Start Up Problems

[tales9966]

My computer is taking too much to start. Also some programs take forever to start (like excel). I run the spyware (ad adaware and microsoft) and the antivirus (mcafee). they did not show anything wrong. There was a running process in Matlab even when the porgram was closed. I uninstalled this program but the computer is still really really slow. I would greatly appreciate if someone can help me to analyze the log file. Thanks!!!!

Code:

Logfile of HijackThis v1.99.1
Scan saved at 4:27:08 PM, on 6/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\GE\GE 97990 RF Optical Mouse\Ver5.3\MOUSE32A.EXE
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\IGNEZT~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://econ.umd.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\GE\GE 97990 RF Optical Mouse\Ver5.3\MOUSE32A.EXE
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

[Ruby]

Hi, welcome to HijackThis.de
@ tales9966

Please post your Logfiles in vB Code!
Note: Announcement....

Please run a Full System Scan by Panda ActiveScan.
It will last 2-3 hours. You will have to allow ActiveX.
Save the logfile.
Reboot the system when the scan is finished.
Configure then the IE with these Settings.

Run HijackThis once more. Have it save a new Logfile.

Post the Logfile of Panda ActiveScan.
Post the new HJT-Logfile.

[tales9966]

Hi Ruby,

Thanks a lot for your reply. I just took more time because the computer was engaged in an urgent task. But I did what you said and here are the results:

1. Panda scan did not showed anything. There was no log file except for the report:
Scan finishedScan report


System Files Messages

Scanned Yes 227700 1
Infected - 0 0
Suspicious - 0 0
Disinfected - 0 0
2. for the new HJ logfile with the new IE settings, here it goes:

Code:

Logfile of HijackThis v1.99.1
Scan saved at 10:41:18 AM, on 6/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\GE\GE 97990 RF Optical Mouse\Ver5.3\MOUSE32A.EXE
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\DOCUME~1\IGNEZT~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://econ.umd.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\GE\GE 97990 RF Optical Mouse\Ver5.3\MOUSE32A.EXE
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

Thanks a lot again.

[Ruby]

Hi Tales9966

Please read these instructions carefully and print them out!
Be sure to follow ALL instructions!

Remember that Hijackthis must be run in an own folder.
C:\Program Files\HJT\HijackThis.exe of C:\HJT\HijackThis.exe
Only if Hijackthis runs in an own folder it will create backups!

Please change that: C:\DOCUME~1\IGNEZT~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis_199.zip\HijackThis.exe

Follow the numbers.

Code:

1
Using Windows XP turn off  System Restore.

2
Make sure you set windows to see the hidden files and folders.

3
Download and Instructions of Use

A. Download
WinsockXPFix.exe,
Follow the instructions to use it.

B. Download
New Version: Ad-Aware SE
Ad-Aware SE: install and update it

C. Download
New Version: Spybot Search & Destroy
Spybot Search & Destroy: install and update it

D. Download
Revome RTE
You may want to follow the instructions.

E. Download
CWShredder.

F. Download
about:Buster,
unzip to C:\aboutbuster, run it, and then:

1. Click "Update".
2. Click "Check For Update"

(If no new version is available, skip that.)
3. Click "Download Update", and wait for it to be installed.

G. Download
If you don't have a zip-tool we suggest zipgenius (It is free).

H. Download
host.zip
Press 'Restore Original Hosts' and press 'OK'
Take a look to the instructions

I. Download
system.zip.
When you open up the display settings tab,
the background tab and most of the other tabs are missing,
of because we had to clean your system of because something else has happened, use it.

J. Download
CCleaner

K. Download
Disk Cleaner

L. Download
RegClean 4.1a

4
Don't use the programs now.

5
Disconnect to the Internet.

6
Turn to  safe mode. Stay in safe mode until you read that you may turn to normal mode!

7
Close down all windows including Internet Explorer.
Run Hijackthis, click scan, and put a checkmark next to each of these items.
Then click the Fix Checked button:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hzzp://econ.umd.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int  ernet Settings,ProxyOverride = hzzp://localhost;

Click on Fix Checked and exit HijackThis.

8
Stay in safe mode
run Ad-Aware SE (Adaware SE 1.05 Tutorial)

Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Take a full system scan.
Delete the content of all Ad-aware SE folders and the Quarantine box when the scan is finished.
Safe the logfile.

9
Stay in safe mode
Run Spybot Search & Destroy once more
Turn on Advanced Mode. Go to "Tools" and put a checkmark into the box of ActiveX.
Scan your system. Let Spybot Search & Setroy delete everything it finds.
Take the immunication for your system.

10
Stay in safe mode
Run Revome RTE

Click the "Kill Elite Toolbar" button and wait until it will finish its work.
Occasionally a DOS box could face-up to asking your permission in deleting some files inside the temporary Windows directories. You must accepting the deletion of them to be sure to fisically removing the malware!
Save the logfile.

11
Stay in safe mode
Run CWShredder
press the *fix,* not the scan button
allow it to clean the infection.
Close all browser and explorer windows before hitting the fix button.

12
Stay in safe mode
Run about:Buster
4. Click "Start".
(Wait for the initial ADS scan to complete.)
5. Click "Exit".

13
Reboot your system into normal mode.

14
Run the CCleaner
Put a Checkmark next to all items
under "Windows", "Applications" and "Issues".
Have a look to the screenshots.
Press the button "Run Cleaner".

15
 Empty your "Recycle Bin"
Go to START > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.

16
Run the Disk Cleaner
Set a checkmark to every item you want to clean.
Temporary Internet Files and Temporary System Files, Cache, History and Prefetch must be cleaned.
Clean as much folders as you can clean.

17
Run RegClean
Allow the program to delete all it finds.

18
Configure then the IE with these Settings.

19
Run HijackThis once more.
Have it save a new Logfile.

-> Post the Ad Aware SE Logfile
-> Post the RTE Logfile
-> Post the About:Buster Logfile
-> Please post the new HJT-Logfile.

[tales9966]

Hi Ruby,

Thanks a lot again. I tried to do what you asked me to but I could not even start: When running the WinsockXPFix.exe the program can not save any file from the registry: it appears a message: "error saving file C:\erdnt\security ! Continue with the next file?" and if I say yes, the same message appears with all the other files (software,system, default, sam). I tried disabling the firewall and the antivirus but it does not work. What can I do? Am I doing something wrong?

Thank you!!!!!

[Ruby]

Hello tales9966

You are not able to run all these programs? Why not? The only thing you have to do is, run the programs at your system?

[tales9966]

Hi Ruby,
I can run the programs but when running the first one you asked me to (WinsockXPFix.exe) it tries to make a copy of the registry. However, it can not make a copy of some files of the registry (the ones I told you in the previous post). Then I did not try running anyother programm untill I can make a copy. Should I keep going or should I really make a copy of the registry as this programm suggest?

[Ruby]

Hi Tales9966

Please skip this first step and go on. Thanks.

[tales9966]

Hi Ruby,

I just finished with the cleaning. here I am sending the log files. The computer still takes toooo much time to start. Once again, Thanks a lot, I really appreciate your help.


1. Ad Aware SE logfile

Code:

Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, July 05, 2005 9:52:38 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R52 30.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):19 total references
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


7-5-2005 9:52:38 PM - Scan started. (Full System Scan)

 MRU List Object Recognized!
    Location:          : C:\Documents and Settings\Ignez Tristao\Application Data\microsoft\office\recent
    Description        : list of recently opened documents using microsoft office


 MRU List Object Recognized!
    Location:          : C:\Documents and Settings\Ignez Tristao\recent
    Description        : list of recently opened documents


 MRU List Object Recognized!
    Location:          : S-1-5-21-117609710-1390067357-1417001333-1004\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
    Description        : list of recently used files in adobe reader


 MRU List Object Recognized!
    Location:          : software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct3d


 MRU List Object Recognized!
    Location:          : software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct X


 MRU List Object Recognized!
    Location:          : software\microsoft\directdraw\mostrecentapplication
    Description        : most recent application to use microsoft directdraw


 MRU List Object Recognized!
    Location:          : S-1-5-21-117609710-1390067357-1417001333-1004\software\microsoft\internet explorer\typedurls
    Description        : list of recently entered addresses in microsoft internet explorer


 MRU List Object Recognized!
    Location:          : S-1-5-21-117609710-1390067357-1417001333-1004\software\microsoft\microsoft management console\recent file list
    Description        : list of recent snap-ins used in the microsoft management console


 MRU List Object Recognized!
    Location:          : S-1-5-21-117609710-1390067357-1417001333-1004\software\microsoft\office\10.0\common\general
    Description        : list of recently used symbols in microsoft office


 MRU List Object Recognized!
    Location:          : S-1-5-21-117609710-1390067357-1417001333-1004\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru
    Description        : list of recent documents saved by microsoft powerpoint


 MRU List Object Recognized!
    Location:          : S-1-5-21-117609710-1390067357-1417001333-1004\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
    Description        : list of recent documents saved by microsoft word


 MRU List Object Recognized!
    Location:          : S-1-5-21-117609710-1390067357-1417001333-1004\software\microsoft\office\10.0\excel\recent files
    Description        : list of recent files used by microsoft excel


 MRU List Object Recognized!
    Location:          : S-1-5-21-117609710-1390067357-1417001333-1004\software\microsoft\office\10.0\powerpoint\recent file list
    Description        : list of recent files used by microsoft powerpoint


 MRU List Object Recognized!
    Location:          : S-1-5-21-117609710-1390067357-1417001333-1004\software\microsoft\office\10.0\powerpoint\recent typeface list
    Description        : list of recently used typefaces in microsoft powerpoint


 MRU List Object Recognized!
    Location:          : S-1-5-21-117609710-1390067357-1417001333-1004\software\microsoft\search assistant\acmru
    Description        : list of recent search terms used with the search assistant


 MRU List Object Recognized!
    Location:          : S-1-5-21-117609710-1390067357-1417001333-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
    Description        : list of recent programs opened


 MRU List Object Recognized!
    Location:          : S-1-5-21-117609710-1390067357-1417001333-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
    Description        : list of recently saved files, stored according to file extension


 MRU List Object Recognized!
    Location:          : S-1-5-21-117609710-1390067357-1417001333-1004\software\microsoft\windows\currentversion\explorer\recentdocs
    Description        : list of recent documents opened


 MRU List Object Recognized!
    Location:          : S-1-5-21-117609710-1390067357-1417001333-1004\software\microsoft\windows\currentversion\explorer\runmru
    Description        : mru list for items opened in start | run


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
    FilePath           : \SystemRoot\System32\
    ProcessID          : 132
    ThreadCreationTime : 7-6-2005 1:40:53 AM
    BasePriority       : Normal


#:2 [csrss.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 180
    ThreadCreationTime : 7-6-2005 1:41:01 AM
    BasePriority       : Normal


#:3 [winlogon.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 204
    ThreadCreationTime : 7-6-2005 1:41:04 AM
    BasePriority       : High


#:4 [services.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 248
    ThreadCreationTime : 7-6-2005 1:41:10 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Services and Controller app
    InternalName       : services.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : services.exe

#:5 [lsass.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 260
    ThreadCreationTime : 7-6-2005 1:41:10 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : LSA Shell (Export Version)
    InternalName       : lsass.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : lsass.exe

#:6 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 412
    ThreadCreationTime : 7-6-2005 1:41:14 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:7 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 472
    ThreadCreationTime : 7-6-2005 1:41:15 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:8 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 520
    ThreadCreationTime : 7-6-2005 1:41:16 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:9 [wmiprvse.exe]
    FilePath           : C:\WINDOWS\system32\wbem\
    ProcessID          : 1008
    ThreadCreationTime : 7-6-2005 1:45:21 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : WMI
    InternalName       : Wmiprvse.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : Wmiprvse.exe

#:10 [explorer.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 1360
    ThreadCreationTime : 7-6-2005 1:48:53 AM
    BasePriority       : Normal
    FileVersion        : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 6.00.2900.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Explorer
    InternalName       : explorer
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : EXPLORER.EXE

#:11 [ad-aware.exe]
    FilePath           : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID          : 1464
    ThreadCreationTime : 7-6-2005 1:51:01 AM
    BasePriority       : Normal
    FileVersion        : 6.2.0.236
    ProductVersion     : SE 106
    ProductName        : Lavasoft Ad-Aware SE
    CompanyName        : Lavasoft Sweden
    FileDescription    : Ad-Aware SE Core application
    InternalName       : Ad-Aware.exe
    LegalCopyright     : Copyright © Lavasoft AB Sweden
    OriginalFilename   : Ad-Aware.exe
    Comments           : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : ignez tristao@doubleclick[1].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            : Hits:3
    Value              : Cookie:ignez tristao@doubleclick.net/
    Expires            : 6-17-2008 8:30:04 PM
    LastSync           : Hits:3
    UseCount           : 0
    Hits               : 3

 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : ignez tristao@servedby.advertising[2].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            : Hits:2
    Value              : Cookie:ignez tristao@servedby.advertising.com/
    Expires            : 7-18-2005 8:29:30 PM
    LastSync           : Hits:2
    UseCount           : 0
    Hits               : 2

 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : ignez tristao@adserver.terra[1].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            : Hits:15
    Value              : Cookie:ignez tristao@adserver.terra.com/
    Expires            : 7-7-2073 12:08:40 AM
    LastSync           : Hits:15
    UseCount           : 0
    Hits               : 15

 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : ignez tristao@atdmt[2].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            : Hits:4
    Value              : Cookie:ignez tristao@atdmt.com/
    Expires            : 6-15-2010 8:00:00 PM
    LastSync           : Hits:4
    UseCount           : 0
    Hits               : 4

 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : ignez tristao@advertising[1].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            : Hits:3
    Value              : Cookie:ignez tristao@advertising.com/
    Expires            : 6-17-2010 8:29:30 PM
    LastSync           : Hits:3
    UseCount           : 0
    Hits               : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 24



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 24


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
7636 entries scanned.
New critical objects:0
Objects found so far: 24




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 24

10:06:08 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:30.219
Objects scanned:206528
Objects identified:5
Objects ignored:0
New critical objects:5

2. RTE logfile

Code:

Registry Log file generated by *** ETRemover - Beta 1 -  V.2.0.0 ***
05/07/2005 - 22:45:45

System info: 

OS Platform: Microsoft Windows 2000
OS Version: 5.01.2600
OS Update: Service Pack 2
CPU Maker: GenuineIntel
CPU Model: x86 Family 6 Model 13 Stepping 6
CPU Speed: 1596 MHz


Running processes: 

[system process]         [SYSTEM]
system                   [SYSTEM]
smss.exe                 [\SystemRoot\System32\smss.exe]
csrss.exe                [SYSTEM]
winlogon.exe             [\??\C:\WINDOWS\system32\winlogon.exe]
services.exe             [C:\WINDOWS\system32\services.exe]
lsass.exe                [C:\WINDOWS\system32\lsass.exe]
svchost.exe              [C:\WINDOWS\system32\svchost.exe]
svchost.exe              [SYSTEM]
svchost.exe              [C:\WINDOWS\system32\svchost.exe]
explorer.exe             [C:\WINDOWS\Explorer.EXE]
revomerte_v200_beta.exe  [C:\RTE\revomeRTE_v200_Beta.exe]


------------------------------------------
HKLM -> UserInit in NT:


DWORD: AutoRestartShell =  1

DefaultDomainName =  GAUSS

DefaultUserName =  Ignez Tristao

LegalNoticeCaption =  

LegalNoticeText =  

PowerdownAfterShutdown =  0

ReportBootOk =  1

Shell =  Explorer.exe

ShutdownWithoutLogon =  0

System =  

Userinit =  C:\WINDOWS\system32\userinit.exe,

VmApplet =  rundll32 shell32,Control_RunDLL "sysdm.cpl"

DWORD: SfcQuota =  -1

allocatecdroms =  0

allocatedasd =  0

allocatefloppies =  0

cachedlogonscount =  10

DWORD: forceunlocklogon =  0

DWORD: passwordexpirywarning =  14

scremoveoption =  0

DWORD: AllowMultipleTSSessions =  1

DWORD: LogonType =  1

Background =  0 0 0

DebugServerCommand =  no

DWORD: SFCDisable =  0

WinStationsDisabled =  0

DWORD: HibernationPreviouslyEnabled =  1

DWORD: ShowLogonOptions =  0

AltDefaultUserName =  Juan Contreras

AltDefaultDomainName =  GAUSS



------------------------------------------
HKCU -> UserInit in NT:


ParseAutoexec =  1

ExcludeProfileDirs =  Local Settings;Temporary Internet Files;History;Temp

DWORD: BuildNumber =  2600



------------------------------------------
HKLM -> UserInit:

* Registry key not found *

------------------------------------------
HKCU -> UserInit in NT:

* Registry key not found *

------------------------------------------
Running processes in NT / HKLM -> RUN (Autorun entries from Registry):

* Registry key not found *

------------------------------------------
Running processes in HKLM -> RUN (Autorun entries from Registry):


IMJPMIG8.1 =  "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

PHIME2002ASync =  C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

PHIME2002A =  C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

SynTPLpr =  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

SynTPEnh =  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

IgfxTray =  C:\WINDOWS\system32\igfxtray.exe

HotKeysCmds =  C:\WINDOWS\system32\hkcmd.exe

Cpqset =  C:\Program Files\HPQ\Default Settings\cpqset.exe    ? 6 7 3 5  €ý 
 ˜¶B          
¸åB   ?

SunJavaUpdateSched =  C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

ShStatEXE =  "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

McAfeeUpdaterUI =  "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

Network Associates Error Reporting Service =  "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"

MPFExe =  C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

LWBMOUSE =  C:\Program Files\GE\GE 97990 RF Optical Mouse\Ver5.3\MOUSE32A.EXE



------------------------------------------
Running processes in HKLM -> RUNONCE (Autorun entries from Registry):

* No values found *

------------------------------------------
Running processes in HKLM -> RUNONCEEX (Autorun entries from Registry):

* No values found *

------------------------------------------
Running processes in HKLM -> RUNSERVICES (Autorun entries from Registry):

* Registry key not found *

------------------------------------------
Running processes in HKLM -> RUNSERVICESONCE (Autorun entries from Registry):

* Registry key not found *

------------------------------------------
Running processes in NT / HKCU -> RUN (Autorun entries from Registry):

* Registry key not found *

------------------------------------------
Running processes in HKCU -> RUN (Autorun entries from Registry):

* No values found *

------------------------------------------
Running processes in HKCU -> RUNONCE (Autorun entries from Registry):

* No values found *

------------------------------------------
Running processes in HKCU -> RUNONCEEX (Autorun entries from Registry):

* Registry key not found *

------------------------------------------
Running processes in HKCU -> RUNSERVICES (Autorun entries from Registry):

* Registry key not found *

------------------------------------------
Running processes in HKCU -> RUNSERVICESONCE (Autorun entries from Registry):

* Registry key not found *

------------------------------------------
Running processes in HKLM -> Browser Helper Objects:

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
* No values in SubKey *

{53707962-6F74-2D53-2644-206D7942484F}
* No values in SubKey *

------------------------------------------
Programs in HKLM -> Common Startup:

Digimax Viewer 2.1.lnk
Microsoft Office.lnk
 
------------------------------------------

3. About:Buster Logfile

Code:

AboutBuster 5.0 reference file 30
Scan started on [7/5/2005] at [10:19:42 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 10:19:58 PM

4. new HJT-logfile

Code:

Logfile of HijackThis v1.99.1
Scan saved at 11:25:55 PM, on 7/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\GE\GE 97990 RF Optical Mouse\Ver5.3\MOUSE32A.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\GE\GE 97990 RF Optical Mouse\Ver5.3\MOUSE32A.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

[Ruby]

Hello Tales9966

You have done your best

Please try to fix with HijackThis in Safe Mode by turned off system restore the following entry:

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c =Q304&bd=pavilion&pf=laptop

If it won't go away, use CWShredder and About:Buster once more.

Run a Full System Scan by Panda ActiveScan.
It will last 2-3 hours. You will have to allow ActiveX.
Save the logfile.
Reboot the system when the scan is finished.

Reconfigure the IE with these Settings.

Run HijackThis once more.
Have it save a new Logfile.

-> Post the Panda ActiveScan Logfile
-> Please post the new HJT-Logfile.