Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

4 registry entries need to go away


  • This topic is locked This topic is locked
2 replies to this topic

#1 thetechpros

thetechpros

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 02 March 2009 - 10:15 AM

I believe this is the reminents of MS Antispyware 2009


DDS (Ver_09-02-01.01) - NTFSx86 MINIMAL
Run by Administrator at 10:11:12.06 on Mon 03/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1796 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {8ed1ba2d-127b-4453-a186-8e259efbbaf0} - c:\windows\system32\avicap3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1235076538531&h=a055f122ff6391b5fb891774d7b6e061/&filename=jinstall-6u12-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {cafeefac-0016-0000-0012-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: emqsys.dll

============= SERVICES / DRIVERS ===============

R0 bbpfrryn;bbpfrryn;c:\windows\system32\drivers\bbpfrryn.sys [2002-8-29 23424]
S1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-4 325128]
S1 avgmfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-4 27656]
S1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-4 107272]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-4 298264]
S3 getplusŪ helper;getPlusŪ Helper; [x]

=============== Created Last 30 ================

2009-03-02 02:39 <DIR> --d----- C:\backup
2009-03-02 02:14 <DIR> --d----- c:\program files\Free Window Registry Repair
2009-03-02 02:13 356 a------- c:\temp\mark.reg
2009-03-02 02:13 795,555 a------- c:\temp\RegpairSetup.exe
2009-03-02 00:56 161,792 a------- c:\windows\SWREG.exe
2009-03-02 00:56 98,816 a------- c:\windows\sed.exe
2009-03-02 00:56 <DIR> --d----- C:\ComboFix
2009-03-02 00:56 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-03-02 00:00 1,361,822 a------- C:\New Bitmap Image.bmp
2009-03-01 22:52 <DIR> --d----- c:\windows\pss
2009-03-01 19:41 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-03-01 19:40 <DIR> --d----- c:\windows\ERUNT
2009-03-01 19:39 <DIR> --d----- C:\SDFix
2009-03-01 19:39 1,529,241 a------- c:\temp\SDFix.exe
2009-02-26 11:32 20,992 a------- c:\windows\system32\emqsys.dll
2009-02-19 15:48 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-19 15:48 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-05 13:44 2,884,516 a----r-- c:\temp\ComboFix.exe
2009-02-05 11:59 <DIR> --d----- c:\program files\Trend Micro
2009-02-05 11:56 <DIR> --d----- c:\temp\ccsetup216
2009-02-05 11:55 922,137 a------- c:\temp\ccsetup216.zip
2009-02-05 11:55 812,344 a------- c:\temp\HJTInstall.exe
2009-02-04 22:13 <DIR> --d----- c:\temp\AVGRTK_remover
2009-02-04 22:12 863 a------- c:\temp\AVGRTK_remover.zip
2009-02-04 21:43 <DIR> a-dshr-- C:\cmdcons
2009-02-04 21:02 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-02-04 21:02 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-04 21:02 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-02-04 21:02 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-02-04 21:02 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-02-04 21:02 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-02-04 21:02 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-02-04 21:02 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-04 21:02 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-02-04 20:40 712,704 -------- c:\windows\system32\windowscodecs.dll
2009-02-04 20:40 346,112 -------- c:\windows\system32\windowscodecsext.dll
2009-02-04 20:40 276,992 -------- c:\windows\system32\wmphoto.dll
2009-02-04 20:40 69,120 -------- c:\windows\system32\wlanapi.dll
2009-02-04 20:40 53,248 -------- c:\windows\system32\tsgqec.dll
2009-02-04 20:40 50,688 -------- c:\windows\system32\tspkg.dll
2009-02-04 20:40 <DIR> --d----- c:\windows\system32\scripting
2009-02-04 20:40 <DIR> --d----- c:\windows\system32\en
2009-02-04 20:40 <DIR> --d----- c:\windows\l2schemas
2009-02-04 20:40 <DIR> --d----- c:\windows\system32\bits
2009-02-04 20:37 <DIR> --d----- c:\windows\network diagnostic
2009-02-04 20:37 144,384 -------- c:\windows\system32\drivers\hdaudbus.sys
2009-02-04 20:37 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2009-02-04 20:36 19,569 a------- c:\windows\005783_.tmp
2009-02-04 18:29 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-04 18:27 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-04 18:27 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-04 18:27 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-04 18:27 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-04 18:15 <DIR> --d----- c:\temp\set_permissions
2009-02-04 18:15 <DIR> --d----- c:\temp\avgfix
2009-02-04 18:14 108,291 a------- c:\temp\set_permissions.zip
2009-02-04 17:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8
2009-02-04 00:46 4,497,080 a------- c:\temp\spybotsd_includes.exe
2009-02-04 00:35 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-04 00:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-04 00:34 16,409,960 a------- c:\temp\spybotsd162.exe
2009-02-03 15:32 <DIR> --d----- c:\program files\AVG
2009-02-03 15:31 50,689,960 a------- c:\temp\avg_free_stf_en_8_173a1373.exe
2009-02-03 15:06 59,981,528 a------- c:\temp\avg_free_stf_en_8_233a1415.exe
2009-02-03 12:40 <DIR> --d----- C:\0a7c67e50e3d84cfd74ad1
2009-02-03 12:13 <DIR> --d----- c:\temp\sp3
2009-02-03 11:57 305 a------- c:\windows\system32\MRT.INI
2009-02-03 11:17 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-03 11:17 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-03 11:17 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-03 11:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-02-04 20:43 88,047 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 10:11:35.14 ===============

Edited by thetechpros, 02 March 2009 - 10:55 AM.


BC AdBot (Login to Remove)

 


#2 thetechpros

thetechpros
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 03 March 2009 - 09:42 PM

Deleted two files (emqsys.dll & avicap3.dll) using a DOS / NTFS boot CD, allowing removal of the registry entrys, reset perrmissions, re-applied service pack 3. Worked on this while I waited. Waited in chat room 1/2 hr before anyone answered the questions; "Is my post on the blog in the correct place? Is there something else I should post" finally someone did say my post was done properly and that I should wait. Good things come to those who wait, as the situation is resolved. Please close.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:04:16 AM

Posted 04 March 2009 - 09:56 AM

Thanks for informing us what you have done.
Good luck.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users