1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My Web Search on toolbar-need get rid of

Discussion in 'Virus & Other Malware Removal' started by morris_the_cat, Jul 16, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. morris_the_cat

    morris_the_cat Thread Starter

    Joined:
    Jul 16, 2009
    Messages:
    6
    Hi,
    I found this message on my toolbar that say failed to retrieve buttons from My Wed Search. How do I get rid of this? I am having problems downloading anything, uploading files, pictures. When I went to download from your site, the hijack program, it saved the file but not in my start up like you said, not even sure where, but my notepad seems to have a file ran from it. I never even got to run a scan because I can't seem to even find it. Every time I try to use my hp printer it says it is missing files. hpqpse.exe is missing not even sure why because I uninstalled the printer and reinstalled it and still missing files. I am attaching what I found on the notepad but like I said, I never ran scan.

    Log created by WinPatrol [FREE Edition] version 16.0.2009.1:16.0.2009.1
    Scan saved at 12:40:55 AM, on 6/17/2009
    Platform: Windows XP SP3 Home Edition Service Pack 3 (Build 2600)
    MSIE: Internet Explorer (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\SYSTEM32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\SYSTEM32\services.exe
    C:\WINDOWS\SYSTEM32\lsass.exe
    C:\WINDOWS\SYSTEM32\svchost.exe
    C:\WINDOWS\SYSTEM32\spoolsv.exe
    C:\PROGRAM FILES\Avira\ANTIVIR DESKTOP\sched.exe
    C:\PROGRAM FILES\Avira\ANTIVIR DESKTOP\avguard.exe
    C:\PROGRAM FILES\COMMON FILES\Apple\MOBILE DEVICE SUPPORT\bin\APPLEMOBILEDEVICESERVICE.EXE
    C:\Program Files\AVG\AVG8\avgwdsvc.exe
    C:\PROGRAM FILES\Bonjour\MDNSRESPONDER.EXE
    C:\WINDOWS\SYSTEM32\drivers\dcfssvc.exe
    C:\PROGRAM FILES\Kodak\KODAK PICTURE TRANSFER SOFTWARE\PTSsvc.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
    C:\WINDOWS\Cyb2k.exe
    C:\PROGRAM FILES\iTunes\ITUNESHELPER.EXE
    C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmpnscfg.exe
    C:\PROGRAM FILES\iPod\bin\IPODSERVICE.EXE
    C:\WINDOWS\SYSTEM32\msiexec.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\iexplore.exe
    C:\WINDOWS\SYSTEM32\ctfmon.exe
    C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Recguard]C:\WINDOWS\SMINST\Recguard.exe
    O4 - HKLM\..\Run: [WinPatrol [FREE Edition]]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [C2K]C:\WINDOWS\Cyb2k.exe
    O4 - HKLM\..\Run: [iTunesHelper]C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    O4 - HKCU\..\Run: [Acme.PCHButton]C:\PROGRAM FILES\HP INSTANT SUPPORT\plugin\bin\PCHBUTTON.EXE
    O4 - HKCU\..\Run: [WMPNSCFG]C:\Program Files\Windows Media Player\wmpnscfg.exe
    O4 - Global Startup: Quicken Startup.lnk=C:\Program Files\QUICKENW\QWDLLS.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\jre6\bin
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
    O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
    O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
    O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
    O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
    O16 - DPF: Microsoft XML Parser for Java (xmldso) - file://C:\WINDOWS\Java\classes\xmldso.cab
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} (http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo) - http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206408426718
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1206408750562
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim) - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll
    O23 - Service: Plug and Play Device Manager - - C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
    O23 - Service: Avira AntiVir Scheduler - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Application Management - - C:\WINDOWS\System32\appmgmts.dll
    O23 - Service: AVG Free8 WatchDog - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\SYSTEM32\BRSVC01A.EXE
    O23 - Service: Communication Services - - C:\WINDOWS\CComSvc.exe /startedbyscm:50F0C285-40E273A9-gpsServiceSvc
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\SYSTEM32\drivers\dcfssvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqcxs08 - - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    O23 - Service: HP CUE DeviceDiscovery Service - - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter - - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
    O23 - Service: Net Driver HPZ12 - Hewlett-Packard - C:\WINDOWS\SYSTEM32\HPZinw12.dll
    O23 - Service: Pml Driver HPZ12 - Hewlett-Packard - C:\WINDOWS\SYSTEM32\HPZipm12.dll
    O23 - Service: ptssvc - - C:\Program Files\Kodak\KODAK Picture Transfer Software\PTSsvc.exe
    O23 - Service: Sunbelt Personal Firewall 4 - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Monitoring Service - - C:\WINDOWS\WVCSWD.exe /startedbyscm:50F0C285-40E273A9-gpsServiceSvc

    --- Additional WinPatrol Info ---
    Default Browser: Windows® Internet Explorer - Internet Explorer version 7.00.6000.16850
    MSIE: Internet Explorer (7.00.6000.16850)
    Firefox 3.0.11 installed in C:\Program Files\Mozilla Firefox.
    248 IE Cookies in Folder: C:\Documents and Settings\Owner\Cookies\
    0 Mozilla Cookies in Folder: C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\htsgc8qw.default

    WP00 - HKLM\CS1: BootExecute = autocheck autochk *
    WP00 - HKLM\CCS: BootExecute = autocheck autochk *
    WP00 - HKLM\CS2: BootExecute = autocheck autochk *
    WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

    WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.


    WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
    WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

    WP31 - Scheduled Tasks: [{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job]C:\Documents and Settings\Owner\Desktop\msa.exe Never
    WP31 - Scheduled Tasks: [AppleSoftwareUpdate.job]C:\Program Files\Apple Software Update\SoftwareUpdate.exe 04/09/2009 7:09 AM

    WP16 - ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [Web Browser Applet Control] C:\WINDOWS\SYSTEM32\msjava.dll 5.00.3810
    WP16 - ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42E} [PeerDraw Class] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VGX\vgx.dll 7.00.6000.20628
    WP16 - ActiveX: {17492023-C23A-453E-A040-C7C580BBF700} [Windows Genuine Advantage Validation Tool] C:\WINDOWS\SYSTEM32\LEGITCHECKCONTROL.DLL 1.7.0069.2
    WP16 - ActiveX: {19916E01-B44E-4E31-94A4-4696DF46157B} [InformationCardSigninHelper Class] C:\WINDOWS\SYSTEM32\icardie.dll 7.00.6000.16850
    WP16 - ActiveX: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [Windows Media Player] C:\WINDOWS\SYSTEM32\wmpdxm.dll 11.0.5721.5145
    WP16 - ActiveX: {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML DOM Document] C:\WINDOWS\SYSTEM32\msxml3.dll 8.100.1048.0
    WP16 - ActiveX: {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [DHTML Edit Control Safe for Scripting for IE5] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\Triedit\dhtmled.ocx 6.01.9234
    WP16 - ActiveX: {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [HtmlDlgSafeHelper Class] C:\WINDOWS\SYSTEM32\mshtmled.dll 7.00.6000.16850
    WP16 - ActiveX: {38481807-CA0E-42D2-BF39-B33AF135CC4D} [IETag Factory] C:\Program Files\Common Files\Microsoft Shared\Smart Tag\IETAG.DLL 10.0.2609
    WP16 - ActiveX: {4063BE15-3B08-470D-A0D5-B37161CFFD69} [QuickTime Object] C:\PROGRAM FILES\QUICKTIME\QTPlugin.ocx QuickTime 7.5.5 (990.7)
    WP16 - ActiveX: {48123BC4-99D9-11D1-A6B3-00C04FD91555} [XML Document] C:\WINDOWS\SYSTEM32\msxml3.dll 8.100.1048.0
    WP16 - ActiveX: {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\SYSTEM32\mstscax.dll 6.0.6001.18000
    WP16 - ActiveX: {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\SYSTEM32\mstscax.dll 6.0.6001.18000
    WP16 - ActiveX: {55136805-B2DE-11D1-B9F2-00A0C98BC547} [Shell Name Space] C:\WINDOWS\SYSTEM32\ieframe.dll 7.00.6000.16850
    WP16 - ActiveX: {6414512B-B978-451D-A0D8-FCFDF33E833C} [WUWebControl Class] C:\WINDOWS\SYSTEM32\wuweb.dll 7.2.6001.788
    WP16 - ActiveX: {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Player] C:\WINDOWS\SYSTEM32\wmp.dll 11.0.5721.5260
    WP16 - ActiveX: {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\SYSTEM32\mstscax.dll 6.0.6001.18000
    WP16 - ActiveX: {7584c670-2274-4efb-b00b-d6aaba6d3850} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\SYSTEM32\mstscax.dll 6.0.6001.18000
    WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\SYSTEM32\ieframe.dll 7.00.6000.16850
    WP16 - ActiveX: {88D969C0-F192-11D4-A65F-0040963251E5} [XML DOM Document 4.0] C:\WINDOWS\SYSTEM32\msxml4.dll 4.20.9870.0
    WP16 - ActiveX: {88D969C5-F192-11D4-A65F-0040963251E5} [XML HTTP 4.0] C:\WINDOWS\SYSTEM32\msxml4.dll 4.20.9870.0
    WP16 - ActiveX: {88D96A05-F192-11D4-A65F-0040963251E5} [XML DOM Document 6.0] C:\WINDOWS\SYSTEM32\msxml6.dll 6.20.1099.0
    WP16 - ActiveX: {88D96A06-F192-11D4-A65F-0040963251E5} [Free Threaded XML DOM Document 6.0] C:\WINDOWS\SYSTEM32\msxml6.dll 6.20.1099.0
    WP16 - ActiveX: {88D96A08-F192-11D4-A65F-0040963251E5} [XSL Template 6.0] C:\WINDOWS\SYSTEM32\msxml6.dll 6.20.1099.0
    WP16 - ActiveX: {88D96A0A-F192-11D4-A65F-0040963251E5} [XML HTTP 6.0] C:\WINDOWS\SYSTEM32\msxml6.dll 6.20.1099.0
    WP16 - ActiveX: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.6.0_11] C:\PROGRAM FILES\Java\jre6\bin\jp2iexp.dll
    WP16 - ActiveX: {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\SYSTEM32\mstscax.dll 6.0.6001.18000
    WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll
    WP16 - ActiveX: {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__MP3 Moniker Class] C:\WINDOWS\SYSTEM32\wmp.dll 11.0.5721.5260
    WP16 - ActiveX: {CD3AFA84-B84F-48F0-9393-7EDC34128127} [AUDIO__X_MS_WMA Moniker Class] C:\WINDOWS\SYSTEM32\wmp.dll 11.0.5721.5260
    WP16 - ActiveX: {CD3AFA94-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] C:\WINDOWS\SYSTEM32\wmp.dll 11.0.5721.5260
    WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash10a.ocx 10,0,12,36
    WP16 - ActiveX: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [iTunesDetector Class] C:\PROGRAM FILES\iTunes\ITDETECTOR.OCX 2.0.1.1
    WP16 - ActiveX: {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [QuickTimeCheck Class] C:\PROGRAM FILES\QUICKTIME\QTSystem\QUICKTIMECHECK.OCX QuickTime 7.5.5 (990.7)
    WP16 - ActiveX: {EBF9B040-94C9-11D4-9064-00C04F78ACF9} [SVG Document] C:\WINDOWS\SYSTEM32\Adobe\SVG VIEWER\SVGCONTROL.DLL 2, 0, 0, 55
    WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] C:\WINDOWS\SYSTEM32\msxml3.dll 8.100.1048.0
    WP16 - ActiveX: {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] C:\WINDOWS\SYSTEM32\msxml3.dll 8.100.1048.0
    WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\WINDOWS\SYSTEM32\wmpdxm.dll 11.0.5721.5145
    WP16 - ActiveX: {0713E8A2-850A-101B-AFC0-4210102A8DA7} [Microsoft TreeView Control, version 5.0 (SP2)] C:\WINDOWS\SYSTEM32\comctl32.ocx 6.00.8105
    WP16 - ActiveX: {0713E8D2-850A-101B-AFC0-4210102A8DA7} [Microsoft ProgressBar Control, version 5.0 (SP2)] C:\WINDOWS\SYSTEM32\comctl32.ocx 6.00.8105
    WP16 - ActiveX: {08B0e5c0-4FCB-11CF-AAA5-00401C608501} [Web Browser Applet Control] C:\WINDOWS\SYSTEM32\msjava.dll 5.00.3810
    WP16 - ActiveX: {3605B612-C3CF-4ab4-A426-2D853391DB2E} [Certificates Class] C:\WINDOWS\SYSTEM32\capicom.dll 2, 1, 0, 2
    WP16 - ActiveX: {1D2B4F40-1F10-11D1-9E88-00C04FDCAB92} [ThumbCtl Class] C:\WINDOWS\SYSTEM32\webvw.dll 6.00.2900.5512
    WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\WINDOWS\SYSTEM32\hhctrl.ocx 5.2.3790.4110
    WP16 - ActiveX: {58DA8D8A-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ListView Control, version 5.0 (SP2)] C:\WINDOWS\SYSTEM32\comctl32.ocx 6.00.8105
    WP16 - ActiveX: {58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ImageList Control, version 5.0 (SP2)] C:\WINDOWS\SYSTEM32\comctl32.ocx 6.00.8105
    WP16 - ActiveX: {550C8FFB-4DC0-4756-828C-862E6D0AE74F} [Chain Class] C:\WINDOWS\SYSTEM32\capicom.dll 2, 1, 0, 2
    WP16 - ActiveX: {6B7E638F-850A-101B-AFC0-4210102A8DA7} [Microsoft StatusBar Control, version 5.0 (SP2)] C:\WINDOWS\SYSTEM32\comctl32.ocx 6.00.8105
    WP16 - ActiveX: {91D221C4-0CD4-461C-A728-01D509321556} [Store Class] C:\WINDOWS\SYSTEM32\capicom.dll 2, 1, 0, 2
    WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\SYSTEM32\ieframe.dll 7.00.6000.16850
    WP16 - ActiveX: {8BD21D50-EC42-11CE-9E0D-00AA006002F3} [Microsoft Forms 2.0 OptionButton] C:\WINDOWS\SYSTEM32\FM20.DLL 2.01
    WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\WINDOWS\SYSTEM32\mshtml.dll 7.00.6000.16850
    WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll
    WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash10a.ocx 10,0,12,36
    WP16 - ActiveX: {9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8} [Certificate Class] C:\WINDOWS\SYSTEM32\capicom.dll 2, 1, 0, 2
    WP16 - ActiveX: {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} [WebViewFolderIcon Class] C:\WINDOWS\SYSTEM32\webvw.dll 6.00.2900.5512
    WP16 - ActiveX: {3605B612-C3CF-4ab4-A426-2D853391DB2E} [Certificates Class] C:\WINDOWS\SYSTEM32\capicom.dll 2, 1, 0, 2

    WP32 - Hidden File: C:\BOOT.INI
    WP32 - Hidden File: C:\hiberfil.sys
    WP32 - Hidden File: C:\IO.SYS
    WP32 - Hidden File: C:\MSDOS.SYS
    WP32 - Hidden File: C:\NTDETECT.COM
    WP32 - Hidden File: C:\ntldr
    WP32 - Hidden File: C:\pagefile.sys
    WP32 - Hidden File: C:\WINDOWS\CSV9.GID
    WP32 - Hidden File: C:\WINDOWS\QTFont.qfn
    WP32 - Hidden File: C:\WINDOWS\twain.dll
    WP32 - Hidden File: C:\WINDOWS\twain_32.dll
    WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
    WP32 - Hidden File: C:\WINDOWS\winnt.bmp
    WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
    WP32 - Hidden File: C:\WINDOWS\SYSTEM32\Restore\filelist.xml

    WP33 - File Type .AVI: [Video Clip]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
    WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
    WP33 - File Type .CAB: [Cabinet File]C:\WINDOWS\Explorer.exe /idlist,%I,%L
    WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
    WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
    WP33 - File Type .COM: [MS-DOS Application]%1 %*
    WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
    WP33 - File Type .DOC: [Microsoft Word Document]C:\Program Files\Microsoft Office\Office10\WINWORD.EXE /n /dde
    WP33 - File Type .EML: [Internet E-Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
    WP33 - File Type .EXE: [Application]%1 %*
    WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
    WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
    WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
    WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
    WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
    WP33 - File Type .MP3: [MPEG Layer 3 Audio]C:\Program Files\iTunes\iTunes.exe /open %L
    WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
    WP33 - File Type .REG: [Registration Entries]regedit.exe %1
    WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\Office10\WINWORD.EXE /n /dde
    WP33 - File Type .SCR: [Screen Saver]%1 /S
    WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
    WP33 - File Type .URL: [Internet Shortcut]rundll32.exe ieframe.dll,OpenURL %l
    WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
    WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
    WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
    WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*
    WP33 - File Type .XLS: [Microsoft Excel Worksheet]C:\Program Files\Microsoft Office\Office10\EXCEL.EXE /e

    Memory currently in use: 37%
    Physical Memory Free: 651,424 KB
    Paging File Free: 1,362,312 KB
    Virtual Memory Free: 2,046,740 KB


    --
    End of file
    :confused:
     
  2. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,451
    Hi, Welcome to TSG!!


    Download ATF Cleaner by Atribune.

    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.




    [​IMG] Download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/843832