Can't delete Altnet reg key

G

gregf

I'm trying to delete a registry entry, Altnet (with Dashboard and
Messages as subfolders), and it says Cannot Delete, Error While
Deleting. I've tried to change the permissions by going to
Permissions-advanced-owner, and I get the error Could Not Set owner for
selected key or subkeys.
Certainly there must be a way for Admin to delete a regkey, with out
wiping out the hard drive.
Adaware has found this key in it's scan, but telling it to delete it
does not work.
 
R

Richard Urban

To my knowledge, people in this group do not analyze HiJack This logs. If
you want to do it, have them sent to your e-mail address please.

--
Regards,

Richard Urban

If you knew as much as you thought you know,
You would realize that you don't know what you thought you knew!
 
R

Richard Urban

This is not the forum for Hijack This.

--
Regards,

Richard Urban

If you knew as much as you thought you know,
You would realize that you don't know what you thought you knew!
 
P

pcbutts1

So you send everyone with spyware issues to HijackThis forums? The name of
this group is called microsoft.public.windowsxp.help_and_support, spyware is
a problem with windows why does that bother you. I am not asking you to
analyze his log I can do that.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com
 
R

Richard Urban

**So tell him to send his 45k file to you if you want to offer this
service.**

--
Regards,

Richard Urban

If you knew as much as you thought you know,
You would realize that you don't know what you thought you knew!
 
D

Douglas

pcbutts1 said:
Well I'm real sorry Mr. Gates, If you don't want to read a 45k file
then don't. You are not the one asking for help. Better yet why don't
you kill file me so you don't have to see any more of my posts.
Click to expand...

Do not listen to Richard, he was just recently awarded **MVP** status,
what a joke!!! Now he thinks he is GOD or something. He is not a very
technical skilled person. He thinks he is...just look at his signature.
 
R

Richard Urban

My signature has been such for about a year now and is as much a reminder to
ME that I don't know everything. Do you?

--
Regards,

Richard Urban

Quote from: George Ankner
"If you knew as much as you thought you know,
You would realize that you don't know what you thought you knew!"
 
G

gregf

Well as controversial as it is, here is the log file:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\CsinsmNT.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Annex Six\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.aurafice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.aurafice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft Internet Explorer
N4 - Mozilla: user_pref("browser.startup.homepage",
"http://www.aurafice.com"); (C:\Documents and Settings\Annex
Six\Application Data\Mozilla\Profiles\default\kjpofp8x.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src");
(C:\Documents and Settings\Annex Six\Application
Data\Mozilla\Profiles\default\kjpofp8x.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE Privacy Keeper - Last IE Window Detector -
{1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Cleaning Tools\IE Privacy
Keeper\IEPKbho.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
- C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [imjpmig]
C:\WINDOWS\$NtServicePackUninstall$\imjpmig.exe /RemAdvDef /AIMEREG
/Migration /SetPreload
O4 - HKLM\..\Run: [ICQ Net]
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -stealth
O4 - HKLM\..\Run: [DateCheck]
C:\WINDOWS\$NtServicePackUninstall$\imjpmig.exe /RemAdvDef /AIMEREG
/Migration /SetPreload
O4 - HKLM\..\Run: [ADUserMon] C:\Program
Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton
SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [CafeAgent] C:\WINDOWS\System32\CafeAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton
SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A}
/MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program
Files\America Online 9.0\aoltray.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk =
C:\Program Files\Norton SystemWorks\Norton CleanSweep\CsinsmNT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} -
(no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -
{B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program
Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
(no file)
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet
Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape
Browser\PLUGINS\npTrident.dll
O16 - DPF: HushEncryptionEngine -
https://mailserver2.hushmail.com/hushmail/HushEncryptionEngine.cab
O16 - DPF: {130AC32C-DE0D-43EF-AD82-2599E9F95153} (XEng001.XEng001Ctl)
- http://iii.tv/pink/001/XEng001.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) -
http://smtp.cfr.org/iNotes.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
-
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class)
- http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/067b8c2e835391b29422/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120073847916
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644}
(AtlAtomadersCtlAttrib Class) -
http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {67085ECE-F45C-482A-B47B-30B5214EA18E} (AtlFlip Class) -
http://www.flipviewer.com/exe/fvlite.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) -
http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client
Control (redist)) - http://talonnw.com/ts/ts1/msrdp.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} -
http://www.flipside.com/cab/WONWebLauncherControl.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) -
http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) -
http://www.worldwinner.com/games/shared/uninstall.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime
Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime
Environment 1.4.1_02) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
-
http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) -
http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj
Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?322
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) -
http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service
Client) - http://ccon.madonion.com/global/msc.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{33ADE650-5DF5-409B-AADE-1EA09EB3810E}:
NameServer = 64.65.128.6,66.213.224.2
O17 -
HKLM\System\CCS\Services\Tcpip\..\{824A9F86-FD77-4C65-910C-F10EAF319832}:
NameServer = 64.65.128.6,66.213.224.2
O17 -
HKLM\System\CCS\Services\Tcpip\..\{D877B556-6FC7-47E2-94DA-4B2A193C1C1C}:
NameServer = 216.231.41.22,216.231.41.2
O17 -
HKLM\System\CCS\Services\Tcpip\..\{D96BE51B-86B2-4B7B-9103-04C01CF341B2}:
Domain = aurafice
O17 -
HKLM\System\CCS\Services\Tcpip\..\{D96BE51B-86B2-4B7B-9103-04C01CF341B2}:
NameServer = 64.65.128.6,66.213.224.2
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online,
Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation -
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Iomega App Services - Iomega Corporation -
C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\Security
Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -
America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) -
Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
 
P

pcbutts1

Have HijackThis fix the following lines

O4 - HKLM\..\Run: [imjpmig]
C:\WINDOWS\$NtServicePackUninstall$\imjpmig.exe /RemAdvDef /AIMEREG
/Migration /SetPreload
O4 - HKLM\..\Run: [ICQ Net]
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -stealth
O4 - HKLM\..\Run: [DateCheck]
C:\WINDOWS\$NtServicePackUninstall$\imjpmig.exe /RemAdvDef /AIMEREG
/Migration /SetPreload

The above files are located in a strange folder and run on start up. They
are part of MS Office Asian character input method it is not needed on start
up. Everything below can be removed, there are a few bad ones listed.
Nothing with DPF is needed. The Altnet probably got installed by all those
online games you play, I don't see it specifically but remove the other
stuff and reboot.


O16 - DPF: HushEncryptionEngine -
https://mailserver2.hushmail.com/hushmail/HushEncryptionEngine.cab
O16 - DPF: {130AC32C-DE0D-43EF-AD82-2599E9F95153} (XEng001.XEng001Ctl)
- http://iii.tv/pink/001/XEng001.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) -
http://smtp.cfr.org/iNotes.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
-
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class)
- http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/067b8c2e835391b29422/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120073847916
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644}
(AtlAtomadersCtlAttrib Class) -
http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {67085ECE-F45C-482A-B47B-30B5214EA18E} (AtlFlip Class) -
http://www.flipviewer.com/exe/fvlite.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) -
http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client
Control (redist)) - http://talonnw.com/ts/ts1/msrdp.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} -
http://www.flipside.com/cab/WONWebLauncherControl.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) -
http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) -
http://www.worldwinner.com/games/shared/uninstall.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime
Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime
Environment 1.4.1_02) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
-
http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) -
http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj
Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?322
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) -
http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service
Client) - http://ccon.madonion.com/global/msc.cab


--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com
 
G

gregf

Well I still can't delete the registry entry, and Adaware finds it but
can't delete it. I don't understand how Admin can't delete it, like
Admin does not have control of everything.
Have HijackThis fix the following lines

O4 - HKLM\..\Run: [imjpmig]
C:\WINDOWS\$NtServicePackUninstall$\imjpmig.exe /RemAdvDef /AIMEREG
/Migration /SetPreload
O4 - HKLM\..\Run: [ICQ Net]
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -stealth
O4 - HKLM\..\Run: [DateCheck]
C:\WINDOWS\$NtServicePackUninstall$\imjpmig.exe /RemAdvDef /AIMEREG
/Migration /SetPreload

The above files are located in a strange folder and run on start up. They
are part of MS Office Asian character input method it is not needed on start
up. Everything below can be removed, there are a few bad ones listed.
Nothing with DPF is needed. The Altnet probably got installed by all those
online games you play, I don't see it specifically but remove the other
stuff and reboot.


O16 - DPF: HushEncryptionEngine -
https://mailserver2.hushmail.com/hushmail/HushEncryptionEngine.cab
O16 - DPF: {130AC32C-DE0D-43EF-AD82-2599E9F95153} (XEng001.XEng001Ctl)
- http://iii.tv/pink/001/XEng001.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) -
http://smtp.cfr.org/iNotes.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
-
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class)
- http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/067b8c2e835391b29422/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120073847916
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644}
(AtlAtomadersCtlAttrib Class) -
http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {67085ECE-F45C-482A-B47B-30B5214EA18E} (AtlFlip Class) -
http://www.flipviewer.com/exe/fvlite.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) -
http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client
Control (redist)) - http://talonnw.com/ts/ts1/msrdp.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} -
http://www.flipside.com/cab/WONWebLauncherControl.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) -
http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) -
http://www.worldwinner.com/games/shared/uninstall.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime
Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime
Environment 1.4.1_02) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
-
http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) -
http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj
Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?322
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) -
http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service
Client) - http://ccon.madonion.com/global/msc.cab


--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



Well as controversial as it is, here is the log file:
Click to expand...
Click to expand...
 
G

gregf

I don't quite undertand what all of this is so I don't want to just
start removing things, but there are a few more entried that look odd
to me, like Game Loader, and File Planet. Should I maybe try those next?
 
P

pcbutts1

DPF stands for Downloaded Program Files they are stored in a folder with the
same name on your hard drive. In that folder contains programs you
downloaded and installed from the Internet. Examples of programs include
Plug-ins (i.e. flash), ActiveX Controls and more. They are not needed. If
you delete them they will be re-download as needed when you visit those
sites again. Have you tried changing permissions on that reg key by right
clicking the folder or using regedt32 instead of regedit?


--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com
 
G

gregf

Hey, that did it! That registry editor was able to delete it. Now the
whole thing is gone from my system. thanks!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Can't remove altnet from registry 4
delete altnet from registry 6
Altnet 1
removing Altnet from registry 1
Kelly or other regedit gurus 9
Need help with AntiSpyware - can't run a scan. 2
Can't delete a registry key 2
Unable to remove software from registry 4

Top