Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

remove startup message after MSConfig

Status
Not open for further replies.
tonyjeffs

tonyjeffs

Technical User
Nov 9, 2003
6
0
0
GB
1. After remedying a horrible virus, i was still getting a messagebox at startup: 'Cannot find pwdckdqi.dll' (or similar)
I disabled the message using msconfig.
Then I got reminders at startup telling me that msconfig was in analysis mode., so I stopped them showing by checking the don;t show box., but that's really a cover-up
How can I do it properly - get rid of whatever is asking for pwdckdqi.dll at start-up?

2. Another remnant of the virus - I can no longer register with new forums. After the initial registration stage, I will get the usual email with a clickable link to complete registration, but clicking results in an error message - 'something tried to close this window in an unusual way - terminating program'
Any ideas how to solve that?

Thanks Tony
 
Sort by date Sort by votes
Have you tried having a look at the registry to see if the run hive has anything in it that's looking to start the virus file

hklm\software\microsoft\windows\currentversion\run (and \runonce)
hkcu\software\microsoft\windows\currentversion\run (and \runonce)

You may find entries in there. Failing that I would move your data to a USB drive and reinstall, I would never really trust a system thats been horribly infected again (you never really know what's been left behind).

SimonD.

The real world is not about exam scores, it's about ability.

 
Upvote 0 Downvote
I couldn't find anything directly suspicious in the Registry, but thanks for the idea. It was very helpful, and for the first time I have some idea what I'm looking at in the registry. -Never really understood it before. I'll have a more thorough look tonight.

I could perhaps backup the registry with Erdnt or Erunt, and then hack very gently at it and see if I can find a solution. I can see a few redundant entries that could be got rid of.


I'll reinstall sometime soon. It's a bit tricky to install XP because of the absence of a floppy and the need for raid drivers, and the lack of a setting in the bios. So I'll clone my current installation first (I was about to do that before the virus), and then do it.

Tony
 
Upvote 0 Downvote
I would suggest that rather than worrying about raid drivers and lack of floppys that you get a machine that you know is clean and then download NLITE ( create your own installation media, you can streamline it so that it already has your raid drivers, serial, language settings etc.

It's how I do my XP cds' and it works perfectly.

SimonD.

The real world is not about exam scores, it's about ability.
 
Upvote 0 Downvote
In the future, use AutoRuns to manage startup items - it's the preferred way to do it as MSCONFIG is more for temporary prevention of startup items.

I also use it all the time to find suspicious items that are starting when my PC starts. I would give it a shot in your case since your PC is still not acting normal.

It's a really nice and free program from MS.

By the way, make sure to run the program (autoruns), then check the following options under OPTIONS. This is to hide all Microsoft entries. Then press the REFRESH button or F5

Include Empty Locations
Verify Code Signatures
Hide Signed Microsoft Entries
 
Upvote 0 Downvote
Thanks Goombawaho and Simon

Autoruns is a brilliant program.
I undid what I did with msconfig and then found the unwelcome dll with Autoruns.
I used Autoruns to automatically open regedit and find the entry for the dll.
Simon, it was where you said - I'd missed it.
So now I'll delete it from the registry.

Usually, I just chip away until I get things working again, but on this occasion it is very satisfying to not only solve the problem, but on this occasion actually know how it has been solved!


Thanks again

tony

 
Upvote 0 Downvote
Download HiJackThis from Trendmicro.com , then run a scan with log and post the LOG here for our Perusal...

see, similar problem: thread779-1490009

DO NOT FIX ANYTHING... until we have had a look at the LOG and tell you what to fix...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Hi Ben
I'd already fixed the main problem before seeing your post,
but here out of interest is the hijack this log. I had tried to remove the offending reference to owdckdqi.dll
using HijackThis, but the virus blocked it.

Hi Trana - I will do that asap. First I have to find somewhere to back up my 500gig of video work. Maybe buy a bigger usb storage device.

Cheers
Tony

Old hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 22:25:53, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
J:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\WINDOWS\system32\spoolsv.exe
J:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
J:\Program Files\McAfee.com\Agent\mcagent.exe
J:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
J:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
J:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
J:\Program Files\Common Files\Real\Update_OB\realsched.exe
J:\WINDOWS\system32\Rundll32.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ReMind\Remind.exe
J:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
J:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
J:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
j:\program files\common files\mcafee\mna\mcnasvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
J:\Program Files\McAfee\VirusScan\McShield.exe
J:\Program Files\McAfee\MPF\MPFSrv.exe
J:\Program Files\McAfee\MSK\MskSrver.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\NOTEPAD.EXE
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\wuauclt.exe
J:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\Tony\Desktop\Backups1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {21419960-B52C-4930-BFBC-C94A03D6A2E6} - J:\WINDOWS\system32\mlJYpMcY.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: {5dd09d48-6242-8db9-8d84-9aa9b6472c74} - {47c2746b-9aa9-48d8-9bd8-242684d90dd5} - J:\WINDOWS\system32\ghekwx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - c:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - J:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TrayServer] J:\Program Files\MAGIX\Movie_Edit_Pro_14_PLUS\TrayServer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] J:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "J:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] J:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Google Desktop Search] "J:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "J:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Windows Firewall] Windows Firewall
O4 - HKLM\..\Run: [TkBellExe] "J:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BM7bd2a5d5] Rundll32.exe "J:\WINDOWS\system32\owdckdqi.dll",s
O4 - HKLM\..\RunServices: [Windows Firewall] Windows Firewall
O4 - HKCU\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "J:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: Remind.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O10 - Unknown file in Winsock LSP: j:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: j:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: j:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: j:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: j:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: j:\program files\common files\is3\anti-spyware\is3lsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - O20 - Winlogon Notify: igfxcui - J:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - J:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - J:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - J:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - J:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBackMonitor - McAfee - J:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - J:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - j:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - J:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - j:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - J:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - J:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - J:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - J:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - J:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - J:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
 
Upvote 0 Downvote
Oh ok, well according to the OLD log (a new log would be better) fix the following:

O2 - BHO: (no name) - {21419960-B52C-4930-BFBC-C94A03D6A2E6} - J:\WINDOWS\system32\mlJYpMcY.dll (file missing)
O2 - BHO: {5dd09d48-6242-8db9-8d84-9aa9b6472c74} - {47c2746b-9aa9-48d8-9bd8-242684d90dd5} - J:\WINDOWS\system32\ghekwx.dll (file missing)

and this is the entry that you can't get rid off?
O4 - HKLM\..\Run: [BM7bd2a5d5] Rundll32.exe "J:\WINDOWS\system32\owdckdqi.dll",s


The following make me wonder, I've not seen them start like that and am very suspicious, maybe someone else could comment on them aswell... DO NOT let yourself be misled by the NAME...

O4 - HKLM\..\RunServices: [Windows Firewall] Windows Firewall
O4 - HKLM\..\Run: [Windows Firewall] Windows Firewall

someone with an active Windows Firewall, should comment if those are valid entries or not...



Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Hi Ben.
I forgot to say... I did get rid of that entry by a roundabout route ... I have a dual bootconfiguration. The fault is in XP, but I was able to eradicate the actual file by booting to Vista and running AVG antivirus. This freed up XP and allowed me to delete the entry with HJ.
Here's the current log.
I think that "autorun disabled" entry can go.
O2 - BHO: (no name) - AutorunsDisabled - (no file)

I'll delete the two refs you mentioned to Windows Firewall.

Thanks for the help and advice.

cheers
Tony
...................
Logfile of HijackThis v1.99.1
Scan saved at 14:51:29, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
J:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\WINDOWS\system32\spoolsv.exe
J:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
J:\Program Files\McAfee.com\Agent\mcagent.exe
J:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
J:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
J:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
J:\Program Files\Common Files\Real\Update_OB\realsched.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ReMind\Remind.exe
J:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
J:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
J:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
j:\program files\common files\mcafee\mna\mcnasvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
J:\Program Files\McAfee\VirusScan\McShield.exe
J:\Program Files\McAfee\MPF\MPFSrv.exe
J:\Program Files\McAfee\MSK\MskSrver.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
J:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Tony\Desktop\Backups1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - c:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - J:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TrayServer] J:\Program Files\MAGIX\Movie_Edit_Pro_14_PLUS\TrayServer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] J:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "J:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] J:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Google Desktop Search] "J:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "J:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Windows Firewall] Windows Firewall
O4 - HKLM\..\Run: [TkBellExe] "J:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [Windows Firewall] Windows Firewall
O4 - HKCU\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Remind.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O10 - Unknown file in Winsock LSP: j:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: j:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: j:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: j:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: j:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: j:\program files\common files\is3\anti-spyware\is3lsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - O20 - Winlogon Notify: igfxcui - J:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: McAfee Application Installer Cleanup (0232601217385792) (0232601217385792mcinstcleanup) - McAfee, Inc. - J:\WINDOWS\TEMP\023260~1.EXE
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - J:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - J:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - J:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - J:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBackMonitor - McAfee - J:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - J:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - j:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - J:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - j:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - J:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - J:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - J:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - J:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - J:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - J:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
 
Upvote 0 Downvote
These can go:

O2 - BHO: (no name) - AutorunsDisabled - (no file)

non essential stuff, can be gotten rid of (they are not necessary and just take up resources):

O4 - HKLM\..\Run: [NeroFilterCheck] J:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "J:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" -- (hmm, whole two millisecs faster if you leave it ;-) )
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" -- (update manually)

You need to decide if they are worth it or not, (my opinion you should) and if you need them:

RealPlayer IE integration and the Google Toolbar and updater...

O4 - HKLM\..\Run: [TkBellExe] "J:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O23 - Service: Google Updater Service (gusvc) - Google - J:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

besides that the log is clean and good to go...

PS: I don't use Net Transport... so I'll not mention it about removal, but if you happen to get pop ups, then take a closer look at it...

the TWO refs about Windows Firewall, leave them at present until someone else can comment about it... or get rid of them and then install a third party firewall such as Comodo...


Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Thanks again Ben
I use an older version of Net Transport which is non-invasive. I think it's ok.
I'll follow your advice

Tony
 
Upvote 0 Downvote
About those "O4 - HKLM\..\Run: [Windows Firewall] Windows Firewall", I have Windows Firewall in XP SP3, it is just the ordinary firewall that comes with XP and I don't have those entries.

Ben is right to be suspicious of them as it seems to be a way of hiding infections.



"I have become infected with a Mytob.ao worm. It has added the files "Windows Firewall" to the startup under ipservice32.exe. I have not been able to remove it with stopzilla or spybot. Here is my HJT report:"


Probably some more similar stories here (I haven't checked).

 
Upvote 0 Downvote
Thanks for the confirmation Linney...

I wasn't sure about it, since I have been using a third party firewall for ages and never set up the windows own firewall (old prejudices die hard here)...


Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

VicM
  • Question
Task Scheduler message persistence?
Replies
3
Views
119
VicM
VicM
theConjurian
  • Locked
  • Question
No administrator rights after upgrading to Windows 11
Replies
19
Views
349
goombawaho
goombawaho
Sebastian42
  • Locked
  • Question
How to automate a troublesome startup ?
2 3
Replies
48
Views
244
Rick998
Rick998
scherz0
  • Locked
  • Question
How to concurrently, efficiently remove repeated instances of the same text in a PDF? 1
Replies
2
Views
76
spamjim
spamjim
inlsp05
  • Locked
  • Question
low speed win 10 after 2004 update
Replies
2
Views
74
pmonett
pmonett

Part and Inventory Search

Sponsor

Back
Top