Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran ComboFix & have some questions


  • This topic is locked This topic is locked
46 replies to this topic

#1 Nancylynne

Nancylynne

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:MA
  • Local time:06:33 PM

Posted 06 March 2013 - 08:23 PM

I ran ComboFix because I was having trouble with my router and then found I could not enter the site on any server to change its settings. Cisco sent me a new business routerand I had the same problem. I need someone to explain some of the results for me. Why did it quarantine files that it did not label as viruses? c:\documents and settings\Nancy Comenitz\Desktop\Internet Explorer.lnk ( I presumed that meant the link on my desktop but it was still there?)   What does URT stand for? c:\windows\system32\URTTemp and where do I find the deleted dll files to replace? Am I positive that these .dll files are viruses and have to be deleted? The last half of the report seems to be telling me the start-up files or am I incorrect?  

 

Thank you for your help.

 

 

ComboFix 13-03-05.01 - Nancy Comenitz 03/06/2013  17:03:03.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2045.1224 [GMT -5:00]
Running from: c:\documents and settings\Nancy Comenitz\Desktop\PCHelpForum.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Nancy Comenitz\Desktop\Internet Explorer.lnk
c:\documents and settings\Nancy Comenitz\g2mdlhlpx.exe
c:\documents and settings\Nancy Comenitz\My Documents\~WRL2848.tmp
c:\documents and settings\Nancy Comenitz\My Documents\DPE.DUS
c:\documents and settings\Nancy Comenitz\My Documents\Readiris.DUS
c:\windows\system32\Cache
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-06 to 2013-03-06  )))))))))))))))))))))))))))))))
.
.
2013-02-24 01:29 . 2013-02-24 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\APN
2013-02-06 14:00 . 2013-02-06 14:00 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-06 14:00 . 2013-02-06 14:00 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 19:53 . 2012-06-16 15:00 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 19:53 . 2012-06-16 15:00 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-06 14:00 . 2012-06-29 17:54 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-06 14:00 . 2012-06-29 17:01 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-26 03:55 . 2008-04-13 23:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2008-04-13 23:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2008-04-13 23:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2008-04-13 23:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2008-04-13 23:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2008-04-13 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2008-04-13 23:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2008-04-13 23:00 385024 ------w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2008-04-13 23:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-29 08:27 . 2012-12-05 15:54 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-13 356376]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-04-04 1236992]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2012-10-8 221247]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ    msv1_0 nwprovau
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-12-18 17:14 642816 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-12-19 11:38 44280 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 19:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
2009-07-21 15:50 84464 ----a-w- c:\program files\Roxio 2010\5.0\CPMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 23:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-23 05:18 494064 ----a-w- c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-06-16 19:54 116648 ----atw- c:\documents and settings\Nancy Comenitz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 06:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 18:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-01-04 18:16 421888 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-24 12:33 240112 ----a-w- c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\WYLDFYRE\\WYLDFYRE 7\\Main.exe"=
"c:\\Program Files\\HP\\HP Officejet Pro 8600\\Bin\\HP Officejet Pro 8600.exe"=
"c:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [10/8/2012 1:35 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [10/8/2012 1:35 PM 15856]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [6/8/2012 10:38 AM 43608]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [8/13/2012 3:49 PM 144344]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [10/8/2012 1:35 PM 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 6:05 PM 457200]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [9/1/2011 1:22 AM 169624]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [6/23/2009 4:40 PM 127352]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/17/2012 3:53 PM 399432]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [6/27/2012 1:09 PM 35672]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [5/25/2012 6:38 PM 24408]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [7/25/2012 1:53 PM 24920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/15/2012 10:43 AM 22856]
S0 cerc6;cerc6; [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/15/2012 10:43 AM 676936]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 7:33 AM 219632]
S3 HPZs2k12;Storage Class Driver for IEEE-1284.4 (HPZ12);c:\windows\system32\drivers\hpzs2k12.sys [11/23/2003 3:07 PM 50360]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 7:33 AM 1116656]
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 19:53]
.
2013-01-02 c:\windows\Tasks\AdobeAAMUpdater-1.0-NANCY-A591463C8-Nancy Comenitz.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20 11:27]
.
2013-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2012-06-15 22:57]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-16 14:18]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-16 14:18]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1767777339-1801674531-1003Core.job
- c:\documents and settings\Nancy Comenitz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-16 19:54]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1767777339-1801674531-1003UA.job
- c:\documents and settings\Nancy Comenitz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-16 19:54]
.
2013-03-06 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\Communicator.exe [2013-01-29 17:40]
.
2013-03-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\dell support center\uaclauncher.exe [2012-06-15 05:40]
.
2013-03-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-09-20 03:48]
.
2013-03-06 c:\windows\Tasks\User_Feed_Synchronization-{92BD3329-E21F-420B-A2FD-2164533693E6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
Trusted Zone: cinemanow.com
Trusted Zone: mlspin.com\h3j
Trusted Zone: msn.com\www
Trusted Zone: newtonandbrooklinehomes.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
Trusted Zone: trueformsonline.com\*
Trusted Zone: trueformsonline.com\www
TCP: DhcpNameServer = 192.168.1.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
FF - ProfilePath - c:\documents and settings\Nancy Comenitz\Application Data\Mozilla\Firefox\Profiles\ogrb0ebu.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-AudioDrvEmulator - c:\program files\Creative\Shared Files\Module Loader\DLLML.exe
MSConfigStartUp-DXDllRegExe - dxdllreg.exe
AddRemove-HP Photo & Imaging - c:\program files\HP\Digital Imaging\uninstall\hpzscr01.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-06 17:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3500620AS rev.DE13 -> Harddisk0\DR0 -> \Device\00000072
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-03-06  17:10:20
ComboFix-quarantined-files.txt  2013-03-06 22:10
.
Pre-Run: 420,847,403,008 bytes free
Post-Run: 421,606,694,912 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F76DEB679E9825A520D04E1F05A21202

:\Qoobox\Quarantine\Registry_backups\AddRemove-HP Photo & Imaging.reg.dat

2013-03-06 22:09:39 . 2013-03-06 22:09:39     532 ----a-w-    C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DXDllRegExe.reg.dat

2013-03-06 22:09:33 . 2013-03-06 22:09:33     285 ----a-w-    C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-AudioDrvEmulator.reg.dat

2013-03-06 22:09:31 . 2013-03-06 22:09:32      173 ----a-w-    C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat

2013-03-06 22:05:37 . 2013-03-06 22:05:37      6,144 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2013-03-06 21:58:55 . 2013-03-06 21:58:55      51 ---       -a-w-  C:\Qoobox\Quarantine\catchme.log

 

2012-06-29 16:52:41 . 2012-06-29 16:52:4        60,304 C:\Qoobox\Quarantine\C\Documents and Settings\Nancy Comenitz\g2mdlhlpx.exe.vir

2012-06-15 17:35:10 . 2012-12-02 19:57:05      535,608 -C:\Qoobox\Quarantine\C\Documents and Settings\Nancy Comenitz\My Documents\Readiris .DUS.vir

2012-06-15 17:33:55 . 2011-09-16 18:38:10       369,139 -a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\Nancy Comenitz\My Documents\DPE.DUS.vir

2012-06-15 17:33:18 . 2011-09-24 18:50:36       11,325 -a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\Nancy Comenitz\My Documents\~WRL2848.tmp.vir

2012-06-14 13:57:13 . 2012-06-14 13:57:13                0 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir

2012-06-14 13:57:13 . 2003-02-21 08:42:22          348,160 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir

2012-06-14 13:57:13 . 2003-02-20 23:08:32        2,482,176 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir

2012-06-14 13:57:13 . 2003-02-20 23:06:20          282,624 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir

2012-06-14 13:57:13 . 2003-02-20 23:06:24          155,648 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir

2012-06-14 13:57:13 . 2003-02-20 23:09:18           77,824 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir

2012-06-14 02:18:44 . 2012-06-14 02:18:44              803 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\Nancy Comenitz\Desktop\Internet Explorer.lnk.vir

2003-02-21 09:16:08 . 2003-02-21 09:16:08           49,152 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\regtlib.exe.vir


 


Edited by Orange Blossom, 06 March 2013 - 08:29 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:33 PM

Posted 06 March 2013 - 08:56 PM

Hello Nancylynne

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the ADD REPLY  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

 

There is a reason why you see this. This is supposed to be ran by someone that knows about it. I'm not going to sit here and explain every thing Combofix does.  If you want to know that you can join a Malware school of training. I can tell you that every file it deleted needs to go.  Combofix does not label files as viruses like other tools do. The problem you should be worried about is the the  crucial operating system file that is missing.

c:\windows\system32\drivers\i8042prt.sys . . . is missing!!

 

We can try and see if you have another copy of this file on your system then replace it. Combofix is not a cure all too. We will now run an all in one tool that may or may not help your current situation. We will also look for a copy of that file that is missing to replace it.

 

1.

Please download SystemLook from one of the links below and save it to your Desktop.


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    i8042prt.sys 
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

 

 

2.

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif


Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif


Go to Start Repairs tab and click Start button.

p22001166.gif


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.

 

 

Things to include in your next reply::

Systemlookup.txt
 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Nancylynne

Nancylynne
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:MA
  • Local time:06:33 PM

Posted 07 March 2013 - 10:58 AM

Thank you fireman 4it for responding. I have been unable to download SystemLook.exe When I double click nothing happens. Can you please give me that link again.



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:33 PM

Posted 07 March 2013 - 05:21 PM

Here are the links::

 

Download Mirror #1
Download Mirror #2


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Nancylynne

Nancylynne
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:MA
  • Local time:06:33 PM

Posted 08 March 2013 - 10:50 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 09:32 on 08/03/2013 by Nancy Comenitz
Administrator - Elevation successful

Invalid Context: filefindi8042prt.sys

-= EOF =-

 

I ran everything else. My other question is that I share files with my laptop. For that reason should I run combofix on my laptop for malware?

It is so discouragin to have run Malwarbytes and Kaspersky and knwo they are not picking up these viruses.



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:33 PM

Posted 09 March 2013 - 08:29 PM

Please re run Systemlook using the following::

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    i8042prt.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Nancylynne

Nancylynne
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:MA
  • Local time:06:33 PM

Posted 10 March 2013 - 12:10 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 12:57 on 10/03/2013 by Nancy Comenitz
Administrator - Elevation successful

========== filefind ==========

Searching for "i8042prt.sys"
C:\WINDOWS\system32\dllcache\i8042prt.sys --a--c- 52480 bytes [15:01 08/03/2013] [05:48 14/04/2008] 4A0B06AA8943C1E332520F7440C0AA30

-= EOF =-
Success. It was in my windows system 32 file created on the 8th. My computer is running very slow. Internet Explorer is not connecting to many sites. I cannot insert addendums into forms I am writing. I do not know what element is interfering with that. I also have a permission issue sharing files between my two computers. Am I untimately going to have to clean out my computer to get my computer running right again? I also have a concern about my laptop where Ishare files between the two computers, wheteher I have infected the laptop.

#8 Nancylynne

Nancylynne
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:MA
  • Local time:06:33 PM

Posted 10 March 2013 - 02:23 PM



I went through the logs from tweeking.com It seems quite they are all from Kaspersky files. I cannot figure out if Kaspersky is corrupted and causing the problem or they jsut could not enter Kaspersky files. Of course there were other important issues.

Windows Repair Log
The Windows Firewall/Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
System error 1060 has occurred.
The specified service does not exist as an installed service.
The service name is invalid.
More help is available by typing NET HELPMSG 2185.

windows_repair_hkey_classes_root_log_3.txt
WARNING HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\mk\* : registry key is skipped (contains wildcard)

windows_repair_hkey_current_user_3_log.txt
HKEY_CURRENT_USER\Software\KasperskyLab\protected - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13 - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\AvzSettings - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\AvzSettings\WizardsFavourites - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\HiddenAvz - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\HiddenNews - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\CertainSpamRule - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\CertainSpamRule\FolderForAction - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\CertainSpamRule\FolderForAction\EntryID - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\CertainSpamRule\FolderForAction\MDB - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\CertainSpamRule\FolderForAction\MDB\EntryID - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\PossibleSpamRule - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\PossibleSpamRule\FolderForAction - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\PossibleSpamRule\FolderForAction\EntryID - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\PossibleSpamRule\FolderForAction\MDB - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\PossibleSpamRule\FolderForAction\MDB\EntryID - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\RequestList - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\SafeBanking - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\settings - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\SkipRisk - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\UnreadNews - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\AdBlocker_RuleEdit - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\AlertDialog - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\AntiSpam_MailDetails - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\AppRules - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\AppRulesEdit - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\AskScanSettingsDlg - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\AvzTroubleshootWizard - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\HipsRules - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.AdBlocker.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.Anti_Spam.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.File_Monitoring.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.Hips.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.ids.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.IM_Monitoring.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.Mail_Monitoring.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.Protection.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.Scan_Objects.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.SW2.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.Threats.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.Web_Monitoring.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MakeRescueDiskWizard - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MessageDialog - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\OutlookPlugin.Antispam - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\OutlookPlugin.AntispamDlg - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\PauseProtectionRequestDialog - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\Product_Notification - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\QB_Storage - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\QMLMainWindow - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\QMLMessageBoxTemplate - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\QMLSafeBankingRulesDialog - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\QMLSendDumpsDialog - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\QMLSettings - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\QMLTaskManager - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\Scan.DialogCheckedFile - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\StatisticsReport - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\SystemMonitor - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\SystemMonitor\Body.BodyEx.Tab.List.AllList.List - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\SystemMonitor\Body.BodyEx.Tab.List.RunList.List - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\ThreatsSettings - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\TrafficMonConnectionTerm - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\TrafficMonitor_Ports - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\VirtualKeyboard - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\WebMonSettings2 - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\WebTrustedSites_Edit - RegSetKeySecurity Error : 5 Access is denied.
WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* : registry key is skipped (contains wildcard)

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{233C1507-6A77-46A4-9443-F871F945D258}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trueformsonline.com\* : registry key is skipped (contains wildcard)

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com\* : registry key is skipped (contains wildcard)


windows_repair_hkey_current_user_4_log.txt

HKEY_CURRENT_USER\Software\KasperskyLab\protected - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13 - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\AvzSettings - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\AvzSettings\WizardsFavourites - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\HiddenAvz - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\HiddenNews - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\CertainSpamRule - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\CertainSpamRule\FolderForAction - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\CertainSpamRule\FolderForAction\EntryID - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\CertainSpamRule\FolderForAction\MDB - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\CertainSpamRule\FolderForAction\MDB\EntryID - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\PossibleSpamRule - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\PossibleSpamRule\FolderForAction - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\PossibleSpamRule\FolderForAction\EntryID - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\PossibleSpamRule\FolderForAction\MDB - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\PossibleSpamRule\FolderForAction\MDB\EntryID - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\mcou_antispam\Outlook\RequestList - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\SafeBanking - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\settings - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\SkipRisk - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\UnreadNews - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\AdBlocker_RuleEdit - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\AlertDialog - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\AntiSpam_MailDetails - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\AppRules - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\AppRulesEdit - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\AskScanSettingsDlg - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\AvzTroubleshootWizard - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\HipsRules - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.AdBlocker.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.Anti_Spam.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.File_Monitoring.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.Hips.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.ids.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.IM_Monitoring.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.Mail_Monitoring.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.Protection.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.Scan_Objects.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.SW2.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.Threats.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MainReport\Body.BodyEx.Body.WorkArea.Web_Monitoring.Body.ListBody.Group1.d.Report - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MakeRescueDiskWizard - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\MessageDialog - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\OutlookPlugin.Antispam - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\OutlookPlugin.AntispamDlg - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\PauseProtectionRequestDialog - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\Product_Notification - RegSetKeySecurity Error : 5 Access is denied.
HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\QB_Storage - RegSetKeySecurity Error : 5 Access is denied.

HKEY_CURRENT_USER\Software\KasperskyLab\protected\AVP13\Windows\QMLMainWindow - RegSetKeySecurity Error : 5 Access is denied.


C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\kl1.cat - SetKernelObjectSecurity Error : 5 Access is denied.


C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\klif.cat - SetKernelObjectSecurity Error : 5 Access is denied.


C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\klim5.cat - SetKernelObjectSecurity Error : 5 Access is denied.


C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\klkbdflt.cat - SetKernelObjectSecurity Error : 5 Access is denied.


C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\klmouflt.cat - SetKernelObjectSecurity Error : 5 Access is denied.


C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\kltdi.cat - SetKernelObjectSecurity Error : 5 Access is denied.


C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\kneps.cat - SetKernelObjectSecurity Error : 5 Access is denied.


C:\WINDOWS\system32\drivers\kl1.sys - SetKernelObjectSecurity Error : 5 Access is denied.


C:\WINDOWS\system32\drivers\klflt.sys - SetKernelObjectSecurity Error : 5 Access is denied.


C:\WINDOWS\system32\drivers\klif.sys - SetKernelObjectSecurity Error : 5 Access is denied.


C:\WINDOWS\system32\drivers\klim5.sys - SetKernelObjectSecurity Error : 5 Access is denied.


C:\WINDOWS\system32\drivers\klkbdflt.sys - SetKernelObjectSecurity Error : 5 Access is denied.


C:\WINDOWS\system32\drivers\klmouflt.sys - SetKernelObjectSecurity Error : 5 Access is denied.


C:\WINDOWS\system32\drivers\kltdi.sys - SetKernelObjectSecurity Error : 5 Access is denied.


C:\WINDOWS\system32\drivers\kneps.sys - SetKernelObjectSecurity Error : 5 Access is denied.


C:\WINDOWS\system32\drivers\etc\hosts - SetKernelObjectSecurity Error : 5 Access is denied.

There were four other log files that all involved Kaspersky and AVP files and folders that could not be accessedd.

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:33 PM

Posted 10 March 2013 - 08:29 PM

Hello,

 

Lets fix that missing file and Uninstall Kaspersky. And see how the machine is doing.

 

1.

Uninstall Kaspersky.

Uninstall Kaspersky



You should be able to remove Kaspersky Anti-Virus via Start > Control Panel > Add or Remove Programs.
If you need instructions on how to do so, please consult:

The following removal utility can be used to uninstall the program if the uninstall via Add/remove does not work:

  • Download the archive Kavremover.
  • Unpack kavremover10.exe from the archive.
  • Run the file kavremover10.exe.
  • Enter the code from the picture.
  • Click remove.
  • Wait until the program confirms the removal and click ok.
  • Restart your computer.

Kaspersky should now be removed from your PC.


For illustrated instructions please see here:

 

 

2.

We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

FCopy::
C:\WINDOWS\system32\dllcache\i8042prt.sys | c:\windows\system32\drivers\i8042prt.sys



Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

Things to include in your next reply::

Combofix.txt

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 Nancylynne

Nancylynne
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:MA
  • Local time:06:33 PM

Posted 10 March 2013 - 09:46 PM

Hi,
I had already deleted Kaspersky. When I ran Kavremover it said that it was had was removed already. The new ComboFix came up with PCDR having a virus that was not detected before. I tried entering Dell's sight on Internet Explorer and again had no pictures or page format and the sight would not click on my service tag.
I cannot tell you how much I appreciate all the help you have been giving me. I have been sitting here having an allergy attack from all my nerves jsut thinking about emptying this computer and what I have in store with my laptop. This is my business. I only wish I could afford to upgrade these computers. Do byou think these viruses could be spreading?

omboFix 13-03-10.02 - Nancy Comenitz 03/10/2013 21:58:05.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1460 [GMT -4:00]
Running from: c:\documents and settings\Nancy Comenitz\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nancy Comenitz\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\0276115d-b6c6-4a1b-8e6b-68bc9dbe4f93.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\06004c97-c212-44da-81de-706b46554efe.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\0d85b53c-d766-4bf0-8940-17b534910268.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\16837627-a839-41c5-a88f-3a0335128383.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\18d25bc5-acbb-424f-a6c6-d04a97765094.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\1abc6cc6-7642-443e-ad9d-336734fd2832.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\2141cd58-3a24-481f-8ca2-8b466c9b797f.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3e137363-345c-454a-a474-2da300d9297a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\489a0734-0bcc-462a-8a9c-29a40f0007b9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\493f295d-1a46-46f6-926c-63b474cedab4.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\59abf7b9-a4a7-4d76-9ad6-13c7bb2f4d0b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\5f996ddf-fafd-4f93-b623-a362758305b9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\63acf506-979e-4b72-a7ce-2af6dc2b98c4.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\65a823a3-a5fc-440a-b276-153555251042.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\69eaa8a4-3131-4718-aad0-994ebde678d1.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\9192d3e9-aa66-4560-a2e3-209867aafd30.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\a7201707-7895-43cf-9119-8a0279b75d4c.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\b2ed8d53-41ce-48e6-b4ac-8b8e5e1a4fdf.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\d4ffe1c0-8021-4dfa-bf52-cb9224f001ce.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\daf30858-49d8-434b-b4b1-068b5dc9267c.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\e238f8f5-5f0a-478f-b96a-d15f6f6cac94.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\e3146f6d-11b3-4a00-a026-1ba8b4bb00ff.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\f80d4ad1-1fad-43b5-b6f3-347848b5ddd5.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\f8b3befb-ca07-4bff-8777-f565b237979f.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\Downloads\1abc6cc6-7642-443e-ad9d-336734fd2832.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\Downloads\69eaa8a4-3131-4718-aad0-994ebde678d1.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\Downloads\d4ffe1c0-8021-4dfa-bf52-cb9224f001ce.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\Downloads\e238f8f5-5f0a-478f-b96a-d15f6f6cac94.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\Downloads\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\Downloads\f8b3befb-ca07-4bff-8777-f565b237979f.dll
c:\windows\EventSystem.log
c:\windows\system32\drivers\etc\hosts.ics
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\i8042prt.sys --> c:\windows\system32\drivers\i8042prt.sys
.
((((((((((((((((((((((((( Files Created from 2013-02-11 to 2013-03-11 )))))))))))))))))))))))))))))))
.
.
2013-03-11 01:58 . 2008-04-14 04:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2013-03-11 01:58 . 2008-04-14 04:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2013-03-10 21:18 . 2013-03-10 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2013-03-10 21:18 . 2013-03-10 21:18 -------- d-----w- c:\program files\Seagate
2013-03-10 21:18 . 2013-03-10 21:18 -------- d-----w- c:\documents and settings\Nancy Comenitz\Local Settings\Application Data\Downloaded Installations
2013-03-10 21:18 . 2013-03-10 21:18 -------- d-sh--w- c:\windows\ftpcache
2013-03-08 15:15 . 2008-04-14 09:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-03-08 15:15 . 2008-04-14 09:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-03-08 15:15 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-03-08 15:15 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2013-03-08 15:15 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2013-03-08 15:15 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2013-03-08 15:15 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2013-03-08 15:15 . 2008-04-14 02:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2013-03-08 15:15 . 2008-04-14 04:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2013-03-08 15:15 . 2008-04-14 09:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2013-03-08 15:15 . 2008-04-14 02:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2013-03-08 15:13 . 2001-08-17 17:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2013-03-08 15:12 . 2001-08-17 17:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2013-03-08 15:11 . 2001-08-17 16:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2013-03-08 15:10 . 2001-08-17 17:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2013-03-08 15:09 . 2001-08-18 02:36 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2013-03-08 15:08 . 2001-08-17 17:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2013-03-08 15:07 . 2001-08-18 02:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2013-03-08 15:06 . 2008-04-14 04:11 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2013-03-08 15:05 . 2001-08-17 18:05 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2013-03-08 15:04 . 2001-08-17 17:49 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2013-03-08 15:03 . 2001-08-17 18:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-03-08 15:02 . 2001-08-17 16:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2013-03-08 15:01 . 2001-08-17 17:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2013-03-08 15:00 . 2008-04-14 03:53 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2013-03-08 14:59 . 2001-08-18 02:36 83968 -c--a-w- c:\windows\system32\dllcache\hpgt21.dll
2013-03-08 14:58 . 2001-08-17 16:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2013-03-08 14:57 . 2001-08-17 16:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2013-03-08 14:56 . 2001-08-17 16:12 117760 -c--a-w- c:\windows\system32\dllcache\d100ib5.sys
2013-03-08 14:55 . 2008-04-14 04:16 18944 -c--a-w- c:\windows\system32\dllcache\bthusb.sys
2013-03-08 14:54 . 2001-08-17 16:49 75136 -c--a-w- c:\windows\system32\dllcache\atimpae.sys
2013-03-08 14:53 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-03-08 14:41 . 2013-03-10 18:36 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-03-08 14:41 . 2013-03-08 14:41 -------- d-----w- c:\program files\Tweaking.com
2013-02-24 01:29 . 2013-02-24 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\APN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 19:53 . 2012-06-16 15:00 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 19:53 . 2012-06-16 15:00 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-06 14:00 . 2013-02-06 14:00 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-06 14:00 . 2013-02-06 14:00 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-06 14:00 . 2012-06-29 17:54 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-06 14:00 . 2012-06-29 17:01 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-26 03:55 . 2008-04-13 23:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2008-04-13 23:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2008-04-13 23:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2008-04-13 23:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2008-04-13 23:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2008-04-13 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2008-04-13 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2008-04-13 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2008-04-13 23:00 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2008-04-13 23:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2012-06-15 15:43 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-29 08:27 . 2012-12-05 15:54 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:33 PM

Posted 11 March 2013 - 02:47 PM

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif


Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif


Go to Start Repairs tab and click Start button.

p22001166.gif


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 Nancylynne

Nancylynne
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:MA
  • Local time:06:33 PM

Posted 11 March 2013 - 05:40 PM

Here are the results:
windows_repair_hkey_classes_root_log_3txt

WARNING HKEY_CLASSES_ROOT\* : registry key is skipped (contains wildcard)

WARNING HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\mk\* : registry key is skipped (contains wildcard)

windows_repair_hkey_classes_root_log_4.txt

WARNING HKEY_CLASSES_ROOT\* : registry key is skipped (contains wildcard)

WARNING HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\mk\* : registry key is skipped (contains wildcard)

Windows_repair_hkey_current_user_3_log.txt

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* : registry key is skipped (contains wildcard)

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{233C1507-6A77-46A4-9443-F871F945D258}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trueformsonline.com\* : registry key is skipped (contains wildcard)

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com\* : registry key is skipped (contains wildcard)

windows_repir_hkey_current_user_4_log.txt

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* : registry key is skipped (contains wildcard)

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{233C1507-6A77-46A4-9443-F871F945D258}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trueformsonline.com\* : registry key is skipped (contains wildcard)

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com\* : registry key is skipped (contains wildcard)

windows_repair_hkey_local_machine_3_log.txt

HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\SAC : 2 The system cannot find the file specified.


HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\SAI : 2 The system cannot find the file specified.


HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\SCM:{3D14228D-FBE1-11D0-995D-00C04FD919C1} : 2 The system cannot find the file specified.


WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Classes\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\mk\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e8c77137-e224-5791-b6e9-ff0305797a13}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\Dlwin.exe\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\MSWIN.EXE\* : registry key is skipped (contains wildcard)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009 - RegSetKeySecurity Error : 6 The handle is invalid.


WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

windows_repair_hkey_local_machine_4_log.txt

HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\SAC : 2 The system cannot find the file specified.


HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\SAI : 2 The system cannot find the file specified.


HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\SCM:{3D14228D-FBE1-11D0-995D-00C04FD919C1} : 2 The system cannot find the file specified.


WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Classes\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\mk\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e8c77137-e224-5791-b6e9-ff0305797a13}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\Dlwin.exe\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\MSWIN.EXE\* : registry key is skipped (contains wildcard)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009 - RegSetKeySecurity Error : 6 The handle is invalid.


WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

I might as well get out the valium bottle at this point!

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:33 PM

Posted 11 March 2013 - 06:10 PM

Hello,

 

Did you do the all the things I told you to do with the Tool? There was three different  things to do?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 Nancylynne

Nancylynne
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:MA
  • Local time:06:33 PM

Posted 11 March 2013 - 06:20 PM

I did a check disk and it restarted, then it checked system files withthe windows disk and I restarted the computer. I went to #4 and created a system restore point. I clicked start repairs and did not touch any of the checked items and pressed start.

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:33 PM

Posted 11 March 2013 - 06:37 PM

So how is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users