Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Friend" added questionable sites to Windows 7 Registry


  • Please log in to reply
8 replies to this topic

#1 Semi-Novice

Semi-Novice

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 28 January 2016 - 05:34 PM

Hi!

 

Hope I read the rules right and chose the right forum. I apologize if I didn't. Sorry, also, for the length. It's complicated and I've never seen an issue like this before. :)

 

I thought it would be best to post the question first: Can I create a clean registry, reinstall the good programs, and delete the old registry, rather than search for and delete questionable entries one at a time? I'm afraid reformatting won't destroy the issues, and will make it that much harder to detect them. I don't know if his current business/personal financial files are infected because none of the anti-virus programs detected anything {Housecall, ESET NOD32, Rootkit Buster, RUBotted, Farbar, HiJack This--Spybot reinstall is the only thing I see in startup}, so that's another reason I'm not sure I can just start over and put his data back. I checked his services and msconfig--nothing, other than SpyBot.

 

The problem: I've been trying to help an 80-year-old friend-of-a-friend with computer issues. He's running a desktop PC.with Windows 7 that he purchased from a friend. The owner has given the friend regular access to it in his home for the friend's continued use under the guise that the friend knows how to keep it in working order. It appears that the so-called "friend" has been visiting hundreds of porn, casino, and other very questionable websites.

 

The owner had a professional clean the computer, but I discovered 5 malware programs and 2 anti-virus programs running simultaneously, as well as other problems with cookies, exceptions, etc. I removed all but one of each: Windows Defender and ESET NOD32--he's already in a constant state of confusion and freaking out, I thought it was best not to add anything better right now. I also removed AUSLOGIC.

 

The confusing part: The computer owner is too stubborn/confused to set it up to block or allow cookies, so I know he hasn't done any of that. For some reason, rather than to remove the cookies belonging to the questionable websites, either the professional blocked them all, or the friend did. I'm assuming it's something you'd do one at a time as you visit the sites as it would be tedious to change nearly a thousand in the exceptions one at a time. But, that would mean the professional didn't see or remove them. I don't understand that. The professional downloaded Farbar and ADWCleaner, but I don't know if he used them.

 

The friend created several files over time to add entries to the registry. I don't know what was in them because I didn't know how to view them without letting them add or re-add the info. I deleted them.

 

I found hundreds of entries in the registry that correspond with the questionable sites--why block the cookies only to add whatever to the registry? Some of the IPs associated with the cookies pointed to porn sites that require downloading their software to view their material. That's the only reason I can think of for any of the sites to be in the registry {other than in the list of recently viewed}. I don't know why the other sites would require any entries at all, so I'm assuming they're part of the things the friend added via the files he created--again, then why block the cookies? Each of the entries has it's own heading under the various HKEY registry categories--they''re not just the product of the browser support programming. There are too many to count for 800Search... and other "bad" search engines; and various porn and casino sites. As far as I can tell, none are actual programs.

 

I'm hoping, if I can create a clean registry, rather than clean it manually, the anti-virus/malware programs can detect any residual issues in his data, so I can clean those files before I reformat {or have all zeros written to the drive} and add them back in.

 

There's nothing remotely like it in my registry, and, other than some really stubborn search engines, I've never seen anything like it in anyone else's registry. So, keeping in mind that I probably don't have a clue what I'm talking about and owe you all a huge apology for wasting your time, any suggestions?

 

Thanks a ton in advance!! :)

 

 

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 29 January 2016 - 07:46 AM

Hi Semi-Novice

Can I create a clean registry, reinstall the good programs, and delete the old registry, rather than search for and delete questionable entries one at a time?


To be blunt, no it isn't possible. The Registry is way too big and complex for that. There's no way to "create" a clean Registry (how would you go about it? A lot of entries and values are system, time, etc. specific so it'll never work). Also, how would you delete the old Registry when Windows is in ue? At worse, you'll make your system crash so bad, only a clean reinstallation will be able to repair it.

I'm afraid reformatting won't destroy the issues, and will make it that much harder to detect them.


Why do you think that? Unless the MBR and/or BIOS are infected, and/or another peripheral that is infected is being connected to the system, formatting the drive and reinstalling Windows on it will get rid of all the malware and system issues currently present. This is assuming as well there's not multiple drives on the system and the malware/virus is lying in a drive other than the C: (Windows) one.

If you want, before you go with the format and reinstall route, I can help you clean that system. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Semi-Novice

Semi-Novice
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 29 January 2016 - 07:49 PM

Hi Aura!

 

I really appreciate the quick reply!

 

 

Can I create a clean registry, reinstall the good programs, and delete the old registry, rather than search for and delete questionable entries one at a time?

To be blunt, no it isn't possible. The Registry is way too big and complex for that. There's no way to "create" a clean Registry (how would you go about it? A lot of entries and values are system, time, etc. specific so it'll never work). Also, how would you delete the old Registry when Windows is in ue? At worse, you'll make your system crash so bad, only a clean reinstallation will be able to repair it.

 

I was almost sure the result would be exactly as you described, but wanted to make sure I wasn't wasting time trying to clean it up the long way.
 

I'm afraid reformatting won't destroy the issues, and will make it that much harder to detect them.

Why do you think that?

 

As my screen name implies, I don't really think much of anything accurately. I was remembering something I thought I heard years ago about residual data, unless the drive is wiped clean.

If you want, before you go with the format and reinstall route, I can help you clean that system. Follow the instructions below please.

3Al62Pm.pngMiniToolBox

  • Download MiniToolBox and move the file to your Desktop;

As instructed, following is the scan log:

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Owner (administrator) on 29-01-2016 at 16:14:18
Running from "C:\Users\Owner\Downloads\Anti-Virus & Malware Programs"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: 671T-M Manufacturer: ECS
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================  {Both browsers are set to use "system proxy"; no other browsers are installed as far as I can tell}


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15463 entries.

========================= IP Configuration: ================================

SiS191 Ethernet Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Jacks_Desktop
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : SiS191 Ethernet Controller
   Physical Address. . . . . . . . . : 00-1B-B9-64-68-39
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::19e3:8107:bd9a:2b27%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.149(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, January 29, 2016 3:52:42 PM
   Lease Expires . . . . . . . . . . : Saturday, January 30, 2016 3:52:42 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234888121
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-6B-A1-34-00-1B-B9-64-68-39
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{CBC6B3B9-98AC-4089-867D-F60B45334680}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  Cisco67233
Address:  192.168.1.1

Name:    google.com
Address:  216.58.217.46


Pinging google.com [216.58.217.46] with 32 bytes of data:
Reply from 216.58.217.46: bytes=32 time=626ms TTL=54
Reply from 216.58.217.46: bytes=32 time=625ms TTL=54

Ping statistics for 216.58.217.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 625ms, Maximum = 626ms, Average = 625ms
Server:  Cisco67233
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data: {I deleted all but Google and Bing search engines...not sure why it's doing this}
Reply from 206.190.36.45: bytes=32 time=786ms TTL=50
Reply from 206.190.36.45: bytes=32 time=675ms TTL=50

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 675ms, Maximum = 786ms, Average = 730ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...00 1b b9 64 68 39 ......SiS191 Ethernet Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.149     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.149    276
    192.168.1.149  255.255.255.255         On-link     192.168.1.149    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.149    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.149    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.149    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    276 fe80::/64                On-link
 10    276 fe80::19e3:8107:bd9a:2b27/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/29/2016 03:31:16 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (01/29/2016 02:53:49 PM) (Source: MsiInstaller) (User: JACKS_DESKTOP)
Description: Product: ESET NOD32 Antivirus -- Error 1706. An installation package for the product ESET NOD32 Antivirus cannot be found. Try the installation again using a valid copy of the installation package 'NUPA0A6.msi' {Just finished reinstalling this b/c of this error--did this scan after reboot--don't understand this error}.

Error: (01/28/2016 07:20:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: ntdll.dll, version: 6.1.7601.19110, time stamp: 0x568429e5
Exception code: 0xc0000005
Fault offset: 0x000000000004ac04
Faulting process id: 0xe70
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (01/23/2016 12:36:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 41.0.2.5765, time stamp: 0x561ef9f1
Faulting module name: mozglue.dll, version: 41.0.2.5765, time stamp: 0x561ee53f
Exception code: 0x80000003
Fault offset: 0x0000ec91
Faulting process id: 0x260
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/21/2016 02:18:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18163, time stamp: 0x566c4c47
Faulting module name: Flash32_20_0_0_286.ocx, version: 20.0.0.286, time stamp: 0x56944dbe
Exception code: 0xc0000005
Fault offset: 0x00697a18
Faulting process id: 0x75c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/18/2016 06:13:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: UA.exe, version: 1.0.0.1, time stamp: 0x5611ff15
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000005
Fault offset: 0x00056b1d
Faulting process id: 0xa74
Faulting application start time: 0xUA.exe0
Faulting application path: UA.exe1
Faulting module path: UA.exe2
Report Id: UA.exe3

Error: (01/18/2016 02:49:21 PM) (Source: Application Hang) (User: ) {Uninstalled this program, does not appear in any startup I can see}
Description: The program SUPERAntiSpyware.exe version 6.0.0.1210 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d60

Start Time: 01d152425a137ade

Termination Time: 0

Application Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Report Id: b15e23b5-be35-11e5-a887-001bb9646839

Error: (01/15/2016 11:31:01 PM) (Source: MsiInstaller) (User: JACKS_DESKTOP)
Description: Product: Adobe Reader XI (11.0.13) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011014}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (01/14/2016 12:25:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18163, time stamp: 0x566c4c47
Faulting module name: jscript9.dll, version: 11.0.9600.18163, time stamp: 0x566c54b7
Exception code: 0xc0000005
Fault offset: 0x00010d75
Faulting process id: 0x6c0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/13/2016 03:34:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18163, time stamp: 0x566c4c47
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xe9ff9cd7
Faulting process id: 0xc90
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3


System errors:
=============
Error: (01/29/2016 03:00:20 PM) (Source: Service Control Manager) (User: )
Description: The ESET Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/25/2016 11:19:59 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/24/2016 10:58:33 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/24/2016 10:58:10 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/23/2016 09:24:01 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/23/2016 02:39:21 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/23/2016 02:34:46 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/23/2016 10:10:13 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (01/23/2016 10:10:12 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (01/23/2016 10:09:39 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (01/29/2016 03:31:16 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Owner\Downloads\esetsmartinstaller_enu.exe

Error: (01/29/2016 02:53:49 PM) (Source: MsiInstaller)(User: JACKS_DESKTOP)
Description: Product: ESET NOD32 Antivirus -- Error 1706. An installation package for the product ESET NOD32 Antivirus cannot be found. Try the installation again using a valid copy of the installation package 'NUPA0A6.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/28/2016 07:20:26 PM) (Source: Application Error)(User: )
Description: GWXUX.exe6.3.9600.1792355945dbdntdll.dll6.1.7601.19110568429e5c0000005000000000004ac04e7001d15a43fdc8f207C:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dll3cd5c88f-c637-11e5-ad5c-001bb9646839

Error: (01/23/2016 12:36:09 PM) (Source: Application Error)(User: )
Description: plugin-container.exe41.0.2.5765561ef9f1mozglue.dll41.0.2.5765561ee53f800000030000ec9126001d156195f68adafC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dllee9aba93-c210-11e5-b16b-001bb9646839

Error: (01/21/2016 02:18:17 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.18163566c4c47Flash32_20_0_0_286.ocx20.0.0.28656944dbec000000500697a1875c01d1549396469300C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_20_0_0_286.ocxde28c4b1-c08c-11e5-8593-001bb9646839

Error: (01/18/2016 06:13:48 PM) (Source: Application Error)(User: )
Description: UA.exe1.0.0.15611ff15MSVCR90.dll9.0.30729.61614dace5b9c000000500056b1da7401d1525684d0a350C:\Users\Owner\AppData\Roaming\VERIZON\UA_ar\UA.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll45dc9e32-be52-11e5-a887-001bb9646839

Error: (01/18/2016 02:49:21 PM) (Source: Application Hang)(User: )
Description: SUPERAntiSpyware.exe6.0.0.1210d6001d152425a137ade0C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeb15e23b5-be35-11e5-a887-001bb9646839

Error: (01/15/2016 11:31:01 PM) (Source: MsiInstaller)(User: JACKS_DESKTOP)
Description: Adobe Reader XI (11.0.13){AC76BA86-7AD7-0000-2550-7A8C40011014}1625(NULL)(NULL)(NULL)

Error: (01/14/2016 12:25:33 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.18163566c4c47jscript9.dll11.0.9600.18163566c54b7c000000500010d756c001d14f0875ecbb65C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\jscript9.dllf60ea122-bafc-11e5-b850-001bb9646839

Error: (01/13/2016 03:34:16 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.18163566c4c47unknown0.0.0.000000000c0000005e9ff9cd7c9001d14e526eebea20C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown28858dab-ba4e-11e5-b850-001bb9646839


CodeIntegrity Errors:
===================================
  Date: 2015-09-09 18:22:20.810
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\Desktop\Rick's PC 379 3699 jack\071031S\UCOREW64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-09 18:22:20.740
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\Desktop\Rick's PC 379 3699 jack\071031S\UCOREW64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-09 18:14:08.281
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\Desktop\Rick's PC 379 3699 jack\071031S\UCOREW64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-09 18:14:08.218
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\Desktop\Rick's PC 379 3699 jack\071031S\UCOREW64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-09 18:00:10.898
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\Desktop\Rick's PC 379 3699 jack\071031S\UCOREW64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-09 18:00:10.836
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\Desktop\Rick's PC 379 3699 jack\071031S\UCOREW64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-09 18:00:03.379
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\Desktop\Rick's PC 379 3699 jack\071031S\UCOREW64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-09 18:00:03.301
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\Desktop\Rick's PC 379 3699 jack\071031S\UCOREW64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-09 14:09:31.905
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\Desktop\Rick's PC 379 3699 jack\071031S\UCOREW64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-09 14:09:31.827
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\Desktop\Rick's PC 379 3699 jack\071031S\UCOREW64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ESET NOD32 Antivirus (HKLM\...\{39609CFB-57C5-4879-9C76-8BE895969C5B}) (Version: 9.0.349.0 - ESET, spol. s r.o.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.81 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SUABnR (HKLM-x32\...\{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{002CFA1B-7085-4489-A1CD-DAFC05BAA545}) (Version: 2.15.1003 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}) (Version: 2.15.1001 - Samsung Electronics Co., Ltd.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 3071.3 MB
Available physical RAM: 1580.57 MB
Total Virtual: 6140.82 MB
Available Virtual: 4126.51 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:297.99 GB) (Free:249.54 GB) NTFS
4 Drive e: () (Removable) (Total:3.76 GB) (Free:2.67 GB) FAT32

========================= Users: ========================================

User accounts for \\JACKS_DESKTOP

Administrator            Guest                    Owner                    


**** End of log ****
 

It looks pretty bad to me. I managed to talk the owner into wiping his computer. But, he has other devices that may be equally messed up, and I don't think he understands that networking them without the proper security wasn't a good idea. The "professional" he hired did block the cookies but didn't clean the system. This is a fairly secluded retirement community. The only reliable repair shop here went out of business--all others charge a fortune and claim to have resolved the problem when they've obviously done absolutely nothing.

 

I'll just await further instructions. I feel much better having some backup. THANK YOU, THANK YOU, THANK YOU!

 



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 29 January 2016 - 07:54 PM

I think I spotted your "issue". Are these the bad sites you are referring to?
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15463 entries.
If not, can you list a few of them? And also tell me where exactly in the Registry they are located? There might be a small misunderstanding there but I want to be sure of it :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Semi-Novice

Semi-Novice
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 01 February 2016 - 09:20 PM

Hi Aura,

 

Thanks for the much needed chuckle! Yes, the sites listed, and the other 15,463 entries not shown, would be "issue" I was referring to. I discovered exactly the same result in his laptop. As it can be difficult to work closely with the owner for long periods, I had to take a breather for a couple of days to focus on my responsibilities at home. So, I don't have his computer or registry in front of me right now. I apologize, I should have made a copy and sent it to myself along with the logs from the antivirus and malware programs.

 

You've been very generous in helping me. I didn't want to wait to reply and give the impression that I was being disrespectful of your time. If it's okay with you, I'll check his registry when I return to working on it in a few days, and then reply with a better response. Or, if you still think reformatting will fix the problem, that would probably be the better avenue to avoid using more of your time. Whichever you prefer. :grinner:

 

Thanks very much again!

 

Becky



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 01 February 2016 - 09:25 PM

Well Becky, it seems like this issue has been solved :)

These entries aren't malicious, in fact if anything, they are doing more good to the system than harm. I'll send a PM to quietman7 so he can jump in this thread and explaining what these are in a clear and detailled way, since he's way better than me at this :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:24 PM

Posted 01 February 2016 - 09:36 PM

Let me explain a little more about all this.

The HOSTS file is a text file that maps an IP address to a name. It has no extension and can be viewed using notepad. At the top is an explanation of the simple syntax. Each line is an IP address, a domain name, and an optional comment placed after a # sign. For a more detailed explanation, please refer to this HOSTS file Tutorial.

The original purpose of a HOSTS file was to map the proper address to a site's name but starting in Windows XP it was more often used for blocking purposes. The loopback address is used to stop web ads from displaying because 127.0.0.1 localhost indicates home/local machine (the location of your computer) and whatever is redirected home will not leave the system. 127.0.0.1 is the universal IP address of all local computers and is the standard hostname given to the address of the loopback network interface which refers to the local computer only. Thus, adding any entries with 127.0.0.1 next to them (i.e. 127.0.0.1 badsite.com) in the HOSTS file prevents access of badsite.com through Internet Explorer because any connection attempts are redirected back to the local machine. This essentially tells Windows to connect back to your machine instead of the IP address assigned to that domain so the website is effectively blocked. Windows checks the HOSTS file before it queries any Domain Name System (DNS) servers, which enables entries in the HOSTS file to override addresses in the DNS.

Anything that appears in your HOSTS file with a pound sign # are comments, and its main function is to write descriptions.

Spybot S&D offers four levels of protection to include...Immunization and Hosts file protection (adding entries).

The fourth level of protection is through the addition of HOSTS file entries. This is a passive protection. The HOSTS file contains the mappings of IP addresses to host names and is loaded into memory at startup. The HOSTS file must contain one entry: "127.0.0.1 localhost". The IP address 127.0.0.1 is the local machine. Windows checks the HOSTS file before it queries any DNS (Domain Name System) servers, which enables entries in the HOSTS file to override addresses in the DNS. Adding an entry such as “127.0.0.1 malware.com” to the HOSTS file prevents the access of “malware.com” through IE because any connection attempts are redirected back to the local machine. HOSTS file entries can also be used to block other applications from connecting to the Internet.


If you used Spybot S&D's Immunization (or Spybot 2 Immunization) feature, the "Global (Hosts)" profile typical adds about 15493 entries to the HOSTS file starting with 127.0.0.1. Any inactive domains and those reported as false positives will be removed when doing immunization. However, the large size of the Hosts file created by immunization has sometimes been reported to cause problems such as a significant delay when opening Internet Explorer.

If you open the Hosts file, the note at the top and bottom will show the entries were inserted by Spybot:
# Start of entries inserted by Spybot - Search & Destroy
# This list is Copyright 2000-2008 Safer Networking Limited
127.0.0.1	007guard.com
127.0.0.1	www.007guard.com
127.0.0.1	008i.com
127.0.0.1	008k.com
127.0.0.1	www.008k.com
127.0.0.1	00hq.com
127.0.0.1	www.00hq.com
127.0.0.1 	legal-at-spybot.info
127.0.0.1 	www.legal-at-spybot.info
127.0.0.1...
# This list is Copyright 2000-2007 Safer Networking Limited
# End of entries inserted by Spybot - Search & Destroy
More example entries shown here.

If you perform an "Undo" via the Immunize button on the Spybot main screen, the entries Spybot can be removed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Semi-Novice

Semi-Novice
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 03 February 2016 - 09:45 PM

Hi guys!

 

Got it! See? This is what happens when someone with nominal skills tries to help a bonafide cheapskate. Initially, he did say, "I'll give you anything you want." If the million dollars and a speed boat ever materialize, I'll cut you in for a third each {Please, don't hold your breath. Although you'd probably just pass out and start breathing again, I don't want to risk being responsible for your deaths.}.

 

I can't thank you enough! I'm very, very grateful. :bowdown:

 

Becky

 

P.S. I forwarded the SpyHunter bologna to all of my contacts. I'm so sorry you have to deal with that ridiculousness. I hope all is well very soon.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:24 PM

Posted 04 February 2016 - 06:52 AM

...P.S. I forwarded the SpyHunter bologna to all of my contacts. I'm so sorry you have to deal with that ridiculousness. I hope all is well very soon.

And we thank you.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users