256 WZCSVC - ok
11:47:14.0703 1256 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:47:14.0750 1256 xmlprov - ok
11:47:14.0796 1256 ================ Scan global ===============================
11:47:14.0859 1256 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
11:47:15.0015 1256 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
11:47:15.0218 1256 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
11:47:15.0296 1256 [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe
11:47:15.0296 1256 [Global] - ok
11:47:15.0296 1256 ================ Scan MBR ==================================
11:47:15.0343 1256 [ 0AC6D996BCE152AED9600E6D6B797E2E ] \Device\Harddisk0\DR0
11:47:15.0578 1256 \Device\Harddisk0\DR0 - ok
11:47:15.0578 1256 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR3
11:47:16.0750 1256 \Device\Harddisk1\DR3 - ok
11:47:16.0765 1256 ================ Scan VBR ==================================
11:47:16.0765 1256 [ F31581287AD4EA3C6678823CBD9B32AB ] \Device\Harddisk0\DR0\Partition1
11:47:16.0765 1256 \Device\Harddisk0\DR0\Partition1 - ok
11:47:16.0781 1256 [ 2A95E68C965FE0F5B0E284FF17F6A94C ] \Device\Harddisk0\DR0\Partition2
11:47:16.0781 1256 \Device\Harddisk0\DR0\Partition2 - ok
11:47:16.0796 1256 [ 95377D92B1582B80559B2BF0D40D13B8 ] \Device\Harddisk1\DR3\Partition1
11:47:16.0796 1256 \Device\Harddisk1\DR3\Partition1 - ok
11:47:16.0796 1256 ============================================================
11:47:16.0796 1256 Scan finished
11:47:16.0796 1256 ============================================================
11:47:16.0812 1248 Detected object count: 0
11:47:16.0812 1248 Actual detected object count: 0

^^^^^^^^^^^^^^^^TDSSKILLER^^^^^^^^^^^^^^^^^
+++++++++++++++++++++++++++++++++++++++++++

LOGS!

+++++++++++++++++++++++++++++++++++++++++++
VVVVVVVVVVVV AVAST ROOTKIT VVVVVVVVVVVVVVVV

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-02 11:52:21
-----------------------------
11:52:21.015 OS Version: Windows 5.1.2600 Service Pack 2
11:52:21.015 Number of processors: 1 586 0xC00
11:52:21.015 ComputerName: YOUR-F78BF48CE2 UserName: Administrator
11:52:23.953 Initialize success
11:53:36.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:53:36.437 Disk 0 Vendor: ST3200822A 3.02 Size: 190782MB BusType: 3
11:53:36.468 Disk 0 MBR read successfully
11:53:36.468 Disk 0 MBR scan
11:53:36.468 Disk 0 unknown MBR code
11:53:36.484 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 5537 MB offset 63
11:53:36.484 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 185242 MB offset 11340000
11:53:36.500 Disk 0 scanning sectors +390715920
11:53:36.625 Disk 0 scanning C:\WINDOWS\system32\drivers
11:53:47.843 Service scanning
11:54:11.187 Modules scanning
11:54:23.343 Disk 0 trace - called modules:
11:54:23.375 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
11:54:23.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b36430]
11:54:24.140 3 CLASSPNP.SYS[f772105b] -> nt!IofCallDriver -> \Device\0000005b[0x82b895d0]
11:54:24.171 5 ACPI.sys[f7677620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82b89030]
11:54:24.203 Scan finished successfully
11:55:20.218 Disk 0 MBR has been saved successfully to "L:\MBR.dat"
11:55:20.375 The log file has been saved successfully to "L:\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   562bytes   0 downloads


#7 TY2D2

TY2D2
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 02 October 2012 - 02:09 PM

When I try to run the computer in any mode other than safemode w/ command prompt it gives me a screen that says "wait for page to load for 30 seconds" after chooses a user account. This happens because I have disconnected it form the internet. If I plug the internet back in it goes straight to the MoneyPak scam.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:48 PM

Posted 03 October 2012 - 07:42 AM

there is a registry file on the desktop called regbkr[.reg is that dangerous?

Delete it. Keep it in the Recycle bin for a week. If a program needs it you will find found out.

return to this page.
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

Download the program listed in Step 4 to your flash drive and copy the file to the problem computer.

Execute steps 5 and 6.

You may not be able to do step 7 skip it.

Do as much as the other steps you can.

Keep me posted.

#9 TY2D2

TY2D2
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 05 October 2012 - 02:46 PM

Emisoft Emergency Kit fails to load on the infected machine when I press the scan button [not when I launch the .exe]. Gives me the "report a problem to windows" dialog.

Tried downloading the Kit twice and it still doesn't work.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:48 PM

Posted 06 October 2012 - 07:51 AM

Looks like we are dealing with a new version of this infection.

Can your Run ComboFix suggested in post no 2.

If you must you can run the tool in Safe Mode with Internet connection.

Post the log if you can.

#11 TY2D2

TY2D2
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 06 October 2012 - 02:19 PM

Copy that.... we shall see....

#12 TY2D2

TY2D2
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 06 October 2012 - 02:40 PM

AntiVir real time protection is still running, and I cannot turn it off from safemode. The guide you posted is not effective because I can't access Safe Mode with Networking to download the Windows Recovery Console.

The only way to access my computer desktop is through Safemode with Command Prompt. I have not run combofix because the AntiVir is still running, I need an alternate route to disable my antivirus, my desktop is inactive. I also need a different way to install the Windows Recovery Console.

#13 TY2D2

TY2D2
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 06 October 2012 - 05:22 PM

I tried something myself because everything was a brickwall.


I was able to open a sort of control panel through help and support links and initiate system restore to a month ago.

The machine was surprisingly able to restore back to a working desktop. Still not connected to the internet yet for fear of viral interferance but I ran an outdated version of malwarebytes and it detected about 350 infections. I feel like there is still more work to be done.

I am going to try and run some other tools from previously in this post and get more progress before I reconnect the internet.

Thus far I have this log from Malwarebytes:



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.23.11

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Owner :: YOUR-F78BF48CE2 [administrator]

10/6/2012 1:02:21 PM
mbam-log-2012-10-06 (13-02-21).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 373946
Time elapsed: 56 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 254
HKLM\SYSTEM\CurrentControlSet\Services\FilmFanaticService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\MapsGalaxy_39Service (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\TelevisionFanaticService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{796b75f6-6187-47e2-8f1f-c16e059e6e19} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{796B75F6-6187-47E2-8F1F-C16E059E6E19} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{d5e9b421-c309-41de-9014-800a2adcdeb0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5E9B421-C309-41DE-9014-800A2ADCDEB0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D5E9B421-C309-41DE-9014-800A2ADCDEB0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MapsGalaxy_39bar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0b84b4b4-8af8-4f1f-91fe-074a666f6425} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0B84B4B4-8AF8-4F1F-91FE-074A666F6425} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilmFanaticbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{631acb68-57c3-48af-9cc5-fcec0837ffd3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{26842A09-FFA8-4E2C-AE12-0C80F01C3295} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71C1D63A-C944-428A-A5BD-BA513190E5D2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{71C1D63A-C944-428A-A5BD-BA513190E5D2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{71C1D63A-C944-428A-A5BD-BA513190E5D2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{04d2b915-19ff-41e9-994d-95dc898bea43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0597d3be-9a4d-4426-a8a7-572ad299852e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{02515cef-2063-4d64-b87a-d504c99d40dd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{aed3b1e0-fabb-4c27-a2da-ec8352ee7e30} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{07494721-dfcf-41c1-8a03-b3fffb0f8409} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{952c6f00-cba7-47be-baf3-cfc5808e6c7b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{07d09e63-294f-4aa3-ab44-e61331aec6a3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{e9594c59-aa17-4e5b-b9a5-3b4b023b9a2e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{0A3A3A48-06BF-464E-B43F-D773259AD9C3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A6CB6-3B14-491D-8BBA-86A95A62FF72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{12659bab-1b90-4fbb-97cf-db2d3475dc38} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1da22a28-324d-4dd4-b2dc-66a3cebf447f} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3e5b610b-f82d-42fd-aa36-10b0c103bdd5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{A492E40A-865C-435F-B4A8-DC62DB312387} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1DA22A28-324D-4DD4-B2DC-66A3CEBF447F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{2f38d624-ac5d-4096-88cc-a58d2ac806e1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{95c0d70c-e5ed-4618-aecc-e11066f86960} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{D3062CC1-B8A4-4FDF-8E7F-6BECE6270D34} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F38D624-AC5D-4096-88CC-A58D2AC806E1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{37A2255C-D173-4B54-A455-13DE1DDA9F44} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37A2255C-D173-4B54-A455-13DE1DDA9F44} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{387dface-9e46-415f-8c86-18083b7d6ead} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{73cadbbd-4dc5-419d-84f1-e7bf4c3b20c4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{38deffd9-9379-4ac4-baa9-1a883dba9cd2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3e9be71d-a3fa-4224-ab29-2602acd577ff} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{83afb8a1-dfd5-4103-b5f7-52f2f114d188} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{4A8CE0E0-739D-418A-A236-E6555449AD78} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E9BE71D-A3FA-4224-AB29-2602ACD577FF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{4c2743f0-a2e2-41a0-9e65-798943109f42} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{80154db4-dc3d-41d7-a5da-3b63549377a4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1BE14FE1-3175-4324-A77B-33FE5CB7A6ED} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C2743F0-A2E2-41A0-9E65-798943109F42} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C2743F0-A2E2-41A0-9E65-798943109F42} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{52d3c28f-c9ac-40b5-848f-1fb63d2badef} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{5ce76f81-af51-4aad-8d83-5a28e163530e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{9f5fedb2-90bb-43e9-becd-69758c60b00a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{9AC684A9-83A0-4A6D-AB4C-2B00AF57E93B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{67d33c35-62e9-4f77-a284-9e9d256f7846} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{6ffb45e3-cffc-4b3a-95eb-334cb53c85b0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{a378fd9d-b406-44bb-96d2-8cdaa668713f} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{93A55DA3-83ED-4090-91B6-904C44647639} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{34979cb5-728d-4727-81bf-01850a3bb89b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{934063FB-A81D-4849-B02C-478446DF3219} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7895609D-C8B4-4CF5-A2C7-28223D0C3D92} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7952f465-ac46-4a82-b383-870f3784d1cd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7ad9c324-3672-4d33-8477-d9c8e627f4bf} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7f4a94dc-2191-4ee3-9f0b-c8a12199d22c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8be781d8-5e70-423d-82de-9e4756fce53c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{026fd9ba-112b-4d9f-86ea-589e28016e8c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{0328B630-EA94-4FA3-9F27-8250B6324DDB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8BE781D8-5E70-423D-82DE-9E4756FCE53C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{03f59b4b-09d9-40f0-a01a-6e895023f2f0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{93fc722b-ab04-4ce2-b1a5-5b6889a72830} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{335fdf69-47e2-4099-8b85-f743014942c5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{70BD58F8-B097-4C58-8E2E-0C1FB9719F73} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{9549f17f-105d-4802-96cb-6113acc2cb53} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{864d5a22-9c34-48f6-9385-2e1eaf5f8c33} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{2BAC1F62-5FD8-43A6-A213-48CEC8E58172} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{99b340f7-76e0-44ab-9948-b95a1b475d39} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99B340F7-76E0-44AB-9948-B95A1B475D39} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{a876a1c1-d9f6-4562-8dbc-d98b61b3f281} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{bf893c5b-8433-4209-8beb-6584510fe686} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{329CCEB3-D542-4D26-A948-649ABA3D4071} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A876A1C1-D9F6-4562-8DBC-D98B61B3F281} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{af51acfa-1320-4087-a9f8-0ace3f2bd0c8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{bde564f7-15c9-4c39-a5ba-6ad66a289997} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{d09094b3-b426-4f16-a6d9-e211fe222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D09094B3-B426-4F16-A6D9-E211FE222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{dbb38792-eda6-4557-999b-1974290253a9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{edec5cdc-b714-4b45-9b66-c370451a74f9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{efbf47aa-3c29-4c00-9225-6001e6a0b1ac} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{1eacd8b0-9bba-4197-9e72-7d26347d5c7c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{E083908B-BD7D-414D-A96B-5D3345593181} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{f02c0832-c85c-4b93-8c6f-9df20121a10d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{6784d08d-cdc3-419d-9b97-744a351ed908} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{844C2331-94DF-431E-9A67-426ED861D27F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F02C0832-C85C-4B93-8C6F-9DF20121A10D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{fba7cbb1-fc93-4149-8862-d94451a7d167} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{608f7340-e221-4afb-a848-c4dad297cd58} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{966430CC-2097-45CA-8626-2C3F454C3297} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{cae88e60-cea5-4fcb-b611-54ea6305d8ab} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{4f28fa5f-7d15-4753-b4fc-d548a0f02bfb} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0396d01a-1323-4a15-bd0c-1bc7510f46c6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{A8168AFE-9F36-49DE-A80A-00D19FB50207} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{f3477e9d-d2f6-49f0-9b23-854d7958d07e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{bf78452b-f168-4310-9ec0-4b9b66b845f0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{7A739956-FB82-4379-AF60-E38C48226AA7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{a083c35d-61a9-4625-bbb6-fb54e71b8527} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{c4a25b73-8ef5-4282-9d21-c8920dd577a1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{15106ae4-6bdf-443e-80b0-3e38b59d26ec} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{9EF88362-131D-48B0-8969-CCC96F897AB8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{a35ff019-6dbe-4044-b080-6f3fa78a947f} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8feeda9e-8f71-45df-a797-468226d1d35b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{C285FFF4-DE32-402D-B8FD-6F34F1D5920C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A35FF019-6DBE-4044-B080-6F3FA78A947F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{5e1bdcf6-dd5f-4dd3-8783-b1454aef1830} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{d833690c-6e56-46c2-a19f-cf5fd81c9c9a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{200F1306-1316-473B-90CE-A777144BBDF5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1796ec91-d094-4a5f-b681-e16015d1ceac} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3141fb47-2f0f-417d-a6fe-7047c5d2bbb4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{16C7BB64-AC8D-4863-92ED-799D20F001DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1796EC91-D094-4A5F-B681-E16015D1CEAC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{37ed966d-4d0e-4d66-9633-bea542c92860} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{87792411-b73a-435e-86f3-ae633a690e84} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{E2DAE1A4-09EE-4209-AD3B-1C96330EDCEF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{db1384d8-1bda-4c8d-a743-e9ca671feb00} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1241cebd-9777-4bc6-aae5-2a77e25db246} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{64fbf8b6-c770-401a-8b84-f630edaf4448} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{0D8734DB-7110-4CDB-833F-52BC93865AB2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{e045df14-bf1d-405c-a37b-a75c1551ad17} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{f9b90065-cd7a-4439-b311-b292299182a9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{47A124BA-A6E2-4ED4-AA6F-84FF29E4D7DC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E045DF14-BF1D-405C-A37B-A75C1551AD17} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{b70e008c-967b-4104-bc7b-6f7c77dbc38d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.SkinLauncher (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.SkinLauncher.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.SkinLauncherSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SkinLauncher (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SkinLauncher.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SkinLauncherSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MozillaPlugins\@FilmFanatic.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MozillaPlugins\@TelevisionFanatic.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 15
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FilmFanatic Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\FilmFanatic\bar\1.bin\pabrmon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FilmFanatic Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\FilmFanatic\bar\1.bin\pasrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{796B75F6-6187-47E2-8F1F-C16E059E6E19} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{0B84B4B4-8AF8-4F1F-91FE-074A666F6425} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{26842A09-FFA8-4E2C-AE12-0C80F01C3295} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Data: a[HM9yR؀ -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{796b75f6-6187-47e2-8f1f-c16e059e6e19} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0b84b4b4-8af8-4f1f-91fe-074a666f6425} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|64ffxtbr@TelevisionFanatic.com (PUP.MyWebSearch) -> Data: C:\Program Files\TelevisionFanatic\bar\1.bin -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|paffxtbr@FilmFanatic.com (PUP.MyWebSearch) -> Data: C:\Program Files\FilmFanatic\bar\1.bin -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 6
C:\Program Files\FILMFANATIC\bar\1.bin (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\FILMFANATIC\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 127
C:\Program Files\FILMFANATIC\bar\1.bin\pabrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\FILMFANATIC\bar\1.bin\pabrmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\FILMFANATIC\bar\1.bin\paSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\pabarsvc.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MAPSGALAXY_39\bar\1.bin\39barsvc.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64barsvc.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\paSrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64SrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MAPSGALAXY_39\bar\1.bin\39bar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\pabar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MAPSGALAXY_39\bar\1.bin\39SrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64bar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64httpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64skin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\padatact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\pascript.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64htmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\patpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\paskin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\pahtmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64datact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64mlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\T8HTML.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64script.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\paradio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64dyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64feedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64tpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64uabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64radio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64msg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\pahttpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\pafeedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\pamsg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\pamlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\padyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\pauabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\padlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64html.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64dlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Desktop\My Documents\Downloads\888casino.exe (PUP.Casino) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Desktop\My Documents\Downloads\SmartDownload(2).exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Desktop\My Documents\Downloads\SmartDownload.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Desktop\My Documents\Downloads\SunPalaceCasino.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39mlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39auxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39brmon.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39brstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39datact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39dlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39dyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39feedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39highin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39hkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39html.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39htmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39httpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39idle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39ieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39impipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39medint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39msg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39Plugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39radio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39regfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39reghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39regiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39script.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39skin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39skplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39tpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\39uabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64auxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64brstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64highin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64hkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64idle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64ieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64impipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64medint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64Plugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64regfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64reghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64regiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64skplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FilmFanatic\bar\1.bin\NPpaStub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FilmFanatic\bar\1.bin\paauxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FilmFanatic\bar\1.bin\pahighin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FilmFanatic\bar\1.bin\pahkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FilmFanatic\bar\1.bin\paidle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FilmFanatic\bar\1.bin\paieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FilmFanatic\bar\1.bin\paimpipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FilmFanatic\bar\1.bin\pamedint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FilmFanatic\bar\1.bin\paPlugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FilmFanatic\bar\1.bin\paregfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FilmFanatic\bar\1.bin\pareghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FilmFanatic\bar\1.bin\paregiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FilmFanatic\bar\1.bin\paskplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1876611726-819888584-2628697352-1009\Dc89.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP590\A0227221.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP554\A0199576.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP555\A0199624.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\BOOTSTRAP.JS (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\CREXT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\CrExtPpa.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\pasknlcr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\T8EXTEX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\T8EXTPEX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\T8TICKER.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FILMFANATIC\bar\1.bin\chrome\paffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\64sknlcr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TELEVISIONFANATIC\bar\1.bin\chrome\64ffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)

#14 TY2D2

TY2D2
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 06 October 2012 - 05:54 PM

Emsisoft Emergency Kit is now able to run. I started the Deep Scan a few minutes ago. From here on I will restart and try to get back on with an internet connection and run ComboFix.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:48 PM

Posted 07 October 2012 - 07:13 AM

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users