WiredWX Hobby Weather ToolsLog in

 


descriptionim pretty sure i hav some registry entries i shouldnt Emptyim pretty sure i hav some registry entries i shouldnt

more_horiz
hi all at GeekPolice.. im pretty sure i have a prob with malware as i have some registry entries that i have googled and dont think they should b there.(MACROVISION). thiis is only 1 of my probs so im startin with this 1. here is a win patrol hijack log. could u plz take a look and if needed help with the removal. all help is greatly apreciated........ Log created by WinPatrol [FREE Edition] version 18.1.2010.0:18.1.2010.0
Scan saved at 6:59:35 PM, on 9/19/2010
Platform: Windows Vista Home Edition (Build 7600)
MSIE: Internet Explorer (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES (X86)\NORTON 360\Engine\4.2.0.12\ccsvchst.exe
C:\PROGRAM FILES (X86)\Intel\INTEL MATRIX STORAGE MANAGER\IAAnotif.exe
C:\PROGRAM FILES (X86)\DAEMON TOOLS LITE\DTLite.exe
C:\PROGRAM FILES (X86)\Stardock\OBJECTDOCK\OBJECTDOCK.EXE
C:\PROGRAM FILES (X86)\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES (X86)\DAEMON TOOLS LITE\DTSHELLHLP.EXE
C:\PROGRAM FILES (X86)\STOPZILLA!\STOPZILLA.EXE
C:\PROGRAM FILES (X86)\NEWTECH INFOSYSTEMS\PACKARD BELL MYBACKUP\BACKUPMANAGERTRAY.EXE
C:\PROGRAM FILES (X86)\COMMON FILES\Java\JAVA UPDATE\jusched.exe
C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\msnmsgr.exe
C:\PROGRAM FILES (X86)\WINDOWS LIVE\Contacts\wlcomm.exe
C:\Users\ryan\AppData\Local\Google\Chrome\APPLICATION\chrome.exe
C:\PROGRAM FILES (X86)\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_tj65&r=27361209q4c6l0320z145f4891u26n
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_tj65&r=27361209q4c6l0320z145f4891u26n
O2 - BHO: ZILLAbar Browser Helper Object - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files (x86)\Stopzilla!\Toolbar\SZSG.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: - {5C255C8A-E604-49b4-9D64-90988571CECB} -
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coieplg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ipsbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\Program Files (x86)\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coieplg.dll
O4 - HKLM\..\Run: [Adobe ARM]C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [WinPatrol [FREE Edition]]C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [Sidebar]C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite]C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun
O4 - HKU\..\Run: [Adobe ARM]C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKU\..\Run: [WinPatrol [FREE Edition]]C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - Global Startup: Stardock ObjectDock.lnk=C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O11 - Options group: [] -
O16 - DPF: CabBuilder (http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl) - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab Class) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://launcher.station.sony.com/weblauncher/plugin/1.0.3.93/SOEWebInstaller.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1267443665975
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (http://download.eset.com/special/eos/OnlineScanner) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_21) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Plug-in 1.6.0_21) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_21) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (file:///C:/Program%20Files%20(x86)/Heroes%20of%20Hellas/Images/armhelper) - file:///C:/Program%20Files%20(x86)/Heroes%20of%20Hellas/Images/armhelper.ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (http://service.futuremark.com/gom/receiver/tc/FMSI) - http://service.futuremark.com/gom/receiver/tc/FMSI.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Active File Monitor V7 - Adobe Systems Incorporated - C:\PROGRAM FILES (X86)\Adobe\PHOTOSHOP ELEMENTS 7.0\PHOTOSHOPELEMENTSFILEAGENT.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\PROGRAM FILES (X86)\Bonjour\MDNSRESPONDER.EXE
O23 - Service: Acer ePower Service - Acer Incorporated - C:\PROGRAM FILES\PACKARD BELL\PACKARD BELL POWER MANAGEMENT\EPOWERSVC.EXE
O23 - Service: EPSON V5 Service4(01) - SEIKO EPSON CORPORATION - C:\PROGRAMDATA\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) - SEIKO EPSON CORPORATION - C:\PROGRAMDATA\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\PROGRAM FILES (X86)\COMMON FILES\MACROVISION SHARED\FLEXNET PUBLISHER\FNPLICENSINGSERVICE.EXE
O23 - Service: GRegService - Acer Incorporated - C:\PROGRAM FILES (X86)\PACKARD BELL\REGISTRATION\GregHSRW.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor - Intel Corporation - C:\PROGRAM FILES (X86)\Intel\INTEL MATRIX STORAGE MANAGER\IAANTmon.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\PROGRAM FILES (X86)\COMMON FILES\INSTALLSHIELD\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service - Hewlett-Packard Company - C:\PROGRAM FILES (X86)\COMMON FILES\LIGHTSCRIBE\LSSrvc.exe
O23 - Service: Norton 360 - Symantec Corporation - C:\PROGRAM FILES (X86)\NORTON 360\Engine\4.2.0.12\ccsvchst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - - C:\PROGRAM FILES (X86)\COMMON FILES\NERO\NERO BACKITUP 4\NBSERVICE.EXE
O23 - Service: NMIndexingService - Nero AG - C:\PROGRAM FILES (X86)\COMMON FILES\Ahead\Lib\NMINDEXINGSERVICE.EXE
O23 - Service: NTI IScheduleSvc - - C:\PROGRAM FILES (X86)\NEWTECH INFOSYSTEMS\PACKARD BELL MYBACKUP\ISCHEDULESVC.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\NVVSVC.EXE
O23 - Service: PnkBstrA - - C:\Windows\System32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\PROGRAM FILES (X86)\COMMON FILES\Steam\STEAMSERVICE.EXE
O23 - Service: STOPzilla Service - iS3, Inc. - C:\PROGRAM FILES (X86)\COMMON FILES\iS3\ANTI-SPYWARE\SZServer.exe
O23 - Service: Updater Service - Acer - C:\PROGRAM FILES\PACKARD BELL\PACKARD BELL UPDATER\UPDATERSERVICE.EXE
O23 - Service: Windows Defender - - C:\PROGRAM FILES (X86)\WINDOWS DEFENDER\MPSVC.DLL
O23 - Service: Windows Media Player Network Sharing Service - - C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPNETWK.EXE

--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 8.00.7600.16385
MSIE: Internet Explorer (8.00.7600.16385)
31 IE Cookies in Folder: C:\Users\ryan\AppData\Roaming\Microsoft\Windows\Cookies\

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\Windows\system32\cmd.exe

WP06 - Delayed Start: [BackupManagerTray]C:\PROGRAM FILES (X86)\NEWTECH INFOSYSTEMS\PACKARD BELL MYBACKUP\BACKUPMANAGERTRAY.EXE
WP06 - Delayed Start: [SunJavaUpdateSched]C:\PROGRAM FILES (X86)\COMMON FILES\Java\JAVA UPDATE\jusched.exe
WP06 - Delayed Start: [Camera Assistant Software]C:\PROGRAM FILES (X86)\VIDEO WEB CAMERA\traybar.exe
WP06 - Delayed Start: [Adobe Reader Speed Launcher]C:\PROGRAM FILES (X86)\Adobe\Reader 9.0\Reader\READER_SL.EXE
WP06 - Delayed Start: [Google Update]C:\Users\ryan\AppData\Local\Google\Update\GOOGLEUPDATE.EXE
WP06 - Delayed Start: [Advanced SystemCare 3]C:\PROGRAM FILES (X86)\IObit\ADVANCED SYSTEMCARE 3\AWC.exe

WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [PerfectOptimizer_home.job]C:\Program Files (x86)\Perfect Optimizer\PerfectOptimizer.exe 09/18/2010 12:00 PM
WP31 - Scheduled Tasks: [GoogleUpdateTaskUserS-1-5-21-960824132-2242764314-4250865621-1001UA.job]C:\Users\ryan\AppData\Local\Google\Update\GoogleUpdate.exe 09/19/2010 6:53 PM
WP31 - Scheduled Tasks: [GoogleUpdateTaskUserS-1-5-21-960824132-2242764314-4250865621-1001Core.job]C:\Users\ryan\AppData\Local\Google\Update\GoogleUpdate.exe 09/17/2010 7:53 PM
WP31 - Scheduled Tasks: [AWC Update.job]C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe 09/19/2010 5:25 PM

WP16 - ActiveX: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [QuickTime Object] C:\PROGRAM FILES (X86)\QUICKTIME\QTPlugin.ocx QuickTime 7.6.6 (1671)
WP16 - ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} [Shockwave ActiveX Control] C:\Windows\SysWOW64\Macromed\Director\SwDir.dll 8.0
WP16 - ActiveX: {1E54D648-B804-468D-BC78-4AFFED8E262E} [System Requirements Lab Class] C:\Windows\DOWNLOADED PROGRAM FILES\SYSREQLAB_SRL.DLL 3, 0, 0, 3
WP16 - ActiveX: {1E54D648-B804-468D-BC78-4AFFED8E262F} [System Requirements Lab Class] C:\Windows\DOWNLOADED PROGRAM FILES\SYSREQLAB_NVD.DLL 3, 0, 0, 4
WP16 - ActiveX: {5852F5ED-8BF4-11D4-A245-0080C6F74284} [isInstalled Class] C:\PROGRAM FILES (X86)\Java\jre6\bin\wsdetect.dll 6.0.210.7
WP16 - ActiveX: {782355DA-B9DB-48F3-84D4-340E450EF3A5} [CInstallerState Object] C:\PROGRAM FILES (X86)\REALARCADE\INSTALLER\CHECKINST.DLL 1.0.0.1
WP16 - ActiveX: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.6.0_21] C:\PROGRAM FILES (X86)\Java\jre6\bin\jp2iexp.dll
WP16 - ActiveX: {CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} [Deployment Toolkit] C:\Windows\SysWOW64\DEPLOYJAVA1.DLL 6.0.210.7
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\Windows\SysWOW64\Macromed\Flash\Flash10d.ocx 10,0,42,34
WP16 - ActiveX: {98828DED-A591-462F-83BA-D2F62A68B8B8} [STOPzilla] C:\PROGRAM FILES (X86)\STOPZILLA!\Toolbar\SZSG.dll 2.0.50.0
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll
WP16 - ActiveX: {CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} [Deployment Toolkit] C:\Windows\SysWOW64\DEPLOYJAVA1.DLL 6.0.210.7
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\Windows\SysWOW64\Macromed\Flash\Flash10d.ocx 10,0,42,34

WP32 - Hidden File: C:\bootmgr
WP32 - Hidden File: C:\BOOTSECT.BAK
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\Patch.rev
WP32 - Hidden File: C:\Preload.rev
WP32 - Hidden File: C:\Windows\SwSys1.bmp
WP32 - Hidden File: C:\Windows\SwSys2.bmp
WP32 - Hidden File: C:\Windows\WindowsShell.Manifest
WP32 - Hidden File: C:\Windows\WSYS049.SYS
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-security-lsalookup-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-security-sddl-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-service-core-l1-1-0.dll

WP33 - File Type .AVI: [Video Clip]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [Windows Batch File]%1 %*
WP33 - File Type .CAB: [WinRAR archive]C:\Program Files\WinRAR\WinRAR.exe %1
WP33 - File Type .CAT: [Security Catalog]C:\Windows\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\Windows\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Office Word 97 - 2003 Document]C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .EML: [Windows Live Mail Mail Message]C:\Program Files (x86)\Windows Live\Mail\wlmail.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\Windows\System32\msiexec.exe /i %1 %*
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .SCR: [Screen saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]C:\Windows\System32\rundll32.exe C:\Windows\System32\ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Office Excel 97-2003 Worksheet]C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE /e

Memory currently in use: 42%
Physical Memory Free: 2,407,060 KB
Paging File Free: 4,194,303 KB
Virtual Memory Free: 1,980,616 KB


--
End of file

descriptionim pretty sure i hav some registry entries i shouldnt EmptyRe: im pretty sure i hav some registry entries i shouldnt

more_horiz
Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see this topic.

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





im pretty sure i hav some registry entries i shouldnt Bf_new Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.

descriptionim pretty sure i hav some registry entries i shouldnt EmptyRe: im pretty sure i hav some registry entries i shouldnt

more_horiz
hi heres the mbam log requested it didnt find anythin.Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4655

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20/09/2010 10:49:21
mbam-log-2010-09-20 (10-49-21).txt

Scan type: Quick scan
Objects scanned: 152011
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
also evertime i log on i get the messege plz wait 4 user profile service. ive had this 4 a few wks now and for the life of me cant figure out wot 2 do 2 stop it. i hav no restore points from b4 this started happening so any suggestions would b a great hlp thank u. also im runnin win7 x64

descriptionim pretty sure i hav some registry entries i shouldnt EmptyRe: im pretty sure i hav some registry entries i shouldnt

more_horiz
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptionim pretty sure i hav some registry entries i shouldnt EmptyRe: im pretty sure i hav some registry entries i shouldnt

more_horiz
i have a few copy games on my laptop will the online scanner remove the cracks??

descriptionim pretty sure i hav some registry entries i shouldnt EmptyRe: im pretty sure i hav some registry entries i shouldnt

more_horiz
Not really sure, but if you have cracks, and refuse to remove them, then we will no longer offer help.

descriptionim pretty sure i hav some registry entries i shouldnt EmptyRe: im pretty sure i hav some registry entries i shouldnt

more_horiz
was ok

descriptionim pretty sure i hav some registry entries i shouldnt EmptyRe: im pretty sure i hav some registry entries i shouldnt

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum