1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Extremely Slow Page Loading...

Discussion in 'Malware and Virus Removal Archive' started by Blue Star, 2011/07/12.

Thread Status:
Not open for further replies.
Page 2 of 3
  1. 2011/07/13
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Nova Development\Art Explosion Publisher Pro\1.0\Wizards\Desktop\Calendars\Year on a Page\8\xbdx11 inch\Business.npp 1
    Reg HKLM\SOFTWARE\Classes\.3dp@ Vroomsap.1
    Reg HKLM\SOFTWARE\Classes\.sig@ PMWPosterType
    Reg HKLM\SOFTWARE\Classes\ActivePopup.1@ Popup Control
    Reg HKLM\SOFTWARE\Classes\ActivePopup.1\CLSID
    Reg HKLM\SOFTWARE\Classes\ActivePopup.1\CLSID@ {8F0DD2CA-786E-11D0-A671-000092909AB2}
    Reg HKLM\SOFTWARE\Classes\Communicator.Download@ Download Class
    Reg HKLM\SOFTWARE\Classes\Communicator.Download\CLSID
    Reg HKLM\SOFTWARE\Classes\Communicator.Download\CLSID@ {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B}
    Reg HKLM\SOFTWARE\Classes\Communicator.Download\CurVer
    Reg HKLM\SOFTWARE\Classes\Communicator.Download\CurVer@ Communicator.Download.1
    Reg HKLM\SOFTWARE\Classes\Communicator.Download.1@ Download Class
    Reg HKLM\SOFTWARE\Classes\Communicator.Download.1\CLSID
    Reg HKLM\SOFTWARE\Classes\Communicator.Download.1\CLSID@ {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B}
    Reg HKLM\SOFTWARE\Classes\CONNMGR.ConnMgrCtrl.1@ ConnMgr Control
    Reg HKLM\SOFTWARE\Classes\CONNMGR.ConnMgrCtrl.1\CLSID
    Reg HKLM\SOFTWARE\Classes\CONNMGR.ConnMgrCtrl.1\CLSID@ {25E2B9D7-7C7F-4EE0-ACE5-F5492131B121}
    Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl@ InstallFromTheWeb ActiveX Control
    Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl\CLSID
    Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl\CLSID@ {4E330863-6A11-11D0-BFD8-006097237877}
    Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl\CurVer
    Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl\CurVer@ IFTWCtrl.IFTWCtrl.1
    Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl.1@ InstallFromTheWeb ActiveX Control
    Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl.1\CLSID
    Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl.1\CLSID@ {4E330863-6A11-11D0-BFD8-006097237877}
    Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj@ ImportClientObj Class
    Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj\CLSID
    Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj\CLSID@ {A844CD49-95EA-4ef0-92D2-BB32E68A6491}
    Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj.1@ ImportClientObj Class
    Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj.1\CLSID
    Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj.1\CLSID@ {A844CD49-95EA-4ef0-92D2-BB32E68A6491}
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile@ Enhanced metafile
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\CLSID
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\CLSID@ {5D455741-68F5-101C-AABC-0000C0E03D82}
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\DefaultIcon
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\DefaultIcon@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe,-151
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\Insertable
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\Insertable@
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol@
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing@
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\server
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\server@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\verb
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\verb@
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\verb\0
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\verb\0@ &Edit
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\open
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\open\command
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\open\command@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe "%1 "
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\print
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\print\command
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\print\command@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe /p "%1 "
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\printto
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\printto\command
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\printto\command@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe /pt "%1" "%2" "%3" "%4 "
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1@ Metafile Companion Picture (32-bit)
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\CLSID
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\CLSID@ {5D455741-68F5-101C-AABC-0000C0E03D82}
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\Insertable
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\protocol
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\protocol\StdFileEditing
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\protocol\StdFileEditing\server
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\protocol\StdFileEditing\server@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\protocol\StdFileEditing\verb
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\protocol\StdFileEditing\verb\0
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\protocol\StdFileEditing\verb\0@ &Edit
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile@ Windows metafile
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\CLSID
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\CLSID@ {5D455741-68F5-101C-AABC-0000C0E03D82}
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\DefaultIcon
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\DefaultIcon@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe,-152
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\Insertable
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\Insertable@
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol@
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing@
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\server
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\server@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe
     
    Blue Star,
    #21
  2. 2011/07/13
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\verb
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\verb@
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\verb\0
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\verb\0@ &Edit
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\open
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\open\command
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\open\command@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe "%1 "
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\print
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\print\command
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\print\command@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe /p "%1 "
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\printto
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\printto\command
    Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\printto\command@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe /pt "%1" "%2" "%3" "%4 "
    Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory@ Soap Port Connector Factory
    Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory\Clsid
    Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory\Clsid@ {4CE546FF-9128-465E-B5C5-5A36CFC2C285}
    Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory\CurVer
    Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory\CurVer@ MSSOAP.ConnectorFactory.1
    Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory.1@ Soap Port Connector Factory
    Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory.1\Clsid
    Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory.1\Clsid@ {4CE546FF-9128-465E-B5C5-5A36CFC2C285}
    Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector@ Microsoft Soap Http Connector
    Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector\Clsid
    Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector\Clsid@ {6205B8C9-75FF-4623-A50A-88E1F14EAFF2}
    Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector\CurVer
    Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector\CurVer@ MSSOAP.HttpConnector.1
    Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector.1@ Microsoft Soap Http Connector
    Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector.1\Clsid
    Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector.1\Clsid@ {6205B8C9-75FF-4623-A50A-88E1F14EAFF2}
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient@ Microsoft Soap SoapClient class
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient\Clsid
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient\Clsid@ {86D54F3D-652D-4ab3-A1A6-14D403F6C813}
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient\CurVer
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient\CurVer@ MSSOAP.SoapClient.1
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient.1@ Microsoft Soap SoapClient class Version 1
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient.1\Clsid
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient.1\Clsid@ {86D54F3D-652D-4ab3-A1A6-14D403F6C813}
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader@ Microsoft Soap SoapReader class
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader\Clsid
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader\Clsid@ {FDE424F3-AA10-471D-8A0A-6875C17B5914}
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader\CurVer
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader\CurVer@ MSSOAP.SoapReader.1
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader.1@ Microsoft Soap SoapReader class Version 1
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader.1\Clsid
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader.1\Clsid@ {FDE424F3-AA10-471D-8A0A-6875C17B5914}
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer@ Microsoft Soap SoapSerializer class
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer\Clsid
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer\Clsid@ {ADE424F3-AA10-471D-8A0A-687534555900}
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer\CurVer
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer\CurVer@ MSSOAP.SoapSerializer.1
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer.1@ Microsoft Soap SoapSerializer class Version 1
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer.1\Clsid
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer.1\Clsid@ {ADE424F3-AA10-471D-8A0A-687534555900}
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer@ Microsoft Soap SoapServer class
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer\Clsid
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer\Clsid@ {EBB2FF12-861A-42b6-B815-B1AF4D944916}
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer\CurVer
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer\CurVer@ MSSOAP.SoapServer.1
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer.1@ Microsoft Soap SoapServer class Version 1
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer.1\Clsid
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer.1\Clsid@ {EBB2FF12-861A-42b6-B815-B1AF4D944916}
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypefactory.1@ Microsoft SoapTypeMapperFactory Version 1
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypefactory.1\Clsid
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypefactory.1\Clsid@ {9C5754F7-ADF5-4D82-B181-0F8FC5EA882B}
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory@ Microsoft SoapTypeMapperFactoryclass
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory\Clsid
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory\Clsid@ {9C5754F7-ADF5-4D82-B181-0F8FC5EA882B}
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory\CurVer
    Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory\CurVer@ MSSOAP.SoapTypeMapperFactory.1
    Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader@ Microsoft Soap WSDLReader class
    Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader\Clsid
    Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader\Clsid@ {BB023FC5-AA10-47CE-8A0A-6875C17B5914}
    Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader\CurVer
    Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader\CurVer@ MSSOAP.WSDLReader.1
    Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader.1@ Microsoft Soap WSDLReader class Version 1
    Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader.1\Clsid
    Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader.1\Clsid@ {BB023FC5-AA10-47CE-8A0A-6875C17B5914}
    Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload@ Upload Class
    Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload\CLSID
    Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload\CLSID@ {4C470CD2-7394-11D4-9691-00D0B707528C}
    Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload\CurVer
    Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload\CurVer@ NPFTPX.Upload.1
    Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload.1@ Upload Class
    Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload.1\CLSID
    Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload.1\CLSID@ {4C470CD2-7394-11D4-9691-00D0B707528C}
    Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl@ OnlineContentCtrl Class
    Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl\CLSID
    Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl\CLSID@ {697CA6EF-989E-48CB-A70C-35E8875D890D}
    Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl\CurVer
    Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl\CurVer@ OnlineContentMgr.OnlineContentCtrl.1
    Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl.1@ OnlineContentCtrl Class
    Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl.1\CLSID
    Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl.1\CLSID@ {697CA6EF-989E-48CB-A70C-35E8875D890D}
    Reg HKLM\SOFTWARE\Classes\PMWPosterType@ Broderbund Poster Type
    Reg HKLM\SOFTWARE\Classes\PMWPosterType\CLSID
    Reg HKLM\SOFTWARE\Classes\PMWPosterType\CLSID@ {76F54460-046F-11CF-B79A-0000C0E9C528}
    Reg HKLM\SOFTWARE\Classes\PMWPosterType\DefaultIcon
    Reg HKLM\SOFTWARE\Classes\PMWPosterType\DefaultIcon@ C:\Program Files\Broderbund\ClickArt Fonts 4\pmwres32.dll,1
    Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell
    Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open
    Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open\command
    Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open\command@ C:\PROGRA~1\BRODER~1\CLICKA~1\cafonts4.exe "%1 "
    Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open\ddeexec
    Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open\ddeexec@ [open( "%1 ")]
    Reg HKLM\SOFTWARE\Classes\Pretzel.ClickArt.FileImport@ Pretzel.ClickArt.FileImport
    Reg HKLM\SOFTWARE\Classes\Pretzel.ClickArt.FileImport\CLSID
    Reg HKLM\SOFTWARE\Classes\Pretzel.ClickArt.FileImport\CLSID@ {998B9CAA-369B-41D0-A2F7-44CC1D208686}
    Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab@ Microsoft Tabbed Dialog Control, version 6.0
    Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CLSID
    Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CLSID@ {BDC217C5-ED16-11CD-956C-0000C04E4C0A}
    Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CurVer
    Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CurVer@ TabDlg.SSTab.1
    Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1@ Microsoft Tabbed Dialog Control, version 6.0
    Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1\CLSID
    Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1\CLSID@ {BDC217C5-ED16-11CD-956C-0000C04E4C0A}
    Reg HKLM\SOFTWARE\Classes\Vroom.Vroom@ 3DGreetings.com Player 2.0
    Reg HKLM\SOFTWARE\Classes\Vroom.Vroom\CurVer
    Reg HKLM\SOFTWARE\Classes\Vroom.Vroom\CurVer@ Vroom.Vroom.1
    Reg HKLM\SOFTWARE\Classes\Vroom.Vroom.1@ 3DGreetings.com Player 2.0
    Reg HKLM\SOFTWARE\Classes\Vroom.Vroom.1\CLSID
    Reg HKLM\SOFTWARE\Classes\Vroom.Vroom.1\CLSID@ {0C3F7D74-ADA5-4976-8908-A8189590DAFA}
    Reg HKLM\SOFTWARE\Classes\Vroom.Vroom.1\Insertable
    Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D@ Vroom3D Renderer
    Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D\CurVer
    Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D\CurVer@ Vroom3D.Vroom3D.1
    Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D.1@ Vroom3D Renderer
    Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D.1\CLSID
    Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D.1\CLSID@ {D1331690-405A-11d3-A7E8-00902745D30B}
    Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio@ VroomAudio
    Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio\CurVer
    Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio\CurVer@ VroomAudio.VroomAudio.1
    Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio.1@ VroomAudio
    Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio.1\CLSID
    Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio.1\CLSID@ {EE0F92D8-1B1A-4815-BA92-E4C981A1C2DA}
    Reg HKLM\SOFTWARE\Classes\VroomSap.1@DefaultIcon \ExpressIt\VroomSap.exe
    Reg HKLM\SOFTWARE\Classes\VroomSap.1@ ExpressIt Player v2 File
    Reg HKLM\SOFTWARE\Classes\VroomSap.1\Shell
    Reg HKLM\SOFTWARE\Classes\VroomSap.1\Shell\Open
    Reg HKLM\SOFTWARE\Classes\VroomSap.1\Shell\Open\Command
    Reg HKLM\SOFTWARE\Classes\VroomSap.1\Shell\Open\Command@ "\VroomSap.exe" "
    Reg HKLM\SOFTWARE\Classes\{83DC6B35-719A-11D1-9828-00A0246D4780}\LocalServer32
    Reg HKLM\SOFTWARE\Classes\{83DC6B35-719A-11D1-9828-00A0246D4780}\LocalServer32@ C:\PROGRA~1\BRODER~1\ClickArt Fonts 4\cafonts4.exe

    ---- EOF - GMER 1.0.15 ----
     
    Blue Star,
    #22


  3. to hide this advert.

  4. 2011/07/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #23
  5. 2011/07/13
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    I am running MBR now for a lapsed time of approximately 10 hours... shall I let that finish first or stop it and run ComboFix?
     
    Blue Star,
    #24
  6. 2011/07/13
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    Just a couple of things please....what is AVG? and how do I disable script blocking on XP?
     
    Blue Star,
    #25
  7. 2011/07/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What do you mean by "MBR "?
    You're supposed to be running Combofix.
     
    broni,
    #26
  8. 2011/07/13
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    I see what AVG is... I do not have it...
     
    Blue Star,
    #27
  9. 2011/07/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Did you read my previous reply?
     
    broni,
    #28
  10. 2011/07/13
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    yes... I thought your first reply told me to run MBR.. I will stop and run combofix, but I need to know how to disable script blocking for XP...

    and I am so sorry for the delay in answering... takes forever to load a page at times!
     
    Blue Star,
    #29
  11. 2011/07/13
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    I just finished loading CF and ready to try running it...
     
    Blue Star,
    #30
  12. 2011/07/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok....
     
    broni,
    #31
  13. 2011/07/14
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    I am unable to access the internet thru my machine.. I have loaded cf and rkill to disk... will I be able to run them on my machine or do these programs need to be downloaded to my machine and also run from there?
     
    Blue Star,
    #32
  14. 2011/07/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes, you can do it that way.
    What happened to the internet connection?
     
    broni,
    #33
  15. 2011/07/15
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    internet connection there, but page loading is becoming increasingly slower with each access attempt. Also... I have DSL and ATT is repairing my line.. several bad splices and they ran the cable past my house junction. So instead of going to my house, it passes by my house and tries to loop back. Therefire, incoming rate is only 950-1500 kbps... should be about 3000... I wanted to check your response before I tried the CF on disk, now I will and will get back to you asap...thank you for your patience!
     
    Blue Star,
    #34
  16. 2011/07/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No problem :)
     
    broni,
    #35
  17. 2011/07/15
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    *therefore...


    when it rains in my area, the broadband link becomes unavailable... 4 techs out to the house in the past 2 weeks and the are all puzzled... the last one found the bad splices and extra cable, but they're still noit sure...:(
     
    Blue Star,
    #36
  18. 2011/07/15
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    hahaha... I used to be able to spell.... :D
     
    Blue Star,
    #37
  19. 2011/07/18
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    I am running CF on the infected machine. CF ran thru its stages and found then deleted several infected files. Then it rebooted the computer, and opened a new window which says:

    Preparing log report.

    Do not run any programs until CF is finished.

    It has been running like this for a couple of hours... is this a normal amount of run time? Or should I do something else? :)
     
    Blue Star,
    #38
  20. 2011/07/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Stop it, restart computer and run it again.
     
    broni,
    #39
  21. 2011/07/18
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    just did that... says the same message as before.. :(
     
    Blue Star,
    #40
Page 2 of 3
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...