Tech Support Forum - View Single Post - Super Sheroes got computer bugs, calling for backup! thanx

changemakers13 · 10-15-2005, 09:21 PM

Here's the notes, before I list the logs:

1) when I did this:
Run a scan with HiJackThis & select/tick the following & click "Fix checked" :
this file was no longer listed
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe
it could not be found on the computer, even when i selected to show hidden files.

2) After running Clean up! in Safe Mode and Rebooting, it was unclear whether I should reboot in safe mode again or regular. However, Ewido would not function and was unreadable in Safe Mode, so I had to do it in regular mode.

3) TrendMicro worked just as described except for this instruction:
"In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here." This didn't happen, but after I closed the program, I did find this log elsewhere on my desktop. FYI

4) My computer seems to be running somewhat normally while I did these steps.

Thank you, again, sUBs!

In your next post, please include fresh logs from:

* HiJackThis log
Logfile of HijackThis v1.99.1
Scan saved at 8:18:26 PM, on 10/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HIJACKTHIS\ewido\security suite\ewidoctrl.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HIJACKTHIS\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\z8xndkvo.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\z8xndkvo.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\HIJACKTHIS\ewido\security suite\ewidoctrl.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINNT\system32\YPCSER~1.EXE

* Online Scan
Incident Status Location
Spyware:spyware/betterinet No disinfected Windows Registry

* Ewido
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:36:59 PM, 10/14/2005
+ Report-Checksum: 4615EBE5

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{79FB9088-19CE-715E-D900-216290C5B738} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
:mozilla.8:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.9:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.10:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.11:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.12:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.13:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.25:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.27:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.28:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.29:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.44:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.45:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.46:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.47:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.58:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{ECB6DA25-3055-43AC-90CF-08B689FE52B1}\RP712\A0072732.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\system32\0guwc7p.exe -> Trojan.Delf.cf : Cleaned with backup

::Report End

* Trend's Antispyware log
Started Scanning
Internet Cookies
Found 'cliks.org' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'abetterinternet.com' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'offeroptimizer.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}'
Found '' in 'SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\NumMethods'
Found '' in 'SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/VBouncer/INSTALL.LOG'
Found 'iebar' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform'
Found '' in 'SOFTWARE\Classes\Remove'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Service' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Legacy' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'DeviceDesc' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'ConfigFlags' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'ClassGUID' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Class' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'NextInstance' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'
Found 'PluginLevel' in 'SYSTEM\CurrentControlSet\Control\Session Manager'
Found '' in 'Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}'
Found '' in 'Software\xjado'
Internet URL Shortcuts
Files and Directories
Found 'creditcard32123123123asdsa.ico' in 'C:\WINNT\system32'
Finished Scanning
Started Backup
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Finished Backup
Started Cleaning
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'. Error=5.
Checking for 'C:\WINNT\system32\creditcard32123123123asdsa.ico' in shortcut areas.
Checking for 'C:\WINNT\system32\creditcard32123123123asdsa.ico' in startup areas.
Cleaning 'C:\WINNT\system32\creditcard32123123123asdsa.ico'
Finished Cleaning
Started Scanning
Internet Cookies
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Service' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Legacy' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'DeviceDesc' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'ConfigFlags' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'ClassGUID' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Class' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Finished Backup
Started Cleaning
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'. Error=5.
Finished Cleaning
Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Service' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Legacy' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'DeviceDesc' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'ConfigFlags' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'ClassGUID' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Class' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Finished Backup
Started Cleaning
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'. Error=5.
Finished Cleaning
Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Service' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Legacy' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'DeviceDesc' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'ConfigFlags' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'ClassGUID' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Class' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Internet URL Shortcuts
Files and Directories
Finished Scanning

10-15-2005, 09:21 PM	#3 (permalink)
changemakers13 Registered User Join Date: Oct 2005 Posts: 3 OS: xp	finished instructions, whats next? thanks Here's the notes, before I list the logs: 1) when I did this: Run a scan with HiJackThis & select/tick the following & click "Fix checked" : this file was no longer listed F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe it could not be found on the computer, even when i selected to show hidden files. 2) After running Clean up! in Safe Mode and Rebooting, it was unclear whether I should reboot in safe mode again or regular. However, Ewido would not function and was unreadable in Safe Mode, so I had to do it in regular mode. 3) TrendMicro worked just as described except for this instruction: "In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here." This didn't happen, but after I closed the program, I did find this log elsewhere on my desktop. FYI 4) My computer seems to be running somewhat normally while I did these steps. Thank you, again, sUBs! In your next post, please include fresh logs from: * HiJackThis log Logfile of HijackThis v1.99.1 Scan saved at 8:18:26 PM, on 10/15/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\spoolsv.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ClamWin\bin\ClamTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\HIJACKTHIS\ewido\security suite\ewidoctrl.exe C:\WINNT\System32\NMSSvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\wanmpsvc.exe C:\WINNT\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HIJACKTHIS\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\z8xndkvo.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\z8xndkvo.slt\prefs.js) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O23 - Service: ewido security suite control - ewido networks - C:\Program Files\HIJACKTHIS\ewido\security suite\ewidoctrl.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINNT\system32\YPCSER~1.EXE * Online Scan Incident Status Location Spyware:spyware/betterinet No disinfected Windows Registry * Ewido --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 9:36:59 PM, 10/14/2005 + Report-Checksum: 4615EBE5 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{79FB9088-19CE-715E-D900-216290C5B738} -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup :mozilla.8:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.9:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.10:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.11:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.12:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.13:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.25:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.26:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.27:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.28:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.29:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.44:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup :mozilla.45:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.46:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.47:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.58:C:\Program Files\K-Meleon\Profiles\default\8l3t7afz.slt\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Spyware.Pacer : Cleaned with backup C:\System Volume Information\_restore{ECB6DA25-3055-43AC-90CF-08B689FE52B1}\RP712\A0072732.exe -> Adware.BetterInternet : Cleaned with backup C:\WINNT\system32\0guwc7p.exe -> Trojan.Delf.cf : Cleaned with backup ::Report End * Trend's Antispyware log Started Scanning Internet Cookies Found 'cliks.org' in 'Internet Explorer Cache' Found 'btg.btgrab.com' in 'Internet Explorer Cache' Found 'abetterinternet.com' in 'Internet Explorer Cache' Found 'btg.btgrab.com' in 'Internet Explorer Cache' Found 'offeroptimizer.com' in 'Internet Explorer Cache' Programs in Memory Windows Registry Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC' Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000' Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1' Found '' in 'SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}' Found '' in 'SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\NumMethods' Found '' in 'SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\ProxyStubClsid32' Found '' in 'SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/VBouncer/INSTALL.LOG' Found 'iebar' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform' Found '' in 'SOFTWARE\Classes\Remove' Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC' Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'Service' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'Legacy' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'DeviceDesc' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'ConfigFlags' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'ClassGUID' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'Class' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'NextInstance' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC' Found 'PluginLevel' in 'SYSTEM\CurrentControlSet\Control\Session Manager' Found '' in 'Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}' Found '' in 'Software\xjado' Internet URL Shortcuts Files and Directories Found 'creditcard32123123123asdsa.ico' in 'C:\WINNT\system32' Finished Scanning Started Backup Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Finished Backup Started Cleaning [SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'. Error=5. [SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'. Error=5. [SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'. Error=5. [SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'. Error=5. Checking for 'C:\WINNT\system32\creditcard32123123123asdsa.ico' in shortcut areas. Checking for 'C:\WINNT\system32\creditcard32123123123asdsa.ico' in startup areas. Cleaning 'C:\WINNT\system32\creditcard32123123123asdsa.ico' Finished Cleaning Started Scanning Internet Cookies Found 'tribalfusion.com' in 'Internet Explorer Cache' Programs in Memory Windows Registry Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC' Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000' Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC' Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'Service' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'Legacy' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'DeviceDesc' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'ConfigFlags' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'ClassGUID' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'Class' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Internet URL Shortcuts Files and Directories Finished Scanning Started Backup Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Finished Backup Started Cleaning [SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'. Error=5. [SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'. Error=5. [SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'. Error=5. [SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'. Error=5. Finished Cleaning Started Scanning Internet Cookies Programs in Memory Windows Registry Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC' Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000' Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC' Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'Service' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'Legacy' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'DeviceDesc' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'ConfigFlags' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'ClassGUID' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'Class' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Internet URL Shortcuts Files and Directories Finished Scanning Started Backup Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5. Finished Backup Started Cleaning [SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'. Error=5. [SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'. Error=5. [SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'. Error=5. [SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'. Error=5. Finished Cleaning Started Scanning Internet Cookies Programs in Memory Windows Registry Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC' Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000' Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC' Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'Service' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'Legacy' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'DeviceDesc' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'ConfigFlags' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'ClassGUID' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Found 'Class' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000' Internet URL Shortcuts Files and Directories Finished Scanning