We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Laptop completely hacked/full of spyware/virus!- how to reboot?
ryansace
Posts: 227 Forumite
in Techie Stuff
Hello,
Need a lot of help with my laptop. After following your spyware thread, i managed to installl everthing but Adaware onto the laptop (it got an access denied error after installing).
My mum bought the laptop 2 years ago from a local shop, and it came with no Windows XP disks, the Microsoft Office disks (yet had office installed) and nothing, just the power and laptop.
Anyway, after having installled all the anti- spyware and disconnecting from the internet, i managed to remove a LOT of spyware, however im sill having huge problems. I have google popup blocker (an yahoo, which i didnt install) and i keep geting popups (I go to hotmail and get 30-50 popups). I came to this site and must have got 10 popups.
I have a small idea where the problem came from. Someone installed Kazaa onto my lapto, which i know is loaded with spyware (which is why i never installed it...) and there was also google searches for 'sex movies free' so I can't imagine what kind of nasty viruses etc i have.
My questions are:
1. Any advice on a good way to clean up My Laptop?
2. Is a reboot possible without the disks?
3. I know how to set up a new user on the Laptop, but how do i give them limited access, where they can only access the internet and certain sites, and can't download anything (like being at school again, restricting all access to the admin). I dont want to place blame, so id rather access deny everythin than let someone mess my laptop up again.
Thank you so much, Ryan
Need a lot of help with my laptop. After following your spyware thread, i managed to installl everthing but Adaware onto the laptop (it got an access denied error after installing).
My mum bought the laptop 2 years ago from a local shop, and it came with no Windows XP disks, the Microsoft Office disks (yet had office installed) and nothing, just the power and laptop.
Anyway, after having installled all the anti- spyware and disconnecting from the internet, i managed to remove a LOT of spyware, however im sill having huge problems. I have google popup blocker (an yahoo, which i didnt install) and i keep geting popups (I go to hotmail and get 30-50 popups). I came to this site and must have got 10 popups.
I have a small idea where the problem came from. Someone installed Kazaa onto my lapto, which i know is loaded with spyware (which is why i never installed it...) and there was also google searches for 'sex movies free' so I can't imagine what kind of nasty viruses etc i have.
My questions are:
1. Any advice on a good way to clean up My Laptop?
2. Is a reboot possible without the disks?
3. I know how to set up a new user on the Laptop, but how do i give them limited access, where they can only access the internet and certain sites, and can't download anything (like being at school again, restricting all access to the admin). I dont want to place blame, so id rather access deny everythin than let someone mess my laptop up again.
Thank you so much, Ryan
0
Comments
-
do a hijackthis log for me, it tells you at the end of the Malware removal sticky, I may be able to spot the offending infectionEx forum ambassador
Long term forum member0 -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:29, on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Sitecom Europe BV\Sitecom WL-117 Utility\SitecomUSB.EXE
C:\Program Files\AutoInstall\ZD1211_Auto_Install_CD_Only_Gen_0ACE2031\AutoEJCD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\User\LOCALS~1\Temp\R!!!!!X01.437\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - !!02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - (no file)
O2 - BHO: (no name) - !!5045AC0E-7A09-46B3-B1D7-0F7FA3B8BC19} - (no file)
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A5963088-D31B-E2BF-69A0-865D45C547BF} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - !!29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Sitecom WL-117 WLan_Utility] "C:\Program Files\Sitecom Europe BV\Sitecom WL-117 Utility\SitecomUSB.EXE"
O4 - HKLM\..\Run: [AutoEJCD_0ACE2031] C:\Program Files\AutoInstall\ZD1211_Auto_Install_CD_Only_Gen_0ACE2031\AutoEJCD.EXE /VID=0ACE /PID=2031
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PacificPoker - !!94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: !!215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: !!4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: !!5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: !!67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001A0A8.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: qopnn - C:\WINDOWS\System32\qopnn.dll (file missing)
O20 - Winlogon Notify: windci32 - windci32.dll (file missing)
O22 - SharedTaskScheduler: andr - !!3162ba5b-4f2d-40c5-8fb6-36c6a0d639e6} - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 7872 bytes0 -
Is that right?
The files that stound out to me are:
C:\Program Files\AutoInstall\ZD1211_Auto_Install_CD_Only_Gen_ 0ACE2031\AutoEJCD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - !!02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - !!34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - (no file)
O2 - BHO: (no name) - !!5045AC0E-7A09-46B3-B1D7-0F7FA3B8BC19} - (no file)
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A5963088-D31B-E2BF-69A0-865D45C547BF} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: !!67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab0 -
before you fix anything, I see you are running hijack this from a temp location, you need to install it in it's own directory before fixing anything otherwise the back up files will be lost
my list:-
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - !!34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - (no file)
O2 - BHO: (no name) - !!5045AC0E-7A09-46B3-B1D7-0F7FA3B8BC19} - (no file)
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A5963088-D31B-E2BF-69A0-865D45C547BF} - (no file)
O16 - DPF: !!1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001A0A8.dat
O20 - Winlogon Notify: qopnn - C:\WINDOWS\System32\qopnn.dll (file missing)
O20 - Winlogon Notify: windci32 - windci32.dll (file missing)Ex forum ambassador
Long term forum member0 -
I would then run superantispyware again after a reboot of the LaptopEx forum ambassador
Long term forum member0 -
OK, ive tried eveything to get rid of spyware, and im stil getting thousands of popups. SUPERantispyware is currently scanning now, but ive started to consder reinstalling XP.
Would this completely clean the Laptop and return it to the original 'as new' laptop, or would old files remain?
Is there an easy way to returnyour laptop to as new?
Also, is it posible to reinstall XP withou a disk or CD?
Thank you,
Ryan0 -
a fresh install after formating would wipe all the files.
if everythings backed up i would do that.
then show your mum how not to download smiley central and the likes
0 -
Anyone know a good way to reinstall wthout the disks/registration keys or office disks?
Ive just got a laptop and thats it....no driver intallers etc etc will it be ok/ possible to rinstall?
Thank you for all your help,
Ryan0 -
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/12/2007 at 05:25 PM
Application Version : 3.9.1008
Core Rules Database Version : 3284
Trace Rules Database Version: 1295
Scan type : Complete Scan
Total Scan Time : 02:54:27
Memory items scanned : 370
Memory threats detected : 1
Registry items scanned : 4799
Registry threats detected : 130
File items scanned : 29334
File threats detected : 38
Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\__C001A0A8.DAT
C:\WINDOWS\SYSTEM32\__C001A0A8.DAT
Adware.Tracking Cookie
C:\Documents and Settings\User\Cookies\user@angleinteractive.directtrack[2].txt
C:\Documents and Settings\User\Cookies\user@a.websponsors[1].txt
C:\Documents and Settings\User\Cookies\user@ehg-logantod.hitbox[2].txt
C:\Documents and Settings\User\Cookies\user@adtech[2].txt
C:\Documents and Settings\User\Cookies\user@adrevolver[3].txt
C:\Documents and Settings\User\Cookies\user@media.adrevolver[1].txt
C:\Documents and Settings\User\Cookies\user@login.tracking101[2].txt
C:\Documents and Settings\User\Cookies\user@atdmt[2].txt
C:\Documents and Settings\User\Cookies\user@www.clash-media[2].txt
C:\Documents and Settings\User\Cookies\user@zedo[2].txt
C:\Documents and Settings\User\Cookies\user@doubleclick[2].txt
C:\Documents and Settings\User\Cookies\user@a.websponsors[2].txt
C:\Documents and Settings\User\Cookies\user@directtrack[1].txt
C:\Documents and Settings\User\Cookies\user@mediaplex[1].txt
C:\Documents and Settings\User\Cookies\user@ehg-bskyb.hitbox[1].txt
C:\Documents and Settings\User\Cookies\user@cpvfeed[2].txt
C:\Documents and Settings\User\Cookies\user@hitbox[3].txt
C:\Documents and Settings\User\Cookies\user@advertising[3].txt
C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt
C:\Documents and Settings\User\Cookies\user@hitbox[2].txt
C:\Documents and Settings\User\Cookies\user@ads.adbrite[2].txt
C:\Documents and Settings\User\Cookies\user@adbrite[1].txt
C:\Documents and Settings\User\Cookies\user@advertising[1].txt
C:\Documents and Settings\User\Cookies\user@ehg-logantod.hitbox[1].txt
C:\Documents and Settings\User\Cookies\user@a.websponsors[3].txt
C:\Documents and Settings\User\Cookies\user@ehg-bskyb.hitbox[2].txt
C:\Documents and Settings\User\Cookies\user@adrevolver[2].txt
C:\Documents and Settings\User\Cookies\user@media.adrevolver[2].txt
C:\Documents and Settings\User\Cookies\user@hitbox[1].txt
C:\Documents and Settings\User\Cookies\user@tribalfusion[1].txt
C:\Documents and Settings\User\Cookies\user@a.websponsors[4].txt
C:\Documents and Settings\User\Cookies\user@www.ppctracking[1].txt
C:\Documents and Settings\User\Cookies\user@statse.webtrendslive[2].txt
Malware.VirusProtectPro
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\AutoConvertTo
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\AuxUserType
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\AuxUserType\2
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\AuxUserType\3
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\Conversion
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\Conversion\Readable
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\Conversion\Readable\Main
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\Conversion\Readwritable
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\Conversion\Readwritable\Main
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\DataFormats
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\DataFormats\DefaultFile
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\DataFormats\GetSet
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\DataFormats\GetSet\0
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\DataFormats\GetSet\1
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\DataFormats\GetSet\2
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\DataFormats\GetSet\3
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\DataFormats\GetSet\4
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\DefaultIcon
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\eDvtmocFNzdxn
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\ejfmEr
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\EnjCRrbUuy
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\fulkhosheqqvi
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\InprocHandler
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\InprocHandler32
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\InprocServer32
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\InprocServer32#ThreadingModel
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\Insertable
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\LocalServer
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\LocalServer#LocalServer
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\LocalServer32
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\LocalServer32#LocalServer32
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\miogugjufnyv
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\MiscStatus
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\OfficeCompliant
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\ProgID
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\TypeLib
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\verb
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\verb\0
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\verb\1
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\Version
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\VersionIndependentProgID
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\xiaafudnXvib
HKCR\CLSID\!!45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\yfeNosqd
HKCR\TypeLib\!!40331B9F-75E5-4E1E-B511-5AA6638B9ADE}
HKCR\TypeLib\!!40331B9F-75E5-4E1E-B511-5AA6638B9ADE}\1.0
HKCR\TypeLib\!!40331B9F-75E5-4E1E-B511-5AA6638B9ADE}\1.0\0
HKCR\TypeLib\!!40331B9F-75E5-4E1E-B511-5AA6638B9ADE}\1.0\0\win32
HKCR\TypeLib\!!40331B9F-75E5-4E1E-B511-5AA6638B9ADE}\1.0\FLAGS
HKCR\TypeLib\!!40331B9F-75E5-4E1E-B511-5AA6638B9ADE}\1.0\HELPDIR
HKCR\Interface\!!4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}
HKCR\Interface\!!4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}\ProxyStubClsid
HKCR\Interface\!!4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}\ProxyStubClsid32
HKCR\Interface\!!4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}\TypeLib
HKCR\Interface\!!4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}\TypeLib#Version
HKCR\Interface\!!56943D7C-2283-4D73-B2B1-46173B4844B4}
HKCR\Interface\!!56943D7C-2283-4D73-B2B1-46173B4844B4}\ProxyStubClsid
HKCR\Interface\!!56943D7C-2283-4D73-B2B1-46173B4844B4}\ProxyStubClsid32
HKCR\Interface\!!56943D7C-2283-4D73-B2B1-46173B4844B4}\TypeLib
HKCR\Interface\!!56943D7C-2283-4D73-B2B1-46173B4844B4}\TypeLib#Version
HKCR\Interface\!!71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}
HKCR\Interface\!!71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}\ProxyStubClsid
HKCR\Interface\!!71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}\ProxyStubClsid32
HKCR\Interface\!!71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}\TypeLib
HKCR\Interface\!!71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}\TypeLib#Version
HKCR\Interface\!!75F32B07-D45F-4D5B-9266-3863C65D5B29}
HKCR\Interface\!!75F32B07-D45F-4D5B-9266-3863C65D5B29}\ProxyStubClsid
HKCR\Interface\!!75F32B07-D45F-4D5B-9266-3863C65D5B29}\ProxyStubClsid32
HKCR\Interface\!!75F32B07-D45F-4D5B-9266-3863C65D5B29}\TypeLib
HKCR\Interface\!!75F32B07-D45F-4D5B-9266-3863C65D5B29}\TypeLib#Version
HKCR\Interface\!!84037416-6A70-46E5-9216-CDCC7E2513E7}
HKCR\Interface\!!84037416-6A70-46E5-9216-CDCC7E2513E7}\ProxyStubClsid
HKCR\Interface\!!84037416-6A70-46E5-9216-CDCC7E2513E7}\ProxyStubClsid32
HKCR\Interface\!!84037416-6A70-46E5-9216-CDCC7E2513E7}\TypeLib
HKCR\Interface\!!84037416-6A70-46E5-9216-CDCC7E2513E7}\TypeLib#Version
HKCR\Interface\!!94E14C33-2473-4185-9FA0-3D881BDB5C0B}
HKCR\Interface\!!94E14C33-2473-4185-9FA0-3D881BDB5C0B}\ProxyStubClsid
HKCR\Interface\!!94E14C33-2473-4185-9FA0-3D881BDB5C0B}\ProxyStubClsid32
HKCR\Interface\!!94E14C33-2473-4185-9FA0-3D881BDB5C0B}\TypeLib
HKCR\Interface\!!94E14C33-2473-4185-9FA0-3D881BDB5C0B}\TypeLib#Version
HKCR\Interface\!!95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}
HKCR\Interface\!!95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}\ProxyStubClsid
HKCR\Interface\!!95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}\ProxyStubClsid32
HKCR\Interface\!!95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}\TypeLib
HKCR\Interface\!!95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}\TypeLib#Version
HKCR\Interface\!!9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}
HKCR\Interface\!!9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}\ProxyStubClsid
HKCR\Interface\!!9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}\ProxyStubClsid32
HKCR\Interface\!!9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}\TypeLib
HKCR\Interface\!!9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}\TypeLib#Version
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}\ProxyStubClsid
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}\ProxyStubClsid32
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}\TypeLib
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}\TypeLib#Version
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}\ProxyStubClsid
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}\ProxyStubClsid32
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}\TypeLib
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}\TypeLib#Version
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}\ProxyStubClsid
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}\ProxyStubClsid32
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}\TypeLib
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}\TypeLib#Version
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}\ProxyStubClsid
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}\ProxyStubClsid32
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}\TypeLib
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}\TypeLib#Version
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}\ProxyStubClsid
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}\ProxyStubClsid32
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}\TypeLib
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}\TypeLib#Version
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}\ProxyStubClsid
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}\ProxyStubClsid32
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}\TypeLib
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}\TypeLib#Version
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}\ProxyStubClsid
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}\ProxyStubClsid32
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}\TypeLib
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}\TypeLib#Version
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}\ProxyStubClsid
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}\ProxyStubClsid32
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}\TypeLib
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}\TypeLib#Version
C:\Program Files\VirusProtectPro 3.6\VirusProtectPro 3.6.exe
C:\Program Files\VirusProtectPro 3.6\vpp.ini
C:\Program Files\VirusProtectPro 3.6\ignored.lst
C:\Program Files\VirusProtectPro 3.60 -
you have virusprotect pro
follow these instructions
http://www.bleepingcomputer.com/forums/topic98219.html
you want
Automated Removal Instructions for VirusProtectProEx forum ambassador
Long term forum member0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.5K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.5K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.5K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards