1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HJT Log

Discussion in 'Virus & Other Malware Removal' started by Selune, Jul 14, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Selune

    Selune Thread Starter

    Joined:
    Jan 18, 2004
    Messages:
    46
    It takes like 7min for my laptop to boot up... I've scanned for spyware w/spybot & adaware, found some, removed it, and the only things I have loading in the startup are McAfee Security Center (takes like 4-5min to even get to it), windows defender, my mouse and spyware guard.

    Here is my HJT Log

    Logfile of HijackThis v1.99.1
    Scan saved at 10:40:53 PM, on 7/13/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Program Files\Maxthon\Maxthon.exe
    C:\Documents and Settings\RON JUHLIN JR\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,240
    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires it becomes freeware with reduced functions but still worth keeping.



    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Run ActiveScan online virus scan: here

    When the scan is finished, save the results from the scan!


    Come back here and post a new HijackThis log along with the logs from the Ewido and Panda scans.
     
  3. Selune

    Selune Thread Starter

    Joined:
    Jan 18, 2004
    Messages:
    46
    ok, did all that here are the scans...


    Logfile of HijackThis v1.99.1
    Scan saved at 12:55:55 PM, on 7/14/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Program Files\Maxthon\Maxthon.exe
    C:\Documents and Settings\RON JUHLIN JR\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 12:12:54 PM 7/14/2006

    + Scan result:



    C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\RON JUHLIN JR\Local Settings\Temp\Cookies\ron juhlin [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    C:\Documents and Settings\RON JUHLIN JR\Local Settings\Temp\Cookies\ron juhlin [email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
    C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\RON JUHLIN JR\Local Settings\Temp\Cookies\ron juhlin [email protected][1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


    ::Report end



    Incident Status Location

    Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
    Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
    Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}
    Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][2].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][1].txt
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,240
    Go to Control Panel – Add/Remove programs and remove the following, if there:

    MyWay
    FunWebProducts



    Click Here and download Killbox and save it to your desktop but don’t run it yet.


    Then boot to safe mode:


    How to restart to safe mode


    Double-click on Killbox.exe to run it.
    • Put a tick by Standard File Kill.
    • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

      c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf

      c:\program files\MyWay

      c:\program files\Altnet


    • Click on the button that has the red circle with the X in the middle after you enter each file.
    • It will ask for confirmation to delete the file.
    • Click Yes.
    • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
    • Killbox may tell you that one or more files do not exist.
    • If that happens, just continue on with all the files. Be sure you don't miss any.
    • Next in Killbox go to Tools > Delete Temp Files
    • In the window that pops up, put a check by ALL the options there except these three:
      • XP Prefetch
      • Recent
      • History
    • Now click the Delete Selected Temp Files button.
    • Exit the Killbox.


    Boot back to Windows normally and runanother Panda ActiveScan and post the results please.
     
  5. Selune

    Selune Thread Starter

    Joined:
    Jan 18, 2004
    Messages:
    46
    thanks!

    here's the new scan...


    Incident Status Location

    Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}
    Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
    Potentially unwanted tool:Application/FunWeb Not disinfected C:\!KillBox\f3initialsetup1.0
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][2].txt
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,240
    I'm attaching a FixSelune.zip file to this post. Save it to your desktop. Unzip it and double click on the FixSelune.reg file and allow it to enter into the registry.

    Reboot and do another Panda scan and post the log please.
     

    Attached Files:

  7. Selune

    Selune Thread Starter

    Joined:
    Jan 18, 2004
    Messages:
    46
    I just realized I missed this part.... I don't have anything on FunWeb in my add/remove programs but I do have MyWay there but with no option to uninstall
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,240
    That's fine. You can run the .reg file now.
     
  9. Selune

    Selune Thread Starter

    Joined:
    Jan 18, 2004
    Messages:
    46
    ok, ran the reg file, here is the new log



    Incident Status Location

    Potentially unwanted tool:Application/FunWeb Not disinfected C:\!KillBox\f3initialsetup1.0
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][1].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][1].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\RON JUHLIN JR\Cookies\ron juhlin [email protected][1].txt
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,240
    How are things running now?
     
  11. Selune

    Selune Thread Starter

    Joined:
    Jan 18, 2004
    Messages:
    46
    smoother, thank you very much.... It's cut down on the boot up time, it's still taking around 5min though, start to finish
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,240
    Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Don’t do anything with it yet!


    Click here for info on how to boot to safe mode if you don't already know how.


    Reboot into Safe Mode.


    Double click WinPFind.exe
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    Reboot back to Normal Mode!


    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Copy and paste WinPFind.txt in your next post here please.
     
  13. Selune

    Selune Thread Starter

    Joined:
    Jan 18, 2004
    Messages:
    46
    Checking Selected Standard Folders

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...

    Checking %System% folder...
    PEC2 8/4/2004 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
    PTech 5/23/2006 5:26:00 PM 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
    aspack 7/6/2006 6:21:46 PM 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 8/4/2004 4:00:00 AM 708096 C:\WINDOWS\SYSTEM32\NTDLL.DLL
    Umonitor 8/4/2004 4:00:00 AM 657920 C:\WINDOWS\SYSTEM32\RASDLG.DLL
    winsync 8/4/2004 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
    PTech 5/23/2006 5:25:52 PM 285488 C:\WINDOWS\SYSTEM32\WgaTray.exe

    Checking %System%\Drivers folder and sub-folders...

    Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    7/14/2006 7:50:34 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
    5/19/2006 8:53:56 AM S 16203 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914388.cat
    5/29/2006 9:16:00 AM S 23751 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
    5/18/2006 12:15:12 AM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
    6/1/2006 1:28:56 PM S 11043 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
    5/23/2006 5:27:00 PM S 7160 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
    7/14/2006 7:49:56 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
    7/14/2006 7:52:58 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
    7/14/2006 7:50:38 PM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
    7/14/2006 8:23:36 PM H 118784 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
    7/14/2006 7:50:58 PM H 1146880 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
    7/13/2006 9:16:02 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
    5/30/2006 8:14:28 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\219e2355-c55d-4717-b3ce-78a51d42aa5e
    5/30/2006 8:14:28 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\Preferred
    7/14/2006 7:54:36 PM H 370 C:\WINDOWS\Tasks\MP Scheduled Scan.job
    7/14/2006 7:47:52 PM H 6 C:\WINDOWS\Tasks\SA.DAT
    7/14/2006 3:08:34 PM HS 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini
    7/14/2006 3:08:34 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
    7/14/2006 3:08:34 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0HUB85QR\desktop.ini
    7/14/2006 3:08:34 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2TULCFIR\desktop.ini
    7/14/2006 3:08:34 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\EHXFB5GT\desktop.ini
    7/14/2006 3:08:34 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WRM58ZM1\desktop.ini

    Checking for CPL files...
    Microsoft Corporation 8/4/2004 4:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 549888 C:\WINDOWS\SYSTEM32\APPWIZ.CPL
    Broadcom Corporation 5/14/2003 5:47:38 PM 815104 C:\WINDOWS\SYSTEM32\B57exp.cpl
    Dell Computer Corporation 2/20/2004 3:13:54 PM 958464 C:\WINDOWS\SYSTEM32\BCMWLCPL.CPL
    Borland Software Corporation 10/7/2003 12:39:00 PM 184320 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 110592 C:\WINDOWS\SYSTEM32\BTHPROPS.CPL
    Microsoft Corporation 8/4/2004 4:00:00 AM 135168 C:\WINDOWS\SYSTEM32\DESK.CPL
    Microsoft Corporation 8/4/2004 4:00:00 AM 80384 C:\WINDOWS\SYSTEM32\FIREWALL.CPL
    Microsoft Corporation 8/4/2004 4:00:00 AM 155136 C:\WINDOWS\SYSTEM32\HDWWIZ.CPL
    Microsoft Corporation 8/4/2004 4:00:00 AM 358400 C:\WINDOWS\SYSTEM32\INETCPL.CPL
    Microsoft Corporation 8/4/2004 4:00:00 AM 129536 C:\WINDOWS\SYSTEM32\INTL.CPL
    Microsoft Corporation 8/4/2004 4:00:00 AM 380416 C:\WINDOWS\SYSTEM32\IRPROPS.CPL
    Microsoft Corporation 8/4/2004 4:00:00 AM 68608 C:\WINDOWS\SYSTEM32\JOY.CPL
    Sun Microsystems, Inc. 3/4/2005 3:36:44 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
    Microsoft Corporation 8/4/2004 4:00:00 AM 618496 C:\WINDOWS\SYSTEM32\MMSYS.CPL
    Microsoft Corporation 8/4/2004 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
    Microsoft Corporation 8/4/2004 4:00:00 AM 25600 C:\WINDOWS\SYSTEM32\NETSETUP.CPL
    Microsoft Corporation 8/4/2004 4:00:00 AM 257024 C:\WINDOWS\SYSTEM32\NUSRMGR.CPL
    Microsoft Corporation 8/4/2004 4:00:00 AM 32768 C:\WINDOWS\SYSTEM32\ODBCCP32.CPL
    Microsoft Corporation 8/4/2004 4:00:00 AM 114688 C:\WINDOWS\SYSTEM32\POWERCFG.CPL
    RealNetworks, Inc. 7/7/2005 7:52:16 PM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
    SigmaTel Inc. 7/20/2004 10:14:06 AM 102481 C:\WINDOWS\SYSTEM32\stac97.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 298496 C:\WINDOWS\SYSTEM32\SYSDM.CPL
    Microsoft Corporation 8/4/2004 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
    Microsoft Corporation 8/4/2004 4:00:00 AM 94208 C:\WINDOWS\SYSTEM32\TIMEDATE.CPL
    Microsoft Corporation 8/4/2004 4:00:00 AM 148480 C:\WINDOWS\SYSTEM32\WSCUI.CPL
    Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\access.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 155136 C:\WINDOWS\SYSTEM32\DLLCACHE\hdwwiz.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 358400 C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 129536 C:\WINDOWS\SYSTEM32\DLLCACHE\intl.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\joy.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\DLLCACHE\main.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 618496 C:\WINDOWS\SYSTEM32\DLLCACHE\mmsys.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\DLLCACHE\ncpa.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 257024 C:\WINDOWS\SYSTEM32\DLLCACHE\nusrmgr.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 32768 C:\WINDOWS\SYSTEM32\DLLCACHE\odbccp32.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 114688 C:\WINDOWS\SYSTEM32\DLLCACHE\powercfg.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 155648 C:\WINDOWS\SYSTEM32\DLLCACHE\sapi.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 298496 C:\WINDOWS\SYSTEM32\DLLCACHE\sysdm.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\DLLCACHE\telephon.cpl
    Microsoft Corporation 8/4/2004 4:00:00 AM 94208 C:\WINDOWS\SYSTEM32\DLLCACHE\timedate.cpl
    Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    8/10/2004 12:04:12 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
    4/2/2006 12:53:06 AM 1687 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    8/10/2004 11:57:42 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
    2/3/2005 1:04:46 PM 774 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

    Checking files in %USERPROFILE%\Startup folder...
    8/10/2004 12:04:12 PM HS 84 C:\Documents and Settings\RON JUHLIN JR\Start Menu\Programs\Startup\DESKTOP.INI
    7/9/2006 9:16:30 PM 650 C:\Documents and Settings\RON JUHLIN JR\Start Menu\Programs\Startup\SpywareGuard.lnk

    Checking files in %USERPROFILE%\Application Data folder...
    8/10/2004 11:57:42 AM HS 62 C:\Documents and Settings\RON JUHLIN JR\Application Data\DESKTOP.INI
    2/6/2005 3:53:50 AM 12358 C:\Documents and Settings\RON JUHLIN JR\Application Data\PFP120JCM.{PB
    2/6/2005 3:53:50 AM 61678 C:\Documents and Settings\RON JUHLIN JR\Application Data\PFP120JPR.{PB
    1/24/2005 9:06:04 AM 4 C:\Documents and Settings\RON JUHLIN JR\Application Data\QSPMShare

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    SV1 =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    {81559C35-8464-49F7-BB0E-07A383BEF910} = C:\Program Files\SpywareGuard\spywareguard.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
    {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
    {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
    = c:\progra~1\mcafee.com\vso\mcvsshl.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
    = c:\progra~1\mcafee.com\vso\mcvsshl.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
    {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-6CB0-410C-8C3D-8FA8D2011D0A}
    DownloadRedirect Class = C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}
    McBrwHelper Class = c:\program files\mcafee.com\mps\mcbrhlpr.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EC8255F-E043-4cae-8B3B-B191550C2A22}
    McAfee Privacy Service Popup Blocker = c:\program files\mcafee.com\mps\popupkiller.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}
    McAfee AntiPhishing Filter = c:\program files\mcafee\spamkiller\mcapfbho.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}
    SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
    Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}
    ST = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
    MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    &Tip of the Day = %SystemRoot%\system32\shdocvw.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
    Real.com = C:\WINDOWS\system32\Shdocvw.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    {BA52B914-B692-46c4-B683-905236F6F655} = McAfee VirusScan : c:\progra~1\mcafee.com\vso\mcvsshl.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}
    MenuText = McAfee AntiPhishing Filter : c:\program files\mcafee\spamkiller\mcapfbho.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
    ButtonText = Yahoo! Services :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
    ButtonText = Research :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    ButtonText = Real.com :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
    ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
    Favorites Band = %SystemRoot%\system32\shdocvw.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
    {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    MCUpdateExe c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    VSOCheckTask "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    VirusScan Online C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    OASClnt C:\Program Files\McAfee.com\VSO\oasclnt.exe
    MPFExe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    MPSExe c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    MSKAGENTEXE C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    MSKDetectorExe C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    !ewido "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk
    path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\DIGITA~1\DLG.exe
    item Digital Line Detect
    path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\DIGITA~1\DLG.exe
    item Digital Line Detect

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk
    path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
    item HP Digital Imaging Monitor
    path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
    item HP Digital Imaging Monitor

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aim6
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item AOLLaunch
    hkey HKCU
    command "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item AOLLaunch
    hkey HKCU
    command "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    inimapping 0
     
  14. Selune

    Selune Thread Starter

    Joined:
    Jan 18, 2004
    Messages:
    46
    2nd half (was too long for one post)



    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apoint
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item Apoint
    hkey HKLM
    command C:\Program Files\Apoint\Apoint.exe
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item Apoint
    hkey HKLM
    command C:\Program Files\Apoint\Apoint.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIPTA
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item atiptaxx
    hkey HKLM
    command C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item atiptaxx
    hkey HKLM
    command C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bacstray
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item BacsTray
    hkey HKLM
    command BacsTray.exe
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item BacsTray
    hkey HKLM
    command BacsTray.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dell QuickSet
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item Quickset
    hkey HKLM
    command C:\Program Files\Dell\QuickSet\Quickset.exe
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item Quickset
    hkey HKLM
    command C:\Program Files\Dell\QuickSet\Quickset.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DellSupport
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item DSAgnt
    hkey HKCU
    command "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item DSAgnt
    hkey HKCU
    command "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DMXLauncher
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item DMXLauncher
    hkey HKLM
    command C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item DMXLauncher
    hkey HKLM
    command C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DVDLauncher
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item DVDLauncher
    hkey HKLM
    command "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item DVDLauncher
    hkey HKLM
    command "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DXDllRegExe
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item dxdllreg
    hkey HKLM
    command dxdllreg.exe
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item dxdllreg
    hkey HKLM
    command dxdllreg.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item AOLSoftware
    hkey HKLM
    command C:\Program Files\Common Files\AOL\1145321923\ee\AOLSoftware.exe
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item AOLSoftware
    hkey HKLM
    command C:\Program Files\Common Files\AOL\1145321923\ee\AOLSoftware.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Component Manager
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item hpcmpmgr
    hkey HKLM
    command "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item hpcmpmgr
    hkey HKLM
    command "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item HPWuSchd2
    hkey HKLM
    command "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item HPWuSchd2
    hkey HKLM
    command "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item iTunesHelper
    hkey HKLM
    command "C:\Program Files\iTunes\iTunesHelper.exe"
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item iTunesHelper
    hkey HKLM
    command "C:\Program Files\iTunes\iTunesHelper.exe"
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Hardware Abstraction Layer
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item KHALMNPR
    hkey HKLM
    command KHALMNPR.EXE
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item KHALMNPR
    hkey HKLM
    command KHALMNPR.EXE
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item MsnMsgr
    hkey HKCU
    command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item MsnMsgr
    hkey HKCU
    command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Email Plugin
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item mwsoemon
    hkey HKLM
    command C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item mwsoemon
    hkey HKLM
    command C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item qttask
    hkey HKLM
    command "C:\Program Files\QuickTime\qttask.exe" -atboottime
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item qttask
    hkey HKLM
    command "C:\Program Files\QuickTime\qttask.exe" -atboottime
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item RealPlay
    hkey HKLM
    command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item RealPlay
    hkey HKLM
    command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item jusched
    hkey HKLM
    command C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item jusched
    hkey HKLM
    command C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMC_AutoUpdate
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item
    hkey HKLM
    command
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item
    hkey HKLM
    command
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini 0
    win.ini 0
    bootini 0
    services 0
    startup 2


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments
    ScanWithAntiVirus 3


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
    {17492023-C23A-453E-A040-C7C580BBF700} 1

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
    Key ¥“ Ú¯†Ð3ímK^ìs
    FileName0 C:\WINDOWS\system32\RSACi.rat

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
    Allow_Unknowns 0
    PleaseMom 1
    Enabled 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    dontdisplaylastusername 0
    legalnoticecaption
    legalnoticetext
    shutdownwithoutlogon 1
    undockwithoutlogon 1


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    NoDriveTypeAutoRun 145

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    DisableRegistryTools 0


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
    CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
    WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
    SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    Shell = Explorer.exe
    System =

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
    = Ati2evxx.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
    = WgaLogon.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    Debugger = ntsd -d

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
    Scan completed on 7/14/2006 8:37:16 PM
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,240
    Click Here and download Killbox and save it to your desktop but don’t run it yet.


    I'm attaching a FixSelune2.zip file. Unzip it to your desktop but don't run it yet.


    Then boot to safe mode:


    How to restart to safe mode


    Double-click on Killbox.exe to run it.
    • Put a tick by Standard File Kill.
    • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

      C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

      C:\PROGRAM FILES\MYWEBSEARCH


    • Click on the button that has the red circle with the X in the middle after you enter each file.
    • It will ask for confirmation to delete the file.
    • Click Yes.
    • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
    • Killbox may tell you that one or more files do not exist.
    • If that happens, just continue on with all the files. Be sure you don't miss any.
    • Next in Killbox go to Tools > Delete Temp Files
    • In the window that pops up, put a check by ALL the options there except these three:
      • XP Prefetch
      • Recent
      • History
    • Now click the Delete Selected Temp Files button.
    • Exit the Killbox.


    Double click on the FixSelune2.reg file on your desktop and allow it to enter into the registry.


    Boot back to Windows normally and run another scan with WinpFind and post the log please.
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/483079

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice