WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Please lead me to thread [Solved]

Started by sleepybear , Oct 23 2014 10:32 PM

pc healthcenter

This topic is locked

74 replies to this topic

#61 sleepybear

Authentic Member

Authentic Member
61 posts

Posted 09 November 2014 - 04:50 PM

Not sure if it offers registry backup or just backs up your registry files you want to delete. It is worded "do you want to back up changes to the registry".

Here is a list of what it wants to dump, Notice the obsolete software key:

Missing Shared DLL c:\WINDOWS\msvcr71.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls

Invalid Default Icon c:\Program Files\Norton Internet Security\Norton AntiVirus\navw32.exe, 0 HKCR\NavScanFile\DefaultIcon

Open with Application Issue c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe "/TASK:%1" HKCR\NavScanFile\shell\Open

Open with Application Issue c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe "/TTASK:%1" HKCR\NavScanFile\shell\openTemp

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISLuCbk.dll HKCR\CLSID\{0029EA03-63CA-442D-8EDC-3E624F0F7738}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVOpts.dll HKCR\CLSID\{03970E0C-9DA6-460E-A754-FAD0FA3F7037}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\Norton AntiVirus\Navlcom.dll HKCR\CLSID\{049BD180-1EEB-4881-84BB-2A6AC3304005}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVOpts.dll HKCR\CLSID\{065943E0-C405-401D-9D8A-11C74D12AC6C}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVOpts.dll HKCR\CLSID\{065943E1-C405-401D-9D8A-11C74D12AC6C}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVComUI.dll HKCR\CLSID\{0850EE96-0E49-4EE0-8486-7E6C7292FEE3}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVOpts.dll HKCR\CLSID\{085ABFE2-D753-445C-8A2A-D4BD46CE0811}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{096F54CF-6ED7-4725-AFBF-29C5AFF8BFAC}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVLUCBK.dll HKCR\CLSID\{09C9DBC1-893D-11D2-B40A-00600831DD76}

ActiveX/COM Issue LocalServer32\"c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" HKCR\CLSID\{142FB276-7C38-4BB4-B475-3F9233B3EFF8}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\DefAlert.dll HKCR\CLSID\{1B7C788B-E925-438F-88C4-FDCF166BF53D}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISLUCBK.DLL HKCR\CLSID\{1C13629E-23C5-4A3F-AE92-2E6350ABDC81}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NisCfgWz.dll HKCR\CLSID\{1CB0A58F-4E11-4975-BD53-28D3A04E5BB5}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\LocWiz.dll HKCR\CLSID\{22FDECEC-F133-405B-AB4D-5FFC3431910C}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\WrapUM.dll HKCR\CLSID\{26676CDD-DD35-4AF2-8751-CC25DC468EF2}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\HNetCore.dll HKCR\CLSID\{2A20B6AF-7CC0-4F0F-B3B7-073E7F1388A1}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVCfgWz.dll HKCR\CLSID\{333EDEFF-6F69-484d-B6BC-6150ABC7EB80}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\nislcom.dll HKCR\CLSID\{37611656-A7F6-4581-A1AE-9DB4E1442BB2}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{387A3FA2-53F4-445F-99A8-18039DF74E39}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{38D30597-1F3A-431F-8679-846677A8B392}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISLUCBK.DLL HKCR\CLSID\{3E4E1B8D-781C-11D3-9C30-00C04FB59D98}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{41C4D969-6F04-405d-A186-7B8ACBAA1C1B}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVTasks.dll HKCR\CLSID\{4334A24F-43D2-4AAD-9780-FB21E7C4A0EF}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{45AD9C63-B8EE-4487-970B-F7FA2F6EE9CD}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\fwUI.dll HKCR\CLSID\{4689DE00-371E-437a-A293-EBE4463AF796}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{4A263C1C-EBCA-4774-BD1B-AFFD07DBFCD2}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{4B12A8B7-32CD-4D00-988D-A62AEF70F145}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\Scandlvr.dll HKCR\CLSID\{4C34B690-D1B7-11D1-B041-00104B252EEA}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\RLevel.dll HKCR\CLSID\{4CE39024-798E-4083-B8E2-1C259BCB9790}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\LocWiz.dll HKCR\CLSID\{4DF9E815-308F-45A1-BFC4-3CF382EB6D54}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\fwUI.dll HKCR\CLSID\{4F6EAB4C-A792-4F73-A0EA-4FAFB3643628}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVLnch.dll HKCR\CLSID\{51CD5322-C0EC-4513-BCEF-1C9B2EC88719}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\fwUI.dll HKCR\CLSID\{51F26AB6-546F-45E9-9C2A-A7BE75393E09}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll HKCR\CLSID\{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}

ActiveX/COM Issue LocalServer32\c:\PROGRA~1\NORTON~1\ccEmFlSv.exe HKCR\CLSID\{5995C86A-031A-41DF-B862-495DC0853EE2}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{5AA5B072-1535-4BD7-833A-8C268BAF6BC0}

ActiveX/COM Issue LocalServer32\c:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe HKCR\CLSID\{5BF80544-EA98-4416-BA81-5CEF05FDF16B}

ActiveX/COM Issue InProcServer32\C:\PROGRA~1\NORTON~1\NORTON~1\NAVEVENT.DLL HKCR\CLSID\{5E2E74C1-384D-4ACA-82E5-898FFA890936}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{5FAB35FB-855A-489d-AC41-FBF8004C0330}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{64695B9D-EBFB-40c7-A869-989975A91BB1}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{65F9FD81-C49B-4C2A-8994-7DA2312ADDDC}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\RLevel.dll HKCR\CLSID\{6E5DA949-AC9A-49A5-B6A0-CF46EAF0154A}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\FREInteg.dll HKCR\CLSID\{72E492DD-B841-4D9C-8EBC-3BAC9711F6E5}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{733CC4B1-6650-4946-980F-825742701BB3}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{74E97E78-4948-41AB-9FF4-D21FC69014DD}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\RLevel.dll HKCR\CLSID\{75D7FC19-C634-4744-B4EC-A2D6BD06F9F0}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVComUI.dll HKCR\CLSID\{7643BA0A-9A40-4805-B7B3-A16F686397C0}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVComUI.dll HKCR\CLSID\{7643BA0A-9A40-4805-B7B3-A16F686397C1}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{78395490-62BE-47B9-A607-FAC8F1E923D3}

ActiveX/COM Issue InProcServer32\C:\PROGRA~1\NORTON~1\NORTON~1\NAVEVENT.DLL HKCR\CLSID\{7849AB10-3468-4C64-912E-00AF4B8DCB6E}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\FREInteg.dll HKCR\CLSID\{7CA87530-E5EB-4B82-92DB-6299B2116A0A}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{7EB31067-0561-45cc-A9B7-765969B8A908}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ACDisp.dll HKCR\CLSID\{81032241-A8EE-4E33-B549-B342500B54EB}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{87F14216-6B5B-41c0-8305-9B1F759A5118}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVUI.dll HKCR\CLSID\{88734682-FCB2-11d2-B9D2-00C04FAC114C}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVUI.dll HKCR\CLSID\{88734683-FCB2-11d2-B9D2-00C04FAC114C}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVUI.dll HKCR\CLSID\{88734684-FCB2-11d2-B9D2-00C04FAC114C}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVUI.dll HKCR\CLSID\{88734685-FCB2-11d2-B9D2-00C04FAC114C}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVUI.dll HKCR\CLSID\{88734686-FCB2-11d2-B9D2-00C04FAC114C}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVUI.dll HKCR\CLSID\{88734687-FCB2-11d2-B9D2-00C04FAC114C}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVUI.dll HKCR\CLSID\{88734688-FCB2-11d2-B9D2-00C04FAC114C}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{8891647B-00F9-4C0D-B25F-085667A8A2AC}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{8989DE17-223F-4186-9077-BA154530EAD0}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\AboutPlg.dll HKCR\CLSID\{8A93465D-3A3D-11d3-A2D4-005004184DF1}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVUI.dll HKCR\CLSID\{8D756A6D-FAAF-456B-B869-DE1ACBE66C63}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{91092BB2-D736-4c18-8BF5-81A1860FB556}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVError.dll HKCR\CLSID\{917E992D-B4F9-433A-BCFE-3AEC0370A765}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{9385DDC3-90B6-40CD-8367-EFA685B74769}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISLUCBK.DLL HKCR\CLSID\{9828129C-6EE8-4ae7-BA58-F8B2FA3BED70}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVUI.dll HKCR\CLSID\{9A6DA1F3-5D12-4DE0-85D1-CD4D8A0CC454}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\RLevel.dll HKCR\CLSID\{9AAFBC1A-209A-43C9-BD55-D9707B50315E}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVOpts.dll HKCR\CLSID\{9B663083-7F14-4E27-9933-D55F162F1FCC}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\RLevel.dll HKCR\CLSID\{9C5ED830-2146-4CB0-9F13-BD30A868067D}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVTasks.dll HKCR\CLSID\{9CBCB8E3-BBA1-46F6-9E34-C92614F44A4F}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ACDisp.dll HKCR\CLSID\{A0323174-B13B-4DD1-A3ED-4AF6B5DC5961}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{A2F81DF6-3260-4BCE-8734-555A19DED3F1}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\fwUI.dll HKCR\CLSID\{A8526C0D-7EBA-41C4-9906-153C23CBF5DB}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVUI.dll HKCR\CLSID\{AAF584DB-89E4-4be2-9ADF-0F12CBF534C9}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{AE7EAADF-3FC9-4474-8A08-65C77F892D97}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSCR.dll HKCR\CLSID\{B665012A-380B-4C69-B7FC-05FC13A4EAF8}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\pcwiz.dll HKCR\CLSID\{BA117F0A-F2CE-4DA1-BB47-A7E24B870057}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\Norton AntiVirus\ccIMScan.dll HKCR\CLSID\{BC87773A-5476-41C5-83CC-D79C92CB64C0}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISLAlert.dll HKCR\CLSID\{BE39AEFD-5704-4bb5-B1DF-B7992454AB7E}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVTasks.dll HKCR\CLSID\{C52E6FB0-C980-47E3-A4C9-CA34981758E7}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{C8B82070-F7BA-495E-8C3E-789ACBB21236}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVTasks.dll HKCR\CLSID\{CA51130B-37FC-48F9-8B0B-BED3404E45F9}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{CAE323C0-7FE8-11D3-8B2D-005004D71BAF}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{CAE323C1-7FE8-11D3-8B2D-005004D71BAF}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{CAE323C2-7FE8-11D3-8B2D-005004D71BAF}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{CAE323C3-7FE8-11D3-8B2D-005004D71BAF}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{CAE323C4-7FE8-11D3-8B2D-005004D71BAF}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{CAE323C5-7FE8-11D3-8B2D-005004D71BAF}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{CAE323C6-7FE8-11D3-8B2D-005004D71BAF}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{CAE323C7-7FE8-11D3-8B2D-005004D71BAF}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{CAE323C8-7FE8-11D3-8B2D-005004D71BAF}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{CAE323C9-7FE8-11D3-8B2D-005004D71BAF}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{CAE323CB-7FE8-11D3-8B2D-005004D71BAF}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{CAE323CC-7FE8-11D3-8B2D-005004D71BAF}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{CAE323CD-7FE8-11D3-8B2D-005004D71BAF}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{CAE323CF-7FE8-11D3-8B2D-005004D71BAF}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NISABOUT.DLL HKCR\CLSID\{DCD53C71-6Fa1-11D3-83B7-00805F4B2398}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\Norton AntiVirus\OfficeAV.dll HKCR\CLSID\{DE1F7EEF-1851-11D3-939E-0004AC1ABE1F}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVUI.dll HKCR\CLSID\{E15DBD6B-6190-4E5B-9699-CFDBC7765761}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\ISWrap.dll HKCR\CLSID\{E89602DD-B2F4-45af-A083-836ED84B01EE}

ActiveX/COM Issue InProcServer32\C:\PROGRA~1\NORTON~1\NORTON~1\NAVEVENT.DLL HKCR\CLSID\{EB188466-3B18-44C8-8BFF-6BE5CD5D2F05}

ActiveX/COM Issue InProcServer32\c:\PROGRA~1\NORTON~1\NORTON~1\NAVSTATS.dll HKCR\CLSID\{ED429095-AF99-41A1-BA88-D7E9459B3AF4}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{F5EDEE07-8E38-11D3-8B2D-005004D71BAF}

ActiveX/COM Issue InProcServer32\c:\Program Files\Norton Internet Security\NISPLUG.DLL HKCR\CLSID\{FD119A17-4AED-451F-BA24-EC0A769DE9EC}

Application Paths Issue AlertAst.exe - c:\PROGRA~1\NORTON~1\AlertAst.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\AlertAst.exe

Application Paths Issue HELPCTR.EXE - %Systemroot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HELPCTR.EXE

Application Paths Issue MSCONFIG.EXE - %systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE

Application Paths Issue NAVW32.EXE - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\NAVW32.EXE

Application Paths Issue NAVWNT.EXE - c:\PROGRA~1\NORTON~1\NORTON~1\Navwnt.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\NAVWNT.EXE

Application Paths Issue qconsole.exe - c:\PROGRA~1\NORTON~1\NORTON~1\qconsole.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\qconsole.exe

Installer Reference Issue c:\Documents and Settings\All Users\Application Data\Symantec HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders

Installer Reference Issue c:\Documents and Settings\All Users\Application Data\Symantec\Common Client HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders

Installer Reference Issue c:\Program Files\Norton Internet Security HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders

Installer Reference Issue c:\Program Files\Norton Internet Security\IDSDefs HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders

Installer Reference Issue c:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders

Installer Reference Issue c:\Documents and Settings\All Users\Application Data\Symantec\Norton Internet Security HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders

Installer Reference Issue c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders

Installer Reference Issue c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders

Installer Reference Issue c:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders

Installer Reference Issue c:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\Portal HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders

Installer Reference Issue c:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\Incoming HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders

Installer Reference Issue c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders

Installer Reference Issue c:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security\Norton AntiVirus HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders

Installer Reference Issue C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\SUPERAntiSpyware.com HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders

Installer Reference Issue C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders

Uninstaller Reference Issue "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2

Obsolete software key Wget HKCU\Software\Wget

Old Start Menu key Norton Internet Security HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Norton Internet Security

Old Start Menu key SUPERAntiSpyware HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SUPERAntiSpyware

Missing MUI Reference C:\ComboFix\CF27936.3XE HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

Missing MUI Reference C:\Program Files\Norton Internet Security\cfgwiz.exe HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

Missing MUI Reference C:\Program Files\Norton Internet Security\UrlLstCk.exe HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

Missing MUI Reference C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\RarSFX0\appRemoverCore.exe HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

Missing MUI Reference C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

Missing MUI Reference C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\AppRemover_ToBeDelAfterReboot.bat HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

Missing MUI Reference C:\32788R22FWJFW\ERUNT.3XE HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

Missing MUI Reference C:\32788R22FWJFW\NirCmd.3XE HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

Missing MUI Reference C:\ComboFix\CF28818.3XE HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

Missing MUI Reference C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\_ir_sf_temp_0\irsetup.exe HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

Missing MUI Reference C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\_ir_sf_temp_1\irsetup.exe HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

Edited by sleepybear, 09 November 2014 - 04:52 PM.

Advertisements

Register to Remove

#62 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 09 November 2014 - 05:24 PM

Let it back up everything

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#63 sleepybear

Authentic Member

Authentic Member
61 posts

Posted 09 November 2014 - 05:35 PM

OK, right now just this happened: When clicking the minimize button on browser(Google Chrome, WTT Forums), This screen appeared again I have not seen for a few days hoping it was gone, Plain box with red border saying : "You have not yet configured this button. Adestination URL or application for this special keyboard button has not been set."

Also the windows taskbar and menu start properties screen came up below it.

#64 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 09 November 2014 - 05:51 PM

Been at this for many many years and cant believe all the problems your having, go ahead and run the FRST Fix

If it dont fix things than I think what you may want to do is take your computer to a local computer shop for repair, frankly I am out of ideas

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#65 sleepybear

Authentic Member

Authentic Member
61 posts

Posted 09 November 2014 - 06:09 PM

OK, I did not run the CFscript into the combo fix yet. Should I do that first?

#66 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 09 November 2014 - 06:10 PM

Yes go for it

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#67 sleepybear

Authentic Member

Authentic Member
61 posts

Posted 09 November 2014 - 06:52 PM

Combofix said again that Norton was still on there as a real time scanner.

ComboFix 14-10-29.01 - HP_Administrator 11/09/2014 16:27:16.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.344 [GMT -8:00]

Running from: c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::

"c:\program files\Common Files\agygy.exe"

"c:\program files\Common Files\apiseseb.reg"

"c:\program files\Common Files\icezose.bat"

"c:\program files\Common Files\rupolope.dll"

((((((((((((((((((((((((( Files Created from 2014-10-10 to 2014-11-10 )))))))))))))))))))))))))))))))

2014-11-05 03:53 . 2014-11-05 03:53 -------- d-----w- c:\program files\ESET

2014-11-04 01:57 . 2014-11-04 01:57 -------- d-----w- c:\windows\ERUNT

2014-11-04 01:37 . 2010-08-30 16:34 536576 ----a-w- c:\windows\system32\sqlite3.dll

2014-11-04 01:36 . 2014-11-04 01:47 -------- d-----w- C:\AdwCleaner

2014-10-27 04:51 . 2014-11-09 03:29 -------- d-----w- C:\FRST

2014-10-24 07:04 . 2014-11-06 02:23 -------- d-----w- c:\windows\pchealth

2014-10-20 06:11 . 2014-11-04 06:05 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-10-20 06:11 . 2014-10-01 18:11 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-10-20 06:11 . 2014-10-20 06:11 -------- d-----w- c:\program files\Malwarebytes Anti-Malware

2014-10-20 06:11 . 2014-10-01 18:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-10-20 00:18 . 2014-10-20 00:18 1409 ----a-w- c:\windows\QTFont.for

2014-10-19 21:49 . 2014-10-19 21:49 -------- d-----w- c:\windows\jumpshot.com

2014-10-16 05:39 . 2014-10-16 05:39 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Temp

2014-10-16 04:15 . 2014-10-16 04:15 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\AVAST Software

2014-10-16 04:08 . 2014-10-16 04:07 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys

2014-10-16 04:07 . 2014-10-16 04:07 43152 ----a-w- c:\windows\avastSS.scr

2014-10-16 04:04 . 2014-10-16 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2014-10-16 04:04 . 2014-10-16 04:07 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-10-16 04:04 . 2014-10-16 04:07 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-10-16 04:04 . 2014-10-16 04:07 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-10-15 20:00 . 2014-10-15 20:00 -------- d-----w- c:\windows\system32\wbem\Repository

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-10-16 04:15 . 2012-01-27 02:11 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys

2014-10-16 04:07 . 2012-01-27 02:11 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2014-10-16 04:07 . 2012-01-27 02:11 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2014-10-16 04:07 . 2012-01-27 02:11 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-10-16 04:07 . 2012-01-27 02:11 276432 ----a-w- c:\windows\system32\aswBoot.exe

2009-10-01 04:09 . 2009-10-01 04:09 11841 ----a-w- c:\program files\Common Files\apiseseb.reg

2009-10-01 04:09 . 2009-10-01 04:09 19313 ----a-w- c:\program files\Common Files\icezose.bat

2009-09-30 22:09 . 2009-09-30 22:09 16820 ----a-w- c:\program files\Common Files\rupolope.dll

2009-09-30 22:09 . 2009-09-30 22:09 11586 ----a-w- c:\program files\Common Files\agygy.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-10-16 04:07 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]

"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]

"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]

"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]

"SoundMan"="SOUNDMAN.EXE" [2004-10-13 77824]

"AlcWzrd"="ALCWZRD.EXE" [2004-10-13 2742272]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-16 4085896]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2006-02-23 22:45 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-08-04 15:06 1667584 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-06-29 00:22 155648 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ccSetMgr"=2 (0x2)

"ccPwdSvc"=3 (0x3)

"ccProxy"=2 (0x2)

"ccEvtMgr"=2 (0x2)

"YahooAUService"=2 (0x2)

"iPodService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10/15/2014 8:04 PM 49944]

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10/15/2014 8:04 PM 192352]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/26/2012 6:11 PM 779536]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [1/26/2012 6:11 PM 414520]

R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [10/15/2014 8:08 PM 24184]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10/15/2014 8:04 PM 67824]

R3 NmPar;Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [12/24/2008 5:40 AM 80256]

R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [12/16/2008 6:10 AM 70016]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3/3/2010 6:43 PM 47360]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-10-29 18:48 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2014-11-09 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-16 04:07]

2014-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-16 05:31]

2014-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-16 05:31]

------- Supplementary Scan -------

uStart Page = about:blank

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop

mStart Page = hxxp://www.google.com

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://shop.trendmicro.com/tmasy/eol.html?X=300&Y=300&WIDTH=690&HEIGHT=480

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

TCP: DhcpNameServer = 192.168.1.254

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-11-09 16:41

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ç*a""]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ç*a""\OpenWithList]

@Class="Shell"

"a"="NOTEPAD.EXE"

"MRUList"="a"

[HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ç*a""\OpenWithProgids]

"Ç=8_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\SecuROM\License information*]

"datasecu"=hex:fb,20,08,b5,1f,0b,a3,9d,20,02,b9,5f,6e,64,2a,cf,17,d9,68,0c,b9,

b2,7d,31,7c,26,c7,10,c9,01,24,ca,3c,fc,0f,e4,bb,24,4d,ca,fa,3a,01,ec,55,98,\

"rkeysecu"=hex:bd,47,83,32,2f,8a,32,ff,78,e0,de,39,57,df,50,ce

[HKEY_LOCAL_MACHINE\software\Classes\.*Ç*a""]

@="Ç=8_auto_file"

@=expand:"\"%ProgramFiles%\\Windows NT\\Accessories\\WORDPAD.EXE\" \"%1\""

[HKEY_LOCAL_MACHINE\software\Classes\Ç*a""_*a*u*t*o*_*f*i*l*e*\shell\edit\command]

@=expand:"%SystemRoot%\\system32\\NOTEPAD.EXE %1"

[HKEY_LOCAL_MACHINE\software\Classes\Ç*a""_*a*u*t*o*_*f*i*l*e*\shell\open\command]

@=expand:"%SystemRoot%\\system32\\NOTEPAD.EXE %1"

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3540)

c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll

c:\windows\system32\msi.dll

Completion time: 2014-11-09 16:44:17

ComboFix-quarantined-files.txt 2014-11-10 00:44

ComboFix2.txt 2014-11-08 22:53

ComboFix3.txt 2014-11-06 02:28

Pre-Run: 22,599,073,792 bytes free

Post-Run: 22,587,772,928 bytes free

- - End Of File - - FC30BE3B92644AC36468C3D5247FA787

0AC6D996BCE152AED9600E6D6B797E2E

#68 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 09 November 2014 - 07:08 PM

Thats fine, all traces of Symantec are gone

Like I said before, never saw a keyboard getting infected, if your keyboard is old like a PS2 connector ( round cable maybe purple or green ) I would throw it in the trash, you need to get a new one with a USB connector or even think about getting a wireless keyboard and mouse combo. Or if your computer is really old the PS2 or USB ports maybe damaged

How is everything running now

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#69 sleepybear

Authentic Member

Authentic Member
61 posts

Posted 09 November 2014 - 07:30 PM

So far so good, The only keys malfunctioning now are on the numbers square. The only key bringing up the error window is the period key on the numbers keypad. But everything else is fine. My neighbor has a wireless keyboard with USB transmitter and is also running an older PC with XP. I'll see if I can borrow his keyboard tomorrow.

#70 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 09 November 2014 - 09:09 PM

Yes, that would be interesting to see if with a new keyboard if you will still be having those problems, let me know

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#71 sleepybear

Authentic Member

Authentic Member
61 posts

Posted 11 November 2014 - 04:38 PM

Ken, you are a genius! I think we still have a working PC here (very much needed). First of all I borrowed a wireless Adesso brand keyboard from a neighbor with USB xmitter, and it was even worse, the virus or what I thought was a virus would pop up in a plain red box every time you'd press the period key on the numbers pad, plus the CD rom drawer would open! Also only half of the keyboard was bringing up the right letters. This morning a friend gave me (didn't need it any longer) a keyboard almost exactly like mine (HP) and I cannot make it do any of the errors. I tested it in Word, Works, Outlook. everything. No more problems. Through Combofix ,Norton still shows as active as a real time scanner. But I'm not going to worry about it. It might just have been one of the infected files. The plain red box I was referring to all this time would never let me copy or cut and paste it to show you. It was not labeled Microsoft or Windows or anything I ever seen before. No labeling, just a red stripe. It looked very hokey to me.

I am not going to try the Adesso wireless again and am throwing the original keyboard in the garbage. I'll leave well enough alone, so my wife can put some applications in. I cannot thank you enough!!!

#72 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 11 November 2014 - 04:49 PM

Thats great, thanks for letting me know. Good luck with your health problems, hope everything works out well for you, you and your wife seem like really nice people and its always a pleasure to help you

You keyboard problems could also be related to a really worn out old computer, the ports ( PS2 or USB ) could be damaged after years of use but it sounds like with your new keyboard that things are working fine

Lets remove Combofix so you dont get yourself in trouble and damage your system

Click the Start button, click Run. [Vista users, go Start>"Start search"]Copy and paste the following line into the run box and click OK (it may take a bit but you should get a message 'combofix is uninstalled)

Combofix /uninstall

Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.

Click Yes when asked are you sure you want to uninstall.

Both AdwCleaner.exe, its folder and all logs will be removed.

==========================================================

Please download DelFix and save the file to your Desktop.

Windows XP Double Click DelFix.exe to run the program.

Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR

Checkmark " Remove Disinfection Tools"

Click the Run button

This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually

==========================================================

[list]

How did I get infected in the first place ?

Read these links and find out how to prevent getting infected again.

[*]Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.

[*]WhattheTech

[*]Grinler BleepingComputer

[*]GeeksTo Go

[*]Dslreports

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#73 sleepybear

Authentic Member

Authentic Member
61 posts

Posted 11 November 2014 - 05:57 PM

Will do. Thank you very much for helping us again. I am going to keep this clean and up to date. I have to!!! I'm going to be off the computer a couple days because of my eyes but would like to find out if I can put service pack 3 on this thing sometime. I am going to be donating to this great forum as well as be active (checking in for updates and what to be aware of also.

Again thank you Ken for all your knowledge, persistence and detailed care. It really saved us here.

Edited by sleepybear, 11 November 2014 - 06:06 PM.

#74 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 11 November 2014 - 06:24 PM

Windows updates is no longer available so I am not sure if SP 3 is available for you

Give this a shot and see if it will let you install it

http://support.microsoft.com/kb/322389

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#75 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 14 November 2014 - 05:37 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Body Background

skin color theme

Please lead me to thread [Solved]

#61 sleepybear

Advertisements

Register to Remove

#62 ken545

#63 sleepybear

#64 ken545

#65 sleepybear

#66 ken545

#67 sleepybear

#68 ken545

#69 sleepybear

#70 ken545

Advertisements

Register to Remove

#71 sleepybear

#72 ken545

#73 sleepybear

#74 ken545

#75 ken545

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Please lead me to thread [Solved]

#61 sleepybear

Advertisements Register to Remove

#62 ken545

#63 sleepybear

#64 ken545

#65 sleepybear

#66 ken545

#67 sleepybear

#68 ken545

#69 sleepybear

#70 ken545

Advertisements Register to Remove

#71 sleepybear

#72 ken545

#73 sleepybear

#74 ken545

#75 ken545

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove