uno spyware ironico mi chiede di aggiornare windows per difendermi dagli spyware

[Ma, te, oh.]

apprezzo l'ironia.
ma con spybot, senza connessione, col ripristino disattivato
ci sono sempre quei due tre file che non si riescono a estirpare perchè sono "ancora in memoria"

è uno spyware che mi avverte che ci sono spyware, apre pagine di explorer con dei presunti anti-spyware e una finestra farlocca di nod32 mi pare che dice che c'è un file maligno solo che le opzioni "metti in quarantena" "elimina" non sono cliccabili, solo un link esterno.
così come un link che viene proposto di un fantomatico aggiornamento di windows.
che faccio?

[Deifobe]

Scarica SystemScan, disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus

Carica il rapporto che trovi sul desktop su Savefile e posta il link ottenuto

[Ma, te, oh.]

ecco fatto..
spero si veda questo link
perchè è troppo lungo per incollarlo qua

http://mail.google.com/mail/?ui=2&ik...af03e9482f490b

in alternativa allego un link di sendspace.com dove ho caricato il file txt
http://www.sendspace.com/file/q8c8sk

[Ma, te, oh.]

ora appare anche un fastidioso messsaggio popup "Impossibile completare l'operazione perchè l'altro programma è occupato. Scegliere "Passa a" per attivare il programma occupato e risolvere il problema"
si può cliccare su passa a, riprova, mentre annulla è disattivato. chiudo con la crocetta e cliccando sul programma di sfondo, ma appare con frequenza insistente.

[Deifobe]

sii paziente, lo so che cominci ad avere problemi.. sto creando lo script per rimuovere tutti i files presenti.. mi ci corrà ancora un po' perchè le infezioni sono 2

non eseguire scansioni, cortesemente
a dopo

[Ma, te, oh.]

ah, grazie mille per l'impegno!
scusa, non voglio sembrare scortese

[Deifobe]

ecco qui..... buon lavoro..

per iniziare, apri il registro (start => esegui => digita regedit e dai l'ok).
Clicca su "Risorse del computer", poi su "file" => esporta => salva la copia del registro in c:\. Chiudi il registro


1) Scarica Avenger e CCleaner
Scarica, installa e aggiorna malwarebytes

2) Apri il blocco note e nella pagina copia/incolla:

Windows Registry Editor Version 5.00

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft©"=-
"LSA Shellu"=-
"mjc"=-
"Sakora"=-
"SpeedRunner"=-
"SfKg6wIP"=-
"Ieuu"=-
"Jadtssch"=-

[-HKCR\CLSID\{06A1F910-762A-4660-B534-55B82571851C}]

[-HKCR\CLSID\{CFA57E06-8211-46B8-92B7-A05131B0C807}]

salvalo in c:\ con il nome nome: fix.reg
tipo di file: tutti i file


3) Esegui avenger e nella finestra copia/incolla tutta la citazione:

files to delete:
C:\Windows\mssys.exe
C:\Windows\msupdate.exe
C:\Windows\iedll.exe
C:\Windows\cpan.dll
C:\Windows\astctl32.ocx
C:\Windows\accesss.exe
C:\Windows\clrssn.exe
C:\Windows\avpcc.dll
C:\Windows\loader.exe
C:\Windows\mtwirl32.dll
C:\Windows\win32e.exe
C:\Windows\win64.exe
C:\Windows\waol.exe
C:\Windows\winmgnt.exe
C:\Windows\notepad32.exe
C:\Windows\olehelp.exe
C:\Windows\winajbm.dll
C:\Windows\window.exe
C:\Windows\users32.exe
C:\Windows\systeem.exe
C:\Windows\time.exe
C:\Windows\systemcritical.exeS?mantec
C:\Windows\systemcritical.exe
C:\Windows\x.exe
C:\Windows\y.exe
C:\Windows\xxxvideo.hta
C:\Windows\xplugin.dll
C:\Windows\iexplorer.exe
C:\Windows\default.htm
C:\Windows\b156.exe
C:\Windows\b155.exe
C:\Windows\mrofinu1188.exe
C:\Windows\mrofinu1000106.exe
C:\Windows\ctfmon32.exe
C:\Windows\dnsrelay.dll
C:\Windows\editpad.exe
C:\Windows\ctrlpan.dll
C:\Windows\directx32.exe
C:\Windows\funniest.exe
C:\Windows\funny.exe
C:\Windows\explore.exe
C:\Windows\explorer32.exe
C:\Windows\inetinf.exe
C:\Windows\internet.exe
C:\Windows\gfmnaaa.dll
C:\Windows\helpcvs.exe
C:\Windows\msconfd.dll
C:\Windows\rundll32.vbe
C:\Windows\mswsc20.dll
C:\Windows\qttasks.exe
C:\Windows\rundll16.exe
C:\Windows\quicken.exe
C:\Windows\mswsc10.dll
C:\Windows\msspi.dll
C:\Windows\sistem.exe
C:\Windows\svcinit.exe
C:\Windows\svchost32.exe
C:\Windows\searchword.dll
C:\Windows\system32\fcCUKcyW.dll
C:\Windows\system32\nnnmjkIb.dll
C:\Windows\system32\modtrux18
C:\Windows\system32\hljwugsf.bin
C:\Windows\system32\fcCUKcyW.dll
C:\Windows\system32\sofdqoxy.ini
C:\Windows\system32\downloads.bak
C:\Windows\system32\fhsmagky.ini
C:\Windows\system32\ljJaXQki.dll
C:\Windows\system32\ikQXaJjl.ini2
C:\Windows\system32\tpuqtjpl.dll
C:\Windows\system32\ikQXaJjl.ini
C:\Windows\system32\downloads.txt
C:\Windows\system32\WycKUCcf.ini2
C:\Windows\system32\WycKUCcf.ini
C:\Windows\system32\cbXoOFXr.dll
C:\Windows\system32\rXFOoXbc.ini
C:\Windows\system32\rXFOoXbc.ini2
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\lpjtqupt.ini
C:\Windows\system32\tuvWpNDs.dll
C:\Windows\system32\dbdf7c0a-.txt
C:\Windows\system32\hfuruuea.dll
C:\Windows\system32\aeuurufh.ini
C:\Windows\system32\sDNpWvut.ini2
C:\Windows\system32\sDNpWvut.ini
C:\Windows\system32\dllcache\iexplore.exe
C:\Windows\system32\hfuruuea.dll
C:\Windows\system32\cbXoOFXr.dll
C:\Windows\system32\drivers\pavboot.sys
C:\Users\Matteo\lsass.exe
C:\Users\Matteo\AppData\Roaming\Microsoft\Windows\ waiyya.exe
C:\Users\Matteo\Documents\??crosoft\m?iexec.exe
C:\Users\Matteo\Documents\microsoft\msiexec exe
C:\Windows\SMANTE~1\services.exe

folders to delete:
C:\Windows\TWF0dGVv
C:\Windows\system32\rt
C:\Windows\system32\ov
C:\Windows\system32\I3
C:\Program Files\mjc
C:\Program Files\Sakora
C:\Users\Matteo\AppData\Roaming\SpeedRunner
C:\Users\Matteo\Documents\??crosoft
C:\Users\Matteo\Documents\microsoft
C:\Program Files\Temporary

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | d0fcb874
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | MSServer
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | runner1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft©
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks | {06A1F910-762A-4660-B534-55B82571851C}

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{CFA57E06-8211-46B8-92B7-A05131B0C807}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
HKEY_LOCAL_MACHINE\system\controlset001\services\p avboot
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\pavboot
HKEY_LOCAL_MACHINE\system\controlset001\enum\root\ legacy_pavboot
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\r oot\legacy_pavboot

programs to launch on reboot:
c:\fix.reg

Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato

per sicurezza, vai nella cartella C:\Users\Matteo\Documents\??crosoft \ <= controlla che sia stata eliminata


4) Esegui CCleaner e ripulisci i file temporanei e i cookie (eseguilo 2 volte).

5) Svuota C:\WINDOWS\Prefetch

[Deifobe]

6) questa modifica è molto delicata, devi fare esattamente quello che ho scritto

Apri il registro -> Start / Esegui ,digita regedit e dai l'ok
Portati in questa chiave :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Clicca su winlogon e, nella finestra a destra, trova "Userinit"

Nella colonna "dati" vedrai scritto:

c:\windows\system32\userinit.exe,C:\Windows\system32\iftuyszv.exe,

Tutto quello scritto in rosso è la parte che dovrai eliminare, guardala bene

Ora, fai doppio clic su "userinit" e, nella finestra che si apre, elimina solo

C:\Windows\system32\iftuyszv.exe,

(vorgola finale compresa)

Al termine della modifica, nella finestra deve esserci scritto esattamente :

c:\windows\system32\userinit.exe,

(virgola compresa, mi raccomando!)

ATTENZIONE a non eliminare altro, altrimenti il computer non sarà più in grado di riavviarsi!!!

Chiudi il registro, vai nella cartella C:\WINDOWS\system32, trova ed elimina il file iftuyszv.exe.

Riavvia il sistema

7) Esegui una scansione completa con malwarebytes (metti la spunta x la scansione completa) e posta il rapporto.


8) quindi, posta il rapporto della scansione con malwarebytes, un nuovo systemascan e il rapporto di avenger


a dopo..

[Ma, te, oh.]

posto il report di avenger, intanto faccio il resto
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\mssys.exe" deleted successfully.
File "C:\Windows\msupdate.exe" deleted successfully.
File "C:\Windows\iedll.exe" deleted successfully.
File "C:\Windows\cpan.dll" deleted successfully.
File "C:\Windows\astctl32.ocx" deleted successfully.
File "C:\Windows\accesss.exe" deleted successfully.
File "C:\Windows\clrssn.exe" deleted successfully.
File "C:\Windows\avpcc.dll" deleted successfully.
File "C:\Windows\loader.exe" deleted successfully.
File "C:\Windows\mtwirl32.dll" deleted successfully.
File "C:\Windows\win32e.exe" deleted successfully.
File "C:\Windows\win64.exe" deleted successfully.
File "C:\Windows\waol.exe" deleted successfully.
File "C:\Windows\winmgnt.exe" deleted successfully.
File "C:\Windows\notepad32.exe" deleted successfully.
File "C:\Windows\olehelp.exe" deleted successfully.
File "C:\Windows\winajbm.dll" deleted successfully.
File "C:\Windows\window.exe" deleted successfully.
File "C:\Windows\users32.exe" deleted successfully.
File "C:\Windows\systeem.exe" deleted successfully.
File "C:\Windows\time.exe" deleted successfully.

Error: could not open file "C:\Windows\systemcritical.exeS?mantec"
Deletion of file "C:\Windows\systemcritical.exeS?mantec" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name

File "C:\Windows\systemcritical.exe" deleted successfully.
File "C:\Windows\x.exe" deleted successfully.
File "C:\Windows\y.exe" deleted successfully.
File "C:\Windows\xxxvideo.hta" deleted successfully.
File "C:\Windows\xplugin.dll" deleted successfully.
File "C:\Windows\iexplorer.exe" deleted successfully.
File "C:\Windows\default.htm" deleted successfully.
File "C:\Windows\b156.exe" deleted successfully.
File "C:\Windows\b155.exe" deleted successfully.
File "C:\Windows\mrofinu1188.exe" deleted successfully.
File "C:\Windows\mrofinu1000106.exe" deleted successfully.
File "C:\Windows\ctfmon32.exe" deleted successfully.
File "C:\Windows\dnsrelay.dll" deleted successfully.
File "C:\Windows\editpad.exe" deleted successfully.
File "C:\Windows\ctrlpan.dll" deleted successfully.
File "C:\Windows\directx32.exe" deleted successfully.
File "C:\Windows\funniest.exe" deleted successfully.
File "C:\Windows\funny.exe" deleted successfully.
File "C:\Windows\explore.exe" deleted successfully.
File "C:\Windows\explorer32.exe" deleted successfully.
File "C:\Windows\inetinf.exe" deleted successfully.
File "C:\Windows\internet.exe" deleted successfully.
File "C:\Windows\gfmnaaa.dll" deleted successfully.
File "C:\Windows\helpcvs.exe" deleted successfully.
File "C:\Windows\msconfd.dll" deleted successfully.
File "C:\Windows\rundll32.vbe" deleted successfully.
File "C:\Windows\mswsc20.dll" deleted successfully.
File "C:\Windows\qttasks.exe" deleted successfully.
File "C:\Windows\rundll16.exe" deleted successfully.
File "C:\Windows\quicken.exe" deleted successfully.
File "C:\Windows\mswsc10.dll" deleted successfully.
File "C:\Windows\msspi.dll" deleted successfully.
File "C:\Windows\sistem.exe" deleted successfully.
File "C:\Windows\svcinit.exe" deleted successfully.
File "C:\Windows\svchost32.exe" deleted successfully.
File "C:\Windows\searchword.dll" deleted successfully.
File "C:\Windows\system32\fcCUKcyW.dll" deleted successfully.

Error: file "C:\Windows\system32\nnnmjkIb.dll" not found!
Deletion of file "C:\Windows\system32\nnnmjkIb.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: "C:\Windows\system32\modtrux18" is a folder, not a file!
Deletion of file "C:\Windows\system32\modtrux18" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory

File "C:\Windows\system32\hljwugsf.bin" deleted successfully.

Error: file "C:\Windows\system32\fcCUKcyW.dll" not found!
Deletion of file "C:\Windows\system32\fcCUKcyW.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

[Ma, te, oh.]

File "C:\Windows\system32\sofdqoxy.ini" deleted successfully.
File "C:\Windows\system32\downloads.bak" deleted successfully.
File "C:\Windows\system32\fhsmagky.ini" deleted successfully.
File "C:\Windows\system32\ljJaXQki.dll" deleted successfully.
File "C:\Windows\system32\ikQXaJjl.ini2" deleted successfully.
File "C:\Windows\system32\tpuqtjpl.dll" deleted successfully.
File "C:\Windows\system32\ikQXaJjl.ini" deleted successfully.
File "C:\Windows\system32\downloads.txt" deleted successfully.
File "C:\Windows\system32\WycKUCcf.ini2" deleted successfully.
File "C:\Windows\system32\WycKUCcf.ini" deleted successfully.
File "C:\Windows\system32\cbXoOFXr.dll" deleted successfully.
File "C:\Windows\system32\rXFOoXbc.ini" deleted successfully.
File "C:\Windows\system32\rXFOoXbc.ini2" deleted successfully.
File "C:\Windows\system32\mcrh.tmp" deleted successfully.
File "C:\Windows\system32\lpjtqupt.ini" deleted successfully.

Error: file "C:\Windows\system32\tuvWpNDs.dll" not found!
Deletion of file "C:\Windows\system32\tuvWpNDs.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Windows\system32\dbdf7c0a-.txt" deleted successfully.
File "C:\Windows\system32\hfuruuea.dll" deleted successfully.
File "C:\Windows\system32\aeuurufh.ini" deleted successfully.

Error: file "C:\Windows\system32\sDNpWvut.ini2" not found!
Deletion of file "C:\Windows\system32\sDNpWvut.ini2" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Windows\system32\sDNpWvut.ini" not found!
Deletion of file "C:\Windows\system32\sDNpWvut.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\Windows\system32\dllcache\iexplore.exe"
Deletion of file "C:\Windows\system32\dllcache\iexplore.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\Windows\system32\hfuruuea.dll" not found!
Deletion of file "C:\Windows\system32\hfuruuea.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Windows\system32\cbXoOFXr.dll" not found!
Deletion of file "C:\Windows\system32\cbXoOFXr.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Windows\system32\drivers\pavboot.sys" deleted successfully.
File "C:\Users\Matteo\lsass.exe" deleted successfully.
File "C:\Users\Matteo\AppData\Roaming\Microsoft\Windows \waiyya.exe" deleted successfully.

Error: could not open file "C:\Users\Matteo\Documents\??crosoft\m?iexec.e xe"
Deletion of file "C:\Users\Matteo\Documents\??crosoft\m?iexec.e xe" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name


Error: could not open file "C:\Users\Matteo\Documents\microsoft\msiexec exe"
Deletion of file "C:\Users\Matteo\Documents\microsoft\msiexec exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

File "C:\Windows\SMANTE~1\services.exe" deleted successfully.
Folder "C:\Windows\TWF0dGVv" deleted successfully.
Folder "C:\Windows\system32\rt" deleted successfully.
Folder "C:\Windows\system32\ov" deleted successfully.
Folder "C:\Windows\system32\I3" deleted successfully.
Folder "C:\Program Files\mjc" deleted successfully.
Folder "C:\Program Files\Sakora" deleted successfully.
Folder "C:\Users\Matteo\AppData\Roaming\SpeedRunner" deleted successfully.

Error: could not open folder "C:\Users\Matteo\Documents\??crosoft"
Deletion of folder "C:\Users\Matteo\Documents\??crosoft" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name


Error: folder "C:\Users\Matteo\Documents\microsoft" not found!
Deletion of folder "C:\Users\Matteo\Documents\microsoft" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\Program Files\Temporary" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\system\controlset001\services\ pavboot" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\system\currentcontrolset\servi ces\pavboot" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\system\currentcontrolset\servi ces\pavboot" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\system\controlset001\enum\root \legacy_pavboot" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\ root\legacy_pavboot" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\ root\legacy_pavboot" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n|d0fcb874" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n|MSServer" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n|runner1" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n|Microsoft©" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellExecuteHooks|{06A1F910-762A-4660-B534-55B82571851C}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}" deleted successfully.

Error: registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{CFA57E06-8211-46B8-92B7-A05131B0C807}" not found!
Deletion of registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{CFA57E06-8211-46B8-92B7-A05131B0C807}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}" deleted successfully.
Program "c:\fix.reg" successfully queued to run on reboot.

Completed script processing.

*******************

Finished! Terminate.