Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windir [RESOLVED]


  • This topic is locked This topic is locked

#16
xanthorea

xanthorea

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
Kool808 the Win 98 disc did repair a file (startup I think) so I tried shuting down.
Same result as before.
I'm not sure if this means anything but I tried running Adaware(OK) and Spybot in
safe mode again.
Spybot would not open and the following message-A fatal exception has occured at
0167:BFF9FFF current application will be terminated.
Then another message- SPYBOTSD caused a segment not present fault in module USER.EXE at 000a:00002a0e.
Again I'm not sure if it means anything but the other day I defraged and turned off
Webshots as wallpaper and screensaver, then when I opened webshots to to re-activate
as wallpaper and screensaver a message -this program has performed an illegal op.
Thanks again for your help :tazz:
  • 0

Advertisements


#17
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Can you uninstall temporarily the Webshots and screen saver for a moment? Also re-install the Ad-Aware and Spybot too. This will have a refresh on the programs. Make sure you have them download the latest definition updates.

Have a full windows update, this will patch up and update your system.
  • 0

#18
xanthorea

xanthorea

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
OK kool808 thanks for reply
I've followed those instructions.
Webshots did not have an uninstall feature so I deleted from start/programs which has
stopped wallpaper/screensaver but Find shows webshots files/folders still on PC.
Windows had no critical updates.
If I try to run spybot straight after adaware in safe mode I get blue screen-
fatal error at 0028:C000078C0 in VXD Vmm(01)+000068C0.
If I run adaware first then restart in safe mode again spybot runs.
In any case they're coming up clean.
Also in add/remove programs FatCatPoker would not uninstall,missing components,
so I re-downloaded,installed and then uninstalled which seems to have removed it.
I'll show another Log justincase.
Logfile of HijackThis v1.99.1
Scan saved at 9:04:34 PM, on 8/1/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\BLSTAPP.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\FIXUM\HIJACKTHIS.EXE

O2 - BHO: IEHelper Class - {F8A53FBE-5846-11D2-A022-006097D2400E} - C:\PROGRAM FILES\MINDMAKER\COMMON FILES\WINDOWS\IELINK.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [BlstApp] C:\WINDOWS\SYSTEM\BlstApp.exe
O4 - HKLM\..\Run: [3Deep Control Panel] C:\Program Files\Sonnetech\3Deep\3deepctl.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [mcupdmgr.exe] C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCUPDMGR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15010/CTPID.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

Thanks heaps for your persistance :tazz:
  • 0

#19
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
This update has known incompatibility and instability issues.
  • Uninstallation
    We need to uninstall the following programs:
  • Go to Control Panel > Add/Remove Programs
  • Please locate if they exist
    • Windows Update KB891711
  • Click Uninstall
  • Confirm with OK
Please close all remaining windows, disconnect from the internet, open HijackThis then click SCAN. Please put a check on the following items listed below:

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

Make sure to double check the items you have selected, then click Fix Checked.

Reboot the computer.

STEP 1
Click HERE to download Pocket Killbox by Option^Explicit. Extract it from the zip file then double-click Killbox.exe to run it.

Select "Delete on Reboot".

Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C


C:\WINDOWS\SYSTEM\fastvideoplayer.dll
C:\WINDOWS\SYSTEM\bUS.dll
C:\WINDOWS\SYSTEM\K404SearchSetup_MS0.exe
C:\WINDOWS\DOWNLOADED PROGRAM FILES\ATPartners.inf
C:\WINDOWS\INF\TWAINTEC.INF
C:\WINDOWS\180ax.log
C:\WINDOWS\SYSTEM\SplWbr.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.inf
C:\My Documents\backups\backup-20040911-210715-218.inf
C:\My Documents\backups\backup-20040911-210715-218.dll
C:\Program Files\WindUpdates\WinKA.exe
C:\Program Files\WindUpdates\Comm.dll



Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Restart in SAFE MODE and Run those files through Killbox once more to be sure nothing survived.

This time place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"


If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again.

STEP 2
Be sure to View Hidden and System Files.

Through Windows Explorer, delete the following folder(s) or files(s) if they exist (in bold):
  • C:\PROGRAM FILES\WindUpdates <-- whole folder
Finally, Empty Recycle Bin

STEP 3
Open up NOTEPAD, then copy & paste the follwing codes (starting from REGEDIT4). Save it on desktop as fixme.reg. Choose file types as ALL FILES.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET]
[-HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}]

Now double-click fixme.reg then allow it to merge to the system.

Reboot in NORMAL MODE.

Have another online scan with Panda Scan then post another log.

Let me know how Spybot is working now.

[EDITED] * Revised my proposed fix.

Edited by kool808, 01 August 2005 - 08:09 AM.

  • 0

#20
xanthorea

xanthorea

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
Kool808 I uninstalled the windows update but it was not in the Hijack this log after.
i.e 04 -HKLM\..\RunServices:[KB891711]C:\WINDOWS\SYSTEM\KB891711.EXE
Downloaded Killbox from 'Here' but did not have to unzip it.
It opened straight away,but I don't seem to be able to get all the lines you've asked for with the CTRL +C
Can you be more specific how to paste from clipboard the most I can get is two entries then just repeats of the first :tazz:
  • 0

#21
xanthorea

xanthorea

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
I'm sorry mate but the the instructions you have given are just nt happening.
The closest I got was a text file opening which allowed me to type all the lines in 'Quote'
and then opening clipboard put them all in Killbox.
However I could not highlight them all and there was no yes for 'Delete on reboot' only OK,and no 'pending operations prompt'
  • 0

#22
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Just highlight everything here starting from C:\WINDOWS\SYSTEM\fastvideoplayer.dll then right-click your mouse choose COPY, that will automatically be placed on clipboard.

C:\WINDOWS\SYSTEM\fastvideoplayer.dll
C:\WINDOWS\SYSTEM\bUS.dll
C:\WINDOWS\SYSTEM\K404SearchSetup_MS0.exe
C:\WINDOWS\DOWNLOADED PROGRAM FILES\ATPartners.inf
C:\WINDOWS\INF\TWAINTEC.INF
C:\WINDOWS\180ax.log
C:\WINDOWS\SYSTEM\SplWbr.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.inf
C:\My Documents\backups\backup-20040911-210715-218.inf
C:\My Documents\backups\backup-20040911-210715-218.dll
C:\Program Files\WindUpdates\WinKA.exe
C:\Program Files\WindUpdates\Comm.dll


Return to Killbox, go to the File menu, and choose "Paste from Clipboard". That will automatically place everything that is contained in the clipboard. Now from the 3 radio button (with small circle selections) just from the leftside of killbox you have three selections standard kill, delete on reboot, replace on reboot here you must choose delete on reboot. You must click the big red circle with a white X symbol on it which says KILL FILE. It will give a confirmation click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
  • 0

#23
xanthorea

xanthorea

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
Thanks Kool808
Panda found the following
Incident Status Location

Adware:adware/fastvideoplayer No disinfected C:\WINDOWS\INF\fastvideoplayer.inf
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:adware/ncase No disinfected C:\TEMP\FLEOK
Adware:adware/wupd No disinfected Windows Registry

Spybot still comes up clean in normal and safe modes.
  • 0

#24
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Very good, nice work.

Reboot in SAFE MODE. (How to boot in Safe Mode...)

Be sure to View Hidden and System Files.

Through Windows Explorer, delete the following folder(s) or files(s) if they exist (in bold):
  • C:\WINDOWS\INF\fastvideoplayer.inf
  • C:\WINDOWS\smdat32m.sys
  • C:\TEMP\FLEOK <-- whole folder
Finally, Empty Recycle Bin

Ran Panda scan again to see the difference. How is your Spybot is it still experiencing errors like before?
  • 0

#25
xanthorea

xanthorea

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
Kool808 I thank you for your help
Spybot has actually been running OK for a few posts now,maybe you could have a
look at previous .
It is not however finding any problems and slow startup and shutdown problems as
previously described still persist.
Panda Scan came up with the following so maybe the fix is near. :tazz:
Incident Status Location

Adware:adware/fastvideoplayer No disinfected Windows Registry
  • 0

Advertisements


#26
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Please download Grinler's pfind from here:
http://www.bleepingcomputer.com/files/pfind.php
Unzip it to the desktop and run pfind.bat.

Once the scan is finished, please CLOSE the Notepad window that pops up. Then please post the entire contents of the file C:\log.txt here for me.
  • 0

#27
xanthorea

xanthorea

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
Kool808 when I go to that address I get to bleeping computers but the address for pfind
-error 404 page could not be found. :tazz:
  • 0

#28
xanthorea

xanthorea

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
Hi again
I had a look around bleepingcomputer posts and nearest I could find was WinPFind.
Followed their instructions which was to open in safe mode for a scan.
Here's the log from that.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 6/28/05 9:58:12 PM 73728 C:\ss.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2 7/19/05 9:04:00 PM 15382755 C:\WINDOWS\VPTNFILE.735
qoologic 7/19/05 9:04:00 PM 15382755 C:\WINDOWS\VPTNFILE.735
SAHAgent 7/19/05 9:04:00 PM 15382755 C:\WINDOWS\VPTNFILE.735
PECompact2 7/19/05 9:04:00 PM 15382755 C:\WINDOWS\lpt$vpn.735
qoologic 7/19/05 9:04:00 PM 15382755 C:\WINDOWS\lpt$vpn.735
SAHAgent 7/19/05 9:04:00 PM 15382755 C:\WINDOWS\lpt$vpn.735
UPX! 7/19/05 9:04:04 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 7/19/05 9:04:04 PM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
aspack 8/5/04 2:02:48 PM 55296 C:\WINDOWS\SYSTEM\msdlupd.dll

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder for system and hidden files within the last 60 days...
8/3/05 11:56:38 AM 10244128 C:\WINDOWS\SYSTEM.DAT
8/3/05 11:56:38 AM 1073184 C:\WINDOWS\USER.DAT
7/28/05 8:25:46 PM 303136 C:\WINDOWS\HWINFO.DAT
8/3/05 3:26:36 AM 5452 C:\WINDOWS\ttfCache
8/3/05 10:57:16 AM 54156 C:\WINDOWS\QTFont.qfn
8/3/05 11:54:42 AM 737555 C:\WINDOWS\ShellIconCache
6/16/05 9:57:10 PM 1536 C:\WINDOWS\All Users\DRM\drmv2.lic
6/16/05 9:57:10 PM 1536 C:\WINDOWS\All Users\DRM\drmv2.sst
7/25/05 11:26:20 PM 1092 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
7/25/05 11:18:56 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3502703738\sqmdata00.sqm
8/3/05 10:56:06 AM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\603458094\sqmdata00.sqm
6/24/05 10:25:46 PM 484 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\2393622195\sqmdata00.sqm
8/3/05 3:26:06 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
8/3/05 10:55:56 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\9516RH7J\desktop.ini
8/3/05 10:56:18 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\Y9GRABCN\desktop.ini
8/3/05 9:32:44 AM 6 C:\WINDOWS\Tasks\SA.DAT

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
6/8/05 4:19:22 PM 600 C:\WINDOWS\Start Menu\Programs\StartUp\Kodak EasyShare software.lnk

Checking files in %USERPROFILE%\Application Data folder...
6/14/05 7:46:08 PM 2289 C:\WINDOWS\Application Data\dw.log
3/10/05 11:17:22 AM 83 C:\WINDOWS\Application Data\sversion.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8A53FBE-5846-11D2-A022-006097D2400E}
IEHelper Class = C:\PROGRAM FILES\MINDMAKER\COMMON FILES\WINDOWS\IELINK.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BA52B914-B692-46c4-B683-905236F6F655} = McAfee VirusScan : C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
TaskMonitor C:\WINDOWS\taskmon.exe
SystemTray SysTray.Exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
BlstApp C:\WINDOWS\SYSTEM\BlstApp.exe
3Deep Control Panel C:\Program Files\Sonnetech\3Deep\3deepctl.exe
LoadQM loadqm.exe
VSOCheckTask "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
VirusScan Online "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
MCAgentExe C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
MCUpdateExe C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
SmcService C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
KodakCCS C:\WINDOWS\System32\Drivers\KodakCCS.exe
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
StillImageMonitor C:\WINDOWS\SYSTEM\STIMON.EXE
LogitechVideoRepair C:\Program Files\Logitech\Video\ISStart.exe
LVComs C:\WINDOWS\SYSTEM\LVComS.exe
mcupdmgr.exe C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCUPDMGR.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent mstask.exe
McVsRte C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
SmcService C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.2.8 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/3/05 12:04:39 PM

Thanks some more Kool808 :tazz:
  • 0

#29
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Howdy!? :tazz: I am sorry for the delay in my reply.

Search for the jobs:

Open notepad and copy and paste next in it:

dir %Windir%\tasks /a:h > files.txt
notepad files.txt

Save this as findjobs.bat , choose to save it as *all files and place it on your desktop.

Doubleclick on op findjobs.bat and post the content of the txtfile you get in your next reply. You can delete this afterwards.
  • 0

#30
xanthorea

xanthorea

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
Good on you Kool808
Here's result
Volume in drive C has no label
Volume Serial Number is 2924-19EF
Directory of C:\WINDOWS\Tasks

SA DAT 6 08-04-05 11:22a SA.DAT
1 file(s) 6 bytes
0 dir(s) 16,234.09 MB free
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP