Unknown process

Discussion in 'adware, spyware & hijack cleaning' started by okitismine, Nov 7, 2003.

Thread Status:
Not open for further replies.
  1. okitismine

    okitismine Registered Member

    Joined:
    Nov 7, 2003
    Posts:
    4
    :rolleyes:
    This started out as an attempt to fund out what a process was and what it may have benn doing and has become my daily nightmare.

    IF anyone here has spent time in the DSLR sercuity fourm you may have seen the problem.

    Here is the lastest HIjack this log. I Have run adware, TDS-3, NAV and Wormguard. Hijack found a few things but I would assume that some things are still here. Gav suggested I post here the log. I also have files from the date this all started which seem to under control at this point but whos knows!

    Gavin suggested I should spend some time here to get this removed.

    One last thing, My son did this to my PC not ME.

    :rolleyes:

    Sorry, as a newbee it guess it is expected.

    Logfile of HijackThis v1.97.3
    Scan saved at 3:06:59 PM, on 11/7/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POPROXY.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.dslreports.com/"); (C:\Program Files\Netscape\Users\blow\prefs.js)
    O1 - Hosts: 203.161.127.141 www.dcsresearch.com
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton SystemWorks\Norton AntiVirus\POPROXY.EXE
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: ICQ Lite (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
    O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab
    O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37872.3185069444
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
    O16 - DPF: Yahoo! Games Voice Chat - http://yog55.games.scd.yahoo.com/yog/y/va1_x.cab
    O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
    O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
    O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtm_x.cab
    O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Hi okitismine,

    It appears the HijackThis log did not post. Did you try to attach it? If you can't do that, just paste it all right into a new post reply here.

    Edit: By the way, if you did try to attach a log file but used the post Preview function between attaching and posting, that removes prevents the attachment from coming through. It is best to just paste the text of the full log into the posting window anyway.
     
  3. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi okitisme,

    Welcome to Wilders!

    Actually your log is quite clean (now). You might want to remove some unneeded entries, if you do, close out of all programs / windows and select and fix the following;

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    Regards,

    Dan
     
  4. okitismine

    okitismine Registered Member

    Joined:
    Nov 7, 2003
    Posts:
    4
    Newbee mistake type stuff without being logged and then click reply, type it all over again. I liked the stuff I typed the first time!

    Thanks for the welcome :)

    Nothing seemd to catch this at first, I wonder if things are still leftover!

    I have many files created on 10/29/03 which include .exe files, I am not sure if they belong or not. I am by no means a windows expert, I am a router/ network guy. But I do know this PC very well and those in my house very well.

    I beleive that the source of all is winfavorites.exe/exe1 file, which is the first process I seen I did not like. I killed that and quarantined it and then deleted. within hours. Next was utwevpdt.exe which seemed not to be doing much at all other than running.

    I find myself sitting here wondering WHY the heck I went back to windows. When I was trained and use UNIX in the 80's.

    thanks guys so far, but I would realy like to make sure I am clean.
     
  5. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
  6. okitismine

    okitismine Registered Member

    Joined:
    Nov 7, 2003
    Posts:
    4
    DiamondCS Autostart Viewer (www.diamondcs.com.au) - Report for Ed@ED'S, 11-07-2003
    c:\autoexec.bat
    c:\windows\cwcdata\cwrdos.exe
    c:\config.sys
    C:\Dvdrom\oakcdrom.sys /d:gem001
    C:\WINDOWS\dosstart.bat
    c:\windows\command\MSCDEX.EXE /D:gem001
    c:\mouse\MOUSE.exe
    c:\windows\system.ini [boot]\shell
    C:\WINDOWS\Explorer.exe
    c:\windows\system.ini [boot]\scrnsave.exe
    C:\WINDOWS\SYSTEM\BLANKS~1.SCR
    HKCR\htafile\shell\open\command\
    C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Norton eMail Protect
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\POPROXY.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Norton Auto-Protect
    C:\PROGRA~1\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\LoadPowerProfile
    Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ScriptBlocking
    C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\SchedulingAgent
    C:\WINDOWS\system\mstask.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    C:\WINDOWS\SYSTEM\WEBCHECK.DLL
    C:\WINDOWS\Tasks\Symantec NetDetect.job
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\NDETECT.EXE
    C:\WINDOWS\Tasks\Scan once.job
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\SCNHNDLR.EXE
    C:\WINDOWS\Start Menu\Programs\StartUp\Office Startup.lnk
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\WINDOWS\system\iosubsys\
    C:\WINDOWS\system\iosubsys\BIGMEM.DRV
    C:\WINDOWS\system\iosubsys\ESDI_506.PDR
    C:\WINDOWS\system\iosubsys\HSFLOP.PDR
    C:\WINDOWS\system\iosubsys\RMM.PDR
    C:\WINDOWS\system\iosubsys\SCSIPORT.PDR
    C:\WINDOWS\system\iosubsys\ATAPCHNG.VXD
    C:\WINDOWS\system\iosubsys\CDFS.VXD
    C:\WINDOWS\system\iosubsys\CDTSD.VXD
    C:\WINDOWS\system\iosubsys\CDVSD.VXD
    C:\WINDOWS\system\iosubsys\DISKTSD.VXD
    C:\WINDOWS\system\iosubsys\DISKVSD.VXD
    C:\WINDOWS\system\iosubsys\DRVSPACX.VXD
    C:\WINDOWS\system\iosubsys\DRVWCDB.VXD
    C:\WINDOWS\system\iosubsys\DRVWPPQT.VXD
    C:\WINDOWS\system\iosubsys\DRVWQ117.VXD
    C:\WINDOWS\system\iosubsys\NECATAPI.VXD
    C:\WINDOWS\system\iosubsys\SCSI1HLP.VXD
    C:\WINDOWS\system\iosubsys\TORISAN3.VXD
    C:\WINDOWS\system\iosubsys\VOLTRACK.VXD
    C:\WINDOWS\system\iosubsys\CDR4VSD.VXD
    C:\WINDOWS\system\iosubsys\apix.BAK
    C:\WINDOWS\system\iosubsys\APIX.VXD
    C:\WINDOWS\system\iosubsys\cdudf.vxd
    C:\WINDOWS\system\iosubsys\cdrpwd.vxd
    C:\WINDOWS\system\iosubsys\cdudfrw.vxd
    C:\WINDOWS\system\iosubsys\IOMEGA.VXD
    C:\WINDOWS\system\iosubsys\cdralvsd.vxd
    C:\WINDOWS\system\iosubsys\acbhlpr.vxd
    C:\WINDOWS\system\iosubsys\SMARTVSD.VXD
    C:\WINDOWS\system32\vmm32\
    C:\WINDOWS\system\vmm32\ifsmgr.vxd
    C:\WINDOWS\system\vmm32\ios.vxd
    C:\WINDOWS\system\vmm32\mrci2.vxd
    C:\WINDOWS\system\vmm32\qemmfix.vxd
    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
    c:\windows\SYSTEM\mswsosp.dll
    c:\windows\SYSTEM\msafd.dll
    c:\windows\SYSTEM\rsvpsp.dll
    HKLM\Software\Microsoft\Active Setup\Installed Components\SetupcPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 c:\windows\INF\setupc.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\AppletsPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 c:\windows\INF\applets.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\FontsPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 c:\windows\INF\fonts.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}\
    rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_ICW_Inis\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 c:\windows\INF\icw97.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\
    rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}
    HKLM\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS\
    RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    HKLM\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4395}\
    rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\SYSTEM\ie4uinit.inf,Shell.UserStub,,36
    HKLM\Software\Microsoft\Active Setup\Installed Components\>PerUser_MSN_Clean\
    c:\windows\msnmgsr1.exe
    HKLM\Software\Microsoft\Active Setup\Installed Components\{CA0A4247-44BE-11d1-A005-00805F8ABE06}\
    RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_Msinfo\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 c:\windows\INF\msinfo.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_Msinfo2\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 c:\windows\INF\msinfo.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\MotownMmsysPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 c:\windows\INF\motown.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\MotownAvivideoPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 c:\windows\INF\motown.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\MmoptPreferredAudioDevices\
    rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,@0,SPCI\VEN_1013&DEV_6005&SUBSYS_3154109F&REV_01\48F000
    HKLM\Software\Microsoft\Active Setup\Installed Components\MotownMPlayPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 c:\windows\INF\mplay98.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_Base\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 c:\windows\INF\msmail.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\ShellPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 c:\windows\INF\shell.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\Shell2PerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 c:\windows\INF\shell2.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_winbase_Links\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 c:\windows\INF\subase.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_winapps_Links\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 c:\windows\INF\subase.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_LinkBar_URLs\
    c:\windows\COMMAND\sulfnbk.exe /L
    HKLM\Software\Microsoft\Active Setup\Installed Components\TapiPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 c:\windows\INF\tapi.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}\
    rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfldrs.inf,PerUserStub.Install,1
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUserOldLinks\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 c:\windows\INF\appletpp.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\MmoptRegisterPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 c:\windows\INF\mmopt.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\OlsPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 c:\windows\INF\ols.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\OlsMsnPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 c:\windows\INF\ols.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_Paint_Inis\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 c:\windows\INF\applets.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_Calc_Inis\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 c:\windows\INF\applets.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_dxxspace_Links\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 c:\windows\INF\applets1.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_MSBackup_Inis\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 c:\windows\INF\applets1.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_CVT_Inis\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 c:\windows\INF\applets1.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_Enable_Inis\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 c:\windows\INF\enable.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\MotownRecPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser_remove 64 c:\windows\INF\motown.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_Vol\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol_remove 64 c:\windows\INF\motown.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_MSWordPad_Inis\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 c:\windows\INF\wordpad.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_RNA_Inis\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_RNA_remove 64 c:\windows\INF\rna.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_Wingames_Inis\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 c:\windows\INF\appletpp.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_Sysmon_Inis\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 c:\windows\INF\appletpp.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_Sysmeter_Inis\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 c:\windows\INF\appletpp.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_netwatch_Inis\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 c:\windows\INF\appletpp.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_CharMap_Inis\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 c:\windows\INF\appletpp.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_Onlinelnks_Inis\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis 64 c:\windows\INF\appletpp.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_Dialer_Inis\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 c:\windows\INF\appletpp.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_ClipBrd_Inis\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 c:\windows\INF\clip.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\MmoptMusicaPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 c:\windows\INF\mmopt.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\MmoptJunglePerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 c:\windows\INF\mmopt.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\MmoptRobotzPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 c:\windows\INF\mmopt.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\MmoptUtopiaPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 c:\windows\INF\mmopt.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\PerUser_CDPlayer_Inis\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis_remove 64 c:\windows\INF\mmopt.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015C}\
    rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95
    HKLM\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\
    rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
    HKLM\Software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}\
    rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}
    HKLM\Software\Microsoft\Active Setup\Installed Components\OlsAolPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUserRemove 64 c:\windows\INF\ols.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\OlsAttPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUserRemove 64 c:\windows\INF\ols.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\OlsCompuservePerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUserRemove 64 c:\windows\INF\ols.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\OlsProdigyPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUserRemove 64 c:\windows\INF\ols.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\Shell3PerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 c:\windows\INF\shell3.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\Theme_Windows_PerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 c:\windows\INF\themes.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\Theme_MoreWindows_PerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 c:\windows\INF\themes.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}\
    rundll32.exeadvpack.dll
    HKLM\Software\Microsoft\Active Setup\Installed Components\>IEPerUser\
    RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP
    HKLM\Software\Microsoft\Active Setup\Installed Components\Chl99\
    rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\chl99.inf,InstallUser
    HKLM\Software\Microsoft\Active Setup\Installed Components\NetservrPerUser\
    rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection NetservrPerUser 64 c:\windows\INF\netservr.inf
    HKLM\Software\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}\
    C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
    HKLM\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\
    rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
    HKLM\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\
    C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    HKLM\System\CurrentControlSet\Services\VxD\VNETSUP\
    C:\WINDOWS\system\vnetsup.vxd
    HKLM\System\CurrentControlSet\Services\VxD\NDIS\
    ndis.vxd,ndis2sup.vxd
    HKLM\System\CurrentControlSet\Services\VxD\JAVASUP\
    C:\WINDOWS\system\JAVASUP.VXD
    HKLM\System\CurrentControlSet\Services\VxD\VRTWD\
    c:\windows\SYSTEM\vrtwd.386
    HKLM\System\CurrentControlSet\Services\VxD\VFIXD\
    c:\windows\SYSTEM\vfixd.vxd
    HKLM\System\CurrentControlSet\Services\VxD\VNETBIOS\
    C:\WINDOWS\system\vnetbios.vxd
    HKLM\System\CurrentControlSet\Services\VxD\VGARTD\
    C:\WINDOWS\system\VgartD.VxD
    HKLM\System\CurrentControlSet\Services\VxD\ASPIENUM\
    C:\WINDOWS\system\ASPIENUM.VXD
    HKLM\System\CurrentControlSet\Services\VxD\VREDIR\
    C:\WINDOWS\system\vredir.vxd
    HKLM\System\CurrentControlSet\Services\VxD\DFS\
    C:\WINDOWS\system\dfs.vxd
    HKLM\System\CurrentControlSet\Services\VxD\VSERVER\
    C:\WINDOWS\system\vserver.vxd
    HKLM\System\CurrentControlSet\Services\VxD\SYMEVNT\
    C:\PROGRA~1\SYMANTEC\SYMEVNT.386
    HKLM\System\CurrentControlSet\Services\VxD\NAVAP\
    C:\PROGRA~1\NORTON~1\NORTON~2\NAVAP.VXD
     
  7. okitismine

    okitismine Registered Member

    Joined:
    Nov 7, 2003
    Posts:
    4
    :)

    Well I had time to let PANDA run this morning and nothing was found, I am sure happy about that!

    If everyone is sure I will close this in my mind and continue about my work and play.

    Ed
     
Thread Status:
Not open for further replies.